Pedro Guimarães
Apr 06, 2018
4:19 pm

Is the Firewall api broken?

Hi,

I'm developing an app that uses the Firewall API. The flow of the add rules procedure in my application is:

- Receive a list of domains to be blocked from our web application

- Remove any old rules that might be set already in the Firewall

- Create and add DomainFilterRules for all browsers installed on device

- Enable the Firewall with:

 firewall.enableFirewall(true)

It's all fine and dandy and works as expected. The issue comes when I disable the firewall. According to the API rules are not enforced anymore if you call enableFirewall passing false as parameter:


firewall.enableFirewall(false)

 

So I'd expect the rules to not be enforced anymore and the browsers packages are allowed to access any desired domain but that's not what happens. The firewall is indeed disabled (isFirewallEnabled() returns false) but the rules are still enforced in the native Samsung Browser and Firefox. They are not enforced in Chrome. As a workaround I added a method to remove all firewall rules before disabling it, which shouldnt't be needed.

 

Is the API broken? It's definitely not working as expected.

Similar topics

No similar topics found.
Samuel Goldwax
Apr 11, 2018
7:32 pm

Hi Pedro,

DomainFilterRules are actually not enforced depending on whether or not the firewall is enabled, as that only controls IP Firewall rules. We're waiting on confirmation about whether or not this is intended. Also your note on DomainFilterRules not being enforced on Chrome, this seems to be a new issue that arises with Chrome 65 that we're also working on.

Thanks,
Sam

Sean P Kropaczewski
Apr 15, 2018
5:57 pm

What Exactly are you trying to do? Disabling the intended use for your Application or Trying to add exceptions? Are you making a build Prop for stored settings? Theres really no need to disable the service parameter. Are you attempting to enable a breakpoint for credential purposes and an encrypted url pipe to another pool service protecting logins for data Exchange to the Site or App with Matching Certificate based credentials? (I might as well post my ss number on fb)