Hello. I use the shalla blacklist. and I blocked whatsapp, acting on the “chat” category. now I have removed the block and of course I can go to the site of whatsapp but the messages on the app are not sent. so I browse the website, but the app does not send and receive messages.
Without more information on your setup this becomes crystal ball stuff to diagnose m8 …
I presume you are using a client to connect to internet with Nethserver as your router/gateway ?
Is whatsapp perhaps using more ports then you opened on the firewall ?
Any errors in the logs ?
Sorry, yes I use an android device to connect to internet and Nethserver is my gateway/firewall. I have not open ports, and I dont know where read the logs. Sorry
I would start with
At the following site you find a list with the WhatsApp ports:
in access.log I find:
1521533903.238 114 192.168.179.190 TCP_MISS/503 0 CONNECT web.whatsapp.com:443 - HIER_NONE/- -
1521533903.238 118 192.168.179.190 TCP_MISS/503 0 CONNECT web.whatsapp.com:443 - HIER_NONE/- -
is this useful for my goal?
Is 443 a safe port at your squid.conf?
Please post your configuration.
How can I view the file you have indicated? can I enter the URL in the browser, if it is possible what is the complete URL?
No, you have to open it in a shell. For example you can use putty from a client and open it with an editor.
I started putty and I entered ip address and port (in my case 222) … does not work. what am I doing wrong?
Did you choose ssh as connection type? What message did you get?
shutdown_lifetime 1 seconds
icap_service clamav_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access clamav_req allow all
icap_service clamav_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access clamav_resp allow all
There is a sector with acl safe ports at the beginning of your config, can you post it too?
# ================= DO NOT MODIFY THIS FILE ================= # # Manual changes will be lost when this file is regenerated. # # Please read the developer's guide, which is available # at https://dev.nethesis.it/projects/nethserver/wiki/NethServer # original work from http://www.contribs.org/development/ # # Copyright (C) 2013 Nethesis S.r.l. # http://www.nethesis.it - firstname.lastname@example.org # # Uncomment this to enable debug #debug_options ALL,1 33,2 28,9 # Sites not cached acl no_cache dstdomain "/etc/squid/acls/no_cache.acl" no_cache deny no_cache # Allow access from green and trusted networks. acl localnet src 192.168.176.0/21 acl localnet_dst src 192.168.176.0/21 acl localnet src 192.168.78.0/24 acl localnet_dst src 192.168.78.0/24 # Safe ports acl SSL_ports port 443 acl SSL_ports port 980 # httpd-admin (server-manager) acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 980 # httpd-admin (server-manager) acl CONNECT method CONNECT # # 20acl_00_portscustom # # Allow access from localhost http_access allow localhost # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # # Skip URL rewriter for local addresses # acl self dst 192.168.178.75 acl self_port port 80 acl self_port port 443 url_rewrite_access deny self localnet self_port # No authentication on green and trusted networks http_access allow localnet # And finally deny all other access to this proxy http_access deny all cache_mem 256 MB # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*\.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims # Always enable manual proxy http_port 3128 # Enable squidGuard url_rewrite_program /usr/bin/squidGuard url_rewrite_children 20 startup=5 idle=5 icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_encode off icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 # # 90options # forward_max_tries 25 shutdown_lifetime 1 seconds buffered_logs on max_filedesc 16384 logfile_rotate 0 icap_service clamav_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access clamav_req allow all icap_service clamav_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access clamav_resp allow all
a question. this information that I have pasted now could be a danger if some evil intentionally gets to know it?
I don’t think it’s dangerous, you only posted internal IP addresses and some internal networks. Public IPs or real MACs are more dangerous as they may directly be misused or identify you.
Your config looks good. I’ve no other idea at the moment. Somebody else? @support_team
Could you post your “Web Proxy” configuration page from dashboard?
it is set to manual for all zones. http and https port blocking is enabled
Try removing “block http and https ports”
If this works, you can try to configure your Android device to use the proxy when you are connected to this particular WiFi:
I do not use the proxy configuration of this guide. currently, only on some android phones (the most modern ones?) and on the apple pc (it seems only macbook), I have to enter the address of the wpad.dat file, otherwise it is not possible to browse.