Following is my squid config :
http_port 3129 intercept
https_port 3131 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
generate-host-certificates=off dynamic_cert_mem_cache_size=2MB
## For Captive Portal
http_port 3132 intercept
https_port 3133 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
generate-host-certificates=off dynamic_cert_mem_cache_size=1MB
#sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
#sslcrtd_children 5
# TLS/SSL bumping definitions
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3
# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect all # peek at TLS/SSL connect data
ssl_bump splice all # splice: no active bumping
pinger_enable off
digest_generation off
netdb_filename none
ipcache_size 128
fqdncache_size 128
via off
forwarded_for transparent
httpd_suppress_version_string on
cache deny all
cache_mem 0 MB
memory_pools off
shutdown_lifetime 3 seconds
#logfile_daemon /dev/null
access_log none
#acl good_url dstdomain .yahoo.com
http_access allow all
url_rewrite_program /tmp/squid/urlcat
url_rewrite_children 3 startup=1 idle=1 concurrency=10
#url_rewrite_access allow all
#url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
https_port 3131 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
generate-host-certificates=off dynamic_cert_mem_cache_size=2MB
## For Captive Portal
http_port 3132 intercept
https_port 3133 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
generate-host-certificates=off dynamic_cert_mem_cache_size=1MB
#sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
#sslcrtd_children 5
# TLS/SSL bumping definitions
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3
# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect all # peek at TLS/SSL connect data
ssl_bump splice all # splice: no active bumping
pinger_enable off
digest_generation off
netdb_filename none
ipcache_size 128
fqdncache_size 128
via off
forwarded_for transparent
httpd_suppress_version_string on
cache deny all
cache_mem 0 MB
memory_pools off
shutdown_lifetime 3 seconds
#logfile_daemon /dev/null
access_log none
#acl good_url dstdomain .yahoo.com
http_access allow all
url_rewrite_program /tmp/squid/urlcat
url_rewrite_children 3 startup=1 idle=1 concurrency=10
#url_rewrite_access allow all
#url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
url_rewrite_extras "%>a %lp %ssl::>sni"
----------------------------------------------------------------------------------------------
I am redirecting port 80 and port 443 traffic to squid..
I went through some blogs and forums which suggest that Whatsapp seems to send non SSL traffic on port 443 (https://developers.facebook.com/docs/whatsapp/guides/network-requirements/)
And since I am running in intercept mode, it seems to terminate non-SSL traffic as well..
Could someone kindly suggest how to bypass this..
--
Thank You
Chirayu Patel
Truecom Telesoft
+91 8758484287
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users