Allowed networks in Reverse proxy do not work

NethServer Version: 8
Module: Reverse proxy

Hi,

Not sure if i have setup this up correctly, but ik to have acccess to this reverse proxy domain from inside the :LAN.
I’ve put in the local IP in the Allowed networks field, but it is still accessable from outside the LAN

How can i set this up correctly ?

3 Likes

Thanks, it seems you found a bug, I can reproduce in NethSecurity 8-23.05.3-ns.1.1.0.

The “deny all” directive is missing in /etc/config/nginx after the allows in the config so everything is allowed. cc @giacomo

As a workaround you can edit /etc/config/nginx, search for the right proxy and add a deny line.
In the following example I allowed 192.168.3.0/24 for a reverse proxy via the UI before.

	list allow '192.168.3.0/24'
	list deny 'all'

Reload nginx

service nginx reload

2 Likes

Thanks for reporting, I’ve opened and issue: Host-based reverse proxy always accessible from all networks · Issue #723 · NethServer/nethsecurity · GitHub

The proposed workaround should work but the fix will be a little different.

2 Likes