[squid-users] Squid Websocket Issue

Eliezer Croitoru eliezer at ngtech.co.il
Mon Dec 19 13:10:43 UTC 2016

I can give a hint that once you see the request you can identify using an ICAP\ECAP services couple details about the request.
Basically I had a regex which allowed any what's app traffic to be spliced by the SNI domain name.
It should be something like "w[0-9]+\.web\.whatsapp\.com$" to match the required domains for whatsapp to be spliced.
If nobody will try it before me it's on my todo list for this release (3.5.23, 4.0.17).


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Amos Jeffries
Sent: Monday, December 19, 2016 8:51 AM
To: Hardik Dangar <hardikdangar+squid at gmail.com>
Cc: Squid Users <squid-users at lists.squid-cache.org>
Subject: Re: [squid-users] Squid Websocket Issue

On 19/12/2016 12:14 p.m., Hardik Dangar wrote:
> can you give me one example please ?
> like in the above example.
> w4.web.whatsapp.com domain is fixed
> are you suggesting i can create acl and by pass it to squid ?

You are the first person to ask about WhatsApp traffic.

These might be a useful starting point

What the examples are doing for banks is what you want to do for WhatsApp.

The trick though will be figuring out how to splice *before* seeing what type of HTTP request exists inside the tunnel. If you are lucky the app will be using SNI.


squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list