Page MenuHomeVyOS Platform

Webproxy is prohibited from listening on all IP addresses
Needs testing, Requires assessmentPublicBUG


Currently, an explicit locally configured listen-address is required in the webproxy configuration. But there might be situations when an IP address assigning dynamically or can change during work. For such cases, the http_port option in the squid.conf should contain IP address or only port value.
Of course, this is an insecure config, but it can be protected by a firewall rule.

We need to allow in listen-address or make it non-mandatory to fix this.


Difficulty level
Easy (less than an hour)
1.4-rolling-202102060218, 1.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline


set service webproxy default-port '3128'
set service webproxy listen-address disable-transparent
set service webproxy url-filtering squidguard default-action 'block'
set service webproxy url-filtering squidguard local-ok ''
set service webproxy url-filtering squidguard local-ok ''

check connections

vyos@r2-roll:~$ show system connections | match 3128
tcp        0      0  *               LISTEN
Viacheslav changed the task status from Open to Needs testing.Feb 22 2021, 10:46 AM