On another system where we had an test webserver, connections through the network are accepted, but http://127.0.0.1/index.html is blocked.
Now this happens on systems where I haven't touched the FW Rules (or HIPS settings in general) in a long while. So I'm wondering whether something might have changed in the way HIPS is handling localhost.
Do I (we) now need to explicitly declare localhost (127.0.0.1) as a trusted address ? Is there something else ?
the NDIS firewall drive sits on the system at a very low level in software, so i guess it does not know about 127.0.0.1 passing the NDIS network card/driver , as only ''include local subnet automatically' is included in the Trusted Networks by default.
Even so, you will still need to create rules allowing traffic flow to 'trusted networks'. Adding subnets to the Trusted Networks list is only a way of 'tagging' subnets for use within the firewall rules policy (you choose Trusted under the Address as opposed to Any,Range, Domain etc or the other options) , it does not mean that they are automatically excluded from all firewall rules, you may have already known this.
Thanks for your answer, I disagree on more than one point.
Fact is, we have rules that have been working for over 5 years(*). I've been using HIPS for a year and the rules worked fine. Since I patched HIPS, those rules don't work any more. I investigate and find that all of a sudden HIPS behaves as if localhost is not to be trusted, and I have all my users complaining that "nothing works any more".
Why do I have to patch rules that were fine because HIPS changes? Additional, this blocks most of Windows' internal mechanism as processes access several services through calls to localhost that are now blocked!
Second, we consider here that "include local subnet automatically" may be the most dangerous thing to do. We use HIPS mostly on laptops. Those travel and are not always in our network (hence the necessity for a local FW). So, the local network essentially is not to be trusted (for laptops or mobile PCs)!
But 127.0.0.1 should IMHO always be trusted... it's the one thing that oughta be trusted by default
(*) we were using Mcafee Desktop FW and adapted our rules in the meantime.
That does sound strange, if it has been working previously, i did not realise that, i thought it was only a new application that was causing it.
I do agree with the concerns about Trusted Networks, i myself have also chosen not to use them for that reason. CAG and CAG rules work best, as criteria can be defined by more that just subnets, which is only what trusted networks provide. The only reason i mentinoed Trusted networks is because you mentinoed trusted address's in your first post, so i was assuming you may have tried experimenting with Trusted Networks.