search

diladele / webproxy

Web Filtering Proxy for Microsoft Windows is a web filtering proxy and secure web gateway for Microsoft Windows. It can decrypt HTTPS traffic, filter HTTP requests and responses and inspect contents of HTML pages. The product deployed as a network service in Microsoft Windows and is managed by using Microsoft Management Console.
https://www.diladele.com/webproxy/
5 stars 3 forks source link

address exclusions at CONNECT tunnels to IP addresses are not applied #649

Closed ra-at-diladele-com closed 1 year ago

ra-at-diladele-com commented 1 year ago

Admin configured the Esclusions/By Ip (subnet or range) for 1.2.3.4 address. Admin configured the block all .* regex in policy rules. User types http://1.2.3.4/index.html in the browser address bar. The browser issues a CONNECT 1.2.3.4 request to the proxy Proxy sees that as "domain name to connect to" - which is technically correct. And blocks it.

--

Proxy should ideally understand that the "string" being connected to is actually an IP address, convert it to IP address and apply IP address exclusions to this connection.

Otherwise it is not possible to exclude a range of IP addresses and block everything else.

ra-at-diladele-com commented 1 year ago

No the proxy now parses the string and if this is an IP address it does apply ip/subnet/range exclusions. So this bug is not valid. But to be absolutely sure let's test it on the latest build.