[squid-users] [squid-announce] [ADVISORY] SQUID-2016:11 - Information disclosure in HTTP Request processing

2016-12-17 Thread Amos Jeffries 
__

Squid Proxy Cache Security Update Advisory SQUID-2016:11
__

Advisory ID:SQUID-2016:11
Date:   Dec 16, 2016
Summary:Information disclosure
in HTTP Request processing.
Affected versions:  Squid 2.6 -> 2.7.STABLE9
Squid 3.1 -> 3.5.22
Squid 4.0 -> 4.0.16
Fixed in version:   Squid 4.0.17, 3.5.23
__

http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
__

Problem Description:

 Due to incorrect HTTP conditional request handling Squid can
 deliver responses containing private data to clients it should
 not have reached.

__

Severity:

 This problem allows a remote attacker to discover private and
 sensitive information about another clients browsing session.
 Potentially including credentials which allow access to further
 sensitive resources.

__

Updated Packages:

 This bug is fixed by Squid version 3.5.23 and 4.0.17.

 In addition, patches addressing this problem can be found in our
 patch archives:

Squid 3.1:
 

Squid 3.2:
 

Squid 3.3:
 

Squid 3.4:
 

Squid 3.5:
 

Squid 4.0:
 

 If you are using a prepackaged version of Squid then please refer
 to the package vendor for availability information on updated
 packages.

__

Determining if your version is vulnerable:

 All Squid-2.x versions are not vulnerable.

 All Squid-3.0 are not vulnerable.

 All Squid-3.1 versions up to and including 3.1.9 are not
 vulnerable.

 All Squid-3.1 versions 3.1.10 and later are vulnerable.

 Squid-3.2.0.1 and 3.2.0.2 are not vulnerable.

 All Squid-3.2 versions 3.2.0.3 and later are vulnerable.

 All Squid-3.3 versions are vulnerable.

 All Squid-3.4 versions are vulnerable.

 All Squid-3.5 versions up to and including Squid-3.5.22 are
 vulnerable.

 All Squid-4.0 versions up to and including Squid-4.0.16 are
 vulnerable.

__

Workaround:

 The only workaround known is to disable caching, including
 memory cache. In squid.conf set:

   cache deny all
   cache_mem 0

__

Contact details for the Squid project:

 For installation / upgrade support on binary packaged versions
 of Squid: Your first point of contact should be your binary
 package vendor.

 If your install and build Squid from the original Squid sources
 then the squid-users@lists.squid-cache.org mailing list is your
 primary support point. For subscription details see
 .

 For reporting of non-security bugs in the latest STABLE release
 the squid bugzilla database should be used
 .

 For reporting of security sensitive bugs send an email to the
 squid-b...@lists.squid-cache.org mailing list. It's a closed
 list (though anyone can post) and security related bug reports
 are treated in confidence until the impact has been established.

__

Credits:

 This issue was reported by Saulius Lapinskas from Lithuanian
 State Social Insurance Fund Board.

 Fixed by Garri Djavadyan from iPlus LLC (Comnet ISP).

__

Revision history:

 2014-12-30 12:44:32 UTC Initial Report
 2016-12-16 18:37:00 UTC Packages Released
__
END
___
squid-announce mailing list
squid-annou...@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-announce
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] [squid-announce] Squid 3.5.23 is available

2016-12-17 Thread Amos Jeffries 
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.23 release!


This release is a security and bug fix release resolving several issues
found in the prior Squid releases.


The major changes to be aware of:

* SQUID-2016:10 Information disclosure in Collapsed Forwarding
 

This problem allows a remote attacker to discover private and sensitive
information about another clients browsing session. Potentially
including credentials which allow access to further sensitive resources.

This problem only affects Squid configured to use the Collapsed
Forwarding feature. It is of particular importance for HTTPS
reverse-proxy sites with Collapsed Forwarding.

This problem is present on all 3.5 releases, though 3.5.22 is hit worst
due to the collapsed revalidation extension increasing the scope of
traffic which can be collapsed.


* SQUID-2016:11 Information disclosure in HTTP Request processing
 

This problem allows a remote attacker to discover private and sensitive
information about another clients browsing session. Potentially
including credentials which allow access to further sensitive resources.

This vulnerability is present in all Squid-3.1 and later versions. The
only known workaround is to prevent caching entirely, which is far from
ideal.


* Bug #4169: HIT marked as MISS when If-None-Match does not match
* Bug #3940: Host verify failures MISS when they should be HIT
* Bug #3533: Cache still valid after HTTP/1.1 303 See Other
* Bug #2258: bypassing cache but not destroying cache entry

These bugs all share a common thread of reducing cache efficiency. This
Squid will now leave existing cache content in place for use unless the
new client response is able to be shared with other clients. Some of
these bugs are only partially fixed so further improvements may be possible.


* HTTP/1.1: make Vary:* objects cacheable

Under RFC 2616 responses containing "Vary: *" header were not cachable.
That requirement has been loosened by RFC 7231 and Squid is now able to
cache these responses.


* ssl::server_name ACL badly broken since inception

The original server_name code mishandled all SNI checks and some rare
host checks. This was most visible with the reports that the
ssl::server_name ACL tests would fail where the equivalent regex ACL
test would behave differently, usually by matching. Or in situations
where neither would match despite the value appearing to be available.


* TLS: Make key= before cert= an error instead of quietly hiding the issue

Previous versions of Squid would accept the TLS/SSL key= parameter being
configured first before cert= parameter. But would then silently discard
the key settings when loading the cert file. This would lead to
unexpected behaviour or obscure 'permission' errors.

This release will now produce a FATAL error and halt if configured with
a key= parameter before its matched cert= parameter.



 All users of Squid-3 are urged to upgrade to this release as
soon as possible.


 See the ChangeLog for the full list of changes in this and earlier
 releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html
when you are ready to make the switch to Squid-3.5

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

 http://www.squid-cache.org/Versions/v3/3.5/
 ftp://ftp.squid-cache.org/pub/squid/
 ftp://ftp.squid-cache.org/pub/archive/3.5/

or the mirrors. For a list of mirror sites see

 http://www.squid-cache.org/Download/http-mirrors.html
 http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/


Amos Jeffries

___
squid-announce mailing list
squid-annou...@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-announce
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] [squid-announce] Squid 4.0.17 beta is available

2016-12-17 Thread Amos Jeffries 
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.0.17 release!


This release is a security and bug fix release resolving several issues
found in the prior Squid releases.


The major changes to be aware of:

* SQUID-2016:10 Information disclosure in Collapsed Forwarding
 

This problem allows a remote attacker to discover private and sensitive
information about another clients browsing session. Potentially
including credentials which allow access to further sensitive resources.

This problem only affects Squid configured to use the Collapsed
Forwarding feature. It is of particular importance for HTTPS
reverse-proxy sites with Collapsed Forwarding.

This problem is present on all 3.5 releases, though 3.5.22 is hit worst
due to the collapsed revalidation extension increasing the scope of
traffic which can be collapsed.


* SQUID-2016:11 Information disclosure in HTTP Request processing
 

This problem allows a remote attacker to discover private and sensitive
information about another clients browsing session. Potentially
including credentials which allow access to further sensitive resources.

This vulnerability is present in all Squid-3.1 and later versions. The
only known workaround is to prevent caching entirely, which is far from
ideal.


* TLS: Support tunneling of bumped non-HTTP traffic

Previously, the use of "on_unsupported_protocol tunnel" resulted in
encrypted HTTP 400 (Bad Request) messages sent to clients that do not
speak HTTP(S). Such as Skype groups, which appear to use TLS-encrypted
MSNP protocol instead of HTTPS.

This Squid allows admins using SslBump to tunnel Skype groups and
similar non-HTTP traffic bytes via "on_unsupported_protocol tunnel all".



 All users of Squid-4.x are urged to upgrade to this release as
soon as possible.

 All users of Squid-3 are encouraged to test this release out and plan
for upgrades where possible.


 See the ChangeLog for the full list of changes in this and earlier
 releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4

This new release can be downloaded from our HTTP or FTP servers

 http://www.squid-cache.org/Versions/v4/
 ftp://ftp.squid-cache.org/pub/squid/
 ftp://ftp.squid-cache.org/pub/archive/4/

or the mirrors. For a list of mirror sites see

 http://www.squid-cache.org/Download/http-mirrors.html
 http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/


Amos Jeffries

___
squid-announce mailing list
squid-annou...@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-announce
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid Websocket Issue

2016-12-17 Thread Amos Jeffries 
On 17/12/2016 10:16 p.m., Hardik Dangar wrote:
> Here is some information about my squid version,
> 
> Squid Cache: Version 3.5.22-20161115-r14113

> Now the issue is whenever someone requests a page which contains web socket
> requests response is always bad request.
> Here is an example,
> 
> Request URL:wss://w4.web.whatsapp.com/ws
> Request Method:GET
> Status Code:400 Bad Request
> 

Squid does not yet support using Upgrade for "websocket" protocol,


> Request Headers
> #
> Connection:Upgrade
...
> Upgrade:websocket
...
> 
> My question is how we can work with web socket requests in squid or if not
> by pass them squid. My squid instance is in interception mode and requests
> are intercepted at instance via iptables and forwarded to squid using below
> rules,

You need to prevent these transactions from being bump'ed. If you want
that protocol to work they need to be splice'd by your ssl_bump rules.
How you determine which ones is a bit of a problem.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] cipher log

2016-12-17 Thread Amos Jeffries 
On 18/12/2016 2:29 a.m., piequiex wrote:
> ssl-bump enabled, I would like to log ciphers. Is it possible?
> 

Only with Squid-4. See the log documentation:
 

Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Missing cache files

2016-12-17 Thread Garri Djavadyan 

On 2016-12-17 18:39, Odhiambo Washington wrote:

Also whether swap.state for that cache_dir is being correctly and
completely
written out to disk on shutdown or restart. Using an outdated
swap.state
file can also lead to these warnings.


The last paragraph explains your issue. The signal 6 (abort) forces
Squid worker to terminate immediately (to avoid all required
shutdown procedures) and leave core dump. You can find a reason for
abort in cache.log.

Garri


Hi Garri,

So, checking, I don't see swap.state being written to disk and there
is no core dump either.


swap.state description [1]:
This index file holds
the metadata of objects saved on disk.  It is used to rebuild
the cache during startup.  Normally this file resides in each
'cache_dir' directory, but you may specify an alternate
pathname here.

You can learn how to get core dump on wiki [2].



There is no directive in my squid.conf to suppress the two.


What do you mean?

AIUI, your Squid instance faced unexpected event and initiated abort. 
Abort produces core dump which could be useful for developers to 
investigate unexpected event. As a side effect of abort, swap.state file 
was not updated correctly. The errors you see in cache.log are harmless 
and just confirm that swap.state and cache_dir objects are not 
synchronized due to abort.


You should concentrate on an event which led to abort. Usually, Squid 
inform about unexpected event in cache.log. Find the lines before 
'Starting Squid Cache version'.



[1] http://www.squid-cache.org/Doc/config/cache_swap_state/
[2] 
http://wiki.squid-cache.org/SquidFaq/BugReporting#crashes_and_core_dumps



Garri
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Missing cache files

2016-12-17 Thread Odhiambo Washington 
True. Sometimes you search, but the clue isn't obvious :-)


On 17 December 2016 at 15:06, Yuri Voinov  wrote:

> Man, this question has been answered a million times. Use the search.
>
> 17.12.2016 16:41, Odhiambo Washington пишет:
>
> Hi,
>
> I keep seeing something that I think is odd. Squid has been exiting on
> signal 6, and I keep seeing this:
>
> root@gw:/usr/local/openssl # tail -f /opt/squid-3.5/var/logs/cache.log
> 2016/12/17 13:38:32| DiskThreadsDiskFile::openDone: (2) No such file or
> directory
> 2016/12/17 13:38:32|/opt/squid-3.5/var/cache/00/26/264D
> 2016/12/17 13:40:24| DiskThreadsDiskFile::openDone: (2) No such file or
> directory
> 2016/12/17 13:40:24|/opt/squid-3.5/var/cache/00/3B/3B56
> 2016/12/17 13:42:34| DiskThreadsDiskFile::openDone: (2) No such file or
> directory
> 2016/12/17 13:42:34|/opt/squid-3.5/var/cache/00/6B/6B0D
> 2016/12/17 13:43:36| DiskThreadsDiskFile::openDone: (2) No such file or
> directory
> 2016/12/17 13:43:36|/opt/squid-3.5/var/cache/00/00/0050
> 2016/12/17 13:44:25| DiskThreadsDiskFile::openDone: (2) No such file or
> directory
> 2016/12/17 13:44:25|/opt/squid-3.5/var/cache/00/AF/AFF1
>
> So, what could be making the files disappear?
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."
>
>
> ___
> squid-users mailing 
> listsquid-users@lists.squid-cache.orghttp://lists.squid-cache.org/listinfo/squid-users
>
>
> --
> Cats - delicious. You just do not know how to cook them.
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Missing cache files

2016-12-17 Thread Odhiambo Washington 
On 17 December 2016 at 15:17, Garri Djavadyan  wrote:

> On 2016-12-17 15:41, Odhiambo Washington wrote:
>
>> Hi,
>>
>> I keep seeing something that I think is odd. Squid has been exiting on
>> signal 6, and I keep seeing this:
>>
>> root@gw:/usr/local/openssl # tail -f /opt/squid-3.5/var/logs/cache.log
>> 2016/12/17 13:38:32| DiskThreadsDiskFile::openDone: (2) No such file
>> or directory
>> 2016/12/17 13:38:32|/opt/squid-3.5/var/cache/00/26/264D
>> 2016/12/17 13:40:24| DiskThreadsDiskFile::openDone: (2) No such file
>> or directory
>> 2016/12/17 13:40:24|/opt/squid-3.5/var/cache/00/3B/3B56
>> 2016/12/17 13:42:34| DiskThreadsDiskFile::openDone: (2) No such file
>> or directory
>> 2016/12/17 13:42:34|/opt/squid-3.5/var/cache/00/6B/6B0D
>> 2016/12/17 13:43:36| DiskThreadsDiskFile::openDone: (2) No such file
>> or directory
>> 2016/12/17 13:43:36|/opt/squid-3.5/var/cache/00/00/0050
>> 2016/12/17 13:44:25| DiskThreadsDiskFile::openDone: (2) No such file
>> or directory
>> 2016/12/17 13:44:25|/opt/squid-3.5/var/cache/00/AF/AFF1
>>
>> So, what could be making the files disappear?
>>
>
>
> Hi,
>
> (Reply from Amos Jeffries from http://bugs.squid-cache.org/sh
> ow_bug.cgi?id=4367#c2)
>
>> This is Squid *detecting* complete absence of disk files. Not causing
>> corruption.
>>
>> Please check if you have multiple Squid instances running and accessing
>> the
>> same cache_dir. That includes multiple workers using the same
>> ufs/aufs/diskd
>> cache_dir configuration line.
>>
>> Also whether swap.state for that cache_dir is being correctly and
>> completely
>> written out to disk on shutdown or restart. Using an outdated swap.state
>> file can also lead to these warnings.
>>
>
> The last paragraph explains your issue. The signal 6 (abort) forces Squid
> worker to terminate immediately (to avoid all required shutdown procedures)
> and leave core dump. You can find a reason for abort in cache.log.
>
>
> Garri
>

Hi Garri,

So, checking, I don't see swap.state being written to disk and there is no
core dump either.
There is no directive in my squid.conf to suppress the two.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] cipher log

2016-12-17 Thread piequiex 
ssl-bump enabled, I would like to log ciphers. Is it possible?
-- 
0x16E684E1A170D8A3

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Missing cache files

2016-12-17 Thread Garri Djavadyan 

On 2016-12-17 15:41, Odhiambo Washington wrote:

Hi,

I keep seeing something that I think is odd. Squid has been exiting on
signal 6, and I keep seeing this:

root@gw:/usr/local/openssl # tail -f /opt/squid-3.5/var/logs/cache.log
2016/12/17 13:38:32| DiskThreadsDiskFile::openDone: (2) No such file
or directory
2016/12/17 13:38:32|/opt/squid-3.5/var/cache/00/26/264D
2016/12/17 13:40:24| DiskThreadsDiskFile::openDone: (2) No such file
or directory
2016/12/17 13:40:24|/opt/squid-3.5/var/cache/00/3B/3B56
2016/12/17 13:42:34| DiskThreadsDiskFile::openDone: (2) No such file
or directory
2016/12/17 13:42:34|/opt/squid-3.5/var/cache/00/6B/6B0D
2016/12/17 13:43:36| DiskThreadsDiskFile::openDone: (2) No such file
or directory
2016/12/17 13:43:36|/opt/squid-3.5/var/cache/00/00/0050
2016/12/17 13:44:25| DiskThreadsDiskFile::openDone: (2) No such file
or directory
2016/12/17 13:44:25|/opt/squid-3.5/var/cache/00/AF/AFF1

So, what could be making the files disappear?



Hi,

(Reply from Amos Jeffries from 
http://bugs.squid-cache.org/show_bug.cgi?id=4367#c2)

This is Squid *detecting* complete absence of disk files. Not causing
corruption.

Please check if you have multiple Squid instances running and accessing 
the
same cache_dir. That includes multiple workers using the same 
ufs/aufs/diskd

cache_dir configuration line.

Also whether swap.state for that cache_dir is being correctly and 
completely
written out to disk on shutdown or restart. Using an outdated 
swap.state

file can also lead to these warnings.


The last paragraph explains your issue. The signal 6 (abort) forces 
Squid worker to terminate immediately (to avoid all required shutdown 
procedures) and leave core dump. You can find a reason for abort in 
cache.log.



Garri
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Missing cache files

2016-12-17 Thread Yuri Voinov 
Man, this question has been answered a million times. Use the search.


17.12.2016 16:41, Odhiambo Washington пишет:
> Hi,
>
> I keep seeing something that I think is odd. Squid has been exiting on
> signal 6, and I keep seeing this:
>
> root@gw:/usr/local/openssl # tail -f /opt/squid-3.5/var/logs/cache.log
> 2016/12/17 13:38:32| DiskThreadsDiskFile::openDone: (2) No such file
> or directory
> 2016/12/17 13:38:32|/opt/squid-3.5/var/cache/00/26/264D
> 2016/12/17 13:40:24| DiskThreadsDiskFile::openDone: (2) No such file
> or directory
> 2016/12/17 13:40:24|/opt/squid-3.5/var/cache/00/3B/3B56
> 2016/12/17 13:42:34| DiskThreadsDiskFile::openDone: (2) No such file
> or directory
> 2016/12/17 13:42:34|/opt/squid-3.5/var/cache/00/6B/6B0D
> 2016/12/17 13:43:36| DiskThreadsDiskFile::openDone: (2) No such file
> or directory
> 2016/12/17 13:43:36|/opt/squid-3.5/var/cache/00/00/0050
> 2016/12/17 13:44:25| DiskThreadsDiskFile::openDone: (2) No such file
> or directory
> 2016/12/17 13:44:25|/opt/squid-3.5/var/cache/00/AF/AFF1
>
> So, what could be making the files disappear?
>
>
> -- 
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
Cats - delicious. You just do not know how to cook them.


0x613DEC46.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Missing cache files

2016-12-17 Thread Odhiambo Washington 
Hi,

I keep seeing something that I think is odd. Squid has been exiting on
signal 6, and I keep seeing this:

root@gw:/usr/local/openssl # tail -f /opt/squid-3.5/var/logs/cache.log
2016/12/17 13:38:32| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2016/12/17 13:38:32|/opt/squid-3.5/var/cache/00/26/264D
2016/12/17 13:40:24| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2016/12/17 13:40:24|/opt/squid-3.5/var/cache/00/3B/3B56
2016/12/17 13:42:34| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2016/12/17 13:42:34|/opt/squid-3.5/var/cache/00/6B/6B0D
2016/12/17 13:43:36| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2016/12/17 13:43:36|/opt/squid-3.5/var/cache/00/00/0050
2016/12/17 13:44:25| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2016/12/17 13:44:25|/opt/squid-3.5/var/cache/00/AF/AFF1

So, what could be making the files disappear?


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid Websocket Issue

2016-12-17 Thread Hardik Dangar 
Here is some information about my squid version,

Squid Cache: Version 3.5.22-20161115-r14113
Service Name: squid
configure options:  '--prefix=/usr' '--localstatedir=/var/squid'
'--libexecdir=/lib/squid' '--srcdir=.' '--datadir=/share/squid'
'--sysconfdir=/etc/squid' '--with-default-user=proxy'
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
'--with-openssl' '--enable-ssl-crtd' '--enable-inline'
'--disable-arch-native' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-follow-x-forwarded-for' '--enable-url-rewrite-helpers=fake'
'--enable-ecap'

My squid config file is located at, http://pastebin.com/raw/LvDxEF4x

Now the issue is whenever someone requests a page which contains web socket
requests response is always bad request.
Here is an example,

Request URL:wss://w4.web.whatsapp.com/ws
Request Method:GET
Status Code:400 Bad Request

Response Headers
#
Connection:keep-alive
Date:Sat, 17 Dec 2016 09:05:36 GMT
Transfer-Encoding:chunked
X-Cache:MISS from Proxy

Request Headers
#
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Host:w4.web.whatsapp.com
Origin:https://web.whatsapp.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:kzrB2ZcMHDAqvjDNXnjL/w==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/55.0.2883.75 Safari/537.36


My question is how we can work with web socket requests in squid or if not
by pass them squid. My squid instance is in interception mode and requests
are intercepted at instance via iptables and forwarded to squid using below
rules,

SQUIDIP=192.168.1.1

# your proxy listening port
SQUIDHTTPPORT=3128
SQUIDHTTPSPORT=3129


iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
$SQUIDHTTPPORT

iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port
$SQUIDHTTPSPORT

iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDHTTPPORT -j DROP
iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDHTTPSPORT -j DROP


If anyone can help me with this it would be really awesome. Thanks for your
support.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users