通过 squid3 发送 Whatsapp

通过 squid3 发送 Whatsapp

我在 Ubuntu 14.04 上安装了 squid3.5,我正在尝试配置 squid 以使 WhatsApp 在移动设备上运行。我尝试使用squid3 文档但它不起作用。

我需要正确的配置才能使 WhatsApp 正常运行或任何可以帮助我的教程。

squid.conf 的当前配置:

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access allow all

# Squid normally listens to port 3128
http_port 8000

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
#####################################################################
######### ** This are the lines i added from squid wiki **  #########
#####################################################################
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex "/etc/squid3/acl.url.nobump"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all

acl.url.nobump 文件:

# Web.whatsapp.com
(w[0-9]+|[a-z]+)\.web\.whatsapp\.com
# Whatsapp CDN issue
.whatsapp\.net

我是这样安装 squid3 的:

./configure \
        --prefix=/usr \
        --exec-prefix=/usr \
        --includedir=/usr/include \
        --datadir=/usr/share \
        --libdir=/usr/lib64 \
        --libexecdir=/usr/lib64/squid \
        --localstatedir=/var \
        --sysconfdir=/etc/squid \
        --sharedstatedir=/var/lib \
        --with-logdir=/var/log/squid \
        --with-pidfile=/var/run/squid.pid \
        --with-default-user=squid \
        --enable-silent-rules \
        --enable-dependency-tracking \
        --with-openssl \
        --enable-icmp \
        --enable-delay-pools \
        --enable-useragent-log \
        --enable-esi \
        --enable-follow-x-forwarded-for \
        --enable-auth

然后我生成了自签名证书并将其安装在我的手机上

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt

浏览并尝试 WhatsApp 后的一些日志:

/var/log/squid/cache.log

2018/06/19 14:45:40| Squid is already running!  Process ID 23347
2018/06/19 14:45:44 kid1| Shutdown: NTLM authentication.
2018/06/19 14:45:44 kid1| Shutdown: Negotiate authentication.
2018/06/19 14:45:44 kid1| Shutdown: Digest authentication.
2018/06/19 14:45:44 kid1| Shutdown: Basic authentication.
2018/06/19 14:45:44 kid1| Shutting down...
2018/06/19 14:45:44 kid1| storeDirWriteCleanLogs: Starting...
2018/06/19 14:45:44 kid1|   Finished.  Wrote 0 entries.
2018/06/19 14:45:44 kid1|   Took 0.00 seconds (  0.00 entries/sec).
CPU Usage: 0.016 seconds = 0.012 user + 0.004 sys
Maximum Resident Size: 64128 KB
Page faults with physical i/o: 0
2018/06/19 14:45:44 kid1| Logfile: closing log daemon:/var/log/squid/access.log
2018/06/19 14:45:44 kid1| Logfile Daemon: closing log daemon:/var/log/squid/access.log
2018/06/19 14:45:44 kid1| Open FD UNSTARTED     6 DNS Socket IPv6
2018/06/19 14:45:44 kid1| Open FD UNSTARTED     8 DNS Socket IPv4
2018/06/19 14:45:44 kid1| Open FD UNSTARTED     9 IPC UNIX STREAM Parent
2018/06/19 14:45:44 kid1| Squid Cache (Version 3.5.27): Exiting normally.
2018/06/19 14:46:06 kid1| Set Current Directory to /var/cache/squid
2018/06/19 14:46:06 kid1| Starting Squid Cache version 3.5.27 for x86_64-pc-linux-gnu...
2018/06/19 14:46:06 kid1| Service Name: squid
2018/06/19 14:46:06 kid1| Process ID 23521
2018/06/19 14:46:06 kid1| Process Roles: worker
2018/06/19 14:46:06 kid1| With 1024 file descriptors available
2018/06/19 14:46:06 kid1| Initializing IP Cache...
2018/06/19 14:46:06 kid1| DNS Socket created at [::], FD 6
2018/06/19 14:46:06 kid1| DNS Socket created at 0.0.0.0, FD 8
2018/06/19 14:46:06 kid1| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2018/06/19 14:46:06 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2018/06/19 14:46:06 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2018/06/19 14:46:06 kid1| Store logging disabled
2018/06/19 14:46:06 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2018/06/19 14:46:06 kid1| Target number of buckets: 1008
2018/06/19 14:46:06 kid1| Using 8192 Store buckets
2018/06/19 14:46:06 kid1| Max Mem  size: 262144 KB
2018/06/19 14:46:06 kid1| Max Swap size: 0 KB
2018/06/19 14:46:06 kid1| Using Least Load store dir selection
2018/06/19 14:46:06 kid1| Set Current Directory to /var/cache/squid
2018/06/19 14:46:06 kid1| Finished loading MIME types and icons.
2018/06/19 14:46:06 kid1| HTCP Disabled.
2018/06/19 14:46:06 kid1| Pinger socket opened on FD 13
2018/06/19 14:46:06 kid1| Squid plugin modules loaded: 0
2018/06/19 14:46:06 kid1| Adaptation support is off.
2018/06/19 14:46:06 kid1| Accepting HTTP Socket connections at local=[::]:8000 remote=[::] FD 11 flags=9
2018/06/19 14:46:06| pinger: Initialising ICMP pinger ...
2018/06/19 14:46:06|  icmp_sock: (1) Operation not permitted
2018/06/19 14:46:06| pinger: Unable to start ICMP pinger.
2018/06/19 14:46:06|  icmp_sock: (1) Operation not permitted
2018/06/19 14:46:06| pinger: Unable to start ICMPv6 pinger.
2018/06/19 14:46:06| FATAL: pinger: Unable to open any ICMP sockets.
2018/06/19 14:46:07 kid1| storeLateRelease: released 0 objects

/var/log/squid/access.log

1529408773.577   1400 172.19.88.3 TCP_TUNNEL/200 6871 CONNECT login.live.com:443 - HIER_DIRECT/131.253.61.84 -
1529408774.643    897 172.19.88.3 TCP_TUNNEL/200 183 CONNECT a248.e.akamai.net:443 - HIER_DIRECT/23.10.252.9 -
1529408774.643    887 172.19.88.3 TCP_TUNNEL/200 183 CONNECT a248.e.akamai.net:443 - HIER_DIRECT/23.10.252.9 -
1529408774.643    887 172.19.88.3 TCP_TUNNEL/200 183 CONNECT a248.e.akamai.net:443 - HIER_DIRECT/23.10.252.9 -
1529408774.647   1385 172.19.88.3 TCP_TUNNEL/200 3034 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408774.650    874 172.19.88.3 TCP_TUNNEL/200 2777 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408774.651   3548 172.19.88.3 TCP_TUNNEL/200 177 CONNECT img-s-msn-com.akamaized.net:443 - HIER_DIRECT/23.212.108.190 -
1529408774.653   2493 172.19.88.3 TCP_TUNNEL/200 6098 CONNECT login.live.com:443 - HIER_DIRECT/131.253.61.84 -
1529408774.657   4442 172.19.88.3 TCP_TUNNEL/200 3893 CONNECT m.adnxs.com:443 - HIER_DIRECT/37.252.172.180 -
1529408774.660    872 172.19.88.3 TCP_TUNNEL/200 195 CONNECT m.adnxs.com:443 - HIER_DIRECT/37.252.172.180 -
1529408774.665    870 172.19.88.3 TCP_TUNNEL/200 195 CONNECT m.adnxs.com:443 - HIER_DIRECT/37.252.172.180 -
1529408774.667   5508 172.19.88.3 TCP_TUNNEL/200 6297 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408774.672    854 172.19.88.3 TCP_TUNNEL/200 5716 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408774.696   2349 172.19.88.3 TCP_TUNNEL/200 3150 CONNECT ping.chartbeat.net:443 - HIER_DIRECT/54.197.252.64 -
1529408774.704    882 172.19.88.3 TCP_TUNNEL/200 184 CONNECT ping.chartbeat.net:443 - HIER_DIRECT/54.197.252.64 -
1529408774.709    887 172.19.88.3 TCP_TUNNEL/200 184 CONNECT ping.chartbeat.net:443 - HIER_DIRECT/54.197.252.64 -
1529408774.711   4007 172.19.88.3 TCP_TUNNEL/200 468 CONNECT sb.scorecardresearch.com:443 - HIER_DIRECT/104.96.26.198 -
1529408774.715    888 172.19.88.3 TCP_TUNNEL/200 191 CONNECT sb.scorecardresearch.com:443 - HIER_DIRECT/104.96.26.198 -
1529408774.727    897 172.19.88.3 TCP_TUNNEL/200 191 CONNECT sb.scorecardresearch.com:443 - HIER_DIRECT/104.96.26.198 -
1529408774.745   5620 172.19.88.3 TCP_TUNNEL/200 6960 CONNECT www.bing.com:443 - HIER_DIRECT/204.79.197.200 -
1529408774.745   2066 172.19.88.3 TCP_TUNNEL/200 6542 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408774.745   2520 172.19.88.3 TCP_TUNNEL/200 6542 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408775.018   1756 172.19.88.3 TCP_TUNNEL/200 3845 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408776.063   1303 172.19.88.3 TCP_TUNNEL/200 5076 CONNECT ad.360yield.com:443 - HIER_DIRECT/18.184.58.214 -
1529408776.397    298 172.19.88.3 TCP_TUNNEL/200 277 CONNECT www.google.com:443 - HIER_DIRECT/172.217.18.228 -
1529408776.639   1884 172.19.88.3 TCP_TUNNEL/200 5076 CONNECT ad.360yield.com:443 - HIER_DIRECT/18.184.58.214 -
1529408776.669   1904 172.19.88.3 TCP_TUNNEL/200 5076 CONNECT ad.360yield.com:443 - HIER_DIRECT/18.184.58.214 -
1529408776.673   1889 172.19.88.3 TCP_TUNNEL/200 4490 CONNECT cm.adform.net:443 - HIER_DIRECT/37.157.2.238 -
1529408776.673   1884 172.19.88.3 TCP_TUNNEL/200 5091 CONNECT dh.serving-sys.com:443 - HIER_DIRECT/52.29.209.239 -
1529408776.679   1879 172.19.88.3 TCP_TUNNEL/200 5091 CONNECT dh.serving-sys.com:443 - HIER_DIRECT/52.29.209.239 -
1529408776.684   1892 172.19.88.3 TCP_TUNNEL/200 5091 CONNECT dh.serving-sys.com:443 - HIER_DIRECT/52.29.209.239 -
1529408776.690   1890 172.19.88.3 TCP_TUNNEL/200 191 CONNECT dsum-sec.casalemedia.com:443 - HIER_DIRECT/2.20.170.241 -
1529408776.696   1876 172.19.88.3 TCP_TUNNEL/200 191 CONNECT dsum-sec.casalemedia.com:443 - HIER_DIRECT/2.20.170.241 -
1529408776.717   1916 172.19.88.3 TCP_TUNNEL/200 191 CONNECT dsum-sec.casalemedia.com:443 - HIER_DIRECT/2.20.170.241 -
1529408776.725   1903 172.19.88.3 TCP_TUNNEL/200 5077 CONNECT eb2.3lift.com:443 - HIER_DIRECT/18.184.92.103 -
1529408777.343    543 172.19.88.3 TCP_TUNNEL/200 5069 CONNECT bh.contextweb.com:443 - HIER_DIRECT/151.101.0.166 -
1529408777.401   2576 172.19.88.3 TCP_TUNNEL/200 5077 CONNECT eb2.3lift.com:443 - HIER_DIRECT/18.184.92.103 -
1529408777.407   2583 172.19.88.3 TCP_TUNNEL/200 5077 CONNECT eb2.3lift.com:443 - HIER_DIRECT/18.184.92.103 -
1529408777.469   2641 172.19.88.3 TCP_TUNNEL/200 6317 CONNECT jadserve.postrelease.com:443 - HIER_DIRECT/54.77.30.217 -
1529408777.497   3712 172.19.88.3 TCP_TUNNEL/200 6098 CONNECT login.live.com:443 - HIER_DIRECT/131.253.61.84 -
1529408777.573   3795 172.19.88.3 TCP_TUNNEL/200 6098 CONNECT login.live.com:443 - HIER_DIRECT/131.253.61.84 -
1529408778.419   4605 172.19.88.3 TCP_TUNNEL/200 5716 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408778.605   1824 172.19.88.3 TCP_TUNNEL/200 3277 CONNECT pixel.rubiconproject.com:443 - HIER_DIRECT/213.19.162.80 -
1529408778.607   1873 172.19.88.3 TCP_TUNNEL/200 5805 CONNECT pm.w55c.net:443 - HIER_DIRECT/52.19.23.162 -
1529408778.611   1243 172.19.88.3 TCP_TUNNEL/200 3510 CONNECT prebid.adnxs.com:443 - HIER_DIRECT/37.252.161.184 -
1529408778.617   1189 172.19.88.3 TCP_TUNNEL/200 3856 CONNECT prebid.adnxs.com:443 - HIER_DIRECT/37.252.161.184 -
1529408778.637   3808 172.19.88.3 TCP_TUNNEL/200 3388 CONNECT rtb-csync.smartadserver.com:443 - HIER_DIRECT/185.86.139.19 -
1529408778.637   3807 172.19.88.3 TCP_TUNNEL/200 3388 CONNECT rtb-csync.smartadserver.com:443 - HIER_DIRECT/185.86.139.19 -
1529408778.759   1929 172.19.88.3 TCP_TUNNEL/200 4556 CONNECT bid.socdm.com:443 - HIER_DIRECT/202.241.208.2 -
1529408779.304   1756 172.19.88.3 TCP_TUNNEL/200 3163 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408786.308  11221 172.19.88.3 TCP_TUNNEL/200 5119 CONNECT secure.adnxs.com:443 - HIER_DIRECT/103.243.220.231 -
1529408788.620  11015 172.19.88.3 TCP_TUNNEL/200 4451 CONNECT x.dlx.addthis.com:443 - HIER_DIRECT/52.34.188.51 -
1529408802.161  23509 172.19.88.3 TCP_TUNNEL/200 3946 CONNECT encrypted-tbn0.gstatic.com:443 - HIER_DIRECT/172.217.18.238 -
1529408802.558  24104 172.19.88.3 TCP_TUNNEL/200 195 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408802.568  23770 172.19.88.3 TCP_TUNNEL/200 195 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408802.568  23912 172.19.88.3 TCP_TUNNEL/200 4089 CONNECT lh3.googleusercontent.com:443 - HIER_DIRECT/172.217.18.225 -
1529408802.568  27740 172.19.88.3 TCP_TUNNEL/200 3388 CONNECT rtb-csync.smartadserver.com:443 - HIER_DIRECT/185.86.139.19 -
1529408802.568  27728 172.19.88.3 TCP_TUNNEL/200 5005 CONNECT sync.teads.tv:443 - HIER_DIRECT/52.213.171.180 -
1529408802.568  27726 172.19.88.3 TCP_TUNNEL/200 5005 CONNECT sync.teads.tv:443 - HIER_DIRECT/52.213.171.180 -
1529408802.568  27732 172.19.88.3 TCP_TUNNEL/200 4573 CONNECT s.thebrighttag.com:443 - HIER_DIRECT/54.228.243.159 -
1529408802.568  27736 172.19.88.3 TCP_TUNNEL/200 4573 CONNECT s.thebrighttag.com:443 - HIER_DIRECT/54.228.243.159 -
1529408802.568  27734 172.19.88.3 TCP_TUNNEL/200 4573 CONNECT s.thebrighttag.com:443 - HIER_DIRECT/54.228.243.159 -
1529408802.568  23894 172.19.88.3 TCP_TUNNEL/200 3947 CONNECT ssl.gstatic.com:443 - HIER_DIRECT/172.217.18.227 -
1529408802.569  27730 172.19.88.3 TCP_TUNNEL/200 193 CONNECT sync-tm.everesttech.net:443 - HIER_DIRECT/151.101.2.49 -
1529408802.569  23890 172.19.88.3 TCP_TUNNEL/200 3948 CONNECT www.gstatic.com:443 - HIER_DIRECT/172.217.18.227 -
1529408803.751   9840 172.19.88.3 TCP_TUNNEL/200 5172 CONNECT kinesis.ap-southeast-1.amazonaws.com:443 - HIER_DIRECT/52.119.185.54 -

注意:浏览 http 和 https 网站正常

相关内容