Search squid archive

Re: Squid Websocket Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Can we start from 0.
Currently when squid knows about the Connection being a one with websocket support it is already too late to do anything about this specific connection.
The only option for now is to identify these using some ICAP service that will for example redirect the request after a small delay that will add the destination domain ip address to a bypass list.
It’s not trivial but I have seen such implementation on ssl bump.

Can you please redirect me to the specific email with the bug details?

Eliezer

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx


From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Hardik Dangar
Sent: Monday, January 2, 2017 8:47 AM
To: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
Cc: Squid Users <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re:  Squid Websocket Issue

@amos or anyone else from dev team

Can you confirm this is intentional behavior or bug ?

On Mon, Jan 2, 2017 at 9:18 AM, Alex Rousskov <mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 12/27/2016 04:50 AM, Hardik Dangar wrote:

> If i remove !serverIsws somehow websockets will not work.

Then there is a bug somewhere AFAICT. It is your call whether to find
out what that bug is [while continuing to use a potentially dangerous
workaround].

Alex.


> On Tue, Dec 20, 2016 at 10:27 PM, Alex Rousskov wrote:
>
>     On 12/20/2016 02:42 AM, Hardik Dangar wrote:
>     > Following changes in config works and whatsapp starts working,
>     >
>     > acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$
>     >
>     > acl step1 at_step SslBump1
>     > ssl_bump peek step1
>     > ssl_bump splice serverIsws
>     > ssl_bump bump !serverIsws all
>
>     You do not need the "!serverIsws" part because if serverIsws matches,
>     then the splice rule wins, and Squid does not reach the bump rule. This
>     configuration is sufficient:
>
>       ssl_bump peek step1
>       ssl_bump splice serverIsws
>       ssl_bump bump all
>
>     In theory, adding "!serverIsws" does not hurt. However, negating complex
>     ACLs is tricky/dangerous and should be avoided when possible.
>
>     Alex.
>
>


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux