18th September 2021

Pfsense Squid Proxy and Whatsapp Web Barcode Problem and Solution

If you are using web filters with squid proxy on Pfsense, when you activate the “SSL Man In the Middle Filtering” feature in Squid, you can now filter the sites with https.

We have implemented “SSL Man In the Middle Filtering” feature in Squid and we are filtering by category with SquidGuard proxy Filter. However, when “SSL Man In the Middle Filtering” is activated, “web.whatsapp.com” address opens. Square Barcode required for Whatsapp Web is not created. In Pfsense Squid, we can ensure that the domains we want from the “Bypass Proxy for These Destination IPs” section in the “General” tab do not enter the proxy. We wrote whatsapp.com in this section, but there was no barcode. You can see below for the solution to this.

Whatsapp Web Barcode Problem Solution

As you can see when we look at the following line in the Chrome F12 console, “Host: w7.web.whatsapp.com” appears even though it is “Origin: https://web.whatsapp.com”. Thereupon, we added domains ranging from “w1.web.whatsapp.com” to “w7.web.whatsapp.com” to the “Bypass Proxy for These Destination IPs” section and the problem was solved.

SSL Man In the Middle Filtering
SSL Man In the Middle Filtering

 

;” you need to write by putting. You can also add domains that you do not want to be in the proxy in this section. You can copy and paste the line below. When Whatsapp opens w8.web.whatsapp.com this should be added as well.

Bypass Proxy for These Destination IPs
Bypass Proxy for These Destination IPs

 

LEARN MORE  What is DNS Cache Poisoning and Its Examples

Note: If the DNS query of the domains you typed in the “Bypass Proxy for These Destination IPs” section cannot be resolved, Squid https filtering does not work. So Facebook can be opened even if you banned it.

Since it is difficult to manage the “Bypass Proxy for These Destination IP” section, you can create a new Aliase from the “Aliase” section under the Firewall Menu and write the name Aliase in the “Bypass Proxy for These Destination IPs” section in Squid. So you can manage additions and subtractions from the Aliase section. When you start typing in the “Bypass Proxy for These Destination IPs” section in Squid, the name Aliase does not open automatically, but it will be enough to write the name of Aliase herewith copy and paste. Also, this method solves the file sending problem.

Leave a Reply

Your email address will not be published. Required fields are marked *