Quote:
Originally Posted by BAlfson
In the 'Transparent mode', the HTTP/S Proxy only captures traffic on ports 80 and 443, and that traffic is the only traffic scanned by the A-V engines. Instead of creating packet filter rules for other web traffic, you can put those services into 'Allowed services' on the 'Advanced' tab, and the Astaro will create the necessary rules for you. The traffic for these other services is NOT scanned by the A-V engines, nor is it otherwise handled by the Proxy.
|
You are correct. In transparent mode it only catches 80/443 and although the rules are created with allowed services, they can only be used if you point your browser to 8080.
Quote:
Originally Posted by BAlfson
If the FTP Proxy is enabled, should one remove FTP from the HTTP allowed services regardless of the mode one is in?
|
It doesn't matter if you remove it or not. FTP Proxy(frox) catches all ftp requests transparently on port 21 so the allowed services tab doesn't have any effect on transparent ftp proxy. If however you are pointing to 8080, the allowed services tab is handling all your traffic and ignores transparent ftp (frox).
Quote:
Originally Posted by BAlfson
Is it possible to make a port-20 request via port 8080? I must be ignorant of some fundamental principle.
|
Yes it is possible. As you can see in the second screenshot of my original post. If you put 8080 in your browser and ftp is in your allowed services, http proxy will handle port 21 requests for av and will even block requests if the url is blocked in content filter.