Closed
Bug 528310
Opened 15 years ago
Closed 15 years ago
Hektor+FF I found a bug that allows me to connect to a server that is defined in the exclusion list in Preferences => Network => Proxy without use the proxy (Hektor).
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: aleksander810, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.1.5) Gecko/20091109 Ubuntu/9.10 (karmic) Firefox/3.5.5 Build Identifier: Mac OS X 10.4.9 Tiger witch Hektor and Firefox Hektor+FF I found a bug that allows me to connect to a server that is defined in the exclusion list in Preferences => Network => Proxy without use the proxy (Hektor). Reproducible: Always Steps to Reproduce: *Open Preferences => Network => Proxy *Add to exclusion list example.org *Click OK *Open example.org Actual Results: I can open example.org without proxy (Hektor). Expected Results: Do not allow me to visit example.org. Hector is a local proxy server that should prevent me visiting certain websites and downloading some files via HTTP. Hector should not let me turn off the proxy in Preferences => Network => Proxy by exiting FF.
Comment 1•15 years ago
|
||
Yes, that's what the exclusion list is for, specifying hosts you don't want to go through the manual (voluntary) proxy. If the proxy is a workplace requirement then it cannot be made voluntary and must be enforced on the network (there are lots of network security products tht will do this). You can't rely on the client machine to be set correctly if they are the ones you're trying to protect against.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•