[squid-users] Web Whatsapp, Dropbox... problem
Alex Rousskov
rousskov at measurement-factory.com
Wed Sep 14 23:31:13 UTC 2016
On 09/14/2016 05:01 PM, erdosain9 wrote:
> acl step1 at_step SslBump1
> acl excludeSSL ssl::server_name_regex web/.whatsapp/.com
>
> ssl_bump peek step1
> ssl_bump splice excludeSSL
> ssl_bump bump all
>
> I dont get nothing about web.whatsapp.com in access.log
I suspect you just do not know how to find relevant access.log records.
The first logged CONNECT (that I would expect to see) will not have
web.whatsapp.com domain name, but will have one of its IP addresses.
> except this, a lot of time after i close the tab window of web browser...:
> 1473879972.435 37929 192.168.1.172 TCP_TUNNEL/200 1069 CONNECT
> web.whatsapp.com:443 - HIER_DIRECT/31.13.85.51 -
>
> Just that
That is not nothing! That is exactly what I would expect -- an
indication of a successfully established tunnel, splicing client and
server connections. Keep in mind that Squid logs transactions when they
are over, not when they start. A tunnel may last for hours or more...
I trust that you do not expect to see HTTP transactions (besides opening
CONNECT) that happen inside the tunnel. After splicing SSL connections,
Squid does not (and cannot) inspect what happens inside the resulting
tunnel.
Alex.
More information about the squid-users
mailing list