[squid-users] Squid Websocket Issue

Hardik Dangar hardikdangar+squid at gmail.com
Mon Dec 19 13:16:59 UTC 2016

Based on Amos's Answer,

acl serverIsws ssl::server_name .w0.whatsapp.com
acl serverIsws ssl::server_name .w1.whatsapp.com

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump !serverIsws all
ssl_bump splice all

will above work ?

Or should i splice first and bump all others later?

This is very interesting. I will definitely try this when i will reach

On Mon, Dec 19, 2016 at 6:40 PM, Eliezer Croitoru <eliezer at ngtech.co.il>

> I can give a hint that once you see the request you can identify using an
> ICAP\ECAP services couple details about the request.
> Basically I had a regex which allowed any what's app traffic to be spliced
> by the SNI domain name.
> It should be something like "w[0-9]+\.web\.whatsapp\.com$" to match the
> required domains for whatsapp to be spliced.
> If nobody will try it before me it's on my todo list for this release
> (3.5.23, 4.0.17).
> Eliezer
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
> Behalf Of Amos Jeffries
> Sent: Monday, December 19, 2016 8:51 AM
> To: Hardik Dangar <hardikdangar+squid at gmail.com>
> Cc: Squid Users <squid-users at lists.squid-cache.org>
> Subject: Re: [squid-users] Squid Websocket Issue
> On 19/12/2016 12:14 p.m., Hardik Dangar wrote:
> > can you give me one example please ?
> > like in the above example.
> > w4.web.whatsapp.com domain is fixed
> > are you suggesting i can create acl and by pass it to squid ?
> >
> You are the first person to ask about WhatsApp traffic.
> These might be a useful starting point
> <http://wiki.squid-cache.org/Features/SslPeekAndSplice#
> Configuration_Examples>
> What the examples are doing for banks is what you want to do for WhatsApp.
> The trick though will be figuring out how to splice *before* seeing what
> type of HTTP request exists inside the tunnel. If you are lucky the app
> will be using SNI.
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161219/db5c03e0/attachment.html>

More information about the squid-users mailing list