WebSocket issue with pfsense squid guard



  • We have Pfsense version:
    2.4.4-RELEASE-p3 (amd64)
    FreeBSD 11.2-RELEASE-p10
    We installed Squid proxy server and squid guard in order to filter some websites like (ex:facebook)
    Which is a “https” website so we enabled the SSL filter and create our self-signed CA and installed in all client’s machines and everything is working fine
    The problem is:
    All WebSocket “wss://…” or “ws://…” connections failed
    Which make a problem with many websites use the WebSocket for example (WhatsApp)
    Error ex:
    Request URL: wss://web.whatsapp.com/ws
    Request Method: GET
    Status Code: 400 Bad Request

    i read that squid v 4 solved the issue how can i install it manually as also i hread that no plan to add it to the available packages as it is still beta version

    or is there other simple solution for https web filter rather than squid



  • I just tried WebSockets from behind squid and it works fine for me. Go here and try their test:

    https://www.websocket.org/echo.html



  • Hi KOM,

    Thanks for your reply

    Actually it doesn't work when enable ssl filter which is mandatory to filter https websites try open https://web.whatsapp.com/ in PC the qr code will not work and also the google drive cannot sync as it also uses the websocket


  • Banned

    This post is deleted!


  • Sorry, I forgot to mention that I use squid in explicit mode, not transparent mode.

    You don't need SSL intercept to filter URLs. Configure WPAD so your clients can find the proxy on their own, and then you don't need transparent mode, you don't need to install certs everywhere, and you can still filter HTTPS URLs.



  • would you tell me how i can do that without certificate and i can block only facebook in specific time and with source ip address exception
    i accept any solution which deliver that



  • Click the WPAD link above and start reading. You can use either squidguard or pfBlockerNG to block Facebook.



  • This is not a solution i can filter out using dns but it miss usability as i can not put acl and user exception time based filter the issue is not with the facebook itself it is an example https website as other websites will be blocked based on department and time


Log in to reply