[squid-users] websockets through Squid
Vieri
rentorbuy at yahoo.com
Fri Oct 16 07:35:24 UTC 2020
On Thursday, October 15, 2020, 5:28:03 PM GMT+2, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>> In other words, I do not need to be specific with
>> 'http_upgrade_request_protocols WebSocket allow all' unless I want
>> to, right?
>
> Just in case somebody else starts copy-pasting the above rule into their
> configurations: The standard (RFC 6455) WebSocket protocol name in HTTP
> Upgrade requests is "websocket". Squid uses case-sensitive comparison
> for those names so you should use "websocket" in squid.conf.
OK, good to know because:
squid-5.0.4-20200825-rf4ade365f/src/cf.data.pre contains:
Usage: http_upgrade_request_protocols <protocol> allow|deny [!]acl ...
The required "protocol" parameter is either an all-caps word OTHER or an
explicit protocol name (e.g. "WebSocket") optionally followed by a slash
and a version token (e.g. "HTTP/3"). Explicit protocol names and
versions are case sensitive.
That's why I used "WebSocket" instead of "websocket" in my example. To avoid confusion, cf.data.pre could be updated to be more clear.
> The important part here is the existence of those extra transactions.
> They may be related to SslBump if you are bumbing this traffic, but then
> I would expect a slightly different access.log composition.
Hmm, I'm supposed to be sslbumping, yes. I can share my full squid config & iptables redirection entries if you wish.
> https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction
I enabled debugging on a test system where I was the only client (one Firefox instance).
The access log is here:
https://drive.google.com/file/d/1jryX5BW4yxLTSBe0QDavPSiKLBpOvtnV/view?usp=sharing
The only odd thing I see is a few ABORTED but they are all WOFF fonts which should be unimportant except for https://join-test.webex.com/mw3300/mywebex/header.do which is only a TCP refresh "abort".
The overwhelming cache log is here (I've sed'ed a few strings for privacy reasons):
https://drive.google.com/file/d/1QYRr-0F-DGnCZtyuuAw8RsEgcHICN_0c/view?usp=sharing
I can see the upgrade messages are parsed:
HttpHeader.cc(1548) parse: parsed HttpHeaderEntry: 'Upgrade: WebSocket'
I suppose that adding the "Upgrade[66]" entry is as expected.
Then, I get lost. I can see that Squid is trying to open ed1lncb62801.webex.com with https, but it is unclear to me why the ciient complains that the connection to the wss:// site is being interrupted:
The connection to wss://ed1lncb62801.webex.com/direct?type=websocket&dtype=binary&rand=1602830016480&uuidtag=5659FGE6-DF29-47A7-859A-G4D5FDC937A2&gatewayip=PUB_IPv4_ADDR_2 was interrupted while the page was loading.
Thanks for all the help you can give me.
Vieri
More information about the squid-users
mailing list