search

foxyproxy / browser-extension

Version 8 and above. Browser extension source code for Firefox, Chrome, and other Chromium-based browsers
GNU General Public License v2.0
199 stars 29 forks source link

Update on-request.js #67

Closed tmeidinger closed 6 months ago

tmeidinger commented 6 months ago

Fix private address space.

erosman commented 6 months ago

A consensus needs to be reached for any change to the local bypass process.

tessus commented 6 months ago

May I ask what the fix is? You removed that /16 as a private network. However, 192.168.0.0/16 is a private address space. I use several /24 /21 /20 networks in that space for VLANs at home.

tmeidinger commented 6 months ago

I reckon most people use rfc6761/rfc1918 ip space local. The line of code prevents you from reaching an ip space within 192.168/16 on any other end of a proxy. The maintainers are IMHO confusing this with 127.0.0.1/8 which is IMHO a different issue. It's perfectly legit to have e.g. 192.168.1.0/24 on one end of a proxy and e.g. 192.168.230.0/24 on the other end of the proxy. (https://github.com/foxyproxy/browser-extension/issues/66)

erosman commented 6 months ago

Modems, and routers are often on 192.168.0.0/16 (mine also is).

Proxying 192.168.0.0/16 would make them inaccessible. When FoxyProxy is set to have any catchall situation (via pattern or using an individual proxy), browser would route the connection through the proxy server.

Firefox --> Proxy server --> modem

Obviously modem becomes unreachable.

Proxying 192.168.0.0/16 would prevent all users from accessing their modems, Wi-Fi configs, devices connected to their routers (like TV, mobile, etc), and private local network which would be a considerable problem for the users.

When a proxy is set, browser forwards the request to the proxy server. The proxy server then forwards it to the final IP address.

Even if somehow it ends up in user's own private network (which is a considerable security breach), why would users want to access their modem through a proxy in Alaska (for example)?

tmeidinger commented 6 months ago

If you use 192.168/16 local then don't setup any proxy-rules regarding 192.168/16. But it's not up to FoxyProxy to decide this. But if you want to block any private rfc6761/rfc1918 ip space then you'd have to block 10/8 and 172.16/12 as well. But I'm out of this anyway. I resolved my needs by switching to a local proxy.pac file referenced by firefox using a local file:///.proxy.pac URL.

erosman commented 6 months ago

I am discussing the issue with the founder of FoxyProxy and some or all of localhost checks will be removed in v8.4