WebSocket Pass

[piolug93]

Hi it's possible to Pass websocket for selected destination host when i have rule split from * to * log * ?

[sonertari]

SSLproxy does not support websocket protocol. You could filter based on destination IP if the dest IP serves websocket only, but I guess that's not what you want. Or if it's encrypted, perhaps you can specify those websocket connections using some SSL filter rule (such as SNI or CommonName fields). Or port number? In short, you can perhaps try to find some other feature of those websocket connections, which you can use in a filter rule.

[piolug93]

I know that SSLProxy does not support websocket, so I want to create a websocket passing rule for selected destinations.

Snippet from my config is: ProxySpec https 0.0.0.0 3129 Block from to log Split from ip 10.200.1. to log

When i add rule for pass traffic to destination servers where is traffic by websocket, that traffic wasn't passed. Pass from to host o2.pl log

Do you know what i need to do for passing that traffic ? Probably the problem is due to the order in which the rules are processed ?

[sonertari]

Can you try Pass from ip 10.200.1.1 to host o2.pl log *? Replace 10.200.1.1 with a source ip address. (Or you can perhaps try 10.200.1.*) This makes that Pass filter rule more specific, and more specific rules have higher precedence.

And the order of rules is important, as you say. So I assume the following:

ProxySpec https 0.0.0.0 3129
Block from * to * log *
Split from ip 10.200.1.* to * log *
Pass from ip 10.200.1.1 to host o2.pl log *

Let's see what happens.

Note that you can enable the DEBUG_OPTS switch in main.mk to inspect detailed debug info on filtering rules.