Re: [squid-users] Squid handling NON HTTP protocols

From: Alex Rousskov <>
Date: Thu, 17 Oct 2013 10:53:25 -0600

On 10/17/2013 07:56 AM, Plamen wrote:

> Is there any way that squid can handle such NON HTTP communication in a way
> that will not break the normal behavior of this kind of traffic when it goes
> through it.

Today, the above is partially supported for intercepted SSL traffic
only, via the "ssl_bump none" action that blindly tunnels intercepted
non-HTTP connections based on TCP-level information such as source and
destination IP addresses and ports. Unfortunately, the rest of the
traffic on that interception port would have to be SSL encrypted for
Squid to handle it correctly, which makes this trick unusable for
port-80 interception setups.

It is possible to make Squid smarter and more flexible when facing
non-HTTP traffic (with various trade-offs, of course), and some
protocols have elevated demand for being recognized and tunneled (e.g.,
WebSockets is a prime candidate). I am not aware of any active project
adding such support, but there is a healthy level of discussions about
the problem, so I suspect better tunneling support will be added sooner
or later.


Received on Thu Oct 17 2013 - 16:53:37 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 18 2013 - 12:00:07 MDT