Hi everyone, I have a transparent proxy squid 3.5.26 with C-ICAP and here are the important lines: " icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 icap_service service_avi_req reqmod_precache icap://localhost:1344/echo bypass=off adaptation_access service_avi_req allow all icap_service service_avi_resp respmod_precache icap://localhost:1344/echo bypass=off adaptation_access service_avi_resp allow all
#url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf http_port 3128 http_port 3129 intercept https_port 3130 intercept ssl-bump \ cert=/etc/squid/ssl_cert/myCA.pem \ generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB #acl step1 at_step SslBump1 #acl step2 at_step SslBump2 #acl step3 at_step SslBump3 ssl_bump peek all ssl_bump bump all logformat squid %ssl::>sni adaptation_meta X-SNI "%ssl::>sni" all #or connect #request_header_add X-SNI "%ssl::>sni" all " So i want to create an icap service like squidclamav but it must check SNI not URLs. I peek all the steps to get sni and in the squid access log, sni is printed . I read that adaptation_meta can send anything from squid to icap but clearly i use it incorretly: i can't see sni on icap access log or in icap headers. Does adaptation_meta create a icap headers ? Or should i use add_request_headers? I know that squid can create a 2nd fake connect with sni but here again icap just print the same connect 2 times Thanks,
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users