4. Problem In Application with SSL filtering in squid

Problem In Application with SSL filtering in squid


  • Hello

    HTTP/1.1 400 Bad Request
    Server: squid
    Mime-Version: 1.0
    Date: Fri, 08 Sep 2017 21:19:17 GMT
    Content-Type: text/html;charset=utf-8
    Content-Length: 3948
    X-Squid-Error: ERR_INVALID_REQ 0
    Vary: Accept-Language
    Content-Language: en
    X-Cache: MISS from pfsense
    X-Cache-Lookup: NONE from pfsense:3128
    Via: 1.1 pfsense (squid)
    Connection: close

    Why does this error message occur in Windows and mobile apps?
    When I enable ssl filttering in squid?
    And some apps do not connect to the Internet on Windows and on Android.

    But it is connected to the Internet browser.

    0
  • S
    Banned

    It is called SSL pinning, for example https://docs.diladele.com/faq/squid/sslbump_exlusions/dropbox.html

    0

  • @sichent:

    It is called SSL pinning, for example https://docs.diladele.com/faq/squid/sslbump_exlusions/dropbox.html

    –------------------------------------------------------------------------------------------------------------------------
    Hello
    Thanks for the guide
    But this method does not work for all apps
    I think that some applications use websocket and SQUID does not allow access to the websocket.

    I placed the following domain for telegram in ACLs, but did not work

    https://my.telegram.org
    my.telegram.org
    telegram.org
    telegram.me
    my.telegram.me
    api.telegram.org

    0
  • S
    Banned

    As far as I know web socket first test if the protocol is available (connection-upgrade) - so I do not think the web sockets are the reason.
    capturing traffic with wireshark may reveal the reasons…

    0

  • @reza3sw:

    Hello

    HTTP/1.1 400 Bad Request
    Server: squid
    Mime-Version: 1.0
    Date: Fri, 08 Sep 2017 21:19:17 GMT
    Content-Type: text/html;charset=utf-8
    Content-Length: 3948
    X-Squid-Error: ERR_INVALID_REQ 0
    Vary: Accept-Language
    Content-Language: en
    X-Cache: MISS from pfsense
    X-Cache-Lookup: NONE from pfsense:3128
    Via: 1.1 pfsense (squid)
    Connection: close

    Why does this error message occur in Windows and mobile apps?
    When I enable ssl filttering in squid?
    And some apps do not connect to the Internet on Windows and on Android.

    But it is connected to the Internet browser.

    Hello to all friends

    My problem with the IP Telegram and (as well as the programs that have this problem) was solved in Bypass squid

    In this way, IPs that come in bypass pass through the web proxy

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy