subject:"\[squid\-users\] Web Whatsapp, Dropbox... problem"

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-10-24 Thread Eliezer Croitoru

It took me a while and I hope that I will be able to get the dumps this week.
I started working on an example of ebtables level traffic redirection towards 
the squid machine.
The scenario should be a good example for embedded devices which operates 
mostly food in the bridge level rather then the CPU and iptables level.

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Amos Jeffries
Sent: Thursday, September 29, 2016 07:16
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem

On 29/09/2016 11:27 a.m., Eliezer Croitoru wrote:
> I am also testing this issue and I have the next settings:
> acl DiscoverSNIHost at_step SslBump1
> acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump"
> ssl_bump splice NoSSLIntercept
> ssl_bump peek DiscoverSNIHost
> ssl_bump bump all
> sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl -M 4MB 
> sslcrtd_children 10 read_ahead_gap 64 MB sslproxy_cert_error allow all 
> tls_outgoing_options flags=DONT_VERIFY_PEER acl foreignProtocol 
> squid_error ERR_PROTOCOL_UNKNOWN ERR_TOO_BIG on_unsupported_protocol 
> tunnel foreignProtocol
> 
> (Which is not recommended for production as is!!!)
> 
> Now the "/etc/squid/url.nobump" file contains:
> # WU (Squid 3.5.x and above with SSL Bump) # Only this sites must be 
> spliced.
> update\.microsoft\.com$
> update\.microsoft\.com\.akadns\.net$
> v10\.vortex\-win\.data\.microsoft.com$
> settings\-win\.data\.microsoft\.com$
> # The next are trusted SKYPE addresses a\.config\.skype\.com$ 
> pipe\.skype\.com$ mail\.rimon\.net\.il$ w[0-9]+\.web\.whatsapp\.com$ 
> \.web\.whatsapp\.com$ web\.whatsapp\.com$ ##END OF NO BUMP DOMAINS.
> 
> And squid 4.0.14 doesn't tunnel the requests.
> The above is with:
> http_port 3128
> http_port 13128 intercept
> https_port 13129 intercept ssl-bump \
>cert=/etc/squid/ssl_cert/myCA.pem \
>  generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> 
> On the 443 intercept port.
> Access log output:
> 1475100891.636 000445 192.168.10.112 NONE/200 0 CONNECT 
> 158.85.224.178:443 - ORIGINAL_DST/158.85.224.178 - 52:54:00:bc:9f:73
> 1475100908.469 000223 192.168.10.112 TCP_MISS/200 508 GET 
> https://web.whatsapp.com/status.json - ORIGINAL_DST/31.13.90.51 
> text/json 52:54:00:bc:9f:73
> 1475100952.107 000445 192.168.10.112 NONE/200 0 CONNECT 
> 158.85.224.178:443 - ORIGINAL_DST/158.85.224.178 - 52:54:00:bc:9f:73
> 1475100968.832 000191 192.168.10.112 NONE/200 0 CONNECT 
> 216.58.214.110:443 - ORIGINAL_DST/216.58.214.110 - 52:54:00:bc:9f:73
> 1475100968.984 000199 192.168.10.112 NONE/200 0 CONNECT 
> 172.217.22.14:443 - ORIGINAL_DST/172.217.22.14 - 52:54:00:bc:9f:73
> 1475101012.572 000447 192.168.10.112 NONE/200 0 CONNECT 
> 158.85.224.178:443 - ORIGINAL_DST/158.85.224.178 - 52:54:00:bc:9f:73
> 1475101033.232 000621 192.168.10.112 NONE/200 0 CONNECT 
> 31.13.66.49:443 - ORIGINAL_DST/31.13.66.49 - 52:54:00:bc:9f:73
> 1475101034.470 001224 192.168.10.112 TCP_MISS/200 512 GET 
> https://web.whatsapp.com/status.json - ORIGINAL_DST/31.13.66.49 
> text/json 52:54:00:bc:9f:73
> 1475101073.039 000446 192.168.10.112 NONE/200 0 CONNECT 
> 158.85.224.178:443 - ORIGINAL_DST/158.85.224.178 - 52:54:00:bc:9f:73
> 1475101133.502 000448 192.168.10.112 NONE/200 0 CONNECT 
> 158.85.224.178:443 - ORIGINAL_DST/158.85.224.178 - 52:54:00:bc:9f:73
> 
> Now the issue is more then just this since I cannot see any logs about the 
> websocket connections ie to the domains:
> w3.web.whatsapp.com
> 

They might be in the ones with raw-IP in NONE/200 lines. Since 
server_name_regex matches against the TLS-cert details which do not necessarily 
get logged as a URL domain name when splice is done.

The SNI _should_ be made the CONNECT URI domain. But when it matches the server 
cert altSubjectName that is definitely not a client requested value.


> and couple other similar.
> 
> What I did until now is to bypass specific domains IP addresses using 
> ipset+iptables.
> I believe that squid can do much better then it's doing now.

Can you get a packet dump to see what its TLS handshake details actually are? 
both client and server sides of Squid.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-20 Thread Amos Jeffries

On 20/09/2016 6:12 a.m., Jok Thuau wrote:
> On Mon, Sep 19, 2016 at 10:39 AM, erdosain9  wrote:
> 
>> mm
>> so...
>> i think this is working for non take the certificate
>>
>> acl step1 at_step SslBump1
>> acl excludeSSL ssl::server_name_regex web/.whatsapp/.com
>>
> 
> wrong slashes... you want "\"
> 
> 
>>
>> ssl_bump peek step1
>> ssl_bump splice excludeSSL
>> ssl_bump bump all
>>
>> but, anyway something more is happening because well... dosent work.
>> another point of view??
>>
> 
> Yes, you still had something wrong. Also, i'm not sure if you need to
> anchor the RE to prevent it matching something like
> "web.whatsapp.com.malware.tld" in the server name. Maybe someone closer to
> the code can answer that question...

You are correct. regex contains implicit .* before and after the pattern
unless anchors are used.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-19 Thread Jok Thuau

On Mon, Sep 19, 2016 at 10:39 AM, erdosain9  wrote:

> mm
> so...
> i think this is working for non take the certificate
>
> acl step1 at_step SslBump1
> acl excludeSSL ssl::server_name_regex web/.whatsapp/.com
>

wrong slashes... you want "\"

>
> ssl_bump peek step1
> ssl_bump splice excludeSSL
> ssl_bump bump all
>
> but, anyway something more is happening because well... dosent work.
> another point of view??
>

Yes, you still had something wrong. Also, i'm not sure if you need to
anchor the RE to prevent it matching something like
"web.whatsapp.com.malware.tld" in the server name. Maybe someone closer to
the code can answer that question...

Jok
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-19 Thread erdosain9

mm
so...
i think this is working for non take the certificate

acl step1 at_step SslBump1 
acl excludeSSL ssl::server_name_regex web/.whatsapp/.com 

ssl_bump peek step1 
ssl_bump splice excludeSSL 
ssl_bump bump all 

but, anyway something more is happening because well... dosent work.
another point of view??



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679596.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread erdosain9

It is only my pc in the proxy. So , see the access.log is simple ... really ,
no more information than copied.

.either way, the website never finish loading 




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679519.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread Alex Rousskov

On 09/14/2016 05:01 PM, erdosain9 wrote:

> acl step1 at_step SslBump1 
> acl excludeSSL ssl::server_name_regex web/.whatsapp/.com 
> 
> ssl_bump peek step1 
> ssl_bump splice excludeSSL 
> ssl_bump bump all 
> 
> I dont get nothing about web.whatsapp.com in access.log 

I suspect you just do not know how to find relevant access.log records.
The first logged CONNECT (that I would expect to see) will not have
web.whatsapp.com domain name, but will have one of its IP addresses.

> except this, a lot of time after i close the tab window of web browser...:
> 1473879972.435  37929 192.168.1.172 TCP_TUNNEL/200 1069 CONNECT
> web.whatsapp.com:443 - HIER_DIRECT/31.13.85.51 - 
> 
> Just that

That is not nothing! That is exactly what I would expect -- an
indication of a successfully established tunnel, splicing client and
server connections. Keep in mind that Squid logs transactions when they
are over, not when they start. A tunnel may last for hours or more...

I trust that you do not expect to see HTTP transactions (besides opening
CONNECT) that happen inside the tunnel. After splicing SSL connections,
Squid does not (and cannot) inspect what happens inside the resulting
tunnel.

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread erdosain9

Hi, thanks


With

acl step1 at_step SslBump1 
acl excludeSSL ssl::server_name_regex web/.whatsapp/.com 

ssl_bump peek step1 
ssl_bump splice excludeSSL 
ssl_bump bump all 

I dont get nothing about web.whatsapp.com in access.log 
except this, a lot of time after i close the tab window of web browser...:
1473879972.435  37929 192.168.1.172 TCP_TUNNEL/200 1069 CONNECT
web.whatsapp.com:443 - HIER_DIRECT/31.13.85.51 - 

Just that


But if i change config to 

ssl_bump stare all 
ssl_bump bump all 

I get this Access.log. 

1473879403.950295 192.168.1.172 TCP_MISS/404 525 GET
https://web.whatsapp.com/404.appcache - HIER_DIRECT/31.13.85.51 text/html 
1473879404.110 58 192.168.1.172 TCP_MISS/200 647 GET
https://www.google.com/searchdomaincheck? - HIER_DIRECT/172.217.28.228
text/plain 
1473879405.340423 192.168.1.172 TCP_MISS/304 592 GET
https://web.whatsapp.com/serviceworker.js - HIER_DIRECT/31.13.85.51
application/javascript 
1473879407.051184 192.168.1.172 TCP_MISS/503 427 HEAD http://tsxvhgadd/
- HIER_NONE/- text/html 
1473879407.111243 192.168.1.172 TCP_MISS/503 427 HEAD
http://twngvdpnqgywgf/ - HIER_NONE/- text/html 
1473879407.113245 192.168.1.172 TCP_MISS/503 427 HEAD
http://jvmxcnnzacik/ - HIER_NONE/- text/html 
1473879409.275188 192.168.1.172 TAG_NONE/200 0 CONNECT
ssl.gstatic.com:443 - HIER_DIRECT/64.233.190.120 - 
1473879409.335 19 192.168.1.172 TCP_HIT/200 70267 GET
https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_0.pb -
HIER_NONE/- application/octet-stream 
1473879409.355  4 192.168.1.172 TCP_HIT/200 70267 GET
https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_ext_variation_0.pb
- HIER_NONE/- application/octet-stream 
1473879409.568481 192.168.1.172 TAG_NONE/200 0 CONNECT
ssl.gstatic.com:443 - HIER_DIRECT/64.233.190.120 - 
1473879409.977305 192.168.1.172 TCP_MISS/200 584 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json 
1473879411.771 85 192.168.1.172 TCP_MISS/200 1807 GET
https://www.google.com.ar/_/chrome/newtab-serviceworker.js -
HIER_DIRECT/172.217.28.35 text/javascript 
1473879414.612321 192.168.1.172 TCP_MISS/200 584 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json 
1473879428.127301 192.168.1.172 TCP_MISS/200 584 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json 
1473879446.136333 192.168.1.172 TCP_MISS/200 584 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json 



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679515.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread Alex Rousskov

On 09/14/2016 12:56 PM, erdosain9 wrote:
> If i put 
> 
> acl step1 at_step SslBump1 
> acl excludeSSL ssl::server_name_regex web/.whatsapp/.com 
> 
> ssl_bump peek step1 
> ssl_bump splice excludeSSL 
> ssl_bump bump all 
> 
> I dont get nothing about web.whatsapp.com in access.log

What kind of CONNECT requests do you get logged in this case?

> But if i change config to
> 
> ssl_bump stare all
> ssl_bump bump all
> 
> I get this Access.log.
> 
> 
> 1473879403.629   1030 192.168.1.172 TAG_NONE/200 0 CONNECT
> web.whatsapp.com:443 - HIER_DIRECT/31.13.85.51 -

I would expect a logged CONNECT for the splicing case as well (assuming
splicing works). If Squid knows the server name (and a matching
excludeSSL implies that it does), then Squid should log it when logging
CONNECT after the spliced connections terminate.

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread erdosain9

Hi.
If i put 

acl step1 at_step SslBump1 
acl excludeSSL ssl::server_name_regex web/.whatsapp/.com 

ssl_bump peek step1 
ssl_bump splice excludeSSL 
ssl_bump bump all 

I dont get nothing about web.whatsapp.com in access.log

But if i change config to

ssl_bump stare all
ssl_bump bump all

I get this Access.log.


1473879403.629   1030 192.168.1.172 TAG_NONE/200 0 CONNECT
web.whatsapp.com:443 - HIER_DIRECT/31.13.85.51 -
1473879403.878164 192.168.1.172 TAG_NONE/200 0 CONNECT
fonts.gstatic.com:443 - HIER_DIRECT/64.233.186.94 -
1473879403.950295 192.168.1.172 TCP_MISS/404 525 GET
https://web.whatsapp.com/404.appcache - HIER_DIRECT/31.13.85.51 text/html
1473879404.110 58 192.168.1.172 TCP_MISS/200 647 GET
https://www.google.com/searchdomaincheck? - HIER_DIRECT/172.217.28.228
text/plain
1473879405.340423 192.168.1.172 TCP_MISS/304 592 GET
https://web.whatsapp.com/serviceworker.js - HIER_DIRECT/31.13.85.51
application/javascript
1473879407.051184 192.168.1.172 TCP_MISS/503 427 HEAD http://tsxvhgadd/
- HIER_NONE/- text/html
1473879407.111243 192.168.1.172 TCP_MISS/503 427 HEAD
http://twngvdpnqgywgf/ - HIER_NONE/- text/html
1473879407.113245 192.168.1.172 TCP_MISS/503 427 HEAD
http://jvmxcnnzacik/ - HIER_NONE/- text/html
1473879409.275188 192.168.1.172 TAG_NONE/200 0 CONNECT
ssl.gstatic.com:443 - HIER_DIRECT/64.233.190.120 -
1473879409.335 19 192.168.1.172 TCP_HIT/200 70267 GET
https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_0.pb -
HIER_NONE/- application/octet-stream
1473879409.355  4 192.168.1.172 TCP_HIT/200 70267 GET
https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_ext_variation_0.pb
- HIER_NONE/- application/octet-stream
1473879409.568481 192.168.1.172 TAG_NONE/200 0 CONNECT
ssl.gstatic.com:443 - HIER_DIRECT/64.233.190.120 -
1473879409.977305 192.168.1.172 TCP_MISS/200 584 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json
1473879411.771 85 192.168.1.172 TCP_MISS/200 1807 GET
https://www.google.com.ar/_/chrome/newtab-serviceworker.js -
HIER_DIRECT/172.217.28.35 text/javascript
1473879414.612321 192.168.1.172 TCP_MISS/200 584 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json
1473879428.127301 192.168.1.172 TCP_MISS/200 584 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json
1473879446.136333 192.168.1.172 TCP_MISS/200 584 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json



Thanks!



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679512.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread Amos Jeffries

On 14/09/2016 9:14 a.m., Chico Venancio wrote:
> Not really,
> As I understand it it is a websocket, that when proxied starts its
> handshake with a connect request so it can be "understood" by proxies such
> as squid.

Correct. Squid will open the TCP tunnel and (if succesful) send an HTTP
200 OK response to the client to let it know it can send opaque data
through it. For this client it would be WebSocket connection frames.

erdosain9's original post quoted Chrome output and some unrelated lines
from access.log (Google != WhatsApp). So we don't know anything from
that excapt WhatsApp connections have a problem, ... like the thread
subject says.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio

Not really,
As I understand it it is a websocket, that when proxied starts its
handshake with a connect request so it can be "understood" by proxies such
as squid.


Chico Venancio
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Ah,

my mistake. This is simple tunnel.

14.09.2016 3:03, Chico Venancio пишет:
> You mean the connect requests to the websockets on w[0-9].web.whatsapp.com 
>  ?
>
> 1473800440.053  16932 192.168.10.128 TCP_TUNNEL/200 3639 CONNECT
w7.web.whatsapp.com:443  -
HIER_DIRECT/169.55.69.156  -
>
>
> Chico Venancio
>
> 2016-09-13 17:40 GMT-03:00 Yuri Voinov >:
>
>
> Wait.
>
> Does anybody see WebSockets connections to web.whatsapp.com
?
>
>
> 14.09.2016 2:38, Chico Venancio пишет:
>
>
>   > We need more of access log.
>
>   > There is at least connect attempts at w1.web.whatsapp.com

>     not shown.
>
>
>
>   > Chico Venancio
>
>
>
>   > Em 13/09/2016 17:03, "erdosain9" 
>    > escreveu:
>
>   > >
>
>   > > Hi,
>
>   > > No. is explicit.
>
>   > >
>
>   > >
>
>   > >
>
>   > > --
>
>   > > View this message in
>
context:http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html

>


>
>   > > Sent from the Squid - Users mailing list archive at
>   Nabble.com.
>
>   > > ___
>
>   > > squid-users mailing list
>
>   > >squid-users@lists.squid-cache.org

>   

>
>   > >http://lists.squid-cache.org/listinfo/squid-users

>   

>
>
>
>   > Chico Venancio
>
>   > CEO e Diretor de Criação
>
>   > VM TECH - (98)8800-2743 
>
>
>
>
>
>
>
>   > ___
>
>   > squid-users mailing list
>
>   > squid-users@lists.squid-cache.org

>
>   > http://lists.squid-cache.org/listinfo/squid-users

>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org

> http://lists.squid-cache.org/listinfo/squid-users

>
>

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX2Gu3AAoJENNXIZxhPexGJnMIAJXwR3ni9uos/PJo/8/YfKZ5
/90dhZ/W5Fm2bImnbn32NR1gZXl4E7TXWE+B2SRwyc4DdFqzuyNdMCGYe1jAKKrs
8DKEA1Z1wOof+gTWB0/LRl2OpmHPbTFuxzbQEj5noFYCblQZq86a1Ucc3mh5LQUR
bBSBe5VZi35XOIFW0ZSdeX5eJtR23lSnS9Sq/rV129pY18M/BtZ4FvRUm2Pc9FN2
4l2PZW1/xxYK02L7ucd2rT0d50wyRAiPOlGP2Ot7rzdjrCaeyaFBLDaJopEaXTwn
5CyVDS0Nu+cuZW8Wx3gSO3mEFGqpXu4NiQ6HXPQBRT5pJgNg2zezT9lk/diyhqA=
=GvIy
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio

You mean the connect requests to the websockets on w[0-9].web.whatsapp.com
?

1473800440.053  16932 192.168.10.128 TCP_TUNNEL/200 3639 CONNECT
w7.web.whatsapp.com:443 - HIER_DIRECT/169.55.69.156 -


Chico Venancio

2016-09-13 17:40 GMT-03:00 Yuri Voinov :

>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Wait.
>
> Does anybody see WebSockets connections to web.whatsapp.com?
>
>
> 14.09.2016 2:38, Chico Venancio пишет:
> >
> > We need more of access log.
> > There is at least connect attempts at w1.web.whatsapp.com
>   not shown.
> >
> > Chico Venancio
> >
> > Em 13/09/2016 17:03, "erdosain9"   > escreveu:
> > >
> > > Hi,
> > > No. is explicit.
> > >
> > >
> > >
> > > --
> > > View this message in context:http://squid-web-
> proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-
> problem-tp4679299p4679493.html  1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html>
> 
> > > Sent from the Squid - Users mailing list archive at Nabble.com.
> > > ___
> > > squid-users mailing list
> > >squid-users@lists.squid-cache.org  squid-cache.org> 
> > >http://lists.squid-cache.org/listinfo/squid-users
> 
> 
> >
> > Chico Venancio
> > CEO e Diretor de Criação
> > VM TECH - (98)8800-2743
> >
> >
> >
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJX2GQmAAoJENNXIZxhPexG9CMH/368uq1R7qpnXtP6rKB80sFs
> WBvPHwfSX1U4EAUpHuZK3bPNQXki/9xzX0D/kvbUiDGf3lu9NqYjNEFpv3lqGC2B
> 61euZ5XjYbUXpOa3tysIrchl0tC2J5dLNTkK5cAaEABG328YxY2Yil9UqQyf2GEj
> Cwr3vpJlOMQpDlnDNjHlMvsv+scrSEiZ5CVmoj41qoYGw1S+2mym9+pxwlhRxNrd
> 9i+8Dnjj1DmMsq2IKNc/DdRciNaYIuXQAEdn8bdcoTkLWffj7KHqCCyjMFxys9F3
> RJ6vS9v1kdqLEiK2LAdVyMMylaiRWZh6Nt7ZBkYSjPCJix+hPREUPIDiF9qPM10=
> =tg++
> -END PGP SIGNATURE-
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Wait.

Does anybody see WebSockets connections to web.whatsapp.com?


14.09.2016 2:38, Chico Venancio пишет:
>
> We need more of access log.
> There is at least connect attempts at w1.web.whatsapp.com
 not shown.
>
> Chico Venancio
>
> Em 13/09/2016 17:03, "erdosain9" > escreveu:
> >
> > Hi,
> > No. is explicit.
> >
> >
> >
> > --
> > View this message in
context:http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html

> > Sent from the Squid - Users mailing list archive at Nabble.com.
> > ___
> > squid-users mailing list
> >squid-users@lists.squid-cache.org

> >http://lists.squid-cache.org/listinfo/squid-users

>
> Chico Venancio
> CEO e Diretor de Criação
> VM TECH - (98)8800-2743
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX2GQmAAoJENNXIZxhPexG9CMH/368uq1R7qpnXtP6rKB80sFs
WBvPHwfSX1U4EAUpHuZK3bPNQXki/9xzX0D/kvbUiDGf3lu9NqYjNEFpv3lqGC2B
61euZ5XjYbUXpOa3tysIrchl0tC2J5dLNTkK5cAaEABG328YxY2Yil9UqQyf2GEj
Cwr3vpJlOMQpDlnDNjHlMvsv+scrSEiZ5CVmoj41qoYGw1S+2mym9+pxwlhRxNrd
9i+8Dnjj1DmMsq2IKNc/DdRciNaYIuXQAEdn8bdcoTkLWffj7KHqCCyjMFxys9F3
RJ6vS9v1kdqLEiK2LAdVyMMylaiRWZh6Nt7ZBkYSjPCJix+hPREUPIDiF9qPM10=
=tg++
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread erdosain9

Hi.
Sorry but... dont work...

In the chrome i get this

Creating Application Cache with manifest
https://web.whatsapp.com/404.appcache
web.whatsapp.com/:1 Application Cache Checking event
web.whatsapp.com/:1 Application Cache Error event: Manifest fetch failed
(404) https://web.whatsapp.com/404.appcache
app_5163437….js:6 WebSocket connection to 'wss://w5.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT
app_5163437….js:6 WebSocket connection to 'wss://w6.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT
app_5163437….js:6 WebSocket connection to 'wss://w7.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT
app_5163437….js:6 WebSocket connection to 'wss://w8.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT
app_5163437….js:6 WebSocket connection to 'wss://w1.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT

In access.log i get

1473776268.226198 192.168.1.172 TAG_NONE/200 0 CONNECT
fonts.googleapis.com:443 - HIER_DIRECT/64.233.190.95 -
1473776268.731132 192.168.1.172 TAG_NONE/200 0 CONNECT
fonts.gstatic.com:443 - HIER_DIRECT/64.233.190.94 -


just that... ¿?¿??¿?¿?¿
Thanks!



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679482.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Both of you are caught in the access control list, completely lost sight
of that op basically wrote the wrong general rules for bump, skipped
step1 - SslBump1.

Which can be splice by server name without peek performing? Yes?

That is why he did not work. All the rest is not fundamental cosmetics
and can be written and debugged later.

12.09.2016 21:40, Marcus Kool пишет:
>
>
> On 09/12/2016 12:15 PM, Chico Venancio wrote:
>> I'd think a regex consumes a lot more resources than server name, but
don't know if it is significant.
>> Anyway, without more details we can't be sure the server name not
matching is the problem.
>>
>> We need access logs and client(browser) details.
>>
>> By the way, acl excludeSSL ssl::server_name web.whatsapp.com

>> Would not work, whatsapp uses some subdomains that also should not be
bumped.
>
> squid.conf.documented seems to imply that you can add a dot to match
the subdomains also, just like with dstdomain :
>acl excludeSSL ssl::server_name .web.whatsapp.com
>
> Be careful with the regex, it matches also web.whatsapp.com-24.site:
it needs a $
>
> Marcus
>
>> Chico Venancio
>>
>>
>> Em 12/09/2016 11:42, "Yuri Voinov" > escreveu:
>>
>>
> Because ssl :: server_name_regex works reliably. As shown by my personal
> practice. But in general it is by op's choice.
>
>
> 12.09.2016 20:38, Marcus Kool пишет:
>
>
> > On 09/12/2016 11:14 AM, Yuri Voinov wrote:
>
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA256
>
> >> Oooops,
>
> >> acl must be:
>
> >> acl excludeSSL ssl::server_name_regex web\.whatsapp\.com
>
> > why a regex?
> > why not the following ?
> >acl excludeSSL ssl::server_name web.whatsapp.com

>
> > Marcus
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org

> > http://lists.squid-cache.org/listinfo/squid-users

>
>>
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org

>> http://lists.squid-cache.org/listinfo/squid-users

>>
>>
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX1s2fAAoJENNXIZxhPexGRXoH/2TnA1g+DuwwXsg5qugSngC/
3mcMtqtSZ8szaESp0ofCuGvB7f3pYU3pOpm6OAumyDDIO9bVmHX7QLDK4hkNWaUo
f8BICxg/zqDbIxLOJyMRo9kCyT3CT1hUd7F/EtvAAcAUk68blAKupksYZ5gDSeN6
gY13RLeWoNgsaIZL+LgztRf8bKGepIK9vGFyIPvKXxYP0dey4/zndyjQbRf1ggtV
E8K/0xU6zaflcggKFPjBHWpekATRoza09/+BT8T/THndf1CBybmAo7wOGi1oG6nu
1qw3H2X32DyDjIOQ+YV6NVjSDb0jPaj/taanT3W5F1/VNhFshyw/IjIPLeoYw9k=
=TMa5
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Marcus Kool




On 09/12/2016 12:15 PM, Chico Venancio wrote:

I'd think a regex consumes a lot more resources than server name, but don't 
know if it is significant.
Anyway, without more details we can't be sure the server name not matching is 
the problem.

We need access logs and client(browser) details.

By the way, acl excludeSSL ssl::server_name web.whatsapp.com 

Would not work, whatsapp uses some subdomains that also should not be bumped.


squid.conf.documented seems to imply that you can add a dot to match the 
subdomains also, just like with dstdomain :
   acl excludeSSL ssl::server_name .web.whatsapp.com

Be careful with the regex, it matches also web.whatsapp.com-24.site: it needs a 
$

Marcus


Chico Venancio


Em 12/09/2016 11:42, "Yuri Voinov" > escreveu:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Because ssl :: server_name_regex works reliably. As shown by my personal
practice. But in general it is by op's choice.


12.09.2016 20:38, Marcus Kool пишет:
>
>
> On 09/12/2016 11:14 AM, Yuri Voinov wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Oooops,
>>
>> acl must be:
>>
>> acl excludeSSL ssl::server_name_regex web\.whatsapp\.com
>
> why a regex?
> why not the following ?
>acl excludeSSL ssl::server_name web.whatsapp.com 

>
> Marcus
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org 

> http://lists.squid-cache.org/listinfo/squid-users 


-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJX1r7jAAoJENNXIZxhPexGiDgH/18a12inWiaf8mRJtB/eGOhV
s1Qb+TMtWEQUUKJocxnSLKWTND6I+ZrVnDHGI2b64x0bZUOHYtH1dx0NgC0/xC8L
JppQbDHAQfQGjLuJFfu+VLzp5SNDGXYxZ/4aliiF8JMibtcOSt4viMbxN20ic5Bo
eAIuZiJXuVhmUhND9eSGUTyOdATgjCzBOZRwBBAWbi4/CfK7FML2kfzqZnbGsc8i
6qy01w0Hz06g2bY0Gz3qD/VtnYIjGACR+LZlugnpw1LXVpsQfW8D3m7l50zSBflM
Sp4Ku5BqjJ/pIXbODR4TZ70KdzqYUZ1V6u+LBukTvrjiLSoX2hnkYlhzviZGS0A=
=YrH2
-END PGP SIGNATURE-


___
squid-users mailing list
squid-users@lists.squid-cache.org 
http://lists.squid-cache.org/listinfo/squid-users 




___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Chico Venancio

I'd think a regex consumes a lot more resources than server name, but don't
know if it is significant.
Anyway, without more details we can't be sure the server name not matching
is the problem.

We need access logs and client(browser) details.

By the way, acl excludeSSL ssl::server_name web.whatsapp.com
Would not work, whatsapp uses some subdomains that also should not be
bumped.

Chico Venancio

Em 12/09/2016 11:42, "Yuri Voinov"  escreveu:

>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Because ssl :: server_name_regex works reliably. As shown by my personal
> practice. But in general it is by op's choice.
>
>
> 12.09.2016 20:38, Marcus Kool пишет:
> >
> >
> > On 09/12/2016 11:14 AM, Yuri Voinov wrote:
> >>
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA256
> >>
> >> Oooops,
> >>
> >> acl must be:
> >>
> >> acl excludeSSL ssl::server_name_regex web\.whatsapp\.com
> >
> > why a regex?
> > why not the following ?
> >acl excludeSSL ssl::server_name web.whatsapp.com
> >
> > Marcus
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJX1r7jAAoJENNXIZxhPexGiDgH/18a12inWiaf8mRJtB/eGOhV
> s1Qb+TMtWEQUUKJocxnSLKWTND6I+ZrVnDHGI2b64x0bZUOHYtH1dx0NgC0/xC8L
> JppQbDHAQfQGjLuJFfu+VLzp5SNDGXYxZ/4aliiF8JMibtcOSt4viMbxN20ic5Bo
> eAIuZiJXuVhmUhND9eSGUTyOdATgjCzBOZRwBBAWbi4/CfK7FML2kfzqZnbGsc8i
> 6qy01w0Hz06g2bY0Gz3qD/VtnYIjGACR+LZlugnpw1LXVpsQfW8D3m7l50zSBflM
> Sp4Ku5BqjJ/pIXbODR4TZ70KdzqYUZ1V6u+LBukTvrjiLSoX2hnkYlhzviZGS0A=
> =YrH2
> -END PGP SIGNATURE-
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Because ssl :: server_name_regex works reliably. As shown by my personal
practice. But in general it is by op's choice.


12.09.2016 20:38, Marcus Kool пишет:
>
>
> On 09/12/2016 11:14 AM, Yuri Voinov wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Oooops,
>>
>> acl must be:
>>
>> acl excludeSSL ssl::server_name_regex web\.whatsapp\.com
>
> why a regex?
> why not the following ?
>acl excludeSSL ssl::server_name web.whatsapp.com
>
> Marcus
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX1r7jAAoJENNXIZxhPexGiDgH/18a12inWiaf8mRJtB/eGOhV
s1Qb+TMtWEQUUKJocxnSLKWTND6I+ZrVnDHGI2b64x0bZUOHYtH1dx0NgC0/xC8L
JppQbDHAQfQGjLuJFfu+VLzp5SNDGXYxZ/4aliiF8JMibtcOSt4viMbxN20ic5Bo
eAIuZiJXuVhmUhND9eSGUTyOdATgjCzBOZRwBBAWbi4/CfK7FML2kfzqZnbGsc8i
6qy01w0Hz06g2bY0Gz3qD/VtnYIjGACR+LZlugnpw1LXVpsQfW8D3m7l50zSBflM
Sp4Ku5BqjJ/pIXbODR4TZ70KdzqYUZ1V6u+LBukTvrjiLSoX2hnkYlhzviZGS0A=
=YrH2
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Marcus Kool




On 09/12/2016 11:14 AM, Yuri Voinov wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Oooops,

acl must be:

acl excludeSSL ssl::server_name_regex web\.whatsapp\.com


why a regex?
why not the following ?
   acl excludeSSL ssl::server_name web.whatsapp.com

Marcus
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Oooops,

acl must be:

acl excludeSSL ssl::server_name_regex web\.whatsapp\.com

12.09.2016 20:13, Yuri Voinov пишет:
>
> Rewrite as follows:
>
> acl step1 at_step SslBump1
> acl excludeSSL ssl::server_name_regex web.whatsapp.com
>
> ssl_bump peek step1
> ssl_bump splice excludeSSL
> ssl_bump bump all
>
> Then try again.
>
> 12.09.2016 19:45, erdosain9 пишет:
> > Hi
> > I keep having problem...
>
> > i put this on squid.conf
>
> > acl excludeSSL ssl::server_name .whatsapp.com
>
> > ssl_bump splice excludeSSL
> > ssl_bump peek all
> > ssl_bump bump all
>
> > but, nothing same behavior...
>
>
>
>
> > --
> > View this message in context:
>
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679455.html
> > Sent from the Squid - Users mailing list archive at Nabble.com.
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
>

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX1rg1AAoJENNXIZxhPexGV+MH/2lpeHvCwtqa51f5TMsf1nXP
kAdlhDf6RhCd4jcuZ9chhfGqvXD6MwDMSO0jl62HWcrRog+rCmzuPu2aDP8+uKk8
gLh/5m9qCfRI5CEEtXw2yvcgCHQD1d4MkZEMeo+V6wiMJ/q8lBBiV5agSIGIi5xJ
Gq3Nk0hjuwGeovfHB4ThAWmAH/AOfVDBfzvNUknGlMeejARq43+s0+VrFpw9JYhv
30stI32SMKPld5mBkzEfIsZxu2F73r2BgfV6LpFds+r13LLcKf7cubZnlcBC98vD
uCeVEC/3ftAFBGFc6TWYwrEBoJApWhzHLAoaWCMZK6INF/T3LIlxfbME5a5YRgU=
=Xq79
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Rewrite as follows:

acl step1 at_step SslBump1
acl excludeSSL ssl::server_name_regex web.whatsapp.com

ssl_bump peek step1
ssl_bump splice excludeSSL
ssl_bump bump all

Then try again.

12.09.2016 19:45, erdosain9 пишет:
> Hi
> I keep having problem...
>
> i put this on squid.conf
>
> acl excludeSSL ssl::server_name .whatsapp.com
>
> ssl_bump splice excludeSSL
> ssl_bump peek all
> ssl_bump bump all
>
> but, nothing same behavior...
>
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679455.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX1rf6AAoJENNXIZxhPexGhOAH/i9y2z/z5n7EJha66YQOlLNQ
QYrGaHPC2Bg0od3TdIKvpi5xpUfECNYgD9lNLaoXJ6c8lSNaJ+GgOs0W4azfIKBK
0ThMnTVO7d3RIAFeZL68XyAtccfYY6pKR5R0N4iIIubvCNQJLurJdME9l/7V9YW0
M8651z8phD5qzMUr2o3Hot06ICNOWnQpWiXMjhcCJ+ihpAyVq39ipIiiCQiTdviZ
/dgTCBgc1K91MwbHISFBIVN3iWYYSXdvrpeG8rzyvOFmnmzKlA0UAnFBj6YTawPN
7c5C4aChQ0q6iTWC2NG2U1feDRXja/BOXHjdvxg/hEIpAePl5f8UUdkZtl1FIm4=
=Muas
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Chico Venancio

The logs remained the same?
What is the CA of the certificate on the page now?

Chico Venancio

Em 12/09/2016 10:49, "erdosain9"  escreveu:

> Hi
> I keep having problem...
>
> i put this on squid.conf
>
> acl excludeSSL ssl::server_name .whatsapp.com
>
> ssl_bump splice excludeSSL
> ssl_bump peek all
> ssl_bump bump all
>
> but, nothing same behavior...
>
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.
> 1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679455.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread erdosain9

Hi
I keep having problem...

i put this on squid.conf

acl excludeSSL ssl::server_name .whatsapp.com

ssl_bump splice excludeSSL
ssl_bump peek all
ssl_bump bump all

but, nothing same behavior...




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679455.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Eliezer Croitoru

Can it be verified using some kind of dumps?

The issues is that if I will try to access https://web.whatsapp.com/ it will 
probably won't work despite to the fact that I have or do not have a 
certificate.

>From my eyes it's not a certificate issue but rather a websocket one.

The simplest way to see it would be using this firefox dump:

curl "https://w1.web.whatsapp.com/ws; -H "Host: w1.web.whatsapp.com" -H 
"User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 
Firefox/48.0" -H "Accept: 
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -H 
"Accept-Language: en-US,he;q=0.7,en;q=0.3" --compressed -H 
"Sec-WebSocket-Version: 13" -H "Origin: https://web.whatsapp.com; -H 
"Sec-WebSocket-Extensions: permessage-deflate" -H "Sec-WebSocket-Key: 
323TCNi3BxG0LJ+nTi2V1g==" -H "Connection: keep-alive, Upgrade" -H "Pragma: 
no-cache" -H "Cache-Control: no-cache" -H "Upgrade: websocket"

 

I believe that we can somehow make sure how it will be secure "enough" to 
mangle the response headers and change any Connection into a "close" one and 
then splice the client and the server.

It's not safe for many systems but when the sysadmins are using whatsapp to 
send internal messages it would be ridicules to restrict the network users for 
these apps.

But in the other hand maybe the sysadmins are smart and the other users are not 
enough so I am not sure what would be the best option.

For this case a configuration would be appropriate.

 

Eliezer

 



 <http://ngtech.co.il/lmgtfy/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il



 

From: Chico Venancio [mailto:chicocvenan...@gmail.com] 
Sent: Thursday, September 8, 2016 11:05 PM
To: Eliezer Croitoru
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem

 

We had that trouble with whatsapp web. We simply put it in the splice rule. It 
seems whatsapp checks the client certificate. 

Chico Venancio 

 

Em 08/09/2016 16:09, "Eliezer Croitoru" <elie...@ngtech.co.il 
<mailto:elie...@ngtech.co.il> > escreveu:

Hey,

Can I reproduce this by just entering the url in 
chrome\chromium\firefox\Internet Exploere\Edge\other?
I am testing Squid 4 but it's moving slow compared to what I could in the past.
I have a squid 4 up and running and I will try to see if I can reproduce it.
Can you provide more details about the squid.conf?

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261 <tel:%2B972-5-28704261> 
Email: elie...@ngtech.co.il <mailto:elie...@ngtech.co.il> 


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org 
<mailto:squid-users-boun...@lists.squid-cache.org> ] On Behalf Of erdosain9
Sent: Thursday, September 8, 2016 3:38 PM
To: squid-users@lists.squid-cache.org 
<mailto:squid-users@lists.squid-cache.org> 
Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem

Finally i update to squid 3.5 and try the acl with dstdomain


Craddock, Tommy wrote
> Hello,
> Create an ACL that will be a list of domains, either in the ACL or in
> a txt file that the ACL refers to, and place any URLs you want
> bypassed by the proxy into the ACL.  Something like this:
> ACL Section of your squid.conf:
> acl bypass_dst_dom  dstdomain "/etc/squid/bypass_dst_domain.txt"
> Then in the http_access section:
> http_access allow bypass_dst_dom

But dosent work  the web keep loading 
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4679426/Captura_de_pantalla_de_2016-09-08_09-40-14.png>




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679426.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org> 
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org> 
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Absolutely right. It is requires to put Whatsapp web to splice rule to
make it work.


09.09.2016 2:04, Chico Venancio пишет:
>
> We had that trouble with whatsapp web. We simply put it in the splice
rule. It seems whatsapp checks the client certificate.
>
> Chico Venancio
>
>
> Em 08/09/2016 16:09, "Eliezer Croitoru" <elie...@ngtech.co.il
<mailto:elie...@ngtech.co.il>> escreveu:
>
> Hey,
>
> Can I reproduce this by just entering the url in
chrome\chromium\firefox\Internet Exploere\Edge\other?
> I am testing Squid 4 but it's moving slow compared to what I could
in the past.
> I have a squid 4 up and running and I will try to see if I can
reproduce it.
> Can you provide more details about the squid.conf?
>
> Eliezer
>
> 
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261 <tel:%2B972-5-28704261>
> Email: elie...@ngtech.co.il <mailto:elie...@ngtech.co.il>
>
>
> -Original Message-
> From: squid-users
[mailto:squid-users-boun...@lists.squid-cache.org
<mailto:squid-users-boun...@lists.squid-cache.org>] On Behalf Of erdosain9
> Sent: Thursday, September 8, 2016 3:38 PM
> To: squid-users@lists.squid-cache.org
<mailto:squid-users@lists.squid-cache.org>
> Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem
>
> Finally i update to squid 3.5 and try the acl with dstdomain
>
>
> Craddock, Tommy wrote
> > Hello,
> > Create an ACL that will be a list of domains, either in the ACL
or in
> > a txt file that the ACL refers to, and place any URLs you want
> > bypassed by the proxy into the ACL.  Something like this:
> > ACL Section of your squid.conf:
> > acl bypass_dst_dom  dstdomain "/etc/squid/bypass_dst_domain.txt"
> > Then in the http_access section:
> > http_access allow bypass_dst_dom
>
> But dosent work  the web keep loading
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4679426/Captura_de_pantalla_de_2016-09-08_09-40-14.png
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4679426/Captura_de_pantalla_de_2016-09-08_09-40-14.png>>
>
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679426.html
<http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679426.html>
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
<mailto:squid-users@lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
<mailto:squid-users@lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX0cW+AAoJENNXIZxhPexGotYIAKgrCVW/KdWiljFC+Um7QJrr
SUMYmbky6eMzKDnFGpWG7hSExIlb2g3GXeMZCUT5uhLuNdTSbQal++bTRcua/I19
qNd8aAvWre+b3c2iVbBQAhcYNUqoBhj3FLhm6MzCwxzB/+256b+MLA7lxWP9yvB1
bPGq1G7arx1kbGo/3XMXZ5KtjgLCDj2w3Mt+dZLtlaN6CFNqZ7yE3x5ZebhOIbXQ
4N/ppGkk/8iAyAYnbhUHUeDwP241xvkdTPKOmpD3cay5BuDKcn6tHYnhZQQw4c2B
QETiV4qKOsTeHRAaLWPQ2aUuEfGuUAB/QuM7VmVfrXyVhYsa877KngLqPFvfcKw=
=NUFs
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Chico Venancio

We had that trouble with whatsapp web. We simply put it in the splice rule.
It seems whatsapp checks the client certificate.

Chico Venancio

Em 08/09/2016 16:09, "Eliezer Croitoru" <elie...@ngtech.co.il> escreveu:

> Hey,
>
> Can I reproduce this by just entering the url in 
> chrome\chromium\firefox\Internet
> Exploere\Edge\other?
> I am testing Squid 4 but it's moving slow compared to what I could in the
> past.
> I have a squid 4 up and running and I will try to see if I can reproduce
> it.
> Can you provide more details about the squid.conf?
>
> Eliezer
>
> 
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: elie...@ngtech.co.il
>
>
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of erdosain9
> Sent: Thursday, September 8, 2016 3:38 PM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem
>
> Finally i update to squid 3.5 and try the acl with dstdomain
>
>
> Craddock, Tommy wrote
> > Hello,
> > Create an ACL that will be a list of domains, either in the ACL or in
> > a txt file that the ACL refers to, and place any URLs you want
> > bypassed by the proxy into the ACL.  Something like this:
> > ACL Section of your squid.conf:
> > acl bypass_dst_dom  dstdomain "/etc/squid/bypass_dst_domain.txt"
> > Then in the http_access section:
> > http_access allow bypass_dst_dom
>
> But dosent work  the web keep loading <http://squid-web-proxy-cache.
> 1019090.n4.nabble.com/file/n4679426/Captura_de_pantalla_
> de_2016-09-08_09-40-14.png>
>
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.
> 1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679426.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Eliezer Croitoru

Hey,

Can I reproduce this by just entering the url in 
chrome\chromium\firefox\Internet Exploere\Edge\other?
I am testing Squid 4 but it's moving slow compared to what I could in the past.
I have a squid 4 up and running and I will try to see if I can reproduce it.
Can you provide more details about the squid.conf?

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of erdosain9
Sent: Thursday, September 8, 2016 3:38 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem

Finally i update to squid 3.5 and try the acl with dstdomain


Craddock, Tommy wrote
> Hello,
> Create an ACL that will be a list of domains, either in the ACL or in 
> a txt file that the ACL refers to, and place any URLs you want 
> bypassed by the proxy into the ACL.  Something like this:
> ACL Section of your squid.conf:
> acl bypass_dst_dom  dstdomain "/etc/squid/bypass_dst_domain.txt"
> Then in the http_access section:
> http_access allow bypass_dst_dom

But dosent work  the web keep loading 
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4679426/Captura_de_pantalla_de_2016-09-08_09-40-14.png>
 




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679426.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread erdosain9

Thanks.
There you have 

# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8# RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16# RFC1918 possible internal network
#IPV6 Deshabilitado
#acl localnet src fc00::/7   # RFC 4193 local private network range
#acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged)
machines
#acl lan1_network src 192.168.1.0/24 ###Red 1 completa (no esta allowed)
#acl adminsquid src 192.168.1.172 #Administrar squid

#allways_direct allow lan1_network

GRUPOS DE IP
acl full src "/etc/squid/ips/full.lst"
acl limitado src "/etc/squid/ips/limitado.lst"
acl sistemas src "/etc/squid/ips/sistemas.lst"
acl adminis  src "/etc/squid/ips/adminis.lst"

Bloquea Publicidad ( http://pgl.yoyo.org/adservers/ )
acl ads dstdom_regex "/etc/squid/listas/ad_block.lst"
http_access deny ads
#deny_info TCP_RESET ads

Streaming
#acl youtube dstdomain .googlevideo.com
#acl youtube dstdomain .fbcdn.net
#acl youtube dstdomain .akamaihd.net
acl stream url_regex -i \.flv$
acl stream url_regex -i \.mp4$
acl stream url_regex -i watch?
acl stream url_regex -i youtube
acl stream url_regex -i facebook
acl stream url_regex -i fbcdn\.net\/v\/(.*\.mp4)\?
acl stream url_regex -i fbcdn\.net\/v\/(.*\.jpg)\? 
acl stream url_regex -i akamaihd\.net\/v\/(.*\.mp4)\?
acl stream url_regex -i akamaihd\.net\/v\/(.*\.jpg)\?

##Dominios denegados
acl dominios_denegados dstdomain "/etc/squid/listas/dominios_denegados.lst"

##Extensiones bloqueadas
acl multimedia urlpath_regex "/etc/squid/listas/multimedia.lst"

##Extensiones peligrosas
acl peligrosos urlpath_regex "/etc/squid/listas/peligrosos.lst"

#Bypass squid
acl bypass_dst_dom  dstdomain "/etc/squid/listas/bypass_dst_domain.lst"

##Redes sociales
acl redes_sociales url_regex -i “/etc/squid/listas/redes_sociales.lst”


#Puertos
acl SSL_ports port 443
acl SSL_ports port 8443

acl Safe_ports port 631 # httpCUPS
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 8443# httpsalt
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT


#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
#http_access allow adminsquid manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
#http_access allow bypass_dst_dom
http_access allow limitado !dominios_denegados !multimedia !peligrosos
http_access allow full !peligrosos
http_access allow adminis !multimedia
http_access allow sistemas

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 192.168.1.9:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myca.pem
key=/etc/squid/ssl_cert/myca.pem 

acl excluidosSSL dstdomain "/etc/squid/listas/excluidosSSL.lst"
ssl_bump none excluidosSSL

# SSL Bump Config
ssl_bump stare all  
ssl_bump bump all 

#
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1


# Uncomment and adjust the following to add a disk cache directory.
cache_dir aufs /var/spool/squid 1000 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320

dns_nameservers 192.168.1.14 192.168.1.5 192.168.1.7
visible_hostname squid


#obliga el cache de imagenes .jgp

refresh_pattern -i \.jpg$ 30 0% 30 ignore-no-cache ignore-no-store
ignore-private

##POOL DE VELOCIDAD
#delay_pools 2
#delay_class 1

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Craddock, Tommy

Hello, 

Show your squid.conf to see how you setup the http_access section.   

 
Tommy E CRADDOCK JR

-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of erdosain9
Sent: Thursday, September 08, 2016 12:35 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem

Ok.
Access.log

1473352640.832514 192.168.1.172 TCP_MISS/200 527 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json
1473352642.737290 192.168.1.172 TCP_MISS/404 464 GET
https://web.whatsapp.com/404.appcache - HIER_DIRECT/31.13.85.51 text/html
1473352643.237143 192.168.1.172 TAG_NONE/200 0 CONNECT
fonts.gstatic.com:443 - HIER_DIRECT/64.233.190.94 -
1473352644.668288 192.168.1.172 TCP_MISS/304 535 GET
https://web.whatsapp.com/serviceworker.js - HIER_DIRECT/31.13.85.51 
application/javascript
1473352649.604296 192.168.1.172 TCP_MISS/200 527 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json
1473352654.317291 192.168.1.172 TCP_MISS/200 527 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679428.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread erdosain9

Ok.
Access.log

1473352640.832514 192.168.1.172 TCP_MISS/200 527 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json
1473352642.737290 192.168.1.172 TCP_MISS/404 464 GET
https://web.whatsapp.com/404.appcache - HIER_DIRECT/31.13.85.51 text/html
1473352643.237143 192.168.1.172 TAG_NONE/200 0 CONNECT
fonts.gstatic.com:443 - HIER_DIRECT/64.233.190.94 -
1473352644.668288 192.168.1.172 TCP_MISS/304 535 GET
https://web.whatsapp.com/serviceworker.js - HIER_DIRECT/31.13.85.51
application/javascript
1473352649.604296 192.168.1.172 TCP_MISS/200 527 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json
1473352654.317291 192.168.1.172 TCP_MISS/200 527 GET
https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679428.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread erdosain9

Finally i update to squid 3.5 and try the acl with dstdomain


Craddock, Tommy wrote
> Hello, 
> Create an ACL that will be a list of domains, either in the ACL or in a
> txt file that the ACL refers to, and place any URLs you want bypassed by
> the proxy into the ACL.  Something like this:
> ACL Section of your squid.conf:
> acl bypass_dst_dom  dstdomain "/etc/squid/bypass_dst_domain.txt"
> Then in the http_access section:
> http_access allow bypass_dst_dom

But dosent work  the web keep loading

 




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679426.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Thank you, Eliezer, I forgot about the solution with IP tables.

When the hand router, everything seems to network :)


02.09.2016 0:36, Eliezer Croitoru пишет:
> Hey Erdosian,
>
> I have a question regarding the need for squid bypass.
> What have you tried until now to resolve the issue?
> If you do not care about caching at this stage then you can try to use
the next idea and scripts that I wrote:
> https://github.com/elico/squid-yt-log-analyzer
>
> If you will add iptables rules in either the nat or the mangle tables
like at:
>
https://github.com/elico/squid-yt-log-analyzer/blob/master/qos-start.sh#L35
>
> but changing the CLASSIFY to ACCEPT and put it in the right table you
would be able to bypass squid for the right destinations.
> If you need help to tweak the script let me know and I will publish
another more suitable version for squid bypassing.
>
> Eliezer
>
> 
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: elie...@ngtech.co.il
>
>
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
On Behalf Of erdosain9
> Sent: Thursday, September 1, 2016 4:12 PM
> To: squid-users@lists.squid-cache.org
> Subject: [squid-users] Web Whatsapp, Dropbox... problem
>
> Hi to all.
> Im having problem with the
>
> web.whatssap.com
>
> and with Dropbox client...
>
> There is a way to exclude this things from the proxy???
>
> Thanks!
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXyHipAAoJENNXIZxhPexGq3wH/1NJHMwqiCGB+U7Iplz0EUUe
ZMN480fVUCTjT4kwKMuLQvkNK6mOV7WCJO1VhY+ehwrPgF5BO0yoZT4LrnlYk+Xy
AfrrmV46sRrsQm9ERx5dJF+TzAG0HtgIqgARhvECRbNi6fQ6UAiduVOXixyOweAn
qhJ9awv5Ii6sJRmWvCkacrU4WR1YTgeKyPN4cIK+sAAoDPeanRp1RVWSwji0h8Sw
VTQl3J35Kc5dZnHZgTuC/5Zr6knLSNG2fl+RudGQiYSwV+nvnntopJXJdUcVJDBu
QoWSI27eKGCav9r3xODG/u74wpvXFA032LNVl15y7W6r19Cr55XldV9c7AyTf3A=
=Az8T
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Eliezer Croitoru

Hey Erdosian,

I have a question regarding the need for squid bypass.
What have you tried until now to resolve the issue?
If you do not care about caching at this stage then you can try to use the next 
idea and scripts that I wrote:
https://github.com/elico/squid-yt-log-analyzer

If you will add iptables rules in either the nat or the mangle tables like at:
https://github.com/elico/squid-yt-log-analyzer/blob/master/qos-start.sh#L35

but changing the CLASSIFY to ACCEPT and put it in the right table you would be 
able to bypass squid for the right destinations.
If you need help to tweak the script let me know and I will publish another 
more suitable version for squid bypassing.

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of erdosain9
Sent: Thursday, September 1, 2016 4:12 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Web Whatsapp, Dropbox... problem

Hi to all.
Im having problem with the 

web.whatssap.com

and with Dropbox client... 

There is a way to exclude this things from the proxy???

Thanks!



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Or, you can buy router to bypass proxy for selected IP's. eBay is great.


01.09.2016 20:21, erdosain9 пишет:
> hi.
> Thanks
> but, now im using ssl-bump with squid 3.3.8 is there a possibility
that work
> web.whatsapp and drobpox with this version, or at least exclude them from
> the "proxy"???
>
> Thanks
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679304.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXyDuJAAoJENNXIZxhPexGfXYH/1669rVJf9ByEEd5tVioLFcY
EV+QB01EfmT2pq5zKsuLGofVaFtg6v+ir8IQ6Zq6Qmdp4GHX9urTd69QZ2xouN58
8zmvO//upApC4GiGj2FlVlNL5d6qmFyLLWY51q869yTQM509nYyhitJlMVEMCgeM
YhUrknjWF73TOwYSCVaRVJ3KkXYRJn9VgAYy/dJsrkuOlykZvgg4ZJG+4wvISYPX
X1GPCOZVgIaHSkCmwmtvBMLoz5C+kk5fGMjG71S96dJ6qsX9lq96yZF7fcIHG2kM
SLqfSv7QoIVZOiOdIIgLJ8wFo85SA//j5aKxRgMQylrXQ88sW/vpRkb1GIfw4oU=
=dKIq
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
This will not work in Squid<3.5.

3.4 and below requires dst (IP-based) acl type for no-bump because they
does not contains SNI functionality.


01.09.2016 20:30, Craddock, Tommy пишет:
> Hello, 
>
> Create an ACL that will be a list of domains, either in the ACL or in
a txt file that the ACL refers to, and place any URLs you want bypassed
by the proxy into the ACL.  Something like this:
>
>
> ACL Section of your squid.conf:
>
> acl bypass_dst_dom  dstdomain "/etc/squid/bypass_dst_domain.txt"
>
>
> Then in the http_access section:
>
> http_access allow bypass_dst_dom
>
>
>
> Thanks!
>
> 
> Tommy E CRADDOCK JR
>
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
On Behalf Of erdosain9
> Sent: Thursday, September 01, 2016 10:21 AM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem
>
> hi.
> Thanks
> but, now im using ssl-bump with squid 3.3.8 is there a possibility
that work web.whatsapp and drobpox with this version, or at least
exclude them from the "proxy"???
>
> Thanks
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679304.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
> __
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
__
>
> __
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> __
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXyDxpAAoJENNXIZxhPexG/g4H/jDIqRy/UUjM2QROIsp1hKJb
0GikntJ+9Qb+swzcYxRoSKVJeDfwByLExIw249ntsoGpsl98G7UTs6ShO9TeZS8Z
cCKylcnpeHUIm8PpxLYZZdcxT8pPtDCnBD6g+fXs7B4nwlzMBaZE004xV4eeKVMJ
x3Yu76CE57700rDRX6MYU6lfkyKYoDEJfhsk48BL/aJHAEvjYeDTg22WuYvj4Idp
0bfGQPyGvv8QfF8+aJPlseWmgJV9Edmvsk1uQtPFc9jcNDaqdLuaarqiA66wTexx
8dSyuV2ecPbLegUWn0/kEO32crEJDk8sCPCevBYrgFSNUTwu+maqgK2IDswe4nQ=
=/2Hs
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Craddock, Tommy

Hello, 

Create an ACL that will be a list of domains, either in the ACL or in a txt 
file that the ACL refers to, and place any URLs you want bypassed by the proxy 
into the ACL.  Something like this:


ACL Section of your squid.conf:

acl bypass_dst_dom  dstdomain "/etc/squid/bypass_dst_domain.txt"


Then in the http_access section:

http_access allow bypass_dst_dom



Thanks!

 
Tommy E CRADDOCK JR

-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of erdosain9
Sent: Thursday, September 01, 2016 10:21 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem

hi.
Thanks
but, now im using ssl-bump with squid 3.3.8 is there a possibility that work 
web.whatsapp and drobpox with this version, or at least exclude them from the 
"proxy"???

Thanks



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679304.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com 
__

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
In versions older than 3.5 squid's uses obsolete SSL bump
implementation, which requires IP's against server_name to splice/no_bump.

Your Squid is antique. Upgrade it first.


01.09.2016 20:21, erdosain9 пишет:
> hi.
> Thanks
> but, now im using ssl-bump with squid 3.3.8 is there a possibility
that work
> web.whatsapp and drobpox with this version, or at least exclude them from
> the "proxy"???
>
> Thanks
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679304.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXyDsyAAoJENNXIZxhPexG3XsH/jX8twPzWDTCE3/NYDKdFstm
dgQOM7vvXg5lQWx/ufc8FNns6TvM3+pGJmPSJmEchZ8Ai+YA++xGpf050zIedd/W
Txf/unD8yb2WWuUKNtu45Px4jagaO3A65Y6WwUMSe79zdvdT/n7tu8AxD2E5t9Yn
NxkQs/EOv66Au3rbQDjcEPxWbL0tm5t46g8pnFdYYlzriW+SpRtN9WkzRPhyR3qw
rK3GJ33teSvee2E2sjoJWPtbX+dMSeXxNYrT9ZTTXttdpjQYkU6tKYZvpoHKXvjE
ET4ppSuEfnORGMTrKOOoe1GmfFOPBHl7wy4hM96TM+rXIOeWdN0z8kvGHKu7zpg=
=NlaO
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Alex Rousskov

On 09/01/2016 08:21 AM, erdosain9 wrote:
> but, now im using ssl-bump with squid 3.3.8 

You really should not: Using that Squid version with SslBump creates
more problems than you can solve. Upgrading to the latest v3.5 (at
least) is the right solution.

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread erdosain9

hi.
Thanks
but, now im using ssl-bump with squid 3.3.8 is there a possibility that work
web.whatsapp and drobpox with this version, or at least exclude them from
the "proxy"???

Thanks



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679304.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
http://wiki.squid-cache.org/Features/SslPeekAndSplice

Here is answer to your question. Read carefully.


01.09.2016 19:12, erdosain9 пишет:
> Hi to all.
> Im having problem with the
>
> web.whatssap.com
>
> and with Dropbox client...
>
> There is a way to exclude this things from the proxy???
>
> Thanks!
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXyCvmAAoJENNXIZxhPexGy38H/i60uON6MvoqycUAAiP4WezA
zPxux5/AHfa60teRnbgOZp9WNL/sPI71+r00yKeu+9hAbtaFclovaTISwehDm13H
B+P3czWFKrkkSf2Qz2jcdT+OS/0m06+3fTaeA0KSdtIFmBukx9To430BBB7o3ltK
5owj9ahn38fQHE8T/X3shmYnz54BBXWQGzKhxe/cehUABm0QfLx4EuVKpHeT63by
I20IcXdqT92quwaTystVxCDNnktySj+YhlHOGOaFa5pmU6WjJxIbZG8yDaU7PkYY
e0s1KlkYyElAcDp5wyDItGxBpR3G1nwYUUr4s3h/3YLJIrbV4qX5WifYfsPU9Yk=
=DYaf
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread erdosain9

Hi to all.
Im having problem with the 

web.whatssap.com

and with Dropbox client... 

There is a way to exclude this things from the proxy???

Thanks!



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

42 matches

Mail list logo