OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of andre4 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - andre4

Pages: [1]
1
Web Proxy Filtering and Caching / Re: access specific service behind firewall based on specific URL-path
« on: June 24, 2018, 11:03:35 pm »
thank you Fabian, that sounds like exactly what i try build. I had a quick look on the squid project pages. Squid seems to be able to handle Connect. However they state that it should be used "carefully". Hence they disabled Connect by standard, however it can be enabled.

Given my idea of reducing the public attack surface by hiding responses to specific URLs, i wonder what you think about this? Is this a valuable idea to enhance security in combination with typical 2FA? Or do you think it is more an additional potential security hole?

Another benefit from my point of view is more flexibility in the management of incoming ports. E.G. I could use 443 as single port exposed to internet for several types of connection to my internal site as the target service is encoded in the URL-path. 

PS is it possible to configure the squid inside opnsense to use first the built-in 2FA for incoming CONNECT request and then to open the CONNECT session? Or would I have to built something around? i understood so far that i can combine the 2FA with every service of opnsense..

Kind regards

Andre 

2
Web Proxy Filtering and Caching / Re: access specific service behind firewall based on specific URL-path
« on: June 24, 2018, 06:58:03 pm »
Hello Fabian, thanks for your suggestion and quick reply.

in case of the http proxy and the connect request. Would all communication afterwards as well forwarded transparently by the http proxy to the client which is my intention or is this non-standard? And if this depends, on what? As this is only for my own purposes on owned infrastructure i would not care about the potential men in the middle on my side by the transparent http proxy....

I am just looking into the http request redirect feature of the the HAproxy. However i have no glue if this would work with something not pointing to an http service... or work at all.

PS to explain my intention. Even so security by obscurity is for sure not the best i am trying with that hidden access path to add an additional layer of security for some services exposed to the internet beside two factors which i for sure will deploy... 

Best Andre

3
Web Proxy Filtering and Caching / access specific service behind firewall based on specific URL-path
« on: June 24, 2018, 02:01:51 pm »
Hi everyone, I am a happy new owner of an opnsense firewall and trying
to access from internet a service behind my firewall via an URL like this one
<dynDNSURL>:<portExt>/<mypath1..n>

Based upon the provided <mypath1..n> a corresponding internal server and internal port should be selected.

So from my understanding there is a need for a port mapping as i want to use this for different kind of services which are externally hidden behind a URL-Path.

Example 1: mydns.de:443/hiddensshforServer1 should map to the Server1 ssh demon on port 22.
Example 2: mydns.de:443/hiddenXXXforServer3 should map to the Server3 XXX demon on port yyy.

PS So i am trying to make this work for many different services not based on http.

I would like opnsense only to answer requests to this services when a specific path is provided by the requester.

I would really appreciate any hint in the right direction which service and features to use if this is possible.

Best Andre

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2