OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • *SOLVED* Web proxy whitelist issue
« previous next »
  • Print
Pages: [1]

Author Topic: *SOLVED* Web proxy whitelist issue  (Read 8004 times)

stefan21

  • Full Member
  • ***
  • Posts: 103
  • Karma: 10
    • View Profile
*SOLVED* Web proxy whitelist issue
« on: June 24, 2018, 03:14:06 pm »
Hello,

OPNsense is running as OPNsense 18.1.9-amd64, FreeBSD 11.1-RELEASE-p10, OpenSSL 1.0.2o 27 Mar 2018.

Services: Web Proxy: Administration Whitelist: besides some other domains: "my-hammer.de", which was the last I added.

From the log:
1529845065.736 0    xxx TCP_DENIED/403 4095 GET http://www.my-hammer.de/favicon.ico - HIER_NONE/- text/html
1529845065.715 0    xxx TCP_DENIED/403 4021 GET http://www.my-hammer.de/favicon.ico - HIER_NONE/- text/html
1529845065.681 0    xxx TCP_DENIED/403 4141 GET http://localhost:3128/squid-internal-static/icons/SN.png - HIER_NONE/- text/html
1529845065.647 0    xxx TCP_DENIED/403 4100 GET http://www.my-hammer.de/ - HIER_NONE/- text/html

The client is not able to access the domain. The previous whitelisted domains are accessable.

Anybody with an idea?

regards,
stefan
« Last Edit: June 25, 2018, 09:05:16 pm by stefan21 »
Logged

stefan21

  • Full Member
  • ***
  • Posts: 103
  • Karma: 10
    • View Profile
Re: Web proxy whitelist issue
« Reply #1 on: June 25, 2018, 04:09:18 pm »
Even if whitelisting (unrestricted access) the IP of the workstation does not help. How can that be?

Any help would be appreciated.
Logged

stefan21

  • Full Member
  • ***
  • Posts: 103
  • Karma: 10
    • View Profile
Re: Web proxy whitelist issue
« Reply #2 on: June 25, 2018, 06:37:21 pm »
The following error was encountered while trying to retrieve the URL: http://www.my-hammer.de/

    Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

I just don't get it - IMVHO there's nothing defined in the ACL which could prevent loading this page? The only entry in the blacklist is "imrworldwide.com".

BTW - could someone move this to the correct subforum? Sorry for posting too fast...
Logged

stefan21

  • Full Member
  • ***
  • Posts: 103
  • Karma: 10
    • View Profile
Re: *SOLVED* Web proxy whitelist issue
« Reply #3 on: June 25, 2018, 09:10:05 pm »
Disabling shallalist and re-starting the web proxy solved the issue. This means, that even whitelisting a domain is being overwritten from remote blacklist. Quite easy if you know about this. Sorry for the noise.

Anyway - this leaves the question how to whitelist a domain which is in a remote blacklist?

regards,
stefan

EDIT: while playing a little around, I first deleted and then re-added the my-hammer.de domain in my whitelist. Did a "apply" with every step and restarted the proxy twice. Then I enabled in remote ACL the shallalist again. After another restart of the proxy the whitelisted domain was accessable. Very tricky...
« Last Edit: June 25, 2018, 09:21:12 pm by stefan21 »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • *SOLVED* Web proxy whitelist issue
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2