[squid-users] Content injection

Amos Jeffries squid3 at treenet.co.nz
Sun Oct 1 04:15:58 UTC 2017 

On 01/10/17 16:12, Alex Rousskov wrote:
> On 09/30/2017 07:44 PM, stern0m1 wrote:
> 
>> I am looking for a proxy that can inject content easily. Static content to
>> every HTML document.
>> Can I do this easily with squid?
> 
> You can inject some "HTML documents" using Squid combined with an eCAP
> or ICAP content adaptation service, but it is not going to be easy, and
> you cannot inject documents delivered over secure connections to web
> clients that pin origin server certificates. For more information, see
> 
>    * http://wiki.squid-cache.org/SquidFaq/ContentAdaptation
>    * https://answers.launchpad.net/ecap/+faq/1793
> 
> Alex.

For the record:

Please be aware that HTTP documents are protected by international 
copyright laws. Altering other peoples content is illegal in all 
countries signatory to the Berne Convention and many other countries 
individual copyright laws as well.

HTTP forms an informal contract for redistribute and copy permission, 
not for alteration or derivative work permissions. Unless you have 
written consent from the HTML document creators explicitly giving 
permission to alter the substance of their content it is legally 
considered "copyright piracy" or whatever the local laws wording is.

Actions like [un]compression of the content do not change its bytes, so 
are okay. But adding or removing bits from the HTML text is using their 
content to generate a derivative work - for which permission is NOT 
granted implicitly.


The legally safe way to inject notices to clients into traffic is to use 
splash page mechanisms. Where the client periodically gets delivered a 
511 status code with your message on a page you created instead of the 
item they requested. You just need to make sure to detect points in the 
trafffic which actually reach users eyeballs, and a way for them to 
continue on to get what they wanted earlier. Quite a lot of HTTP traffic 
(~80% IIRC) is software<->software and never reaches any user eyeballs.

You can modify the splash page approach by having your page use an 
iframe to embed the original requestors response. Publishers can 
explicitly indicate whether they grant permission for that to be done 
(eg opt-out).

Amos

More information about the squid-users mailing list