Comments (10)
Yep, it's possible. But first I think we want to focus on ensuring the implementation of what we've already got is correct. But I don't think @sergeyfrolov would be opposed to pull requests!
from forwardproxy.
Just a nit, I'd prefer whitelist file
instead of whitelist fromfile
. Otherwise, looks good enough to me.
from forwardproxy.
Yes, IP-based whitelist and blacklist is going to be available.
As I mentioned, domain blacklist doesn't seem to be able to do its job. Not sure how safe domain whitelist is either: say you whitelisted somewebsite.com, and then all of a sudden it resolves to 127.0.0.1 or 192.168.x.x or other prohibited by you IP, overriding IP blacklist, which is something we don't want to happen. (If domain whitelist doesn't override IP white/blacklist, then it's not useful, as you still have to whitelist/not prohibit the IPs).
I'll start with IP-based policies, which we can reliably enforce, and then consider domain whitelisting(with a warning in README about how much trust is being put into domains): I see how it's useful, but there are potential security issues.
from forwardproxy.
With accordance to our policy of not overloading forwardproxy with features, I do not intend to implement access control list, that is half as powerful as squid. You can always use newly implemented upstream feature to upstream your requests to local squid.
EDIT: Initial design replaced with #11 (comment)
from forwardproxy.
whitelist inline github.com:443 example.org:80 medium.com // port not specified => not restricted by port. Existing mechanism to whitelist ports proxy-wide remains.
I think your approach is good, but it would also be reasonable to make this list be only hostnames, no ports. I don't think ports are necessary here, and the interaction with port whitelisting could get confusing.
I also think we do need to allow the user to specify an IP address in this list. The only complexity I see there is that IPv6 addresses can be represented in multiple ways, so we can't just use string equality to check against the list.
from forwardproxy.
I think whitelist and blacklist is needed based in the default policy you try to set up. Port whitelist / restriction would be fine too. Die example to just allow default web ports (80,443,8080) and sind more custom ports?
from forwardproxy.
EDIT: redesign again!! 😬
Just look at the README
from forwardproxy.
Is ip and domain based whitelist possible?
from forwardproxy.
Some times I would whitelist / blacklist domain based because I don't know all the ip addresses Behinderung a domain :)
from forwardproxy.
Implemented (see documentation in README).
from forwardproxy.
Related Issues (20)
- Should caddy2 be default branch? HOT 1
- Rationale of :443 in ":443, example.com" HOT 1
- Allow use of wildcard outside of `*.` prefix HOT 5
- Leverage caddy-l4 HOT 7
- Role of probe_resistance HOT 4
- [Feature request] Add custom DNS resolver
- Caddy shows "ResponseWriter doesn't implement http.Flusher" when enable access log and connect to a proxy server using HTTP/2 HOT 4
- Would using tokio improve performance? HOT 2
- Putty/WinScp HTTP Proxy
- insecure schemes are only allowed to localhost upstreams HOT 1
- basicauth can not work normally HOT 2
- Cannot connect to webrtc normally HOT 1
- Cannot connect to webrtc normally HOT 2
- Caddy2 support not only 443 port HOT 6
- The caddy2 version bahaves unexpectly. HOT 5
- where the "binaries" at? HOT 1
- "308 Permanent Redirect" HOT 2
- Download not available HOT 2
- Broken link in documentation pointing at blog article HOT 1
- Any change to support Cadddy log function ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from forwardproxy.