<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 14pt; color: #000000"><div style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;" data-mce-style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;"><div style="font-size: 12pt;" data-mce-style="font-size: 12pt;"><div>Hi everyone,</div><div>I have a transparent proxy squid 3.5.26 with C-ICAP and here are the important lines:</div>"</div><div style="font-size: 12pt;" data-mce-style="font-size: 12pt;">icap_enable on<br>icap_send_client_ip on<br>icap_send_client_username on<br>icap_client_username_header X-Authenticated-User<br>icap_preview_enable on<br>icap_preview_size 1024<br>icap_service service_avi_req reqmod_precache icap://localhost:1344/echo bypass=off<br>adaptation_access service_avi_req allow all<br>icap_service service_avi_resp respmod_precache icap://localhost:1344/echo bypass=off<br>adaptation_access service_avi_resp allow all<br><br>#url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf<br><br><br><div>http_port 3128<br>http_port 3129 intercept<br>https_port 3130 intercept ssl-bump \<br>cert=/etc/squid/ssl_cert/myCA.pem \<br>generate-host-certificates=on dynamic_cert_mem_cache_size=4MB<br>sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB<br><div><br></div>#acl step1 at_step SslBump1<br><div><span style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;" data-mce-style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;">#acl step2 at_step SslBump2</span></div><div><span style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;" data-mce-style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;">#acl step3 at_step SslBump3</span></div><div><br></div>ssl_bump peek all<br>ssl_bump bump all<br>logformat squid %ssl::>sni<br>adaptation_meta X-SNI "%ssl::>sni" all #or connect</div></div><div style="font-size: 12pt;" data-mce-style="font-size: 12pt;">#request_header_add X-SNI "%ssl::>sni" all<br></div><div style="font-size: 12pt;" data-mce-style="font-size: 12pt;">"</div><div style="font-size: 12pt;" data-mce-style="font-size: 12pt;"><br></div><div style="font-size: 12pt;" data-mce-style="font-size: 12pt;"><br><div>So i want to create an icap service like squidclamav but it must check SNI not URLs.</div><div><br></div><div>I peek all the steps to get sni and in the squid access log, sni is printed .<br></div><div>I read that adaptation_meta can send anything from squid to icap but clearly i use it incorretly: i can't see sni on icap access log or in icap headers. <br></div><div>Does adaptation_meta create a icap headers ? Or should i use add_request_headers? </div><div><br></div></div></div><div style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;" data-mce-style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;">I know that squid can create a 2nd fake connect with sni but here again icap just print the same connect 2 times<br></div><div style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;" data-mce-style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;"><br></div><div><br style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;" data-mce-style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;"></div><div style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;" data-mce-style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;">Thanks,</div><div style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;" data-mce-style="font-family: 'sans serif'; font-size: 16px; background-color: #ffffff;"><br></div></div></body></html>