[squid-users] Redirectors, Filters and Caching

From: Diego Rivera <[email protected]>
Date: Tue, 09 Sep 2003 23:15:46 -0600

Hello all

One thing that I've observed is that - AFAIK - there's no way for
full-on content filtering to be performed by SQUID.

The way the redirector works would require a double-fetch of the content
from a URL:

 - Squid passes the URL to the redirector, which then examines the URL
(and possibly the contents thereof), and either returns a blank line
(OK), or a new redirect URL.

 - Squid then returns either the content of the original URL or the
content of the new redirect URL to the client, caching as needed.

This results in a double-fetch.

I may be mis-understanding the whole redirector approach, but since
there's no true content-filter framework this is how I think it could
work currently.

Adding a callback API to allow redirectors to add stuff into the cache
might be too much work.

How about this: adding a return value option for the redirectors. For
example, once a redirector gets a URL, it can then examine the URL and
fetch the contents and (possibly and temporarily) cache them locally.
It would then return one of 3 things to squid:

1) A blank line (use original URL as is, causing a re-fetch by squid if
the redirector already did a fetch)

2) A redirect URL

3) A line like '* /path/to/filtered/content', which Squid can use to
return the content to the client without doing a refetch, and possibly
copy said content into the cache under its own scheme for avoiding later
network re-fetches. The squid process would be responsible for erasing
this edited content external to the cache.

There are flaws to this particular approach - but I think you see what
I'm getting at and I'm interested in seeing what other ppl think of this
type of functionality and how it would (could? should?) be implemented
in Squid.

Mostly, this would be useful for virus scanning and cleaning (for
example), as well as inserting filters to eliminate known exploits in
HTML and JavaScript. Other uses like censorship could also be achieved
for particular sites (grade-schools?).

Thoughts? Opinions? Flames? :)

Thx for your time guys

-- 
===========================================================
* Diego Rivera                                            *
*                                                         *
* "The Disease: Windows, the cure: Linux"                 *
*                                                         *
* E-mail: lrivera<AT>racsa<DOT>co<DOT>cr                  *
* Replace: <AT>='@', <DOT>='.'                            *
*                                                         *
* GPG: BE59 5469 C696 C80D FF5C  5926 0B36 F8FF DA98 62AD *
* GPG Public Key avaliable at: http://pgp.mit.edu         *
===========================================================

Received on Tue Sep 09 2003 - 23:16:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:36 MST