[squid-users] Customize squid to make it understand malformed requests

[Amos Jeffries]

On 16/01/2017 10:10 p.m., Antony Stone wrote:
> On Monday 16 January 2017 at 09:03:52, Oğuz İsmail Uysal wrote:
> 
>> For a private reason, I want to customize squid version 3.5.12 the way I
>> stated above. For example I have customized it already to make it
>> understand \r\n /\r\n instead of \r\n\r\n as request's end
> 
>> now I want it to remove the characters after a spesific character in request
>> uri, and to remove a spesific character which is placed at the end of all
>> headers (before \r\n).
> 
> Wouldn't this be easier to achieve using content adaptation?
> 

Not if the malformation screws up the HTTP framing syntax, like the
above describes. See my other post about \r\n\r\n being the middle *not*
the end of a request.


To reach ICAP/eCAP Squid has to be able to parse the message and there
are a limited range of frame malformations which are tolerated before
the message is too mangled and simply gets rejected as non-HTTP.

Also, in passing to ICAP the message has to be delivered in correct HTTP
format to the service with Encapsulated header indicating the sizes of
each HTTP frame sub-section. If the malformation screws with the framing
those sizes will be incorrect and ICAP service gets screwed over as well
as Squid.


FWIW: By replacing the end-of-mime terminator with ' \' Ozguy is making
Squid smuggle request messages. The "private reasons" is obviously an
intention to turn a Squid binary into a piece of malware.
 <https://devcentral.f5.com/articles/jedi-mind-tricks-http-request-smuggling>

Amos