Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-10-24 Thread Eliezer Croitoru
:16 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem On 29/09/2016 11:27 a.m., Eliezer Croitoru wrote: > I am also testing this issue and I have the next settings: > acl DiscoverSNIHost at_step SslBump1 > acl NoSSLIntercept ssl::server_name

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-29 Thread Eliezer Croitoru
elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Amos Jeffries Sent: Thursday, September 29, 2016 7:16 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem On 29/09/20

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-28 Thread Amos Jeffries
On 29/09/2016 11:27 a.m., Eliezer Croitoru wrote: > I am also testing this issue and I have the next settings: > acl DiscoverSNIHost at_step SslBump1 > acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump" > ssl_bump splice NoSSLIntercept > ssl_bump peek DiscoverSNIHost > ssl_bump bu

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-28 Thread Eliezer Croitoru
ts.squid-cache.org Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem mm so... i think this is working for non take the certificate acl step1 at_step SslBump1 acl excludeSSL ssl::server_name_regex web/.whatsapp/.com ssl_bump peek step1 ssl_bump splice excludeSSL s

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-20 Thread Amos Jeffries
On 20/09/2016 6:12 a.m., Jok Thuau wrote: > On Mon, Sep 19, 2016 at 10:39 AM, erdosain9 wrote: > >> mm >> so... >> i think this is working for non take the certificate >> >> acl step1 at_step SslBump1 >> acl excludeSSL ssl::server_name_regex web/.whatsapp/.com >> > > wrong slashes...

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-19 Thread Jok Thuau
On Mon, Sep 19, 2016 at 10:39 AM, erdosain9 wrote: > mm > so... > i think this is working for non take the certificate > > acl step1 at_step SslBump1 > acl excludeSSL ssl::server_name_regex web/.whatsapp/.com > wrong slashes... you want "\" > > ssl_bump peek step1 > ssl_bump splice

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-19 Thread erdosain9
mm so... i think this is working for non take the certificate acl step1 at_step SslBump1 acl excludeSSL ssl::server_name_regex web/.whatsapp/.com ssl_bump peek step1 ssl_bump splice excludeSSL ssl_bump bump all but, anyway something more is happening because well... dosent work.

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread erdosain9
It is only my pc in the proxy. So , see the access.log is simple ... really , no more information than copied. .either way, the website never finish loading -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread Alex Rousskov
On 09/14/2016 05:01 PM, erdosain9 wrote: > acl step1 at_step SslBump1 > acl excludeSSL ssl::server_name_regex web/.whatsapp/.com > > ssl_bump peek step1 > ssl_bump splice excludeSSL > ssl_bump bump all > > I dont get nothing about web.whatsapp.com in access.log I suspect you just do not k

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread erdosain9
Hi, thanks With acl step1 at_step SslBump1 acl excludeSSL ssl::server_name_regex web/.whatsapp/.com ssl_bump peek step1 ssl_bump splice excludeSSL ssl_bump bump all I dont get nothing about web.whatsapp.com in access.log except this, a lot of time after i close the tab window of web brow

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread Alex Rousskov
On 09/14/2016 12:56 PM, erdosain9 wrote: > If i put > > acl step1 at_step SslBump1 > acl excludeSSL ssl::server_name_regex web/.whatsapp/.com > > ssl_bump peek step1 > ssl_bump splice excludeSSL > ssl_bump bump all > > I dont get nothing about web.whatsapp.com in access.log What kind of C

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread erdosain9
Hi. If i put acl step1 at_step SslBump1 acl excludeSSL ssl::server_name_regex web/.whatsapp/.com ssl_bump peek step1 ssl_bump splice excludeSSL ssl_bump bump all I dont get nothing about web.whatsapp.com in access.log But if i change config to ssl_bump stare all ssl_bump bump all I get

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-14 Thread Amos Jeffries
On 14/09/2016 9:14 a.m., Chico Venancio wrote: > Not really, > As I understand it it is a websocket, that when proxied starts its > handshake with a connect request so it can be "understood" by proxies such > as squid. Correct. Squid will open the TCP tunnel and (if succesful) send an HTTP 200 OK

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
Not really, As I understand it it is a websocket, that when proxied starts its handshake with a connect request so it can be "understood" by proxies such as squid. Chico Venancio ___ squid-users mailing list squid-users@lists.squid-cache.org http://list

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ah, my mistake. This is simple tunnel. 14.09.2016 3:03, Chico Venancio пишет: > You mean the connect requests to the websockets on w[0-9].web.whatsapp.com > ? > > 1473800440.053 16932 192.168.10.128 TCP_TUNNEL/200 3639

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
You mean the connect requests to the websockets on w[0-9].web.whatsapp.com ? 1473800440.053 16932 192.168.10.128 TCP_TUNNEL/200 3639 CONNECT w7.web.whatsapp.com:443 - HIER_DIRECT/169.55.69.156 - Chico Venancio 2016-09-13 17:40 GMT-03:00 Yuri Voinov : > > -BEGIN PGP SIGNED MESSAGE- > H

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wait. Does anybody see WebSockets connections to web.whatsapp.com? 14.09.2016 2:38, Chico Venancio пишет: > > We need more of access log. > There is at least connect attempts at w1.web.whatsapp.com not shown. > > Chi

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
We need more of access log. There is at least connect attempts at w1.web.whatsapp.com not shown. Chico Venancio Em 13/09/2016 17:03, "erdosain9" escreveu: > > Hi, > No. is explicit. > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread erdosain9
Hi, No. is explicit. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list s

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
Is this intercept proxy? Chico Venancio 2016-09-13 11:15 GMT-03:00 erdosain9 : > Hi. > Sorry but... dont work... > > In the chrome i get this > > Creating Application Cache with manifest > https://web.whatsapp.com/404.appcache > web.whatsapp.com/:1 Application Cache Checking event > web.whatsapp

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread erdosain9
Hi. Sorry but... dont work... In the chrome i get this Creating Application Cache with manifest https://web.whatsapp.com/404.appcache web.whatsapp.com/:1 Application Cache Checking event web.whatsapp.com/:1 Application Cache Error event: Manifest fetch failed (404) https://web.whatsapp.com/404.ap

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Alex Rousskov
On 09/12/2016 07:45 AM, erdosain9 wrote: > ssl_bump splice excludeSSL > ssl_bump peek all > ssl_bump bump all As Yuri has implied and then tried to explain, the above configuration is wrong. Please do not use SslBump until you understand why it is wrong. This understanding may not solve all your

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Chico Venancio
According to the logs bump was being performed before the change, so I don't follow. If the lack of an acl step1 SslBump1 was the problem he would have no bumps or bumps with incorrect host names in the certificates. Right now it seems he either is bumping some connect request whatsapp doesn't wan

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Both of you are caught in the access control list, completely lost sight of that op basically wrote the wrong general rules for bump, skipped step1 - SslBump1. Which can be splice by server name without peek performing? Yes? That is why he did no

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Marcus Kool
On 09/12/2016 12:15 PM, Chico Venancio wrote: I'd think a regex consumes a lot more resources than server name, but don't know if it is significant. Anyway, without more details we can't be sure the server name not matching is the problem. We need access logs and client(browser) details. By

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Chico Venancio
I'd think a regex consumes a lot more resources than server name, but don't know if it is significant. Anyway, without more details we can't be sure the server name not matching is the problem. We need access logs and client(browser) details. By the way, acl excludeSSL ssl::server_name web.whatsa

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Because ssl :: server_name_regex works reliably. As shown by my personal practice. But in general it is by op's choice. 12.09.2016 20:38, Marcus Kool пишет: > > > On 09/12/2016 11:14 AM, Yuri Voinov wrote: >> >> -BEGIN PGP SIGNED MESSAGE-

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Marcus Kool
On 09/12/2016 11:14 AM, Yuri Voinov wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Oooops, acl must be: acl excludeSSL ssl::server_name_regex web\.whatsapp\.com why a regex? why not the following ? acl excludeSSL ssl::server_name web.whatsapp.com Marcus ___

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Oooops, acl must be: acl excludeSSL ssl::server_name_regex web\.whatsapp\.com 12.09.2016 20:13, Yuri Voinov пишет: > > Rewrite as follows: > > acl step1 at_step SslBump1 > acl excludeSSL ssl::server_name_regex web.whatsapp.com > > ssl_bump peek

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rewrite as follows: acl step1 at_step SslBump1 acl excludeSSL ssl::server_name_regex web.whatsapp.com ssl_bump peek step1 ssl_bump splice excludeSSL ssl_bump bump all Then try again. 12.09.2016 19:45, erdosain9 пишет: > Hi > I keep having probl

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread Chico Venancio
The logs remained the same? What is the CA of the certificate on the page now? Chico Venancio Em 12/09/2016 10:49, "erdosain9" escreveu: > Hi > I keep having problem... > > i put this on squid.conf > > acl excludeSSL ssl::server_name .whatsapp.com > > ssl_bump splice excludeSSL > ssl_bump peek

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-12 Thread erdosain9
Hi I keep having problem... i put this on squid.conf acl excludeSSL ssl::server_name .whatsapp.com ssl_bump splice excludeSSL ssl_bump peek all ssl_bump bump all but, nothing same behavior... -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-D

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Eliezer Croitoru
tech.co.il From: Chico Venancio [mailto:chicocvenan...@gmail.com] Sent: Thursday, September 8, 2016 11:05 PM To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem We had that trouble with whatsapp web. We simply put it in

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Yuri Voinov
uid-cache.org>] On Behalf Of erdosain9 > Sent: Thursday, September 8, 2016 3:38 PM > To: squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org> > Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem > > Finally i update to squid 3.

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Chico Venancio
ber 8, 2016 3:38 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem > > Finally i update to squid 3.5 and try the acl with dstdomain > > > Craddock, Tommy wrote > > Hello, > > Create an ACL that will be a list of

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Eliezer Croitoru
PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem Finally i update to squid 3.5 and try the acl with dstdomain Craddock, Tommy wrote > Hello, > Create an ACL that will be a list of domains, either in the ACL or in > a txt file that the

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread erdosain9
Thanks. There you have # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8# RFC1918 possible internal network #acl localnet src 172.16.

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Craddock, Tommy
-cache.org Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem Ok. Access.log 1473352640.832514 192.168.1.172 TCP_MISS/200 527 GET https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json 1473352642.737290 192.168.1.172 TCP_MISS/404 464 GET https://web.whatsapp.com/404

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread erdosain9
Ok. Access.log 1473352640.832514 192.168.1.172 TCP_MISS/200 527 GET https://web.whatsapp.com/status.json - HIER_DIRECT/31.13.85.51 text/json 1473352642.737290 192.168.1.172 TCP_MISS/404 464 GET https://web.whatsapp.com/404.appcache - HIER_DIRECT/31.13.85.51 text/html 1473352643.237143

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Show access.log, not screenshot. 08.09.2016 18:38, erdosain9 пишет: > Finally i update to squid 3.5 and try the acl with dstdomain > > > Craddock, Tommy wrote >> Hello, >> Create an ACL that will be a list of domains, either in the ACL or in a >>

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-08 Thread erdosain9
Finally i update to squid 3.5 and try the acl with dstdomain Craddock, Tommy wrote > Hello, > Create an ACL that will be a list of domains, either in the ACL or in a > txt file that the ACL refers to, and place any URLs you want bypassed by > the proxy into the ACL. Something like this: > ACL S

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thank you, Eliezer, I forgot about the solution with IP tables. When the hand router, everything seems to network :) 02.09.2016 0:36, Eliezer Croitoru пишет: > Hey Erdosian, > > I have a question regarding the need for squid bypass. > What have

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Eliezer Croitoru
Hey Erdosian, I have a question regarding the need for squid bypass. What have you tried until now to resolve the issue? If you do not care about caching at this stage then you can try to use the next idea and scripts that I wrote: https://github.com/elico/squid-yt-log-analyzer If you will add i

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Or, you can buy router to bypass proxy for selected IP's. eBay is great. 01.09.2016 20:21, erdosain9 пишет: > hi. > Thanks > but, now im using ssl-bump with squid 3.3.8 is there a possibility that work > web.whatsapp and drobpox with this version

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov
ay, September 01, 2016 10:21 AM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem > > hi. > Thanks > but, now im using ssl-bump with squid 3.3.8 is there a possibility that work web.whatsapp and drobpox with this version, or at least

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Craddock, Tommy
ists.squid-cache.org Subject: Re: [squid-users] Web Whatsapp, Dropbox... problem hi. Thanks but, now im using ssl-bump with squid 3.3.8 is there a possibility that work web.whatsapp and drobpox with this version, or at least exclude them from the "proxy"??? Thanks -- View this messa

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 In versions older than 3.5 squid's uses obsolete SSL bump implementation, which requires IP's against server_name to splice/no_bump. Your Squid is antique. Upgrade it first. 01.09.2016 20:21, erdosain9 пишет: > hi. > Thanks > but, now im using s

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Alex Rousskov
On 09/01/2016 08:21 AM, erdosain9 wrote: > but, now im using ssl-bump with squid 3.3.8 You really should not: Using that Squid version with SslBump creates more problems than you can solve. Upgrading to the latest v3.5 (at least) is the right solution. Alex.

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread erdosain9
hi. Thanks but, now im using ssl-bump with squid 3.3.8 is there a possibility that work web.whatsapp and drobpox with this version, or at least exclude them from the "proxy"??? Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-probl

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-01 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://wiki.squid-cache.org/Features/SslPeekAndSplice Here is answer to your question. Read carefully. 01.09.2016 19:12, erdosain9 пишет: > Hi to all. > Im having problem with the > > web.whatssap.com > > and with Dropbox client... > > There is