Bug 12567 - URL Filter whitelist issues on IPFire 2.25 - Core Update 153
Summary: URL Filter whitelist issues on IPFire 2.25 - Core Update 153
Status: NEW
Alias: None
Product: IPFire
Classification: Unclassified
Component: squidGuard (show other bugs)
Version: 2
Hardware: all All
: Will affect all users Minor Usability
Assignee: Assigned to nobody - feel free to grab it and work on it
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-24 16:14 UTC by Luca Ciabattoni
Modified: 2021-01-24 16:14 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Luca Ciabattoni 2021-01-24 16:14:54 UTC
Component affected:
URL Filter

Problem:
After upgrading a couple of IPFire installations from Core 146 to Core 153 they started to filter domains (and subdomains) that where explicity allowed in the Whitelist; this happen cause into the whitelist is specified also a subdomain.

Story:
Those installations, in my specific case, are configured to filter the "searchengines" and "webmail" category and "google.com" was into the whitelist but soon after the upgrade to Core 153, users weren't able to browse to "accounts.google.com" nor "www.google.com" nor "mail.google.com", but adding the exact subdomain (accounts.google.com or www.google.com...) into the Whitelist let them browse to those destinations.
After some tests I've found the real issue, into the whitelist was present also "play.google.com" subdomain and this caused some issues into the query engine of URL Filter, removing it finally restored the correct behavior allowing to browse to domain "google.com" and all of its subdomains.

Steps to reproduce: 
1- In URL Filter block any category (ex. "searchengines" and "webmail")
2- Put into the whitelist a domain and a subdomain (ex. google.com and mail.google.com)
3- Try to browse to a subdomain other than the one you specified above and you'll be blocked (ex. browse to www.google.com or accounts.google.com)
4- Remove from the whitelist the subdomain specified in step 2 (ex. mail.google.com)
5- Browse again and you'll be let to browse

Expected result:
Even if a domain and one of its subdomains are specified into the whitelist this should not break the URL Filter engine or, at least, throw an error to the user upon save if into the whitelist there's a domain and one of its subdomains. Anyway until Core 146 the whitelist was working regularly.

Reference:
https://community.ipfire.org/t/url-filter-whitelist-ignored-core-update-153/4359