You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ http_proxy=http://localhost:4750/ curl http://yahoo.com/Failed to connect to remote host: proxyconnect tcp: The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'
The smokescreen log is as follows:
{"level":"info","msg":"starting","time":"2023-06-22T12:09:26+03:00"}
{"address":"localhost:1234","error":"The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'","level":"error","msg":"unexpected illegal address in dialer","time":"2023-06-22T12:10:39+03:00"}
{"id":"cia103qhq4rca8e50ep0","inbound_remote_addr":"127.0.0.1:52026","level":"error","msg":"Failed to connect to remote host: proxyconnect tcp: The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'","proxy_type":"http","requested_host":"yahoo.com","start_time":"2023-06-22T09:10:39.498762117Z","time":"2023-06-22T12:10:39+03:00","trace_id":""}
{"allow":true,"content_length":134,"decision_reason":"destination address was denied by rule, see error","dns_lookup_time_ms":9,"enforce_would_deny":false,"error":"proxyconnect tcp: The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'","id":"cia103qhq4rca8e50ep0","inbound_remote_addr":"127.0.0.1:52026","level":"error","msg":"CANONICAL-PROXY-DECISION","project":"","proxy_type":"http","requested_host":"yahoo.com","role":"","start_time":"2023-06-22T09:10:39.498762117Z","time":"2023-06-22T12:10:39+03:00","trace_id":""}
I think this behavior is incorrect, because the address of the proxy is supplied by the system administrator, and so should be considered trusted. The request should thus be allowed to go through.
Run smokescreen as follows:
$ http_proxy=http://localhost:1234/ ./smokescreenNow try to tunnel a request through it:
The smokescreen log is as follows:
{"level":"info","msg":"starting","time":"2023-06-22T12:09:26+03:00"} {"address":"localhost:1234","error":"The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'","level":"error","msg":"unexpected illegal address in dialer","time":"2023-06-22T12:10:39+03:00"} {"id":"cia103qhq4rca8e50ep0","inbound_remote_addr":"127.0.0.1:52026","level":"error","msg":"Failed to connect to remote host: proxyconnect tcp: The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'","proxy_type":"http","requested_host":"yahoo.com","start_time":"2023-06-22T09:10:39.498762117Z","time":"2023-06-22T12:10:39+03:00","trace_id":""} {"allow":true,"content_length":134,"decision_reason":"destination address was denied by rule, see error","dns_lookup_time_ms":9,"enforce_would_deny":false,"error":"proxyconnect tcp: The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'","id":"cia103qhq4rca8e50ep0","inbound_remote_addr":"127.0.0.1:52026","level":"error","msg":"CANONICAL-PROXY-DECISION","project":"","proxy_type":"http","requested_host":"yahoo.com","role":"","start_time":"2023-06-22T09:10:39.498762117Z","time":"2023-06-22T12:10:39+03:00","trace_id":""}I think this behavior is incorrect, because the address of the proxy is supplied by the system administrator, and so should be considered trusted. The request should thus be allowed to go through.
Reproduced on 8dd3072.
The text was updated successfully, but these errors were encountered: