[squid-users] Problem rtmp traffic through Squid
Amos Jeffries
squid3 at treenet.co.nz
Wed Feb 13 13:38:57 UTC 2019
On 14/02/19 2:19 am, Герасимов Никита Вячеславович wrote:
> Thanks, but a guess we already opened:
> We have settings like this:
>
> diff squid.conf squid.conf.old
> 40c40
> < acl SSL_ports port 443 563 1935
> ---
>> acl SSL_ports port 443 563
>
> acl imind_ru_flash port 1935 1936
> acl imind_ru_webrtc port 10000-30000
> acl imind_ru_net dst 185.102.121.96/27 185.102.121.0/27
> acl imind_ru dstdomain .imind.ru
> http_access allow vlan_202 CONNECT imind_ru_flash imind_ru_net
> http_access allow vlan_202 CONNECT imind_ru_webrtc imind_ru_net
> http_access allow vlan_202 myusers imind_ru
>
> acl crl url_regex "/etc/squid/crl"
> http_access allow crl
>
Okay. That should be letting the tunnels through the proxy *if* the
transactions are attempted.
One trick that sometimes works is firewall rules to forbid direct
Browser access to those ports (aka "bypassing the proxy"). The player
may have CONNECT tunnel support as a fallback option when the usually
more reliable direct service is blocked.
Otherwise, Maybe try a different player software?
RTMP is a standardized protocol so there are a number of software that
support it. IIRC some had at least basic support for HTTP proxies last
time I looked at these things.
NP: Do not be tempted to intercept the traffic into Squid. The proxy
will either reject the streams completely, or mangle them in ways that
cause annoying display problems worse than a clear failure-to-connect
message.
HTH
Amos
More information about the squid-users
mailing list