Re: Redirector Body examination

From: Dancer <[email protected]>
Date: Thu, 11 Jun 1998 00:37:50 +1000

Imagine the difficulties:

1) The redirector process is blocked until it can render a judgement.
That limits your throughput to the rate at which objects can be fetched
by the redirector, and subsequently examined. You would need _MANY_
(dozens or hundreds) of redirector processes to handle even a modest
number of users (30 or 40).
2) Having fetched the object, it then has to be fetched _again_ by
squid, if the redirector decided to permit it. Essentially doubling all
your allowed traffic, and not diminishing your rejected traffic.

Clever things you could try include:
* Letting any 'first-time' URL pass, then fetching it (at some later
point) from the proxy for examination, in order to judge if it should be
rejected in future. (DOWNSIDE: Your URL rejection list becomes titanic)
* Fetching the headers only, and trying to render a judgement from that.
(DOWNSIDE: Probably ineffective)
* Have the redirector loop back through squid and make the request, so
that it is only fetched once. (DOWNSIDE: You need double the already
enormous number of redirectors, since a redirector request will have to
pass through a second redirector process that must pass it based on
origin address. SECOND DOWNSIDE: If you fill all your redirectors, squid
will likely deadlock, since redirector-completions would be dependant on
redirector-completions. You could get into queue-recursion, and jam the
whole system)

IMO, it is _possible_, but I would think that 'ludicrous' is an equally
valid adjective to apply. It just doesn't fit the current design
methodology.

YMMV, of course.

D

Miles Lott wrote:
>
> I suppose that this is possible, though it could bog things down pretty
> badly:
>
> I was asked recently whether or not access to URLs could be denied based
> on
> HTML content and not just the URL. I suggested a redirector, but then
> realized
> the URL-only scheme. I suppose that a redirector could view the
> contents of
> the html using the squid client app or native Perl, then parse that to
> search for
> certain strings that a site wants to block. If it passes, return the
> URL. If
> not, redirect.
>
> I realize this is even more big-brotherish than most care to even
> consider,
> but it has been requested. I was wondering if anyone had tried this...

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT d- s++: a C++++$ UL++++B+++S+++C++H++U++V+++$ P+++$ L+++ E-
W+++(--)$ N++ w++$>--- t+ 5++ X+() R+ tv b++++ DI+++ e- h-@ 
------END GEEK CODE BLOCK------
Received on Wed Jun 10 1998 - 07:42:23 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:41 MST