I was going to suggest the same as a workaround. Launching a browser in kiosk mode as a webapp on an RDP session should accomplish restricted https access to a particular application (haven't tried but sounds plausible). One possible advantage of this approach vs a standard proxy will be that you eliminate any possible issues that sometimes come up with proxies (e.g. WebRTC or Certs issues).
Every solution has its pros and cons. I have used Fortinet's SSL VPN Web mode for RDP and it has limitations vs Guac (no print redirect, no file sharing, no integrated copy-paste). The workaround for Fortinet's is to use it in tunnel model, but then that requires a client. So, everything has pros/cons. As a side note, in my experience Guac RDP is way faster than Fortinet's RDP over SSL VPN Web mode (or even tunnel mode; again, in my experience). The main advantage of Fortinet is that it is all done in a firewall unit (which you anyway need). That's Fortinet's approach: trying to offer everything under the sun on the firewall. Judging from one of the responses before, it might be that Guac doesn't want to go that route as a project. That would be fine with me. G. On Tue, Mar 29, 2022 at 7:52 AM Vendel Colja <[email protected]> wrote: > But what’s your problem? Just access a single webbrowser on a RDP host as > an application an you can access whatever http/https site via that browser. > If you’d like to restrict the range of pages, let’s say to a single site, > that’s subject to that browser and system you are accessing via guacamole > and RDP. > > > > Colja > > > > *Von:* Stefan Bogdan Cimpeanu [mailto:[email protected]] > *Gesendet:* Dienstag, 29. März 2022 13:28 > *An:* [email protected] > *Betreff:* Re: Support protocols > > > > I will get so much hate for this, but, there are other commercial > solutions that allow you to access webpages defined or user-provided from > within the solution, such as Fortinet. > > Different ACL’s can be implemented, 2FA, and all the bells and whistles. > > > > Bogdan > > > > On 29 Mar 2022, at 11:38, Ricardo García Arroyo <[email protected]> wrote: > > > > Hello, good morning. > > > > We ask because aur client is the ESA (European Space Agency). > > Is it possible to create a future release with ESA requirement with an > estimation (in time and value) of your work? My team and ESA would evaluate > your estimation. > > > > Thanks and regards. > > Ricardo > > > > *From:* Alessandro Sironi <[email protected]> > *Sent:* martes, 29 de marzo de 2022 9:18 > *To:* [email protected] > *Subject:* Re: Support protocols > > > > Hello, if you mean to be able to direct open a webpage in http(s) than > it’s definitely not possibile and not in any future release. > > Inviato da iPhone > > > > > Il giorno 29 mar 2022, alle ore 09:14, Ricardo García Arroyo < > [email protected]> ha scritto: > > > > Hello. > > > > We are using a NGINX proxy, we are asking that to know if in future > developments of the tools can be implemented the http(s) access like VNC or > RDP without the use of NGINX proxy. > > > > Thanks. > > Regards. > > Ricardo > > > > *From:* Sean Hulbert <[email protected]> > *Sent:* martes, 29 de marzo de 2022 9:11 > *To:* [email protected] > *Subject:* RE: Support protocols > > > > Guacamole absolutely can be accessed using http(s) , install it with NGINX > and proxy it. I do highly recommend TLSv1.3 since login information can be > seen outside a secure unnel. > > > > > > > > > > > > > > > > Sent by Android Ai hijacked INS communications 6G > > > > > > -------- Original message -------- > > From: Ricardo García Arroyo <[email protected]> > > Date: 3/28/22 11:57 PM (GMT-08:00) > > To: [email protected] > > Subject: Support protocols > > > > Good morning. > > > > I’m Ricardo from an IT company in Spain. > > > > My team and me are working in a project with Apache Guacamole tool. We > provide access to clients by VNC, RDP and SSH with guacamole. Our customer > requests us access by http or https. We watch that your tool doesn’t allow > this access for that moment. Is it possible a development for that or is > programed for future versions of Guacamole? > > > > If that question has been sent to a wrong email, can you tell me where can > I ask our question? > > > > Thanks and regards. > > Ricardo > > > -- *Confidentiality Notice*: This e-mail contains information that is privileged and confidential and subject to legal restrictions and penalties regarding its unauthorized disclosure or other use. You are prohibited from copying, distributing or otherwise using this information if you are not the intended recipient. If you have received this e-mail in error, please notify us immediately by return e-mail and delete this e-mail and all attachments from your system. Thank You.
