websocket with sslbump
Locked
 
|
Hi guys,
During testing sslbump + icap I noticed that websockets (ws + was) are not supported by squid. (Even if using on_unsupported_protocol) Are there any plans for supporting this with sslbump? _______________________________________________ squid-users mailing list [hidden email] http://lists.squid-cache.org/listinfo/squid-users |
|
|
On 3/8/21 10:10 AM, Niels Hofmans wrote:
> During testing sslbump + icap I noticed that websockets (ws + was) are > not supported by squid. (Even if using on_unsupported_protocol) > Are there any plans for supporting this with sslbump? Your question can be misinterpreted in many different ways. I will answer the following related question instead: Q: Are there any plans for Squid to send tunneled traffic through adaptation services? The ICAP and eCAP protocols cannot support opaque/messageless traffic natively. Squid can be enhanced to wrap tunneled traffic into something resembling HTTP messages so that it can be analyzed using adaptation services (e.g., Squid applies similar wrapping to FTP traffic already). I recall occasional requests for such a feature. I am not aware of anybody working on that right now. https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F HTH, Alex. P.S. Latest Squids support forwarding websocket tunnels that use HTTP Upgrade mechanism (see http_upgrade_request_protocols in v5 squid.conf.documented). _______________________________________________ squid-users mailing list [hidden email] http://lists.squid-cache.org/listinfo/squid-users |
|
|
Hi Alex,
Thank you for your response. I’ll be opening up a Bugzilla ticket for opaque messages through ICAP if it doesn’t exist already. Related to the squid 5.x, I’ve reached out to the debian package maintainer last week for a binary install in the repos but no response as of yet. On 9 Mar 2021, at 16:58, Alex Rousskov <[hidden email]> wrote: On 3/8/21 10:10 AM, Niels Hofmans wrote: During testing sslbump + icap I noticed that websockets (ws + was) are Your question can be misinterpreted in many different ways. I will answer the following related question instead: Q: Are there any plans for Squid to send tunneled traffic through adaptation services? The ICAP and eCAP protocols cannot support opaque/messageless traffic natively. Squid can be enhanced to wrap tunneled traffic into something resembling HTTP messages so that it can be analyzed using adaptation services (e.g., Squid applies similar wrapping to FTP traffic already). I recall occasional requests for such a feature. I am not aware of anybody working on that right now. https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F HTH, Alex. P.S. Latest Squids support forwarding websocket tunnels that use HTTP Upgrade mechanism (see http_upgrade_request_protocols in v5 squid.conf.documented). _______________________________________________ squid-users mailing list [hidden email] http://lists.squid-cache.org/listinfo/squid-users |
Re: websocket with sslbump
|
|
Hey Niels, I can help you with this if you need. Also take a peek at the docker build: https://github.com/elico/squid-docker-build-nodes
https://ngtech.co.il/repo/bin/debian/10.4/amd64/ Eliezer From: squid-users <[hidden email]> On Behalf Of Niels Hofmans Hi Alex, Thank you for your response. I’ll be opening up a Bugzilla ticket for opaque messages through ICAP if it doesn’t exist already. Related to the squid 5.x, I’ve reached out to the debian package maintainer last week for a binary install in the repos but no response as of yet. Best regards, On 9 Mar 2021, at 16:58, Alex Rousskov <[hidden email]> wrote: On 3/8/21 10:10 AM, Niels Hofmans wrote:
_______________________________________________ squid-users mailing list [hidden email] http://lists.squid-cache.org/listinfo/squid-users |
|
Administrator
|
In reply to this post by Niels Hofmans
On 10/03/21 8:41 pm, Niels Hofmans wrote:
> Hi Alex, > > Thank you for your response. I’ll be opening up a Bugzilla ticket for > opaque messages through ICAP if it doesn’t exist already. > Related to the squid 5.x, I’ve reached out to the debian package > maintainer last week for a binary install in the repos but no response > as of yet. > I did not see it on the team tracker. If you tried to contact Luigi directly he is fairly busy with other software's issues these days. It's usually me who is preparing the packages for Squid beta series and adding them to the Debian 'experimental' repository. I just have not had time this summer to do so. Not sure when I will be able to provide an ETA either, sorry. Debian itself is going through its usual preparations for the next Debian major version. So there will likely only be small changes to the Debian squid (and now squid-openssl !!) packages for the next months. Amos _______________________________________________ squid-users mailing list [hidden email] http://lists.squid-cache.org/listinfo/squid-users |
| Free forum by Nabble | Edit this page |