Squid + SSL Splice All + Office365

bobster619 · Feb 21, 2018, 5:03 PM

Hi everybody!

I'm looking to implement Squid + transparent proxy SSL interception (splice all to squidguard) in one of my remote sites. That works great for most websites but we recently saw that office365 does not like it. We don't use o365 ourselves, but we do receive encrypted emails from other organizations that utilize the service. When trying to access the link they send us, Chrome simply returns ERR_SSL_PROTOCOL_ERROR.

I've attempted using the custom configuration noted in the advanced options to bypass splicing completely for office365.com with the below options. Now the client simply spins trying to make the connection. I suspect this is the right path, but I need additional domains or configuration to get it to work. Has anyone been successful using o365 with the splice all configuration?

# some banking sites that should not be MITM-ed
acl serverIsBank ssl::server_name .office365.com
acl serverIsBank ssl::server_name .microsoftonline.com
# get SNI obtained by parsing TLS Client Hello during step2
# (which is instructed by ssl_bump peek step1)
ssl_bump peek step1
# bump monitored sites, but not banks
ssl_bump bump monitoredSites !serverIsBank
# splice all the rest
ssl_bump splice all

bobster619 · Feb 22, 2018, 4:00 PM

Apologies, I meant to put this in the Cache/Proxy sub forum. Can this moved to the appropriate forum please?

Thanks.

agixdota · Apr 10, 2018, 2:24 AM

hi same issue but differnt sites (some bank sites or login.yahoo.com mail.google.com), my config is splice all with all options selected, sometimes error with ERR_SSL_PROTOCOL_ERROR on chrome.

Sweety · Apr 1, 2021, 3:34 PM

@bobster619 Hello !
Do you have any solution to avoid Microsoft packages filtering today (a final solution ?
Thank you ^^

periko · Apr 1, 2021, 3:34 PM

@sweety on a MITM I suggest u add office365 full pool o IP´s in the bypass, this way squid won´t touch all the traffic that goes to office365.

Check this url from MS office365 site:

Office365 URL´s and IP

I don´t cross office365 over squid, won´t work.

Hope this help u!!!

Sweety · Apr 2, 2021, 9:29 AM

@periko I've tryed it but not working, squid insn't filtering anything when I add ip bypass :(

periko · Apr 2, 2021, 1:42 PM

@sweety which version u have (squid and SG)?
Can u show Bypass Proxy for These Destination IPs?
Can u show the advanced options from squid(Integrations)?
Regards!!!