[squid-dev] [PATCH] Second adaptation missing for CONNECTs

Alex Rousskov rousskov at measurement-factory.com
Mon May 8 01:18:06 UTC 2017


On 03/31/2017 07:21 AM, Christos Tsantilas wrote:
> Avoid sending second CONNECT request to adaptation
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> The users may not want to send the second request to the adaptation
> services. In this case they can use acls as follows:
> 
> acl step1 at_step  SslBump1
> acl step2 at_step  SslBump2
> acl markSpliced annotate_client spliced=true
> 
> ssl_bump peek step1
> ssl_bump splice step2 markSpliced
> 
> acl markedSpliced note spliced true
> 
> adaptation_access class_reqmodifing deny markSpliced
> adaptation_access class_reqmodifing allow all


For the record, there is also an alternative way to avoid step2
adaptation (without using any annotations):

  adaptation_access request-modifier deny step2
  adaptation_access request-modifier allow all

Christos has verified that both approaches work so admins can pick the
one _they_ prefer (which may depend on, for example, whether they are
already using annotations for something else).

Alex.



More information about the squid-dev mailing list