On 03/31/2017 07:21 AM, Christos Tsantilas wrote: > Avoid sending second CONNECT request to adaptation > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > The users may not want to send the second request to the adaptation > services. In this case they can use acls as follows: > > acl step1 at_step SslBump1 > acl step2 at_step SslBump2 > acl markSpliced annotate_client spliced=true > > ssl_bump peek step1 > ssl_bump splice step2 markSpliced > > acl markedSpliced note spliced true > > adaptation_access class_reqmodifing deny markSpliced > adaptation_access class_reqmodifing allow all
For the record, there is also an alternative way to avoid step2 adaptation (without using any annotations): adaptation_access request-modifier deny step2 adaptation_access request-modifier allow all Christos has verified that both approaches work so admins can pick the one _they_ prefer (which may depend on, for example, whether they are already using annotations for something else). Alex. _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev