我刚刚在配置了SSL-bump的Ubuntu 16.04.2 LTS上设置了Squid Server 3.5.26.Http和Https工作正常,但任何需要Web套接字的Web服务都会失败,例如速度测试.
我在squid配置中添加了以下行,试图强制直接连接并阻止Web套接字连接的SSL缓存.
#Temporarily allow all connections for debugging
http_access allow all
acl bump-bypass dstdomain 192.168.0.245 .speedtest.net
# URL's contains ws (most web socket urls do)
acl ssl-web-sockets SSL::server_name_regex \/ws
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice bump-bypass ssl-web-sockets tcp-web-sockets
#I Read that there was a bug in bump that required !explicity
#for splice to work for web sockets
ssl_bump bump !ssl-web-sockets all
#just bump all doesn't work either
#ssl_bump bump all
如果我禁用ssl-bump而不解密加密流量一切正常.
如何配置squid以允许直接Web套接字连接?
更新
更新到Squid Server 4.0.21并添加到config
on_unsupported_protocol tunnel all
文档说这应该允许TCP隧道连接
遗憾的是,这也没有解决问题,仍然出现Web套接字错误
Connection closed before receiving a handshake response
| 归档时间: |
|
| 查看次数: |
1212 次 |
| 最近记录: |