OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: stefan21 on June 24, 2018, 03:14:06 pm
-
Hello,
OPNsense is running as OPNsense 18.1.9-amd64, FreeBSD 11.1-RELEASE-p10, OpenSSL 1.0.2o 27 Mar 2018.
Services: Web Proxy: Administration Whitelist: besides some other domains: "my-hammer.de", which was the last I added.
From the log:
1529845065.736 0 xxx TCP_DENIED/403 4095 GET http://www.my-hammer.de/favicon.ico - HIER_NONE/- text/html
1529845065.715 0 xxx TCP_DENIED/403 4021 GET http://www.my-hammer.de/favicon.ico - HIER_NONE/- text/html
1529845065.681 0 xxx TCP_DENIED/403 4141 GET http://localhost:3128/squid-internal-static/icons/SN.png - HIER_NONE/- text/html
1529845065.647 0 xxx TCP_DENIED/403 4100 GET http://www.my-hammer.de/ - HIER_NONE/- text/html
The client is not able to access the domain. The previous whitelisted domains are accessable.
Anybody with an idea?
regards,
stefan
-
Even if whitelisting (unrestricted access) the IP of the workstation does not help. How can that be?
Any help would be appreciated.
-
The following error was encountered while trying to retrieve the URL: http://www.my-hammer.de/
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
I just don't get it - IMVHO there's nothing defined in the ACL which could prevent loading this page? The only entry in the blacklist is "imrworldwide.com".
BTW - could someone move this to the correct subforum? Sorry for posting too fast...
-
Disabling shallalist and re-starting the web proxy solved the issue. This means, that even whitelisting a domain is being overwritten from remote blacklist. Quite easy if you know about this. Sorry for the noise.
Anyway - this leaves the question how to whitelist a domain which is in a remote blacklist?
regards,
stefan
EDIT: while playing a little around, I first deleted and then re-added the my-hammer.de domain in my whitelist. Did a "apply" with every step and restarted the proxy twice. Then I enabled in remote ACL the shallalist again. After another restart of the proxy the whitelisted domain was accessable. Very tricky...