[squid-users] Squid Websocket Issue
Hardik Dangar
hardikdangar+squid at gmail.com
Mon Jan 2 06:46:33 UTC 2017
@amos or anyone else from dev team
Can you confirm this is intentional behavior or bug ?
On Mon, Jan 2, 2017 at 9:18 AM, Alex Rousskov <
rousskov at measurement-factory.com> wrote:
> On 12/27/2016 04:50 AM, Hardik Dangar wrote:
>
> > If i remove !serverIsws somehow websockets will not work.
>
> Then there is a bug somewhere AFAICT. It is your call whether to find
> out what that bug is [while continuing to use a potentially dangerous
> workaround].
>
> Alex.
>
>
> > On Tue, Dec 20, 2016 at 10:27 PM, Alex Rousskov wrote:
> >
> > On 12/20/2016 02:42 AM, Hardik Dangar wrote:
> > > Following changes in config works and whatsapp starts working,
> > >
> > > acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$
> > >
> > > acl step1 at_step SslBump1
> > > ssl_bump peek step1
> > > ssl_bump splice serverIsws
> > > ssl_bump bump !serverIsws all
> >
> > You do not need the "!serverIsws" part because if serverIsws matches,
> > then the splice rule wins, and Squid does not reach the bump rule.
> This
> > configuration is sufficient:
> >
> > ssl_bump peek step1
> > ssl_bump splice serverIsws
> > ssl_bump bump all
> >
> > In theory, adding "!serverIsws" does not hurt. However, negating
> complex
> > ACLs is tricky/dangerous and should be avoided when possible.
> >
> > Alex.
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170102/1c8dc1f2/attachment.html>
More information about the squid-users
mailing list