Thanks,
# Begin of "/etc/squid/squid.conf"
acl localnet src 192.168.15.0/24
acl SSL_ports port 8443
acl SSL_ports port 443
acl SSL_ports port 563
acl SSL_ports port 22
acl SSL_ports port 21
acl SSL_ports port 8081
acl SSL_ports port 3478
acl SSL_ports port 563
acl SSL_ports port 8085
acl SSL_ports port 2083
acl SSL_ports port 2221
acl SSL_ports port 2222
acl SSL_ports port 950
acl SSL_ports port 10443
acl SSL_ports port 23389
acl SSL_ports port 5222
acl SSL_ports port 9090
acl SSL_ports port 7792
acl SSL_ports port 2222
acl SSL_ports port 8443
acl SSL_ports port 2223
acl SSL_ports port 90
acl SSL_ports port 19305
acl Safe_ports port 20
acl Safe_ports port 21
acl Safe_ports port 22
acl Safe_ports port 70
acl Safe_ports port 80
acl Safe_ports port 90
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 443
acl Safe_ports port 488
acl Safe_ports port 563
acl Safe_ports port 591
acl Safe_ports port 631
acl Safe_ports port 777
acl Safe_ports port 901
acl Safe_ports port 950
acl Safe_ports port 1025-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 ssl-bump cert=/etc/squid/certs/squid-ca-cert-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
http_port 3129 intercept ssl-bump cert=/etc/squid/certs/squid-ca-cert-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
https_port 3130 intercept ssl-bump cert=/etc/squid/certs/squid-ca-cert-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex "/etc/squid/acl.url.nobump"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all
tls_outgoing_options cafile=/etc/squid/ca-bundle.crt
sslproxy_foreign_intermediate_certs /etc/squid/certs/lets-encrypt-r3.pem
tls_outgoing_options cafile=/etc/squid/mozilla.pem
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 64 startup=16 idle=4 concurrency=0
url_rewrite_bypass off
debug_options ALL,2
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
cache_mgr informatica@xxxxxxxxxxxxxxxxxx
error_default_language es
dns_v4_first on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl SSL_ports port 8443
acl SSL_ports port 443
acl SSL_ports port 563
acl SSL_ports port 22
acl SSL_ports port 21
acl SSL_ports port 8081
acl SSL_ports port 3478
acl SSL_ports port 563
acl SSL_ports port 8085
acl SSL_ports port 2083
acl SSL_ports port 2221
acl SSL_ports port 2222
acl SSL_ports port 950
acl SSL_ports port 10443
acl SSL_ports port 23389
acl SSL_ports port 5222
acl SSL_ports port 9090
acl SSL_ports port 7792
acl SSL_ports port 2222
acl SSL_ports port 8443
acl SSL_ports port 2223
acl SSL_ports port 90
acl SSL_ports port 19305
acl Safe_ports port 20
acl Safe_ports port 21
acl Safe_ports port 22
acl Safe_ports port 70
acl Safe_ports port 80
acl Safe_ports port 90
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 443
acl Safe_ports port 488
acl Safe_ports port 563
acl Safe_ports port 591
acl Safe_ports port 631
acl Safe_ports port 777
acl Safe_ports port 901
acl Safe_ports port 950
acl Safe_ports port 1025-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 ssl-bump cert=/etc/squid/certs/squid-ca-cert-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
http_port 3129 intercept ssl-bump cert=/etc/squid/certs/squid-ca-cert-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
https_port 3130 intercept ssl-bump cert=/etc/squid/certs/squid-ca-cert-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex "/etc/squid/acl.url.nobump"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all
tls_outgoing_options cafile=/etc/squid/ca-bundle.crt
sslproxy_foreign_intermediate_certs /etc/squid/certs/lets-encrypt-r3.pem
tls_outgoing_options cafile=/etc/squid/mozilla.pem
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 64 startup=16 idle=4 concurrency=0
url_rewrite_bypass off
debug_options ALL,2
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
cache_mgr informatica@xxxxxxxxxxxxxxxxxx
error_default_language es
dns_v4_first on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# End of "/etc/squid/squid.conf"
---
# Begin of "/etc/squid/acl.url.nobump"
.whatsapp\.net
(w[0-9]+[a-z]+)\.squid-cache\.org
(w[0-9]+[a-z]+)\.websocket\.org
(w[0-9]+[a-z]+)\.reniec\.gob\.pe
(w[0-9]+[a-z]+)\.squid-cache\.org
(w[0-9]+[a-z]+)\.websocket\.org
(w[0-9]+[a-z]+)\.reniec\.gob\.pe
# End of "/etc/squid/acl.url.nobump"
El dom, 30 de may. de 2021 a la(s) 22:19, NgTech LTD (ngtech1ltd@xxxxxxxxx) escribió:
Hey,can you please share your squid.conf (Excluded sensitive details) so we can try to recommend a solution?בתאריך יום ב׳, 31 במאי 2021, 4:03, מאת Alex Irmel Oviedo Solis <alleinerwolf@xxxxxxxxx>:Good night, I'm having problems with a transparent squid proxy (with squidGuard enabled). Whatsapp's web client doesn't work, I tried to add an exclusion to SSL Bump following this manual https://wiki.squid-cache.org/ConfigExamples/Chat/Whatsapp, but still not working._______________________________________________
Are there any way to probe or debug if this exclusion is working?
--"Una alegría compartida se transforma en doble alegría; una pena compartida, en media pena."--> http://www.alexove.me--> Celular (Movistar): +51-959-625-001--> Sigueme en Twitter: http://twitter.com/alexove_pe
--> Perfil: http://fedoraproject.org/wiki/user:alexove
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
"Una alegría compartida se transforma en doble alegría; una pena compartida, en media pena."
--> http://www.alexove.me
--> Celular (Movistar): +51-959-625-001
--> Sigueme en Twitter: http://twitter.com/alexove_pe
--> Perfil: http://fedoraproject.org/wiki/user:alexove
--> Perfil: http://fedoraproject.org/wiki/user:alexove
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
