It could be web sockets, this could show you what I mean: https://asana.com/guide/help/faq/connectivity#gl-websockets
You have to white-list some stuff sometimes to get it to work correctly, but I think that is what I was intercepting vs inspecting. This was an example white list I had for skype and asana: asana.com sling.is apps.skypeassets.com login.skype.com pipe.skype.com secure.skype.com config.skype.com api.skype.com ui.skype.com s.gateway.messenger.live.com get.skype.com dsn13.d.skype.net mobile.pipe.aria.microsoft.com a.config.skype.com www.skypeassets.com dr.skype.net apps.skype.com api.asm.skype.com sync.app.asana.com Try white-listing problem sites. On Thu, Jan 11, 2018 at 10:30 AM, Roberto Carna <[email protected]> wrote: > Dear, I've created a self signed CA Certificate in pfSEnse, in order > to use it in the SSL Filtering / Spice All from Squid. > > This CA certificate is NOT installed in none of the device clients > (notebooks, cell phones, etc), because is imposible to ask each WiFi > user to install it. > > Everything works OK, except certains cases, for example: > > - Facebook app sometimes doesn't load the user profiles, I have to > close Facebook and open it again > - Mercadolibre is the same, it doesn't load the content and after that > I have to close and open the app > > Why certain apps don't work OK until I close and restart them ??? > > Thanks a lot again!!! > > > > 2018-01-10 3:51 GMT-03:00 WebDawg <[email protected]>: >> Can you just do inspection on this and have it stop acting as a true proxy? >> >> Splice All: >> This configuration is suitable if you want to use the SquidGuard >> package for web filtering. >> All destinations will be spliced. SquidGuard can do its job of denying >> or allowing destinations according its rules, as it does with HTTP. >> You do not need to install the CA certificate configured below on clients. >> Content filtering (such as Antivirus) will not be available for SSL sites. >> >> On Tue, Jan 2, 2018 at 11:01 AM, Elijah Savage <[email protected]> >> wrote: >>> Interested in what sort of problems you are seeing. >>> >>> I use the same setup in a small environment let's call it home :) with many >>> different devices and have not seen any issues. >>> >>> -----Original Message----- >>> From: List [mailto:[email protected]] On Behalf Of Rainer >>> Duffner >>> Sent: Tuesday, January 02, 2018 10:01 AM >>> To: pfSense Support and Discussion Mailing List <[email protected]> >>> Subject: Re: [pfSense] Transparent proxy for WiFi users >>> >>> >>> >>>> Am 02.01.2018 um 14:46 schrieb Roberto Carna <[email protected]>: >>>> >>>> Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4 >>>> in order to filter HTTP and HTTPS web content for different types of >>>> WiFi clients on my company: >>>> >>>> - Android (different versions) >>>> - Notebooks Windows 7/10 >>>> - Iphone >>>> - Etc. >>>> >>>> In some cases, depending on the device Operating System, some apps >>>> experiment problems, for example Facebook and some others. >>>> >>> >>> >>> >>> >>> Apps that do hardwired Key-Pinning (everything from Apple, Google and >>> probably TFB, too) will not work. >>> You have to make exemptions, AFAIK. >>> >>> Same for ebanking and related. >>> >>> >>> >>> >>> _______________________________________________ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >>> >>> _______________________________________________ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
