[squid-users] Websocket content adaptation
rousskov at measurement-factory.com
Mon Jun 27 16:57:09 UTC 2016
On 06/27/2016 10:23 AM, Ozgur Batur wrote:
> ICAP handles plain HTTP very well but it is not possible to
> filter/change or even log content of websocket communication after
> websocket upgrade over HTTP as far as I know. Is there any plan or
> interest in developing some capability for Squid to control websocket
> communication content?
There is interest but no specific plan or sponsor.
> There is no defined request/response protocol since websocket is
> basically a socket but regexp matching in incoming and outgoing
> content(json, xml,raw) with URL and client metadata info may have some
> application like data leak prevention or achieving in corporate environment.
I am not sure regex would be a good idea in general, but passing
tunneled traffic to eCAP/ICAP services is indeed useful in several
environments, including WebSocket tunnels. The adaptation service will
decide whether to use regex or something else to match raw data. Some
existing services simply log (or relay/replay via TCP) received traffic
without analyzing it so regex is just one of many possibilities here.
FWIW, several things are needed to move forward, including:
1. Adequate development time and skills (or sponsorship to pay for
them). The development of an essentially new adaptation vectoring
point is not a trivial project.
2. A specific proposal on how to map raw/tunnel data to HTTP messages
that eCAP and ICAP interfaces expect. The biggest difficulty here
may be mapping server-speaks-first protocols.
3. A project lead to organize/manage the project and guide the results
through the Squid Project review. This person could be the
primary developer and/or the specs writer, but does not have to be.
More information about the squid-users