Problem with squid proxy and "https://connector.myqnapcloud.com"

roberto · 15 March 2024 08:04

Hi.

Due to “Anomaly detections based on Autonomous Systems information”, there is an error when accessing the QNap website “https://connector.myqnapcloud.com” with the following error:

Adding the following to “firewall.local” doesn’t seem to work:

#!/bin/sh
# Used for private firewall rules

# See how we were called.
case "$1" in
  start)
        ## add your 'start' rules here
	/sbin/iptables -t nat -A CUSTOMPREROUTING -p tcp --dport 443 -d connector.myqnapcloud.com -j ACCEPT
        ;;
  stop)
        ## add your 'stop' rules here
	/sbin/iptables -t nat -F CUSTOMPREROUTING
        ;;
  reload)
        $0 stop
        $0 start
        ## add your 'reload' rules here
	/sbin/iptables -t nat -F CUSTOMPREROUTING
	/sbin/iptables -t nat -A CUSTOMPREROUTING -p tcp --dport 443 -d connector.myqnapcloud.com -j ACCEPT
        ;;
  *)
        echo "Usage: $0 {start|stop|reload}"
        ;;
esac

Disabling the “Deny access to destinations hosted on selectively announced networks:” option seems to work.

Thanks and good day.

arne_f · 15 March 2024 10:01

squid doesn’t proxy real https: connections. It is only used for https if this is configured in the browser. In this case the browser make a connection on the configured port to squid and squid fetch the https page for the client.

So you cannot redirect this with a port443 firewall rule at all. If you need an excection you have to do this in the browser config (or via WPAD)

roberto · 18 March 2024 07:24

Okay @arne_f.

Now apparently there are problems loading “https://www.amazon.es/”.

If I do the same procedure (uncheck the proxy box) it works, but with it checked, it doesn’t work.

If this is so, the list of urls in the WPad would be endless.

Greetings.

bonnietwin · 18 March 2024 07:45

I have had the same issues. I have commented in the bug that was previously raised on this issue.

https://bugzilla.ipfire.org/show_bug.cgi?id=13236