Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.
Riot Instant Messenger is open-source end-to-end encryption messenger/VoIP/group chats/file transfers application. Using it may be prohibited by corporate security policy.
Usually Riot works in most Squid's setups without any additional configuration. Blocking it, however, require some additional steps. To block Riot, you require SSL Bump-aware squid, or, at least, peek-n-splice configuration.
Squid Configuration File
SSL Bump-aware setup
Paste the configuration file like this:
# Block Riot.im acl deny_riot dstdomain .riot.im .matrix.org http_access deny deny_riot deny_info TCP_RESET deny_riot
If you prefer not to put proxy certificate to clients, you can configure your proxy like this:
# Peek-n-splice rules acl DiscoverSNIHost at_step SslBump1 acl deny_riot ssl::server_name_regex .riot\.im .martix\.org ssl_bump peek DiscoverSNIHost ssl_bump terminate deny_riot ssl_bump splice all
then reconfigure Squid.
This is enough to make Riot fully unoperable with default server(s).