[squid-users] Squid Websocket Issue
Hardik Dangar
hardikdangar+squid at gmail.com
Sat Dec 17 09:16:55 UTC 2016
Here is some information about my squid version,
Squid Cache: Version 3.5.22-20161115-r14113
Service Name: squid
configure options: '--prefix=/usr' '--localstatedir=/var/squid'
'--libexecdir=/lib/squid' '--srcdir=.' '--datadir=/share/squid'
'--sysconfdir=/etc/squid' '--with-default-user=proxy'
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
'--with-openssl' '--enable-ssl-crtd' '--enable-inline'
'--disable-arch-native' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-follow-x-forwarded-for' '--enable-url-rewrite-helpers=fake'
'--enable-ecap'
My squid config file is located at, http://pastebin.com/raw/LvDxEF4x
Now the issue is whenever someone requests a page which contains web socket
requests response is always bad request.
Here is an example,
Request URL:wss://w4.web.whatsapp.com/ws
Request Method:GET
Status Code:400 Bad Request
Response Headers
#################
Connection:keep-alive
Date:Sat, 17 Dec 2016 09:05:36 GMT
Transfer-Encoding:chunked
X-Cache:MISS from Proxy
Request Headers
#################
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Host:w4.web.whatsapp.com
Origin:https://web.whatsapp.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:kzrB2ZcMHDAqvjDNXnjL/w==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/55.0.2883.75 Safari/537.36
My question is how we can work with web socket requests in squid or if not
by pass them squid. My squid instance is in interception mode and requests
are intercepted at instance via iptables and forwarded to squid using below
rules,
SQUIDIP=192.168.1.1
# your proxy listening port
SQUIDHTTPPORT=3128
SQUIDHTTPSPORT=3129
iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
$SQUIDHTTPPORT
iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port
$SQUIDHTTPSPORT
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDHTTPPORT -j DROP
iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDHTTPSPORT -j DROP
If anyone can help me with this it would be really awesome. Thanks for your
support.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161217/90a68891/attachment.html>
More information about the squid-users
mailing list