Hey Alex, actually its reverse. If i remove !serverIsws somehow websockets will not work. conversion does not happen and i get 400 bad request. whereas if i put !serverIsws then request is converted and status code is 101
acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$ acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump splice serverIsws ssl_bump bump !serverIsws all So above works but if i remove serverIsws then it will not work at all i.e. acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump splice serverIsws ssl_bump bump all above does not work This is actually surprising for me too :) I did lot of tests with other websocket apps used by my network and when i remove rules from bump it will not work. May be amos could tell us something that we don't understand about acls. On Tue, Dec 20, 2016 at 10:27 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 12/20/2016 02:42 AM, Hardik Dangar wrote: > > Following changes in config works and whatsapp starts working, > > > > acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$ > > > > acl step1 at_step SslBump1 > > ssl_bump peek step1 > > ssl_bump splice serverIsws > > ssl_bump bump !serverIsws all > > You do not need the "!serverIsws" part because if serverIsws matches, > then the splice rule wins, and Squid does not reach the bump rule. This > configuration is sufficient: > > ssl_bump peek step1 > ssl_bump splice serverIsws > ssl_bump bump all > > In theory, adding "!serverIsws" does not hurt. However, negating complex > ACLs is tricky/dangerous and should be avoided when possible. > > Alex. > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
