"
Hi everyone,
I'm currently managing an OPNsense deployment for a small team of software QA testers, and I've run into a frustrating issue regarding our outgoing web proxy rules and web-category access control lists (ACLs).
The main problem is that whenever our test devices try to fetch runtime parameters or execute remote scripts over an active SSL pipeline, the Squid proxy layer throws a 503 gateway error or abruptly terminates the websocket handshake. When checking the local logs under /var/log/squid/access.log, it appears that the firewall's dynamic category filtering is flagging the underlying traffic strings as an unclassified security risk, dropping the active loop entirely.
To narrow down if this was an issue with our local firewall rules or a broader issue with how OPNsense parses encrypted payload handshakes on mobile user-agents, I tried explicitly whitelisting a few test endpoints. I set up an exception rule referencing a popular online free modular framework that our mobile developers use to analyze script injection environments and client-side Luau mechanics. Interestingly, even with a destination alias set to fully bypass the SSL inspection profile and remote blacklist databases, the proxy engine still manages to disrupt the background websocket connections, causing the application on the testbed to freeze up and crash.
Has anyone here dealt with persistent thread termination errors when attempting to run mobile optimization or script testing utilities through a strict web proxy setup? Are there specific settings in the proxy core options—or perhaps within the structural rules of the web proxy filtering—that I need to adjust to keep mobile execution layers from breaking during runtime?
Any suggestions, custom ACL templates, or log-parsing tips from fellow network admins would be an absolute lifesaver. Thanks!
I'm currently managing an OPNsense deployment for a small team of software QA testers, and I've run into a frustrating issue regarding our outgoing web proxy rules and web-category access control lists (ACLs).
The main problem is that whenever our test devices try to fetch runtime parameters or execute remote scripts over an active SSL pipeline, the Squid proxy layer throws a 503 gateway error or abruptly terminates the websocket handshake. When checking the local logs under /var/log/squid/access.log, it appears that the firewall's dynamic category filtering is flagging the underlying traffic strings as an unclassified security risk, dropping the active loop entirely.
To narrow down if this was an issue with our local firewall rules or a broader issue with how OPNsense parses encrypted payload handshakes on mobile user-agents, I tried explicitly whitelisting a few test endpoints. I set up an exception rule referencing a popular online free modular framework that our mobile developers use to analyze script injection environments and client-side Luau mechanics. Interestingly, even with a destination alias set to fully bypass the SSL inspection profile and remote blacklist databases, the proxy engine still manages to disrupt the background websocket connections, causing the application on the testbed to freeze up and crash.
Has anyone here dealt with persistent thread termination errors when attempting to run mobile optimization or script testing utilities through a strict web proxy setup? Are there specific settings in the proxy core options—or perhaps within the structural rules of the web proxy filtering—that I need to adjust to keep mobile execution layers from breaking during runtime?
Any suggestions, custom ACL templates, or log-parsing tips from fellow network admins would be an absolute lifesaver. Thanks!
