Search squid archive

Re: blockVirgin Works for CONNECT but Custom Response does not work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/21/2014 07:06 PM, Jatin Bhasin wrote:

> So, can somebody suggest me if there is a way to pass a flag to squid
> from ecap adapter to decrypt a site regardless of what ACL says. For
> example if I have an acl as below which says do not decrypt
> www.888.com but If my ecap adapter could pass a message to squid
> asking it to decrypt www.888.com (for that session only) and ignore
> the below acl.
> Is it possible?


Given a recent-enough Squid version, an adaptation service can control
Squid behavior via the annotations mechanism and the "note" ACL
associated with it. For example, your eCAP adapter can return an
X-Bump:yes annotation(**) that Squid can then match using the note ACL.
Something along these untested lines:

  acl note toBump X-Bump yes
  ssl_bump server-first toBump
  ssl_bump server-first ...
  ssl_bump none all

This mechanism should be supported for ssl_bump ACLs but I have not
tested that claim myself.


HTH,

Alex.
(**) In eCAP terminology, an X-Bump:yes annotation is an adapter
transaction option named X-Bump with a "yes" value. See
libecap::Options, which is a parent of libecap::adapter::Xaction.





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux