Hey Vieri, I have tested the wiki pages again to make sure it's not misleading and.. I have used the next regex: ## START OF FILE # Web.whatsapp.com ^(w[0-9]+|[a-z]+\.)?web\.whatsapp\.com$ # Whatsapp CDN issue .whatsapp\.net$ ## EOF Which seems a bit more accurate then what's in the wiki. If it works for your use case the same I think the should be updated. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx -----Original Message----- From: Vieri [mailto:rentorbuy@xxxxxxxxx] Sent: Tuesday, June 30, 2020 11:57 AM To: Squid Users; Eliezer Croitoru Subject: Re: Squid 4 and on_unsupported_protocol On Tuesday, June 30, 2020, 8:50:09 AM GMT+2, Eliezer Croitoru <ngtech1ltd@xxxxxxxxx> wrote: > > I can try to re-produce this setup locally to make sure that it works as described in the docs. Thanks! > So couple details: > * PC Windows(What OS?) client with firefox Windows 10, Windows 7 Firefox ESR 68.5.0 > * Are you Intercepting the traffic or using Squid as a simple forward proxy defined in the browser or OS proxy settings? Intercepting with TPROXY. > Can you share a basic squid.conf (cleaned of personal details) to make sure where and how these rules should be applied? Here it goes (client traffic is intercepted/bumped): squid.conf: acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager include /etc/squid/squid.include include /etc/squid/squid.include.rules http_access allow localhost http_access deny all coredump_dir /var/cache/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 squid.include: acl explicit myportname 3128 acl intercepted myportname 3129 acl interceptedssl myportname 3130 http_port 3128 http_port 3129 tproxy https_port 3130 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/ssl/squid/proxyserver.pem sslflags=NO_DEFAULT_CA tls_outgoing_options flags=DONT_VERIFY_PEER sslcrtd_program /usr/libexec/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 16MB sslcrtd_children 40 startup=20 idle=10 cache_dir diskd /var/cache/squid 32 16 256 squid.include.common: cache_mgr admin@xxxxxxxxxx email_err_data on error_directory /usr/share/squid/errors/custom client_lifetime 480 minutes squid.include.hide: httpd_suppress_version_string on dns_v4_first on via off forwarded_for transparent squid.include.rules: external_acl_type nt_group ttl=0 children-max=50 %LOGIN /usr/libexec/squid/ext_wbinfo_group_acl -K auth_param negotiate program /usr/libexec/squid/negotiate_kerberos_auth -s HTTP/fwprox.domain.org@xxxxxxxxxx auth_param negotiate children 60 auth_param negotiate keep_alive on acl localnet src 10.0.0.0/8 acl localnet src 192.168.0.0/16 acl ORG_all proxy_auth REQUIRED external_acl_type bllookup ttl=86400 negative_ttl=86400 children-max=80 children-startup=10 children-idle=3 concurrency=8 %PROTO %DST %PORT %PATH /opt/custom/scripts/run/scripts/firewall/ext_sql_blwl_acl.pl --table=shallalist_bl --categories=adv,aggressive,alcohol,anonvpn,automobile_bikes,automobile_boats,automobile_cars,automobile_planes,chat,costtraps,dating,drugs,dynamic,finance_insurance,finance_moneylending,finance_other,finance_realestate,finance_trading,fortunetelling,forum,gamble,hacking,hobby_cooking,hobby_games-misc,hobby_games-online,hobby_gardening,hobby_pets,homestyle,imagehosting,isp,jobsearch,military,models,movies,music,podcasts,politics,porn,radiotv,recreation_humor,recreation_martialarts,recreation_restaurants,recreation_sports,recreation_travel,recreation_wellness,redirector,religion,remotecontrol,ringtones,science_astronomy,science_chemistry,sex_education,sex_lingerie,shopping,socialnet,spyware,tracker,updatesites,urlshortener,violence,warez,weapons,webphone,webradio,webtv acl privileged_src_ips src "/SAMBA/proxy-settings/allowed.ips" acl privileged_extra1_src_ips src "/SAMBA/proxy-settings/allowed.extra1.ips" acl privileged_user_groups external nt_group "/SAMBA/proxy-settings/allowed.groups" acl direct_dst_domains dstdomain "/SAMBA/proxy-settings/allowed.direct" acl good_dst_domains dstdomain "/SAMBA/proxy-settings/allowed.domains" acl good_dst_domains_with_any_filetype dstdomain "/SAMBA/proxy-settings/allowed.domains.filetypes" acl good_dst_domains_with_any_mimetype dstdomain "/SAMBA/proxy-settings/allowed.domains.mimetypes" acl good_urls_any_useragent url_regex "/SAMBA/proxy-settings/allowed.useragents.urls" acl good_urls url_regex "/SAMBA/proxy-settings/allowed.urls" acl bad_dst_domains dstdomain "/SAMBA/proxy-settings/denied.domains" acl bad_dst_ccn_domains dstdomain "/SAMBA/proxy-settings/denied.ccn.domains" acl bad_dst_ccn_ips dst "/SAMBA/proxy-settings/denied.ccn.ips" acl limited_dst_domains_1 dstdomain "/SAMBA/proxy-settings/denied.extra1.domains" acl bad_ads url_regex "/SAMBA/proxy-settings/denied.ads" acl bad_filetypes urlpath_regex -i "/SAMBA/proxy-settings/denied.filetypes" acl bad_requested_mimetypes req_mime_type -i "/SAMBA/proxy-settings/denied.mimetypes" acl limited_requested_mimetypes_1 req_mime_type -i "/SAMBA/proxy-settings/denied.extra1.mimetypes" acl bad_replied_mimetypes rep_mime_type -i "/SAMBA/proxy-settings/denied.mimetypes" acl limited_replied_mimetypes_1 rep_mime_type -i "/SAMBA/proxy-settings/denied.extra1.mimetypes" acl restricted_requested_mimetypes_1 req_mime_type -i "/SAMBA/proxy-settings/denied.restricted1.mimetypes" acl restricted_replied_mimetypes_1 rep_mime_type -i "/SAMBA/proxy-settings/denied.restricted1.mimetypes" acl restricted_good_dst_domains_1 dstdomain "/SAMBA/proxy-settings/allowed.restricted1.domains" acl restricted_src_ips_1 dst "/SAMBA/proxy-settings/allowed.restricted1.ips" acl explicit_only_src_ips src "/SAMBA/proxy-settings/restricted.ips" acl explicit_only_user_groups external nt_group "/SAMBA/proxy-settings/restricted.groups" acl explicit_only_dst_domains dstdomain "/SAMBA/proxy-settings/restricted.domains" acl bl_lookup external bllookup acl bad_urlshorteners dstdomain "/etc/squidGuard/db/HMANshallalist/urlshortener/domains" acl redirected_domains_1 dstdomain .some.domain.com .some.other.domain.com acl redirected_domains_2 dstdomain anotherdomain.com acl redirected_urls_1 url_regex ^https://domain.com/path/ acl good_useragents req_header User-Agent Firefox/ acl good_useragents req_header User-Agent Edge/ acl good_useragents req_header User-Agent Microsoft-CryptoAPI/ acl src_ips_with_any_useragent src "/SAMBA/proxy-settings/allowed.useragents.ips" acl dst_domains_with_any_useragent dstdomain "/SAMBA/proxy-settings/allowed.useragents.domains" acl dst_ips_with_any_useragent dst "/SAMBA/proxy-settings/allowed.useragents.dst.ips" http_access deny explicit !ORG_all http_access deny explicit SSL_ports http_access deny intercepted !localnet http_access deny interceptedssl !localnet acl foreignProtocol squid_error ERR_PROTOCOL_UNKNOWN ERR_TOO_BIG acl serverTalksFirstProtocol squid_error ERR_REQUEST_START_TIMEOUT on_unsupported_protocol tunnel foreignProtocol on_unsupported_protocol tunnel serverTalksFirstProtocol on_unsupported_protocol respond all http_access allow CONNECT interceptedssl SSL_ports http_access deny !good_useragents !src_ips_with_any_useragent !dst_domains_with_any_useragent !dst_ips_with_any_useragent !good_urls_any_useragent deny_info http://inf-fw2.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_useragents good_useragents deny_info http://inf-fw2.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_useragents src_ips_with_any_useragent deny_info http://inf-fw2.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_useragents dst_domains_with_any_useragent deny_info http://inf-fw2.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_useragents dst_ips_with_any_useragent http_access allow localnet !explicit_only_src_ips good_dst_domains http_access allow localnet !explicit_only_src_ips good_urls http_access allow localnet !explicit_only_src_ips good_urls_any_useragent http_access allow localnet !explicit_only_src_ips privileged_src_ips http_reply_access allow localnet !explicit_only_src_ips privileged_src_ips http_reply_access allow localnet !explicit_only_src_ips good_dst_domains http_reply_access allow localnet !explicit_only_src_ips good_urls http_access allow explicit_only_src_ips explicit_only_dst_domains http_access deny explicit_only_src_ips http_access deny redirected_domains_1 deny_info 302:http://some.domain.com redirected_domains_1 http_access deny redirected_domains_2 deny_info 302:https://anotherdomain.com redirected_domains_2 http_access deny redirected_urls_1 deny_info 302:http://some.domain.com redirected_urls_1 http_access deny !privileged_src_ips bad_urlshorteners deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_urlshorteners bad_urlshorteners http_access allow restricted_requested_mimetypes_1 restricted_good_dst_domains_1 http_access allow restricted_requested_mimetypes_1 restricted_src_ips_1 http_reply_access allow restricted_replied_mimetypes_1 restricted_good_dst_domains_1 http_reply_access allow restricted_replied_mimetypes_1 restricted_src_ips_1 http_access allow limited_requested_mimetypes_1 privileged_extra1_src_ips limited_dst_domains_1 http_reply_access allow limited_replied_mimetypes_1 privileged_extra1_src_ips limited_dst_domains_1 http_access deny restricted_requested_mimetypes_1 http_reply_access deny restricted_replied_mimetypes_1 deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_mimetypes restricted_replied_mimetypes_1 deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_mimetypes restricted_requested_mimetypes_1 http_access deny limited_requested_mimetypes_1 http_reply_access deny limited_replied_mimetypes_1 deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_mimetypes limited_requested_mimetypes_1 deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_mimetypes limited_replied_mimetypes_1 http_access deny !privileged_src_ips bad_dst_domains deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_dst_domains bad_dst_domains http_access deny bad_dst_ccn_domains deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_dst_ccn bad_dst_ccn_domains http_access deny bad_dst_ccn_ips deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_dst_ccn bad_dst_ccn_ips http_access allow privileged_extra1_src_ips limited_dst_domains_1 http_access deny limited_dst_domains_1 deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=limited_dst_domains_1 limited_dst_domains_1 http_access deny bad_filetypes !good_dst_domains_with_any_filetype http_reply_access deny bad_filetypes !good_dst_domains_with_any_filetype deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_filetypes bad_filetypes http_access deny bad_requested_mimetypes !good_dst_domains_with_any_mimetype http_reply_access deny bad_replied_mimetypes !good_dst_domains_with_any_mimetype deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_mimetypes bad_requested_mimetypes deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_mimetypes bad_replied_mimetypes http_access allow localnet bl_lookup deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_dst_domains_bl all debug_options rotate=1 ALL,1 append_domain .domain.org reply_header_access Alternate-Protocol deny all acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex "/SAMBA/proxy-settings/allowed.direct" ssl_bump peek DiscoverSNIHost ssl_bump splice NoSSLIntercept ssl_bump bump all icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_encode off icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 icap_service antivirus respmod_precache bypass=0 icap://127.0.0.1:1344/clamav adaptation_access antivirus allow all include /etc/squid/squid.include.common include /etc/squid/squid.include.hide cache_mem 32 MB max_filedescriptors 65536 icap_service_failure_limit -1 icap_persistent_connections off Regards, Vieri _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
