[squid-users] Problems with whatsapp

Alex Irmel Oviedo Solis alleinerwolf at gmail.com
Mon May 31 15:12:42 UTC 2021


Thanks,
# Begin of "/etc/squid/squid.conf"
acl localnet src 192.168.15.0/24

acl SSL_ports port 8443
acl SSL_ports port 443
acl SSL_ports port 563
acl SSL_ports port 22
acl SSL_ports port 21
acl SSL_ports port 8081
acl SSL_ports port 3478
acl SSL_ports port 563
acl SSL_ports port 8085
acl SSL_ports port 2083
acl SSL_ports port 2221
acl SSL_ports port 2222
acl SSL_ports port 950
acl SSL_ports port 10443
acl SSL_ports port 23389
acl SSL_ports port 5222
acl SSL_ports port 9090
acl SSL_ports port 7792
acl SSL_ports port 2222
acl SSL_ports port 8443
acl SSL_ports port 2223
acl SSL_ports port 90
acl SSL_ports port 19305

acl Safe_ports port 20
acl Safe_ports port 21
acl Safe_ports port 22
acl Safe_ports port 70
acl Safe_ports port 80
acl Safe_ports port 90
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 443
acl Safe_ports port 488
acl Safe_ports port 563
acl Safe_ports port 591
acl Safe_ports port 631
acl Safe_ports port 777
acl Safe_ports port 901
acl Safe_ports port 950
acl Safe_ports port 1025-65535

acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

http_access allow localnet
http_access allow localhost

http_access deny all

http_port 3128 ssl-bump cert=/etc/squid/certs/squid-ca-cert-key.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
http_port 3129  intercept ssl-bump
cert=/etc/squid/certs/squid-ca-cert-key.pem generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
https_port 3130  intercept ssl-bump
cert=/etc/squid/certs/squid-ca-cert-key.pem generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB

acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex "/etc/squid/acl.url.nobump"

ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all

tls_outgoing_options cafile=/etc/squid/ca-bundle.crt

sslproxy_foreign_intermediate_certs /etc/squid/certs/lets-encrypt-r3.pem
tls_outgoing_options cafile=/etc/squid/mozilla.pem

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 64 startup=16 idle=4 concurrency=0
url_rewrite_bypass off

debug_options ALL,2

cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
cache_mgr informatica at regioncusco.gob.pe

error_default_language es
dns_v4_first on

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
# End of "/etc/squid/squid.conf"

---

# Begin of "/etc/squid/acl.url.nobump"
.whatsapp\.net
(w[0-9]+[a-z]+)\.squid-cache\.org
(w[0-9]+[a-z]+)\.websocket\.org
(w[0-9]+[a-z]+)\.reniec\.gob\.pe
# End of "/etc/squid/acl.url.nobump"

El dom, 30 de may. de 2021 a la(s) 22:19, NgTech LTD (ngtech1ltd at gmail.com)
escribió:

> Hey,
>
> can you please share your squid.conf (Excluded sensitive details) so we
> can try to recommend a solution?
>
> בתאריך יום ב׳, 31 במאי 2021, 4:03, מאת Alex Irmel Oviedo Solis ‏<
> alleinerwolf at gmail.com>:
>
>> Good night, I'm having problems with a transparent squid proxy (with
>> squidGuard enabled). Whatsapp's web client doesn't work, I tried to add an
>> exclusion to SSL Bump following this manual
>> https://wiki.squid-cache.org/ConfigExamples/Chat/Whatsapp, but still not
>> working.
>>
>> Are there any way to probe or debug if this exclusion is working?
>>
>> --
>> *"Una alegría compartida se transforma en doble alegría; una pena
>> compartida, en media pena."*
>> --> http://www.alexove.me <http://www.alexove.me/>
>> --> Celular (Movistar): +51-959-625-001
>> --> Sigueme en Twitter: http://twitter.com/alexove_pe
>> --> Perfil: http://fedoraproject.org/wiki/user:alexove
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>

-- 
*"Una alegría compartida se transforma en doble alegría; una pena
compartida, en media pena."*
--> http://www.alexove.me <http://www.alexove.me/>
--> Celular (Movistar): +51-959-625-001
--> Sigueme en Twitter: http://twitter.com/alexove_pe
--> Perfil: http://fedoraproject.org/wiki/user:alexove
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210531/c045a333/attachment.htm>


More information about the squid-users mailing list