Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WebSocket issue with pfsense squid guard

    Scheduled Pinned Locked Moved Cache/Proxy
    8 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      msaeed
      last edited by

      We have Pfsense version:
      2.4.4-RELEASE-p3 (amd64)
      FreeBSD 11.2-RELEASE-p10
      We installed Squid proxy server and squid guard in order to filter some websites like (ex:facebook)
      Which is a “https” website so we enabled the SSL filter and create our self-signed CA and installed in all client’s machines and everything is working fine
      The problem is:
      All WebSocket “wss://…” or “ws://…” connections failed
      Which make a problem with many websites use the WebSocket for example (WhatsApp)
      Error ex:
      Request URL: wss://web.whatsapp.com/ws
      Request Method: GET
      Status Code: 400 Bad Request

      i read that squid v 4 solved the issue how can i install it manually as also i hread that no plan to add it to the available packages as it is still beta version

      or is there other simple solution for https web filter rather than squid

      1 Reply Last reply Reply Quote 1
      • KOMK
        KOM
        last edited by

        I just tried WebSockets from behind squid and it works fine for me. Go here and try their test:

        https://www.websocket.org/echo.html

        1 Reply Last reply Reply Quote 1
        • M
          msaeed
          last edited by

          Hi KOM,

          Thanks for your reply

          Actually it doesn't work when enable ssl filter which is mandatory to filter https websites try open https://web.whatsapp.com/ in PC the qr code will not work and also the google drive cannot sync as it also uses the websocket

          1 Reply Last reply Reply Quote 0
          • gamebaiv8G
            gamebaiv8 Banned
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Sorry, I forgot to mention that I use squid in explicit mode, not transparent mode.

              You don't need SSL intercept to filter URLs. Configure WPAD so your clients can find the proxy on their own, and then you don't need transparent mode, you don't need to install certs everywhere, and you can still filter HTTPS URLs.

              1 Reply Last reply Reply Quote 0
              • M
                msaeed
                last edited by

                would you tell me how i can do that without certificate and i can block only facebook in specific time and with source ip address exception
                i accept any solution which deliver that

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  Click the WPAD link above and start reading. You can use either squidguard or pfBlockerNG to block Facebook.

                  1 Reply Last reply Reply Quote 0
                  • M
                    msaeed
                    last edited by

                    This is not a solution i can filter out using dns but it miss usability as i can not put acl and user exception time based filter the issue is not with the facebook itself it is an example https website as other websites will be blocked based on department and time

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.