HTTS-Proxy and WebSockets
Hi,
My development team created a service published that uses a websocket. This service is published for several clients with different SNI (cloud.xpto.pt and cloud.qwerty.py) but only with a public ip, for that reason, I used Content Inspection with Domain Names. When my domain name rule is configured to Allow I don't have any problem but, when I configured to Inspect all the websocket connections fail.
Any idea to work with WebSocket and SSL Inspections at the same time?
Best Regards,
0
Sign In to comment.
Comments
Hi @BrunoMaio
The proxy doesn't work well with websocket connections -- if you know the SNI of the certificate presented, it's usually best to set an exception in the HTTPS proxy to ALLOW that traffic.
The proxies follow RFC standards for HTTP/S, which websocket is not a part of (yet.) It's likely there will be more support for it once those standards are finalized by IETF.
There is an overall feature request for websocket support (it's FBX-4486.) If you'd like to follow progress on that request, please open a support case and mention it somewhere in the case.
-James Carson
WatchGuard Customer Support
Hi @James_Carson, thank you for you explication. I will follow your suggestion to bypass this problem. I will edit my HTTPS-proxy and remove de inspect option to the SNI.
@james.carson I was wondering if anything has changed with this. I have a similar situation but did not want to make this change if the info is outdated and FBX-4486 has been completed. Thank you.
This has not been implemented yet.
Connections with WebSocket protocol (RFC6455) fail through HTTP Proxy and HTTPS Proxy with Content Inspection
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g3UMSAY&lang=en_US