I have a web proxy working. Everything seems to be fine, but when I go to the site habr.com (a popular IT site), the pictures on this site do not load. And the site seems to have loaded, but it still loads in the window tab. Can anyone help with this problem? Here, I have attached all the photos. Also photos
Trying to load a image directly, using the address, gives βservice unavailableβ ( without any blocking messages in IPFire!).
Seems to be a problem with the site.
https://habrastorage.org/getpro/habr/upload_files/381/d01/371/381d01371b27e9fbcbcd9702749fab51.jpg
nslookup habrastorage.org
Non-authoritative answer:
Name: habrastorage.org
Addresses: 2a01:4f9:3b:48e8::4115:7879
2a01:4f9:4a:2897::5fd9:6b0c
45.120.177.159
Β―\_(γ)_/Β―
Best Regards
when im using another proxy everything works good and everything is fine with the pictures.
I cant find solution for my problem. Do you have ideas?
As @tphz showed, it is a problem of a βhostileβ IP. Access is dropped by the firewall option βDrop packets from and to hostile networksβ.
BTW: popularity is no measure for security. 
Looking up the IP indicates that it is part of an autonomous system number that is known to support hostile activities such as hacking, spamming and various criminal activities. As also shown by @tphz this means that it is listed in the Hostile Networks list.
location lookup 45.120.177.159
45.120.177.159:
Network : 45.120.176.0/23
Country : Netherlands
Autonomous System : AS44477 - STARK INDUSTRIES SOLUTIONS LTD
Hostile Network safe to drop: yes
Here is an article about Stark Industries.
https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/
Basically habr dot com are using a hosting provider that is considered in that article to be
Hummel said when he considers the worst of all the hosting providers out there today, Stark Industries is consistently near or at the top of that list.
Maybe this will help:
the problem is solved, you just need to add exceptions to iptables for this ip
iptables -I HOSTILE_DROP_OUT -p tcp -d 45.120.177.159 --dport 443 -j ACCEPT
iptables -I HOSTILE_DROP_IN -p tcp -s 45.120.177.159 --sport 443 -j ACCEPT
As per the documentation
https://www.ipfire.org/docs/configuration/firewall/firewall-local
it is recommended not to modify the default iptables chains (which can be dangerous if there is any error or the rules work differently compared to expected) and to edit the extra custom chains as those pass packets before going through the rest of the ruleset.