SSLproxy icon indicating copy to clipboard operation
SSLproxy copied to clipboard
verified publisher icon sonertari

WebSocket Pass

Open piolug93 opened this issue 1 year ago • 3 comments

Hi it's possible to Pass websocket for selected destination host when i have rule split from * to * log * ?

piolug93 avatar Jul 17 '24 10:07 piolug93

SSLproxy does not support websocket protocol. You could filter based on destination IP if the dest IP serves websocket only, but I guess that's not what you want. Or if it's encrypted, perhaps you can specify those websocket connections using some SSL filter rule (such as SNI or CommonName fields). Or port number? In short, you can perhaps try to find some other feature of those websocket connections, which you can use in a filter rule.

sonertari avatar Jul 17 '24 13:07 sonertari

I know that SSLProxy does not support websocket, so I want to create a websocket passing rule for selected destinations.

Snippet from my config is: ProxySpec https 0.0.0.0 3129 Block from * to * log * Split from ip 10.200.1.* to * log *

When i add rule for pass traffic to destination servers where is traffic by websocket, that traffic wasn't passed. Pass from * to host o2.pl log *

Do you know what i need to do for passing that traffic ? Probably the problem is due to the order in which the rules are processed ?

piolug93 avatar Jul 18 '24 10:07 piolug93

Can you try Pass from ip 10.200.1.1 to host o2.pl log *? Replace 10.200.1.1 with a source ip address. (Or you can perhaps try 10.200.1.*) This makes that Pass filter rule more specific, and more specific rules have higher precedence.

And the order of rules is important, as you say. So I assume the following:

ProxySpec https 0.0.0.0 3129
Block from * to * log *
Split from ip 10.200.1.* to * log *
Pass from ip 10.200.1.1 to host o2.pl log *

Let's see what happens.

Note that you can enable the DEBUG_OPTS switch in main.mk to inspect detailed debug info on filtering rules.

sonertari avatar Jul 18 '24 12:07 sonertari