Problem In Application with SSL filtering in squid



  • Hello


    HTTP/1.1 400 Bad Request
    Server: squid
    Mime-Version: 1.0
    Date: Fri, 08 Sep 2017 21:19:17 GMT
    Content-Type: text/html;charset=utf-8
    Content-Length: 3948
    X-Squid-Error: ERR_INVALID_REQ 0
    Vary: Accept-Language
    Content-Language: en
    X-Cache: MISS from pfsense
    X-Cache-Lookup: NONE from pfsense:3128
    Via: 1.1 pfsense (squid)
    Connection: close


    Why does this error message occur in Windows and mobile apps?
    When I enable ssl filttering in squid?
    And some apps do not connect to the Internet on Windows and on Android.

    But it is connected to the Internet browser.


  • Banned



  • @sichent:

    It is called SSL pinning, for example https://docs.diladele.com/faq/squid/sslbump_exlusions/dropbox.html

    –------------------------------------------------------------------------------------------------------------------------
    Hello
    Thanks for the guide
    But this method does not work for all apps
    I think that some applications use websocket and SQUID does not allow access to the websocket.

    I placed the following domain for telegram in ACLs, but did not work


    https://my.telegram.org
    my.telegram.org
    telegram.org
    telegram.me
    my.telegram.me
    api.telegram.org


  • Banned

    As far as I know web socket first test if the protocol is available (connection-upgrade) - so I do not think the web sockets are the reason.
    capturing traffic with wireshark may reveal the reasons…



  • @reza3sw:

    Hello


    HTTP/1.1 400 Bad Request
    Server: squid
    Mime-Version: 1.0
    Date: Fri, 08 Sep 2017 21:19:17 GMT
    Content-Type: text/html;charset=utf-8
    Content-Length: 3948
    X-Squid-Error: ERR_INVALID_REQ 0
    Vary: Accept-Language
    Content-Language: en
    X-Cache: MISS from pfsense
    X-Cache-Lookup: NONE from pfsense:3128
    Via: 1.1 pfsense (squid)
    Connection: close


    Why does this error message occur in Windows and mobile apps?
    When I enable ssl filttering in squid?
    And some apps do not connect to the Internet on Windows and on Android.

    But it is connected to the Internet browser.

    Hello to all friends

    My problem with the IP Telegram and (as well as the programs that have this problem) was solved in Bypass squid

    In this way, IPs that come in bypass pass through the web proxy