Here is some information about my squid version, Squid Cache: Version 3.5.22-20161115-r14113 Service Name: squid configure options: '--prefix=/usr' '--localstatedir=/var/squid' '--libexecdir=/lib/squid' '--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid' '--with-default-user=proxy' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-openssl' '--enable-ssl-crtd' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-follow-x-forwarded-for' '--enable-url-rewrite-helpers=fake' '--enable-ecap'
My squid config file is located at, http://pastebin.com/raw/LvDxEF4x Now the issue is whenever someone requests a page which contains web socket requests response is always bad request. Here is an example, Request URL:wss://w4.web.whatsapp.com/ws Request Method:GET Status Code:400 Bad Request Response Headers ################# Connection:keep-alive Date:Sat, 17 Dec 2016 09:05:36 GMT Transfer-Encoding:chunked X-Cache:MISS from Proxy Request Headers ################# Accept-Encoding:gzip, deflate, sdch, br Accept-Language:en-US,en;q=0.8 Cache-Control:no-cache Connection:Upgrade Host:w4.web.whatsapp.com Origin:https://web.whatsapp.com Pragma:no-cache Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits Sec-WebSocket-Key:kzrB2ZcMHDAqvjDNXnjL/w== Sec-WebSocket-Version:13 Upgrade:websocket User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36 My question is how we can work with web socket requests in squid or if not by pass them squid. My squid instance is in interception mode and requests are intercepted at instance via iptables and forwarded to squid using below rules, SQUIDIP=192.168.1.1 # your proxy listening port SQUIDHTTPPORT=3128 SQUIDHTTPSPORT=3129 iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port $SQUIDHTTPPORT iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 443 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port $SQUIDHTTPSPORT iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDHTTPPORT -j DROP iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDHTTPSPORT -j DROP If anyone can help me with this it would be really awesome. Thanks for your support.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
