4. Squid blocks images and video transfer via whatsapp

Squid blocks images and video transfer via whatsapp

  • R

    Squid blocks images and video transfer via whatsapp
    We have Squid proxy server 3.3 running on a linux open suse 13.1 configured to work as a ACL. We don't do any kind of SSL interception or man in the middle. We simply receive a request and according to the MAC address and ACL allow access or block access to the requested page.

    The problem we are facing is that only 3 of the mobiles all of them incidentally, iphones, cannot send images/videos/any multimedia via whatsapp. Squid blocks these requests and says: forbidden, miss from cache etc

    The environment for the wifi (for whats app usage) is designed in a 'deny all' except a few domains and whatsapp.net is one of the domains that is allowed for text and multimedia transfer. All the android phones and even newer iphones (iphone 5s or 5 or 6) are able to send images and videos but these 3 phones. I even managed to capture the send request through TCP dump for an iphone that works and an iphone that squid blocks the sending. Here's the output

    iPhone/Android phone that is successful in forwarding or sending image via whatsapp - Attached image squid_image_transfer_passes_OK.png

    Observe that the request is done always to a domain – mmi261.whatsapp.net:443 and that further below packet is sent via TLS I.e SSL encryption

    On the other hand what I observed is that when a similar request to send an image is done via whatsapp through any of these three phones in question that squid blocks, here is the tcp dump

    attached image -  squid_blocks_request.png

    attached image 2 -  squid_blocks_image_response.png

    Above, it can be seen that the CONNECT is done to a URL and the reply returns by SQUID as forbidden.

    What I have come to understand (I could be wrong) hence is that Squid blocks image and video requests to these 3 iphones as they send CONNECT to IP addresses (and not to domain addresses) and also does not pass this request through an SSL like it does in the first image.
    Could anyone please help to resolve this issue. I attach below my squid.conf







    squidconf.txt

    0
  • P

    Hi,
    Did you manage to solve this ? I'm facing the same problem, tried a couple of things but no luck so far …

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy