SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000196: HTTPS bypasses content filter domain block list - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000196Endian FirewallApplication Level Proxiespublic2007-06-23 13:262008-02-02 07:28
hooptie 
peter-endian 
normalminoralways
closedfixed 
2.1 
2.2-beta1 
0000196: HTTPS bypasses content filter domain block list
I'm trying to block access to web proxies setup by peacefire.org. Unfortunately, users can use https:// to bypass the content filter entirely. If a domain name / ip address is in the blocklist and is transmitted over the network in cleartext, why is it still bypassing the content filter?

The only solution I've found is to disallow port 443 on the "Allow SSL Ports" under the proxy configuration; however, that has a number other more-annoying side effects. Any idea why?
No tags attached.
Issue History
2007-06-23 13:26hooptieNew Issue
2007-10-27 21:15peter-endianStatusnew => resolved
2007-10-27 21:15peter-endianFixed in Version => 2.2
2007-10-27 21:15peter-endianResolutionopen => fixed
2007-10-27 21:15peter-endianAssigned To => peter-endian
2007-10-27 21:15peter-endianNote Added: 0000579
2007-12-20 20:48AnonymousNote Added: 0000709
2007-12-20 20:48AnonymousStatusresolved => confirmed
2008-01-08 12:15peter-endianNote Deleted: 0000709
2008-01-08 12:16peter-endianStatusconfirmed => resolved
2008-02-02 07:28raphael-endianStatusresolved => closed

Notes
(0000579)
peter-endian   
2007-10-27 21:15   
Should not be anymore a problem within version 2.2
Could you please try and report back?