On Thursday, October 15, 2020, 5:28:03 PM GMT+2, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: >> In other words, I do not need to be specific with >> 'http_upgrade_request_protocols WebSocket allow all' unless I want >> to, right? > > Just in case somebody else starts copy-pasting the above rule into their > configurations: The standard (RFC 6455) WebSocket protocol name in HTTP > Upgrade requests is "websocket". Squid uses case-sensitive comparison > for those names so you should use "websocket" in squid.conf. OK, good to know because: squid-5.0.4-20200825-rf4ade365f/src/cf.data.pre contains: Usage: http_upgrade_request_protocols <protocol> allow|deny [!]acl ... The required "protocol" parameter is either an all-caps word OTHER or an explicit protocol name (e.g. "WebSocket") optionally followed by a slash and a version token (e.g. "HTTP/3"). Explicit protocol names and versions are case sensitive. That's why I used "WebSocket" instead of "websocket" in my example. To avoid confusion, cf.data.pre could be updated to be more clear. > The important part here is the existence of those extra transactions. > They may be related to SslBump if you are bumbing this traffic, but then > I would expect a slightly different access.log composition. Hmm, I'm supposed to be sslbumping, yes. I can share my full squid config & iptables redirection entries if you wish. > https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction I enabled debugging on a test system where I was the only client (one Firefox instance). The access log is here: https://drive.google.com/file/d/1jryX5BW4yxLTSBe0QDavPSiKLBpOvtnV/view?usp=sharing The only odd thing I see is a few ABORTED but they are all WOFF fonts which should be unimportant except for https://join-test.webex.com/mw3300/mywebex/header.do which is only a TCP refresh "abort". The overwhelming cache log is here (I've sed'ed a few strings for privacy reasons): https://drive.google.com/file/d/1QYRr-0F-DGnCZtyuuAw8RsEgcHICN_0c/view?usp=sharing I can see the upgrade messages are parsed: HttpHeader.cc(1548) parse: parsed HttpHeaderEntry: 'Upgrade: WebSocket' I suppose that adding the "Upgrade[66]" entry is as expected. Then, I get lost. I can see that Squid is trying to open ed1lncb62801.webex.com with https, but it is unclear to me why the ciient complains that the connection to the wss:// site is being interrupted: The connection to wss://ed1lncb62801.webex.com/direct?type=websocket&dtype=binary&rand=1602830016480&uuidtag=5659FGE6-DF29-47A7-859A-G4D5FDC937A2&gatewayip=PUB_IPv4_ADDR_2 was interrupted while the page was loading. Thanks for all the help you can give me. Vieri _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
