Hi Alex, That will be awesome if that works. I will try this option. Thanks, Jatin > On 23 Aug 2014, at 10:24, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > >> On 08/21/2014 07:06 PM, Jatin Bhasin wrote: >> >> So, can somebody suggest me if there is a way to pass a flag to squid >> from ecap adapter to decrypt a site regardless of what ACL says. For >> example if I have an acl as below which says do not decrypt >> www.888.com but If my ecap adapter could pass a message to squid >> asking it to decrypt www.888.com (for that session only) and ignore >> the below acl. >> Is it possible? > > > Given a recent-enough Squid version, an adaptation service can control > Squid behavior via the annotations mechanism and the "note" ACL > associated with it. For example, your eCAP adapter can return an > X-Bump:yes annotation(**) that Squid can then match using the note ACL. > Something along these untested lines: > > acl note toBump X-Bump yes > ssl_bump server-first toBump > ssl_bump server-first ... > ssl_bump none all > > This mechanism should be supported for ssl_bump ACLs but I have not > tested that claim myself. > > > HTH, > > Alex. > (**) In eCAP terminology, an X-Bump:yes annotation is an adapter > transaction option named X-Bump with a "yes" value. See > libecap::Options, which is a parent of libecap::adapter::Xaction. >
