Project

General

Profile

Anomalie #7857

nginx renvoit 403 pour les reseaux indirectement connectés

Added by Christophe Dezé about 7 years ago. Updated almost 7 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Category:
-
Start date:
Due date:
05/16/2014
% Done:

100%

Estimated time:
1.50 h
Spent time:
Distribution:
EOLE 2.3

Description

lorsque l'on ajoute des routes statiques ,elle ne sont pas pris en compte par nginx pour wpad

il faudrait rajouter dans le module geo
route_adresse/CIDR route_int;

et dans le module server
pour chaque
location /wpad.route_int{
...
allow route_adresse/CIDR;
}

nginx.default.patch View (1.21 KB) Christophe Dezé, 04/04/2014 09:04 AM


Related issues

Related to eole-reverseproxy - Tâche #8208: Gestion des routes statiques dans wpad.dat Fermé 03/31/2015

Associated revisions

Revision 2534d263 (diff)
Added by Joël Cuissinat almost 7 years ago

Prise en compte des routes statiques par WPAD

  • tmpl/nginx.default : prise en compte des routes dans les modules geo et server

Fixes: #7857 @1h
Thanks: Christophe DEZE

Revision 83d54cb7
Added by Joël Cuissinat almost 7 years ago

Merge branch '2.3' Ref #7857

History

#1 Updated by Christophe Dezé about 7 years ago

--- distrib/nginx.default   2013-11-28 15:38:32.000000000 +0100
+++ modif/nginx.default 2014-04-04 09:00:33.588201931 +0200
@@ -272,6 +272,14 @@
 %if %%nombre_interfaces >= "5" 
 %%gen_geo_zone("4")
 %end if
+
+%if %%activer_route == "oui" 
+%for %%indirectnet in %%route_adresse
+%%indirectnet/%%calc_classe(%%indirectnet.route_netmask) %%indirectnet.route_int;
+%end for
+%end if
+
+
 }
 %def gen_wpad(%%nb_zone)
     location /wpad.eth%%{nb_zone} {
@@ -283,6 +291,7 @@
         %for %%alias_addr_eth in %%getVar('alias_ip_eth' + %%nb_zone)
         allow %%getattr(%%alias_addr_eth, %%alias_net)/%%calc_classe(%%getattr(%%alias_addr_eth, %%alias_mask));
         %end for
+
     %end if
     %if %%getVar('vlan_eth' + %%nb_zone) == "oui" 
         %set %%vlan_net = 'adresse_network_vlan_eth' + %%nb_zone
@@ -291,6 +300,13 @@
         allow %%getattr(%%vlan_id, %%vlan_net)/%%calc_classe(%%getattr(%%vlan_id, %%vlan_mask));
         %end for
     %end if
+%if %%activer_route == "oui" 
+    %for %%indirectnet in %%route_adresse
+        %if %%indirectnet.route_int == 'eth' + %%nb_zone
+            allow %%indirectnet/%%calc_classe(%%indirectnet.route_netmask);
+        %end if
+    %end for
+%end if
         deny all;
     }
 %end def

#3 Updated by Joël Cuissinat about 7 years ago

  • Project changed from Amon to eole-reverseproxy
  • Status changed from Nouveau to A étudier
  • Target version set to Mises à jour 2.3.13

#4 Updated by Daniel Dehennin almost 7 years ago

  • Due date set to 05/16/2014

#5 Updated by Joël Cuissinat almost 7 years ago

  • Status changed from A étudier to Accepté
  • Assigned To set to Joël Cuissinat
  • Estimated time set to 1.50 h

+ à reporter en 2.4

#6 Updated by Joël Cuissinat almost 7 years ago

  • Status changed from Accepté to Résolu
  • % Done changed from 0 to 100

#7 Updated by Joël Cuissinat almost 7 years ago

  • paquet candidat : eole-reverseproxy (>=2.3-eole100~2)
  • commit mergé dans master

#8 Updated by Daniel Dehennin almost 7 years ago

  • Status changed from Résolu to Fermé

Configuration:

  • amon eth1: 10.2.1.1
  • linux mint: 10.2.1.10
  • client wget: 10.4.1.10 derrière 10.2.1.10
eole@linuxmint:~$ wget -q -O - --bind-address=10.4.1.10 http://wpad/wpad.dat
function FindProxyForURL(url, host) {
    if ( isInNet(host, "127.0.0.1", "255.255.255.255") ||
            isInNet(host, "10.2.1.0", "255.255.255.0")
        )
    {
        return "DIRECT";
    };
    return "PROXY 10.2.1.1:3128";
}

À voir si les routes statiques ne devraient pas être en DIRECT, par exemple :

function FindProxyForURL(url, host) {
    if ( isInNet(host, "127.0.0.1", "255.255.255.255") ||
            isInNet(host, "10.2.1.0", "255.255.255.0")
            || isInNet(host, "10.4.1.0", "255.255.255.0") // Routes statiques

        )
    {
        return "DIRECT";
    };
    return "PROXY 10.2.1.1:3128";
}

Also available in: Atom PDF