Ports blocked for hosts in "Hosts without proxy"


(Adam) #1

Continuing the discussion from Block HTTP and HTTPS ports applies to DMZ… by design?:

I’m going to bring up this issue again because I’m having issues with some Windows servers. RMM software and other programs are not working properly.

I don’t want the servers to have ports blocked or be proxy’d at all. Shouldn’t there be an exception for the port blocking for hosts that are in the “hosts without proxy” section? I could then disable auto-detect in internet options and 3rd party browsers and be fine.


(Rob Bosch) #2

If this could be set as another subnet, or a series of IPaddresses in the LAN subnet, it would be even more easy to use.


(Filippo Carletti) #3

The whole proxy interface needs to be rewritten with the wpad auto-config in mind.
Another approach could be to use the firewall rules to block/allow internet browsing, but we always try to keep options in the page they belong (i.e. the proxy handles port 80 and 443, the blocks are in the same page, not in the firewall rules).
Moreover, the proxy bypass tabs should only be displayed if the proxy is in transparent mode.


(Adam) #4

The firewall rule idea did work. Thanks for that!

But there’s the “hybrid” mode that I like using where HTTP is transparent and HTTPS is not. I don’t want to have to install certificates on all computers and devices that join my networks and would rather rely on auto detection of the proxy for those. But it’s less likely that there will be issues if I only require auto-detect happens properly for HTTPS.