How should I configure proxy application along outpost?

[Mac123]

Hi,
I'm new to outpost, just moved from Sygate pro, because of loopback vulnirability.

I'll appreciate your help, in how I should configure Outpost, with Tor, a proxy application, which accept connection at 127.0.0.1.

So, I want is tell outpost to restrict my browser to contact only the proxy, and don't accept any direct contact with internet, so allow the browser to connect to the localhost address 127.0.0.1 only.

Thanks for ur help

[minoka]

Hello Mac123 and welcome,

Assuming you are using OP 2.5, please have a look at A Guide to Producing a Secure Configuration for Outpost and Outpost 2.5 - what to expect first.
I also assume you have already TORifyed your browser. OP should prompt you for a rule for tor when you launch the browser and try to access a site. I use proxomitron, perhaps tor works the same. For ready reference, the rules for proxomitron look like this (in the preset.lst file):

[The Proxomitron]
VisibleState: 0
Exe:
The Proxomitron, proxomitron.exe
DefaultState: 1
RuleName: The Proxomitron connection
Protocol: TCP
RemotePort: 80-83, 443, 1080, 3128, 8080, 8088, 11523
Direction: Outbound
AllowIt

DefaultState: 1
RuleName: Block incoming Proxomitron connection
Protocol: TCP
Direction: Inbound
BlockIt

DefaultState: 1
RuleName: Allow local Proxomitron connection
Protocol: TCP
RemoteHost: 127.0.0.1
Direction: Inbound
AllowIt

Please don't hesitate to ask for more info/help if you need it.

[Paranoid2000]

Quote:

Originally Posted by Mac123

I'm new to outpost, just moved from Sygate pro, because of loopback vulnirability.

Just a quick note - Outpost has a default global "Allow Loopback" rule which unfortunately creates a similar vulnerability. However this can be disabled (and the Secure Configuration guide mentioned previously does recommend this), after which any program trying to access a local proxy will then need a rule permitting it access to 127.0.0.1.

If you wish to restrict your browser to access via Tor only, then remove all existing rules and create the following (if your browser is connecting directly to the Tor client):

Browser Tor Access: Protocol TCP, Outgoing, Remote Host 127.0.0.1, Remote Port 9050, Allow

It is possible to use a web filter like Proxomitron with Tor (see the Wilders thread Setting up Tor/Proxomitron+SocksCap for details on this), in which case Proxomitron should have the above rule (along with one allowing incoming access from 127.0.0.1) and your browser should instead have the following:

Browser Proxomitron Access: Protocol TCP, Outgoing, Remote Host 127.0.0.1, Remote Port 8080, Allow

If you change the ports used for Proxomitron (8080 by default) or Tor (9050 by default) then you will need to amend the above rules accordingly. This just leaves the rules for the Tor client itself:

Tor Network Access: Protocol TCP, Outgoing, Remote Port 9001-9004, 9030-9033, 9100, Allow
Tor Incoming Connection: Protocol TCP, Incoming, Remote Host 127.0.0.1, Local Port 9050, Allow

[Mac123]

Thanks for your valuable help.
Just to make sure, that I'm secure with my configuration:
I'm using Sockscap along TOR, and here is my rule for Firefox, and Trillian (Like ICQ):

Tor Config:

Tor Access 1: Protocol TCP, Outbound, Remote Host 127.0.0.1, Remote Port 80, 443, 9001-9004, 9030-9033, 9100, Allow
Tor Access 2: Protocol TCP, inbound, Remote Host 127.0.0.1,

Firefox config:

FF Access 1: Protocol TCP, Outbound, Remote Host 127.0.0.1,
FF Access 2: Protocol TCP, inbound, Remote Host 127.0.0.1,

Trillian config:

Trillian access: Protocol TCP, Outbound, Remote Host 127.0.0.1

Thanks for your feedback

[Paranoid2000]

You could probably remove the incoming rule for Firefox (it does connect with itself on startup, apparently this is for the Password Manager function) but aside from that, the rules look OK.