[squid-users] Squid 3 SSL bump: Google drive application could not connect

Yuri Voinov yvoinov at gmail.com
Tue Dec 30 19:47:44 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Already found this lonely right post ;) I have Google-Fu too :) And it
longer than you :)

Anyway,

all of these issues solved.

I have snoop (not Windoze wireshark - all great things makes in console,
ya!) and take a look on single client traffic during bumping.

As I haven't iptables (no penguins, please!), but I have Cisco 2911, I
pass some Windows Update, Symantec Update (which is not work too)
bypassing Squid.

Cisco is greatest. All others are probably suxx :)

The complete solution looks like:

access-list 121 remark ACL for HTTPS WCCP
access-list 121 remark Squid proxies bypass
access-list 121 deny   ip host 192.168.200.3 any
access-list 121 remark WU bypass
access-list 121 deny tcp any 191.232.0.0 0.7.255.255
access-list 121 deny tcp any 65.52.0.0 0.3.255.255
access-list 121 remark Symantec bypass
access-list 121 deny tcp any host 195.215.221.99
access-list 121 deny tcp any host 195.215.221.104
access-list 121 deny tcp any host 213.248.114.172
access-list 121 deny tcp any host 213.248.114.173
access-list 121 deny tcp any host 213.248.114.174
access-list 121 deny tcp any host 213.248.114.175
access-list 121 deny tcp any host 77.67.22.168
access-list 121 deny tcp any host 77.67.22.171
access-list 121 deny tcp any host 77.67.22.173
access-list 121 deny tcp any host 213.248.114.171
access-list 121 remark LAN clients proxy port 443
access-list 121 permit tcp 192.168.0.0 0.0.255.255 any eq 443
access-list 121 remark all others bypass WCCP
access-list 121 deny   ip any any

So, all others issue solves similar.

Want to do something good - do it yourself!

That's the way. :)

30.12.2014 23:39, Rafael Akchurin пишет:
>
> Hello Yuri,
>
> 
>
> Luckily the same topic was just discussed on our forum – please see if
this can help
https://groups.google.com/d/msg/quintolabs-content-security-for-squid-proxy/GKIV3FpYSBE/9IET-4hg_tEJ
>
> 
>
> It describes the iptables settings for successful SSL bump exclusions
for Dropbox clients / Google Drive / iTunes (bypassing SSL Bump because
of SSL Pinning).
>
> 
>
> Best regards,
>
> Raf
>
> 
>
> *From:*squid-users [mailto:squid-users-bounces at lists.squid-cache.org]
*On Behalf Of *Rafael Akchurin
> *Sent:* Tuesday, December 30, 2014 4:23 PM
> *To:* Yuri Voinov; squid-users at lists.squid-cache.org
> *Subject:* Re: [squid-users] Squid 3 SSL bump: Google drive
application could not connect
>
> 
>
> ​Only exclusion from SSL Bump as far as I know.
>
> 
>
> raf
>
> -------------------------
>
> *From:*Yuri Voinov <yvoinov at gmail.com <mailto:yvoinov at gmail.com>>
> *Sent:* Tuesday, December 30, 2014 3:19 PM
> *To:* Rafael Akchurin; squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> *Subject:* Re: [squid-users] Squid 3 SSL bump: Google drive
application could not connect
>
> 
>
>
> May be.
>
> Does workaround exists?
>
> 30.12.2014 20:09, Rafael Akchurin ?????:
> > SSL Pinning? (I know Dropbox does this)
>
>
>
> > my two cents only :)
>
>
>
> > Raf
>
>
>
> > ________________________________________
>
> > From: squid-users <mailto:squid-users-bounces at lists.squid-cache.org>
>
> <squid-users-bounces at lists.squid-cache.org>
<mailto:squid-users-bounces at lists.squid-cache.org>on behalf of Yuri
Voinov <mailto:yvoinov at gmail.com>
>
> <yvoinov at gmail.com> <mailto:yvoinov at gmail.com>
>
> > Sent: Tuesday, December 30, 2014 2:12 PM
>
> > To: <mailto:squid-users at lists.squid-cache.org>
>
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>
> > Subject: [squid-users] Squid 3 SSL bump: Google drive application
could not     connect
>
>
>
> > Hi gents,
>
>
>
> > I found strange issue.
>
>
>
> > Squid 3.4.10. Intercept. HTTPS bumping. All works fine. All configs
correct.
>
>
>
> > Whenever all web https sites works perfectly - especially in Chrome,
>
> > most cloud clients works like charm (SpiderOak is!), Google Drive client
>
> > application (PC) could not work.
>
> > Note: Web Google Docs works. Web Google drive works.
>
>
>
> > Note: Google support info - even I if pass dozen Google URL's without
>
> > bump - cannot help. It doesn't work when server-first bumping is on and
>
> > works othervise.
>
>
>
> > So, the Serious Question is: Why? :)
>
>
>
> > Any idea?
>
>
>
>
>
>
>
>
>
> > _______________________________________________
>
> > squid-users mailing list
>
> > <mailto:squid-users at lists.squid-cache.org>
>
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>
> > <http://lists.squid-cache.org/listinfo/squid-users>
>
> http://lists.squid-cache.org/listinfo/squid-users
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUowFgAAoJENNXIZxhPexGHxkIAM2mb+OjhevZWpgdwiKHP2E0
D+8UM6/c7OZcJ2uSjIWN7DG0h+b86/ATul+9S+mZHl1DLBYpGUKW9J5I3iIQb+sr
5xR2ReFkuFeSpZASXex2yq5lfmACPdiUzI9iVhe7DPJqKJNiIzvHLq4ZRnjJN4Ih
0u0NGuPKfkkWFJ/SmXAceEdS7sT/lT0cVm1JgpurVzipelBUNbLQUd0yKrpbIz2x
ia7gwu3ZFi2aY2DvrfP7ntkoZpLl+SyDI/PkFIEaAr2+KaMcTbUXVQcVTZ7S6eLu
pgCNil0x8AFApWSIg+P68DcFcIS/nUIvNqXjuvr0ikqGwLEAqvueM6LPKifsdSg=
=J+Cs
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141231/091f2fff/attachment.html>


More information about the squid-users mailing list