[LINUX] [https proxy with squid] Avoid reading slack messages because it was websocket.

Introduction

I am operating an https proxy that intercepts ssl, and I have solved the problem, so I will record it. The environment to use is the following that was built last time. ** Create Proxy with Active Directory linkage and SSL interception with squid easily with docker **

What happened

I don't receive messages in the slack app. It wasn't updated unless I manually clicked "Load new message". Screenshot from Gyazo

Research of cause

Information gathering

First, check the official information.

Use of Slack requires a persistent connection between Slack's messaging server and member apps and browsers. Slack uses WebSockets over port 443 for connectivity. In some cases, proxies and firewalls can block this connection. If users of Slack are unable to connect from a specific location, or if Slack connection tests show WebSocket issues, change your proxy and firewall settings to stay connected to Slack using the following methods: You need to keep it open.

Source: ** [Manage Slack connectivity issues](https://slack.com/intl/ja-jp/help/articles/360001603387-Slack-%E3%81%AE%E6%8E%A5%E7 % B6% 9A% E5% 95% 8F% E9% A1% 8C% E3% 82% 92% E7% AE% A1% E7% 90% 86% E3% 81% 99% E3% 82% 8B) **

Connection test

So, try accessing the connection test URL https: // [WORKSPACE] .slack.com/help/test. (Replace [WORKSPACE] with each workspace) The test result is as follows, websocket seems to be useless. Screenshot from Gyazo

Check the official workaround.

Check if the proxy is decrypting SSL. If you are doing encryption decryption, support WebSockets in your proxy or from SSL decryption \ * .slack-msgs.com, wss-primary.slack.com, wss-backup.slack.com, wss- You need to exclude the mobile.slack.com domain.

Source: ** [Manage Slack connectivity issues](https://slack.com/intl/ja-jp/help/articles/360001603387-Slack-%E3%81%AE%E6%8E%A5%E7 % B6% 9A% E5% 95% 8F% E9% A1% 8C% E3% 82% 92% E7% AE% A1% E7% 90% 86% E3% 81% 99% E3% 82% 8B) **

Solution

So, I decided to create a list of servers that use websoket and exclude SSL_BUMP. The target servers are those listed in slack officially.

wslist


^wss-(backup|primary|mobile)\.slack\.com:443$
^([^/][^/]*\.)*slack-msgs\.com:443$

Eat this in squid.conf.

squid.conf


--------8<-----(snip)-----8<----------
#Create a list of websocket targets here
acl wslist url_regex -i "/etc/squid/wslist"

http_port 8081 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/ssl_bump_ca_cert.pem key=/etc/squid/certs/ssl_bump_ca_privkey.pem
sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/local/squid/ssl_db -M 4MB
sslcrtd_children 5

#Originally, the items other than those on the whitelist were excluded from BUMP as shown below, but this is commented out.
#ssl_bump bump !whitelist

#Include a list of websockets on sites that are not subject to BUMP
ssl_bump bump !whitelist !wslist

sslproxy_cert_error deny all
--------8<-----(snip)-----8<----------

Now try testing again.

Screenshot from Gyazo

I did well. Screenshot from Gyazo

Recommended Posts

[https proxy with squid] Avoid reading slack messages because it was websocket.
[https proxy with squid] How to represent https whitelist with url_regex
Https access via proxy with Python web scraping was easy with requests