[squid-users] Websockets over HTTPS not working in squid 4
Alex Rousskov
rousskov at measurement-factory.com
Fri Feb 22 17:23:30 UTC 2019
On 2/21/19 3:19 PM, Felipe Arturo Polanco wrote:
> Are you aware of any unofficial patch or something to tunnel
> websockets over HTTPS in squid?
Yes, Factory continues to work on this, but I am not ready to recommend
that unofficial code on this mailing list.
Alex.
> On Thu, Feb 21, 2019 at 5:33 PM Alex Rousskov wrote:
>
> On 2/21/19 2:11 PM, Felipe Arturo Polanco wrote:
>
> > I have been trying to make websockets work over HTTPS but so far I
> > haven't been able to.
>
>
> Official Squid cannot reliably detect and proxy native WebSocket
> traffic. Until that support is available, if WebSocket traffic reaches
> your intercepting Squid, then splicing suspected WebSocket connections
> based on TCP/TLS-level information is your only option. And, yes, that
> introduces lots of maintenance headaches, policy violations, and is not
> reliable.
>
> A bit more information about the topic is available on this 2018 thread:
> http://lists.squid-cache.org/pipermail/squid-users/2018-July/018581.html
>
> Alex.
>
>
> > I'm trying the following websites that use websockets and none of
> them work:
> > speedtest.net <http://speedtest.net> <http://speedtest.net>
> > web.whatsapp.com <http://web.whatsapp.com> <http://web.whatsapp.com>
> > https://slack.com/help/test
> >
> > If I explicitly splice those domain names in squid.conf they work
> fine.
> >
> > I'm not interested in bumping the websockets, I just want HTTPS
> > interception to work as well as websockets.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list