Hello, I wanted to block a particular website based on CONNECT request because I am not bumping (decrypting) the site. But now I have realised that if I do not dump the site then there is no way I can paint a custom message on the browser. So, can somebody suggest me if there is a way to pass a flag to squid from ecap adapter to decrypt a site regardless of what ACL says. For example if I have an acl as below which says do not decrypt www.888.com but If my ecap adapter could pass a message to squid asking it to decrypt www.888.com (for that session only) and ignore the below acl. Is it possible? acl no_ssl_interception dstdomain .888.com ssl_bump none no_ssl_interception ssl_bump client-first all Thanks, Jatin On Fri, Aug 22, 2014 at 9:59 AM, Jatin Bhasin <jbhasin83@xxxxxxxxx> wrote: > Hello, > > Yes, that is the same scenario what I have been experiencing but when > I call function (x->blockVirgin()) from my ecap adapter then > squid does print the "access denied page" which is one of my squid > error pages. So as I see that squid does complete the SSL handshake > and then paints the "access denied page" which works fine. > > > > But if I try to paint a custom message then squid does not complete > the handshake and just continues to paint the blockpage which then is > rejected by the browser (as browser is expecting a proper handshake > before receiving any response data). > > May be this is a bug in squid or I am not doing it right, but it would > be great if somebody can suggest if I am doing something wrong. > > > Thanks, > Jatin > > On Thu, Aug 21, 2014 at 9:35 PM, Rafael Akchurin > <rafael.akchurin@xxxxxxxxxxxx> wrote: >> Hello Jatin, >> >> May be this (for ICAP not for eCap) describes your issue - http://docs.diladele.com/faq/squid.html#why-i-see-cannot-connect-to-site-using-https-browser-message-instead-of-usual-site-is-blocked >> >> Raf >> ________________________________________ >> From: Jatin Bhasin <jbhasin83@xxxxxxxxx> >> Sent: Thursday, August 21, 2014 12:47 PM >> To: squid-users@xxxxxxxxxxxxxxx >> Subject: blockVirgin Works for CONNECT but Custom Response does not work >> >> When I see a CONNECT request in my eCap adapter then if I call >> function blockVirgin then I see a squid ACCESS DENIED page which is >> good. >> >> But if instead of calling blockVirgin if I generate a CUSTOM response >> message saying "YOU ARE NOT AUTHORISED TO VIEW THIS PAGE" then build >> response based on FAQ https://answers.launchpad.net/ecap/+faq/2516 >> then it fails. >> >> Although the same code (request satisfaction) works if I build a >> custom response for a GET request. >> >> Please suggest how can I achieve CUSTOM response for a CONNECT.
