Page MenuHomeVyOS Platform

Webproxy overhaul
Closed, ResolvedPublic

Description

Web proxy CLI is quite good, but in some areas it leaves much to be desires.

First, it defaults to transparent proxy, which is widely recognized as a bad idea.
Second, it mixes two unrelated concepts: web proxy itself and traffic redirection required to make it transparent.
Third, it gives the user no control over the redirection.

When we get to rewriting the webproxy scripts, we should remove any transparent proxy functionality from there, and use explicit redirect rules.

In the meantime, an option to exclude specific addresses from redirection may be a viable way to alleviate the problem somewhat. A migration script for converting that to actual NAT rules can be implemented.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)