[squid-dev] [PATCH] Second adaptation missing for CONNECTs
Alex Rousskov
rousskov at measurement-factory.com
Mon May 8 01:18:06 UTC 2017
On 03/31/2017 07:21 AM, Christos Tsantilas wrote:
> Avoid sending second CONNECT request to adaptation
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> The users may not want to send the second request to the adaptation
> services. In this case they can use acls as follows:
>
> acl step1 at_step SslBump1
> acl step2 at_step SslBump2
> acl markSpliced annotate_client spliced=true
>
> ssl_bump peek step1
> ssl_bump splice step2 markSpliced
>
> acl markedSpliced note spliced true
>
> adaptation_access class_reqmodifing deny markSpliced
> adaptation_access class_reqmodifing allow all
For the record, there is also an alternative way to avoid step2
adaptation (without using any annotations):
adaptation_access request-modifier deny step2
adaptation_access request-modifier allow all
Christos has verified that both approaches work so admins can pick the
one _they_ prefer (which may depend on, for example, whether they are
already using annotations for something else).
Alex.
More information about the squid-dev
mailing list