[squid-dev] Fake CONNECT requests during SSL Bump

Alex Rousskov rousskov at measurement-factory.com
Thu Sep 24 15:12:31 UTC 2015


On 09/23/2015 11:13 PM, Eliezer Croitoru wrote:

> And I think that there is a big difference between Adapted content to
> ACLs.

There is often no big difference between what an adaptation service does
and what an ACL does. A narrow interpretation of an overloaded word
"adaptation" in "adaptation service" is a design mistake similar to a
narrow interpretation of "access" in Access Control List.


> I think that it's much simpler to implement an external_acl helper

Nobody is saying that helpers are more complex than adaptation services.
Unfortunately, sometimes, "simple" is not enough.


> Most admins would be able to understand and write external_acl helpers
> rather than an ICAP services.

This is not a sufficient reason to ban introduction of eCAP-enabled
ACLs, especially since one does not have to write an ICAP or eCAP
service to use it.

Alex.



More information about the squid-dev mailing list