[squid-users] Problems with websockets

Alex Rousskov rousskov at measurement-factory.com
Tue Jun 8 16:08:56 UTC 2021 

On 6/8/21 11:55 AM, Alex Irmel Oviedo Solis wrote:
> I have been trying to do it by placing the rules from line 86
> to line 91 in squid.conf

acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex "/etc/squid/acl.url.nobump"

ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all

I wonder if your acl.url.nobump regexes do not match step2 CONNECT URIs.
The current cache.log snippet does not show that detail. Consider
posting more detailed logs that show ACL matching attempts (e.g., "ALL,3
28,7"?).

Alex.


> El mar, 8 de jun. de 2021 a la(s) 10:45, Alex Rousskov
> (rousskov at measurement-factory.com
> <mailto:rousskov at measurement-factory.com>) escribió:
> 
>     On 6/8/21 11:36 AM, Alex Irmel Oviedo Solis wrote:
>     > Hello all, I'm having problems with squid 4.11 on RHEL 8.4. I was
>     trying
>     > to access to whatsapp with no luck, but I'm currently to test with
>     > https://www.websocket.org/echo.html
>     <https://www.websocket.org/echo.html>,  the errors in both cases are
> 
>     > http.cc(723) processReplyHeader: HTTP Server RESPONSE:
>     > HTTP/1.1 400 WebSocket Upgrade Failure
> 
>     Squid v4 does not fully support HTTP Upgrade (it drops it). You should
>     splice connections to websocket services or use
>     http_upgrade_request_protocols available in Squid v5.
> 
>     HTH,
> 
>     Alex.
>     P.S. Thank you for providing detailed triage information!
> 
> 
>     > My squid.conf is in https://paste.centos.org/view/b98e8510
>     <https://paste.centos.org/view/b98e8510>
>     > My cache.log is in https://paste.centos.org/view/a2b6ac81
>     <https://paste.centos.org/view/a2b6ac81>
>     > My access.lorg is in https://paste.centos.org/view/eef2180a
>     <https://paste.centos.org/view/eef2180a>
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>
>     http://lists.squid-cache.org/listinfo/squid-users
>     <http://lists.squid-cache.org/listinfo/squid-users>
> 
> 
> 
> -- 
> //"Una alegría compartida se transforma en doble alegría; una pena
> compartida, en media pena."//
> --> http://www.alexove.me <http://www.alexove.me/>
> --> Celular (Movistar): +51-959-625-001
> --> Sigueme en Twitter: http://twitter.com/alexove_pe
> <http://twitter.com/alexove_pe>
> --> Perfil: http://fedoraproject.org/wiki/user:alexove
> <http://fedoraproject.org/wiki/user:alexove>

More information about the squid-users mailing list