[squid-users] Squid Websocket Issue
Alex Rousskov
rousskov at measurement-factory.com
Tue Dec 20 16:57:17 UTC 2016
On 12/20/2016 02:42 AM, Hardik Dangar wrote:
> Following changes in config works and whatsapp starts working,
>
> acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump splice serverIsws
> ssl_bump bump !serverIsws all
You do not need the "!serverIsws" part because if serverIsws matches,
then the splice rule wins, and Squid does not reach the bump rule. This
configuration is sufficient:
ssl_bump peek step1
ssl_bump splice serverIsws
ssl_bump bump all
In theory, adding "!serverIsws" does not hurt. However, negating complex
ACLs is tricky/dangerous and should be avoided when possible.
Alex.
More information about the squid-users
mailing list