Hi Alex,

That will be awesome if that works. I will try this option. 


> On 23 Aug 2014, at 10:24, Alex Rousskov <rouss...@measurement-factory.com> 
> wrote:
>> On 08/21/2014 07:06 PM, Jatin Bhasin wrote:
>> So, can somebody suggest me if there is a way to pass a flag to squid
>> from ecap adapter to decrypt a site regardless of what ACL says. For
>> example if I have an acl as below which says do not decrypt
>> www.888.com but If my ecap adapter could pass a message to squid
>> asking it to decrypt www.888.com (for that session only) and ignore
>> the below acl.
>> Is it possible?
> Given a recent-enough Squid version, an adaptation service can control
> Squid behavior via the annotations mechanism and the "note" ACL
> associated with it. For example, your eCAP adapter can return an
> X-Bump:yes annotation(**) that Squid can then match using the note ACL.
> Something along these untested lines:
>  acl note toBump X-Bump yes
>  ssl_bump server-first toBump
>  ssl_bump server-first ...
>  ssl_bump none all
> This mechanism should be supported for ssl_bump ACLs but I have not
> tested that claim myself.
> HTH,
> Alex.
> (**) In eCAP terminology, an X-Bump:yes annotation is an adapter
> transaction option named X-Bump with a "yes" value. See
> libecap::Options, which is a parent of libecap::adapter::Xaction.

Reply via email to