528310 - Hektor+FF I found a bug that allows me to connect to a server that is defined in the exclusion list in Preferences => Network => Proxy without use the proxy (Hektor).

Status: RESOLVED INVALID

(Firefox :: Security, defect)

Description

[Aleksander Kurczyk]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.1.5) Gecko/20091109 Ubuntu/9.10 (karmic) Firefox/3.5.5
Build Identifier: Mac OS X 10.4.9 Tiger witch Hektor and Firefox

Hektor+FF I found a bug that allows me to connect to a server that is defined in the exclusion list in Preferences => Network => Proxy without use the proxy (Hektor).

Reproducible: Always

Steps to Reproduce:
*Open Preferences => Network => Proxy
*Add to exclusion list example.org
*Click OK
*Open example.org
Actual Results:  
I can open example.org without proxy (Hektor).

Expected Results:  
Do not allow me to visit example.org.

Hector is a local proxy server that should prevent me visiting certain websites and downloading some files via HTTP. Hector should not let me turn off the proxy in Preferences => Network => Proxy by exiting FF.

Comment 1

[Daniel Veditz [:dveditz]]

Yes, that's what the exclusion list is for, specifying hosts you don't want to go through the manual (voluntary) proxy.

If the proxy is a workplace requirement then it cannot be made voluntary and must be enforced on the network (there are lots of network security products tht will do this). You can't rely on the client machine to be set correctly if they are the ones you're trying to protect against.