[squid-users] websockets through Squid

Vieri rentorbuy at yahoo.com
Fri Oct 16 07:35:24 UTC 2020


 On Thursday, October 15, 2020, 5:28:03 PM GMT+2, Alex Rousskov <rousskov at measurement-factory.com> wrote: 

>> In other words, I do not need to be specific with
>> 'http_upgrade_request_protocols WebSocket allow all' unless I want
>> to, right?
>
> Just in case somebody else starts copy-pasting the above rule into their
> configurations: The standard (RFC 6455) WebSocket protocol name in HTTP
> Upgrade requests is "websocket". Squid uses case-sensitive comparison
> for those names so you should use "websocket" in squid.conf.

OK, good to know because:

squid-5.0.4-20200825-rf4ade365f/src/cf.data.pre contains:
        Usage: http_upgrade_request_protocols <protocol> allow|deny [!]acl ...

        The required "protocol" parameter is either an all-caps word OTHER or an
        explicit protocol name (e.g. "WebSocket") optionally followed by a slash
        and a version token (e.g. "HTTP/3"). Explicit protocol names and
        versions are case sensitive.

That's why I used "WebSocket" instead of "websocket" in my example. To avoid confusion, cf.data.pre could be updated to be more clear.


> The important part here is the existence of those extra transactions.
> They may be related to SslBump if you are bumbing this traffic, but then
> I would expect a slightly different access.log composition.

Hmm, I'm supposed to be sslbumping, yes. I can share my full squid config & iptables redirection entries if you wish.

> https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction

 I enabled debugging on a test system where I was the only client (one Firefox instance).

The access log is here:

https://drive.google.com/file/d/1jryX5BW4yxLTSBe0QDavPSiKLBpOvtnV/view?usp=sharing

The only odd thing I see is a few ABORTED but they are all WOFF fonts which should be unimportant except for https://join-test.webex.com/mw3300/mywebex/header.do which is only a TCP refresh "abort".

The overwhelming cache log is here (I've sed'ed a few strings for privacy reasons):

https://drive.google.com/file/d/1QYRr-0F-DGnCZtyuuAw8RsEgcHICN_0c/view?usp=sharing

I can see the upgrade messages are parsed:

HttpHeader.cc(1548) parse: parsed HttpHeaderEntry: 'Upgrade: WebSocket'

I suppose that adding the "Upgrade[66]" entry is as expected.

Then, I get lost. I can see that Squid is trying to open ed1lncb62801.webex.com with https, but it is unclear to me why the ciient complains that the connection to the wss:// site is being interrupted:

The connection to wss://ed1lncb62801.webex.com/direct?type=websocket&dtype=binary&rand=1602830016480&uuidtag=5659FGE6-DF29-47A7-859A-G4D5FDC937A2&gatewayip=PUB_IPv4_ADDR_2 was interrupted while the page was loading.

Thanks for all the help you can give me.

Vieri



More information about the squid-users mailing list