@Eliezer, @Amos Following changes in config works and whatsapp starts working,
acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$ acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump splice serverIsws ssl_bump bump !serverIsws all [ above is a feature of whatsapp which allows you to connect to web.whatsapp.com from browser] now what happens at request level is following, Request URL:wss://w8.web.whatsapp.com/ws Request Method:GET Status Code:101 Switching Protocols ---------------------------------- Response Headers Connection:Upgrade Sec-WebSocket-Accept:Z6CC+QVdvB0cCHPbJAQMaHKL2uQ= Upgrade:websocket ---------------------------------- Request Headers Accept-Encoding:gzip, deflate, sdch, br Accept-Language:en-US,en;q=0.8 Cache-Control:no-cache Connection:Upgrade Host:w8.web.whatsapp.com Origin:https://web.whatsapp.com Pragma:no-cache Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits Sec-WebSocket-Key:mbCFLN/Q1KMt58t6DoQI9Q== Sec-WebSocket-Version:13 Upgrade:websocket User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36 After this no other web sockets open it seems whatsapp switches to normal communication from websockets. Above solution could help lot of people who is trying to configure websockets to run. I have few more websocket applications which i need to work on and i will let you know if it works soon. Thank you very much for your help. Really appreciate the help. On Mon, Dec 19, 2016 at 6:46 PM, Hardik Dangar <hardikdangar+sq...@gmail.com > wrote: > Based on Amos's Answer, > > acl serverIsws ssl::server_name .w0.whatsapp.com > acl serverIsws ssl::server_name .w1.whatsapp.com > > acl step1 at_step SslBump1 > ssl_bump peek step1 > ssl_bump bump !serverIsws all > ssl_bump splice all > > will above work ? > > Or should i splice first and bump all others later? > > This is very interesting. I will definitely try this when i will reach > office. > > On Mon, Dec 19, 2016 at 6:40 PM, Eliezer Croitoru <elie...@ngtech.co.il> > wrote: > >> I can give a hint that once you see the request you can identify using an >> ICAP\ECAP services couple details about the request. >> Basically I had a regex which allowed any what's app traffic to be >> spliced by the SNI domain name. >> It should be something like "w[0-9]+\.web\.whatsapp\.com$" to match the >> required domains for whatsapp to be spliced. >> If nobody will try it before me it's on my todo list for this release >> (3.5.23, 4.0.17). >> >> Eliezer >> >> ---- >> Eliezer Croitoru >> Linux System Administrator >> Mobile: +972-5-28704261 >> Email: elie...@ngtech.co.il >> >> >> -----Original Message----- >> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On >> Behalf Of Amos Jeffries >> Sent: Monday, December 19, 2016 8:51 AM >> To: Hardik Dangar <hardikdangar+sq...@gmail.com> >> Cc: Squid Users <squid-users@lists.squid-cache.org> >> Subject: Re: [squid-users] Squid Websocket Issue >> >> On 19/12/2016 12:14 p.m., Hardik Dangar wrote: >> > can you give me one example please ? >> > like in the above example. >> > w4.web.whatsapp.com domain is fixed >> > are you suggesting i can create acl and by pass it to squid ? >> > >> >> You are the first person to ask about WhatsApp traffic. >> >> These might be a useful starting point >> <http://wiki.squid-cache.org/Features/SslPeekAndSplice#Confi >> guration_Examples> >> >> What the examples are doing for banks is what you want to do for WhatsApp. >> >> The trick though will be figuring out how to splice *before* seeing what >> type of HTTP request exists inside the tunnel. If you are lucky the app >> will be using SNI. >> >> Amos >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
