Search squid archive

Re: Squid 3 SSL bump: Google drive application could not connect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Already found this lonely right post ;) I have Google-Fu too :) And it longer than you :)

Anyway,

all of these issues solved.

I have snoop (not Windoze wireshark - all great things makes in console, ya!) and take a look on single client traffic during bumping.

As I haven't iptables (no penguins, please!), but I have Cisco 2911, I pass some Windows Update, Symantec Update (which is not work too) bypassing Squid.

Cisco is greatest. All others are probably suxx :)

The complete solution looks like:

access-list 121 remark ACL for HTTPS WCCP
access-list 121 remark Squid proxies bypass
access-list 121 deny   ip host 192.168.200.3 any
access-list 121 remark WU bypass
access-list 121 deny tcp any 191.232.0.0 0.7.255.255
access-list 121 deny tcp any 65.52.0.0 0.3.255.255
access-list 121 remark Symantec bypass
access-list 121 deny tcp any host 195.215.221.99
access-list 121 deny tcp any host 195.215.221.104
access-list 121 deny tcp any host 213.248.114.172
access-list 121 deny tcp any host 213.248.114.173
access-list 121 deny tcp any host 213.248.114.174
access-list 121 deny tcp any host 213.248.114.175
access-list 121 deny tcp any host 77.67.22.168
access-list 121 deny tcp any host 77.67.22.171
access-list 121 deny tcp any host 77.67.22.173
access-list 121 deny tcp any host 213.248.114.171
access-list 121 remark LAN clients proxy port 443
access-list 121 permit tcp 192.168.0.0 0.0.255.255 any eq 443
access-list 121 remark all others bypass WCCP
access-list 121 deny   ip any any

So, all others issue solves similar.

Want to do something good - do it yourself!

That's the way. :)

30.12.2014 23:39, Rafael Akchurin пишет:
>
> Hello Yuri,
>

>
> Luckily the same topic was just discussed on our forum – please see if this can help https://groups.google.com/d/msg/quintolabs-content-security-for-squid-proxy/GKIV3FpYSBE/9IET-4hg_tEJ
>

>
> It describes the iptables settings for successful SSL bump exclusions for Dropbox clients / Google Drive / iTunes (bypassing SSL Bump because of SSL Pinning).
>

>
> Best regards,
>
> Raf
>

>
> *From:*squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] *On Behalf Of *Rafael Akchurin
> *Sent:* Tuesday, December 30, 2014 4:23 PM
> *To:* Yuri Voinov; squid-users@xxxxxxxxxxxxxxxxxxxxx
> *Subject:* Re: Squid 3 SSL bump: Google drive application could not connect
>

>
> ​Only exclusion from SSL Bump as far as I know.
>

>
> raf
>
> -------------------------
>
> *From:*Yuri Voinov <yvoinov@xxxxxxxxx <mailto:yvoinov@xxxxxxxxx>>
> *Sent:* Tuesday, December 30, 2014 3:19 PM
> *To:* Rafael Akchurin; squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
> *Subject:* Re: Squid 3 SSL bump: Google drive application could not connect
>

>
>
> May be.
>
> Does workaround exists?
>
> 30.12.2014 20:09, Rafael Akchurin ?????:
> > SSL Pinning? (I know Dropbox does this)
>
>
>
> > my two cents only :)
>
>
>
> > Raf
>
>
>
> > ________________________________________
>
> > From: squid-users <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>
>
> <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>on behalf of Yuri Voinov <mailto:yvoinov@xxxxxxxxx>
>
> <yvoinov@xxxxxxxxx> <mailto:yvoinov@xxxxxxxxx>
>
> > Sent: Tuesday, December 30, 2014 2:12 PM
>
> > To: <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>
> squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>
> > Subject: Squid 3 SSL bump: Google drive application could not     connect
>
>
>
> > Hi gents,
>
>
>
> > I found strange issue.
>
>
>
> > Squid 3.4.10. Intercept. HTTPS bumping. All works fine. All configs correct.
>
>
>
> > Whenever all web https sites works perfectly - especially in Chrome,
>
> > most cloud clients works like charm (SpiderOak is!), Google Drive client
>
> > application (PC) could not work.
>
> > Note: Web Google Docs works. Web Google drive works.
>
>
>
> > Note: Google support info - even I if pass dozen Google URL's without
>
> > bump - cannot help. It doesn't work when server-first bumping is on and
>
> > works othervise.
>
>
>
> > So, the Serious Question is: Why? :)
>
>
>
> > Any idea?
>
>
>
>
>
>
>
>
>
> > _______________________________________________
>
> > squid-users mailing list
>
> > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>
> squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>
> > <http://lists.squid-cache.org/listinfo/squid-users>
>
> http://lists.squid-cache.org/listinfo/squid-users
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUowFgAAoJENNXIZxhPexGHxkIAM2mb+OjhevZWpgdwiKHP2E0
D+8UM6/c7OZcJ2uSjIWN7DG0h+b86/ATul+9S+mZHl1DLBYpGUKW9J5I3iIQb+sr
5xR2ReFkuFeSpZASXex2yq5lfmACPdiUzI9iVhe7DPJqKJNiIzvHLq4ZRnjJN4Ih
0u0NGuPKfkkWFJ/SmXAceEdS7sT/lT0cVm1JgpurVzipelBUNbLQUd0yKrpbIz2x
ia7gwu3ZFi2aY2DvrfP7ntkoZpLl+SyDI/PkFIEaAr2+KaMcTbUXVQcVTZ7S6eLu
pgCNil0x8AFApWSIg+P68DcFcIS/nUIvNqXjuvr0ikqGwLEAqvueM6LPKifsdSg=
=J+Cs
-----END PGP SIGNATURE----- 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux