Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid and Discord

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 4 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      taustinoc
      last edited by

      I have Squid set up for transparent proxy, with SSL intercept. I installed the CA in Windows (and in Firefox, which apparently doesn't use the Windows stuff). Everything works flawlessly for http or https, except Discord, which stops on the connecting screen until it times out, in both Chrome and Firefox. I can find nothing about this anywhere. Anybody out there have any idea what's going on?

      1 Reply Last reply Reply Quote 0
      • T
        taustinoc
        last edited by

        I still don't know what the issue is, but I have figured out a workaround. Digging through the logs, it would appear that the log-in process at Discord involves either gateway.discord.gg or ssl.gstatic.com, so I added those (and discordapp.com) to the bypass list of destinations, and now Discord seems to work properly.

        D 1 Reply Last reply Reply Quote 2
        • D
          Denis 1 @taustinoc
          last edited by

          @taustinoc Hi there, im doing sth similar for my thesis, can you please contact me at deniss.zefi@gmail.com

          1 Reply Last reply Reply Quote 0
          • A
            aGeekhere
            last edited by aGeekhere

            @taustinoc I have the same issue with discord when using HTTPS/SSL Interception.
            Looking at https://10scopes.com/fix-discord-404-error
            It seems that discord does not like going through a proxy.
            I am thinking it may have to do with security reasons.

            Connection error message

            TCP_MISS/404 734 GET https://gateway.discord.gg/? - HIER_DIRECT/162.159.135.234

            For now to solve either bypass discord in squid or if using SSL/MITM Mode Custom add to Custom Options (SSL/MITM)

            acl no_ssl_bump ssl::server_name .discord.com
acl no_ssl_bump ssl::server_name .discord.gg

            If someone finds a better solution post below

            Never Fear, A Geek is Here!

            M 1 Reply Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @aGeekhere
              last edited by

              @ageekhere First, if using a transparent proxy you don’t need to load any certificates on any machine. That’s the point of a transparent proxy.
              Secondly if you add the domain to the whitelist under the ACL tab this would most likely resolve as it won’t be trying to break TLS.
              Thirdly, you are better off removing Squid from your set up. Maintenance + no benefit. What are you gaining from doing MITM?

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              A 1 Reply Last reply Reply Quote 0
              • A
                aGeekhere @michmoor
                last edited by

                @michmoor yeah i am just playing around with trying to cache https content and filter https site content using e2guardian. This is not a production environment and more of a learning exercise.
                I am finding that MITM bump breaks a lot of things.

                Never Fear, A Geek is Here!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.