[squid-users] Squid + ICQ contest ;)

Amos Jeffries squid3 at treenet.co.nz
Mon Oct 26 21:14:19 UTC 2015

On 27/10/2015 9:36 a.m., Yuri Voinov wrote:
> The problem is: I can't see most part of ICQ traffic. Because of it uses
> non-HTTP/HTTPS/FTP ports. Only with sniffer.

Okay, that should not matter much. That part of the traffic there is
nothing we can do about in Squid.

> Looks like this:
> 1. Login starts over 5190 port with CONNECT method. And normal squid's
> config blocks it - this is non-SSL port.


> 2. If we add this port to SSL_ports acl, connect starts via HTTP over
> HTTPS port. Squid's prohibit it too. If we relax config (and make it
> less secure!), login phase goes next step.

Pause, how does Squid prohibit that _exactly_ ?

Maybe somebody else can find a way to do it without loosing security.

> 3. And finally Squid got XML-answer via HTTP/HTTPS, which is visible by
> squid, and at this moment client got "Login denied, check
> login/password". Whenever right or wrong password.

Okay. That sounds a bit like it could be from something Squid is adding
(or not adding).

Actually seeing those request and reply messages here would help a lot.


More information about the squid-users mailing list