Users can access a web service with a non-standard port when proxy restrictions set to allow standard ports only

book

Article ID: 222180

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

WSS Policy restrictions enabled for all users as shown below

Restrict proxy traffic to standard ports enabled so that only traffic to ports 80/443 are sent 

Users trying to access Web sites on non standard ports allowed through despite restrictions e.g. users accessing http://portquiz.net:8888/ or http://pridding.serveftp.com:5000 are allowed through successfully

 

Cause

Product defect 

Environment

Applied to all WSS access methods

Can work with Broadcom Support to add policy changes to block 

Resolution

Fixed with WSS Portal update released August 20 2021.

Additional Information

It may be that WSS administrators wanted to allow ALL Web traffic through WSS but given the above defect the setting was left to restrict access to standard ports. After the fix, we will start to filter traffic the way the product was designed to work.

Any customer that has used web services with non-standard ports (80 / 443), will need to change settings to the default value to not restrict ports.

Attachments