Hi all,
I think I found a bug in the url redirect in the access list.
I have a list of IPs and ports that are allowed and at the buttom is a rule that matches everything and redirects to an instructions page.
When the "User source" is specified as some user or group, the redirection rule works as expected.
But if this field is empty, this rule simply blocks all outgoing connections, even these that should pass.
Steps to produce:
- Add as the first rule in the access list some hello world web app IP
- The second rule should match everything and redirects to that web app. Set the "Source User" to be the logged in user
- As expected any typed URL in the browser will be redirected to the hello world app
- Now clean the field "source user"
-Try again, this time the connection will hang and you won't be able to access the helloworld app
Access List URL Redirect BUG
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Access List URL Redirect BUG
Could you attach your access list rule?
-
moatazelmasry
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Access List URL Redirect BUG
I attached the file to this message
The most important rule is number 17 which forwards any request to a specific URL
If the SrcUsername is non existant or contains "*" then the forwarding hangs
If an actual username or groupname is there, the forwarding works fine
Cheers,
Moataz
The most important rule is number 17 which forwards any request to a specific URL
If the SrcUsername is non existant or contains "*" then the forwarding hangs
If an actual username or groupname is there, the forwarding works fine
Cheers,
Moataz
You do not have the required permissions to view the files attached to this post.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Access List URL Redirect BUG
Please add one more rule that allow packet from redirect site.
-
moatazelmasry
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Access List URL Redirect BUG
Many thanks. This solved my problem!!!!!