by YuriVoinov

Riot Messenger

Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.

Outline

Riot Instant Messenger is open-source end-to-end encryption messenger/VoIP/group chats/file transfers application. Using it may be prohibited by corporate security policy.

Usage

Usually Riot works in most Squid's setups without any additional configuration. Blocking it, however, require some additional steps. To block Riot, you require SSL Bump-aware squid, or, at least, peek-n-splice configuration.

Squid Configuration File

SSL Bump-aware setup

Paste the configuration file like this:

# Block Riot.im
acl deny_riot dstdomain .riot.im .matrix.org
http_access deny deny_riot
deny_info TCP_RESET deny_riot

Peek-and-splice setup

If you prefer not to put proxy certificate to clients, you can configure your proxy like this:

# Peek-n-splice rules
acl DiscoverSNIHost at_step SslBump1
acl deny_riot ssl::server_name_regex .riot\.im .martix\.org
ssl_bump peek DiscoverSNIHost
ssl_bump terminate deny_riot
ssl_bump splice all

then reconfigure Squid.

This is enough to make Riot fully unoperable with default server(s).


CategoryConfigExample

ConfigExamples/Chat/Riot (last edited 2018-05-19 18:21:23 by YuriVoinov)