[squid-users] websocket with sslbump

Niels Hofmans hello at ironpeak.be
Wed Mar 10 07:41:47 UTC 2021

Hi Alex,

Thank you for your response. I’ll be opening up a Bugzilla ticket for opaque messages through ICAP if it doesn’t exist already.
Related to the squid 5.x, I’ve reached out to the debian package maintainer last week for a binary install in the repos but no response as of yet.

Best regards,
Niels Hofmans

SITE   https://ironpeak.be
BTW   BE0694785660
BANK BE76068909740795

On 9 Mar 2021, at 16:58, Alex Rousskov <rousskov at measurement-factory.com> wrote:

On 3/8/21 10:10 AM, Niels Hofmans wrote:

> During testing sslbump + icap I noticed that websockets (ws + was) are
> not supported by squid. (Even if using on_unsupported_protocol)
> Are there any plans for supporting this with sslbump?

Your question can be misinterpreted in many different ways. I will
answer the following related question instead:

Q: Are there any plans for Squid to send tunneled traffic through
adaptation services?

The ICAP and eCAP protocols cannot support opaque/messageless traffic
natively. Squid can be enhanced to wrap tunneled traffic into something
resembling HTTP messages so that it can be analyzed using adaptation
services (e.g., Squid applies similar wrapping to FTP traffic already).

I recall occasional requests for such a feature. I am not aware of
anybody working on that right now.



P.S. Latest Squids support forwarding websocket tunnels that use HTTP
Upgrade mechanism (see http_upgrade_request_protocols in v5

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210310/607384d2/attachment.htm>

More information about the squid-users mailing list