Problem In Application with SSL filtering in squid

reza3sw

Hello

HTTP/1.1 400 Bad Request
Server: squid
Mime-Version: 1.0
Date: Fri, 08 Sep 2017 21:19:17 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3948
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from pfsense
X-Cache-Lookup: NONE from pfsense:3128
Via: 1.1 pfsense (squid)
Connection: close

Why does this error message occur in Windows and mobile apps?
When I enable ssl filttering in squid?
And some apps do not connect to the Internet on Windows and on Android.

But it is connected to the Internet browser.

sichent

It is called SSL pinning, for example https://docs.diladele.com/faq/squid/sslbump_exlusions/dropbox.html

reza3sw

@sichent:

It is called SSL pinning, for example https://docs.diladele.com/faq/squid/sslbump_exlusions/dropbox.html

–------------------------------------------------------------------------------------------------------------------------
Hello
Thanks for the guide
But this method does not work for all apps
I think that some applications use websocket and SQUID does not allow access to the websocket.

I placed the following domain for telegram in ACLs, but did not work

https://my.telegram.org
my.telegram.org
telegram.org
telegram.me
my.telegram.me
api.telegram.org

sichent

As far as I know web socket first test if the protocol is available (connection-upgrade) - so I do not think the web sockets are the reason.
capturing traffic with wireshark may reveal the reasons…

reza3sw

@reza3sw:

Hello

HTTP/1.1 400 Bad Request
Server: squid
Mime-Version: 1.0
Date: Fri, 08 Sep 2017 21:19:17 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3948
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from pfsense
X-Cache-Lookup: NONE from pfsense:3128
Via: 1.1 pfsense (squid)
Connection: close

Why does this error message occur in Windows and mobile apps?
When I enable ssl filttering in squid?
And some apps do not connect to the Internet on Windows and on Android.

But it is connected to the Internet browser.

Hello to all friends

My problem with the IP Telegram and (as well as the programs that have this problem) was solved in Bypass squid

In this way, IPs that come in bypass pass through the web proxy

Problem In Application with SSL filtering in squid

https://my.telegram.org my.telegram.org telegram.org telegram.me my.telegram.me api.telegram.org

https://my.telegram.org
my.telegram.org
telegram.org
telegram.me
my.telegram.me
api.telegram.org