[isf-wifidog] AllowedURLs?
Jean-Philippe Menil
jean-philippe.menil at univ-nantes.fr
Jeu 3 Mar 16:00:53 EST 2011
Le 03/03/2011 21:58, Jean-Philippe Menil a écrit :
> Le 03/03/2011 21:07, David C. Moody a écrit :
>>
>> That must be a feature in a newer version? I'm using DD-WRT and if I put
>> in the command you gave me nothing appears in iptables. It just skips
>> over it. However if I put IP addresses they appear.
>>
>> Thanks for the help.
>>
>> On 3/3/11 2:33 PM, "Jean-Philippe Menil"
>> <jean-philippe.menil at univ-nantes.fr> wrote:
>>
>>> Le 03/03/2011 17:50, Andrew Niemantsverdriet a écrit :
>>>> David,
>>>>
>>>> There is not a great way to be able to do this. The best I have come
>>>> up with so far is is adding rules to the global FirewallRuleSet.
>>>>
>>>> So if I wanted to allow example.com I would add a rule to the firewall
>>>> set that looks like this:
>>>> FirewallRule allow tcp port 80 to 192.0.32.10
>>>>
>>>> This is not ideal and gets messy when you want to allow something that
>>>> uses a content delivery network as you have to list each and every IP.
>>>> Google for example has 8 different IP's and if you want to try a white
>>>> list something that is on that Akamai network you can pretty much
>>>> forget about it.
>>>>
>>>>
>>>> Thanks,
>>>> _
>>>> /-\ ndrew
>>>>
>>>>
>>>> On Wed, Mar 2, 2011 at 2:36 PM, David C. Moody<davidm at trustholiday.com>
>>>> wrote:
>>>>> Is there any feature in the wifidog config, where I can set allowed
>>>>> URLs?
>>>>> For example, I want to allow access to my company website without
>>>>> being
>>>>> authorized?
>>>>> I also have had trouble with https requests not being redirected to
>>>>> the
>>>>> authentication server? They just time out. Is there anything that
>>>>> can be
>>>>> done about that?
>>>>> Thanks,
>>>>> -David
>>>>>
>>>>> P Go Green! Print this email only when necessary. Thank you for
>>>>> helping
>>>>> Holiday Companies be environmentally responsible.
>>>>>
>>>>> _______________________________________________
>>>>> WiFiDog mailing list
>>>>> WiFiDog at listes.ilesansfil.org
>>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>>>
>>>> _______________________________________________
>>>> WiFiDog mailing list
>>>> WiFiDog at listes.ilesansfil.org
>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>> Or you can simply add the following:
>>>
>>> FirewallRule allow tcp port 80 to www.google.com
>>>
>>> iptables resolve the fqdn and append all the ip corresponding to it.
>>>
>>> Regards.
>>> _______________________________________________
>>> WiFiDog mailing list
>>> WiFiDog at listes.ilesansfil.org
>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>> -----
>> Go Green! Print this email only when necessary. Thank you for helping
>> Holiday Companies be environmentally responsible.
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> No,
> just an hack in the code.
>
> I you want it quickly, comment the line 553 ("all_nums = 1;") in conf.c
> But take care, without a test, the gateway daemon could segfault if a
> bad line is parsed.
>
> Regards.
>
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
And line 557, replace "all_nums = 0; /*< No longer only digits */"
by all_nums = 1;
As i said, it's works, but it's a poor hack to parse fqdn in the config
file without a test.
Feel free to implement a correct test.
Regards.
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 361 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20110303/2192d4f8/attachment-0001.vcf>
Plus d'informations sur la liste de diffusion WiFiDog