SSL bumped traffic in eCAP

Asked by joseph jose on 2014-10-17

Is there any specific method in eCAP to identify SSL bumped domains?

If i am bumping (for example say www.testbumping.com) a domain in squid which have a HTTPS support, is it possible to differentiate between the CONNECT:wwwtestbumping.com:443 and CONNECT:www.facebook.com:443 at eCAP level?

Question information

Language:
English Edit question
Status:
Solved
For:
eCAP Edit question
Assignee:
No assignee Edit question
Solved by:
Alex Rousskov
Solved:
2014-10-20
Last query:
2014-10-20
Last reply:
2014-10-17
Best Alex Rousskov (rousskov) said : #1

This is a Squid-specific question better addressed via Squid support channels, but I can give you a couple of ideas for further investigation:

* You can annotate bumped transactions using Squid's adaptation_meta directive and then extract those annotations in the eCAP adapter.

* You can direct bumped transactions to a different eCAP service (same adaptation code but different service URI and parameters) using ACLs.

joseph jose (joevypana) said : #2

Thanks Alex Rousskov, that solved my question.