Results 1 to 3 of 3
  1. #1
    Master Untangler
    Join Date
    Oct 2014
    Location
    Norway
    Posts
    121

    Default internal login site block bypassed

    Okey. So this is not an external security problem. But from the internal network. It is.
    So I set up my Untangle box to block all access to untangle webpage/login except for one port on my box that one pc is on using filter rules. Also I only use https. This works great.
    Now all the internal ports/wireless cards are bridged to my internal port that goes to the switch.
    And most of this is blocked communication from each other except from those on the switch.(especially wireless)
    This also works great.


    Now here is the problem.
    If I by any device wireless or not go to my external ip of my gateway. Just add https://external-IP
    I get a cert warning that I just bypass. And now I'm on the untangle login page.
    Can anyone replicate this? And if so How can I block this?
    The reports says under local: remote on admin login if I login that is.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    You can control this with input filter rules.
    http://wiki.untangle.com/index.php/F...t_Filter_Rules

    However, as noted it is not recommended. It is instead recommended to set a good password and not share it.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler
    Join Date
    Oct 2014
    Location
    Norway
    Posts
    121

    Default

    I figured it was at the input rules. But I could not make any rules to fix it until I saw the "allow https on non-wan" rule. Disabled it. All good
    thx for your time

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2