Amos, As always, thank you for your dedication answering all our questions. Ok, turns out, as you noted, the browser is sending the correct request headers. However, on https requests the external acl program is not getting the custom header we're sending. SSL Bump is set, and works for our redirector program, but not for the external acl program. Here are the relevant lines from squid.conf: http_port 3128 name=non-bumped http_port 3130 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=6MB cert=/etc/squid/ssl/newCA.pem name=bumped options=ALL acl non-bumped myportname non-bumped acl bumped myportname bumped acl step1 at_step SslBump1 acl broken_sites dstdomain "/etc/squid/nobump/domains" acl broken_sites_regex dstdom_regex -i "/etc/squid/nobump/regexes" ssl_bump splice broken_sites ssl_bump splice broken_sites_regex ssl_bump peek step1 ssl_bump bump all external_acl_type portal_gatekeeper %SRC %>{Connection} %>{Accept} %>{abc_session} %>{Host} /etc/squid/portal.pl acl check-portal external portal_gatekeeper deny_info http://www.our_portal_site.com/ check-portal acl myIP1 src 10.200.10.2 http_access deny myIP1 !check-portal sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB sslcrtd_children 15 startup=5 sslproxy_cert_error allow all request_header_access Surrogate-Capability deny all url_rewrite_access allow non-bumped url_rewrite_access deny bumped CONNECT url_rewrite_children 15 startup=7 acl our_users src 10.10.0.0/24 10.10.1.0/24 10.200.0.0/16 http_access allow our_users Is it possible to get the custom abc_session header on https requests? Thank you again. > -----Original Message----- > From: squid-users > [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf > Of squid3@xxxxxxxxxxxxx > Sent: Friday, June 25, 2021 7:20 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: How to use request headers in > external_acl_type > > On 2021-06-26 07:18, Yosi Greenfield wrote: > > Hello all, > > > > I'm trying to use request headers in an external acl, and > I'm probably > > doing it incorrectly, and it's not working. > > > > Looks like its working fine. > > > > Here's my acl definiton: > > > > external_acl_type ext_acl_program %SRC %>{Connection} %>{Accept} > > %>{Custom_header} %>{Host} /etc/squid/ext_acl_program.pl > > > > The program ext_acl_program.pl simply prints out the input > > > > chomp ($line); > > @fields = split(' ', $line); > > my $ip = $fields[0]; > > my $connection = $fields[1]; > > my $accept = $fields[2]; > > my $custom = $fields[3]; > > my $host = $fields[4]; > > > > print LOGFILE "IP: $ip\n Conn: $connection\n Accept: $accept\n > > Custom: $custom\n Host: $host"; > > > > The output looks like this: > > > > IP: 10.200.10.2 > > Conn: keep-alive > > Accept: - > > Custom: - > > Host: www.wsws.com:443 [1] > > > > As you see, it has values for %SRC, %>{Connection} and > %>{Host}. It > > does not have values for %>{Accept} and %>{Custom_header} > > > > So the question is, are these %>{} substitutions coming from > > request_headers (as I thought)? > > The Host header only exists in request messages so I would > say they are. > It may not be the request message you are thinking about > though. Request headers can come from clients, but they could > also be generated by Squid or ICAP/eCAP services. > > > > > If yes, why does it only have Connection and Host, and not > Accept or > > my custom header? > > > > Because those are the headers the message being printed contain. > You do not provide enough details about where the request > came from. eg how it was created and/or changed between > creation and the helper being called. > > > > If they are not coming from request headers, where are they coming > > from? > > > > You can use "debug_options 11,2" to see the HTTP messages > Squid is processing. > > > > And mostly, how can I pass my custom header into the program? > > Exactly as you configured above. Assuming that the header is actually > "Custom_header: ..." with that underscore included. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users