Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem In Application with SSL filtering in squid

    Scheduled Pinned Locked Moved Cache/Proxy
    5 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • reza3swR
      reza3sw
      last edited by

      Hello


      HTTP/1.1 400 Bad Request
      Server: squid
      Mime-Version: 1.0
      Date: Fri, 08 Sep 2017 21:19:17 GMT
      Content-Type: text/html;charset=utf-8
      Content-Length: 3948
      X-Squid-Error: ERR_INVALID_REQ 0
      Vary: Accept-Language
      Content-Language: en
      X-Cache: MISS from pfsense
      X-Cache-Lookup: NONE from pfsense:3128
      Via: 1.1 pfsense (squid)
      Connection: close


      Why does this error message occur in Windows and mobile apps?
      When I enable ssl filttering in squid?
      And some apps do not connect to the Internet on Windows and on Android.

      But it is connected to the Internet browser.

      یاد کنید مرگ را، در هم کوبنده لذات و تیره و تلخ کننده شهوات را

      نهج البلاغه

      1 Reply Last reply Reply Quote 0
      • S
        sichent Banned
        last edited by

        It is called SSL pinning, for example https://docs.diladele.com/faq/squid/sslbump_exlusions/dropbox.html

        1 Reply Last reply Reply Quote 0
        • reza3swR
          reza3sw
          last edited by

          @sichent:

          It is called SSL pinning, for example https://docs.diladele.com/faq/squid/sslbump_exlusions/dropbox.html

          –------------------------------------------------------------------------------------------------------------------------
          Hello
          Thanks for the guide
          But this method does not work for all apps
          I think that some applications use websocket and SQUID does not allow access to the websocket.

          I placed the following domain for telegram in ACLs, but did not work


          https://my.telegram.org
          my.telegram.org
          telegram.org
          telegram.me
          my.telegram.me
          api.telegram.org

          یاد کنید مرگ را، در هم کوبنده لذات و تیره و تلخ کننده شهوات را

          نهج البلاغه

          1 Reply Last reply Reply Quote 0
          • S
            sichent Banned
            last edited by

            As far as I know web socket first test if the protocol is available (connection-upgrade) - so I do not think the web sockets are the reason.
            capturing traffic with wireshark may reveal the reasons…

            1 Reply Last reply Reply Quote 0
            • reza3swR
              reza3sw
              last edited by

              @reza3sw:

              Hello


              HTTP/1.1 400 Bad Request
              Server: squid
              Mime-Version: 1.0
              Date: Fri, 08 Sep 2017 21:19:17 GMT
              Content-Type: text/html;charset=utf-8
              Content-Length: 3948
              X-Squid-Error: ERR_INVALID_REQ 0
              Vary: Accept-Language
              Content-Language: en
              X-Cache: MISS from pfsense
              X-Cache-Lookup: NONE from pfsense:3128
              Via: 1.1 pfsense (squid)
              Connection: close


              Why does this error message occur in Windows and mobile apps?
              When I enable ssl filttering in squid?
              And some apps do not connect to the Internet on Windows and on Android.

              But it is connected to the Internet browser.

              Hello to all friends

              My problem with the IP Telegram and (as well as the programs that have this problem) was solved in Bypass squid

              In this way, IPs that come in bypass pass through the web proxy

              یاد کنید مرگ را، در هم کوبنده لذات و تیره و تلخ کننده شهوات را

              نهج البلاغه

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.