websockets through Squid

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

websockets through Squid

Vieri
Hi,

I'd like to allow websockets from specific domains through Squid in intercept sslbump mode.

One of the clients reports:

Firefox can’t establish a connection to the server at
wss://ed1lncb62202.webex.com/direct?type=websocket&dtype=binary&rand=1602057495268&uuidtag=C99EG7B6-G550-43CG-AD72-7EA5F2CA80B0&gatewayip=X.X.X.X.

This is what I have in my squid configuration:

acl foreignProtocol squid_error ERR_PROTOCOL_UNKNOWN ERR_TOO_BIG
acl serverTalksFirstProtocol squid_error ERR_REQUEST_START_TIMEOUT
on_unsupported_protocol tunnel foreignProtocol
on_unsupported_protocol tunnel serverTalksFirstProtocol
on_unsupported_protocol respond all

I am obviously not using on_unsupported_protocol properly.

Any suggestions?

Regards,

Vieri

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: websockets through Squid

Alex Rousskov
On 10/7/20 4:08 AM, Vieri wrote:

> I'd like to allow websockets from specific domains through Squid in
> intercept sslbump mode.

> I am obviously not using on_unsupported_protocol properly.

WebSocket handshake looks like HTTP so on_unsupported_protocol is not
applicable to the WebSocket protocol -- Squid obviously supports HTTP.

To allow WebSocket tunnels, you need http_upgrade_request_protocols
available since v5.0.4. IIRC, the feature is compatible with bumped
connections, but I did not check closely.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users