[squid-users] Content injection
Jeffrey Merkey
jeffmerkey at gmail.com
Sun Oct 1 04:26:01 UTC 2017
On 9/30/17, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 01/10/17 16:12, Alex Rousskov wrote:
>> On 09/30/2017 07:44 PM, stern0m1 wrote:
>>
>>> I am looking for a proxy that can inject content easily. Static content
>>> to
>>> every HTML document.
>>> Can I do this easily with squid?
>>
>> You can inject some "HTML documents" using Squid combined with an eCAP
>> or ICAP content adaptation service, but it is not going to be easy, and
>> you cannot inject documents delivered over secure connections to web
>> clients that pin origin server certificates. For more information, see
>>
>> * http://wiki.squid-cache.org/SquidFaq/ContentAdaptation
>> * https://answers.launchpad.net/ecap/+faq/1793
>>
>> Alex.
>
> For the record:
>
> Please be aware that HTTP documents are protected by international
> copyright laws. Altering other peoples content is illegal in all
> countries signatory to the Berne Convention and many other countries
> individual copyright laws as well.
>
> HTTP forms an informal contract for redistribute and copy permission,
> not for alteration or derivative work permissions. Unless you have
> written consent from the HTML document creators explicitly giving
> permission to alter the substance of their content it is legally
> considered "copyright piracy" or whatever the local laws wording is.
>
> Actions like [un]compression of the content do not change its bytes, so
> are okay. But adding or removing bits from the HTML text is using their
> content to generate a derivative work - for which permission is NOT
> granted implicitly.
>
>
> The legally safe way to inject notices to clients into traffic is to use
> splash page mechanisms. Where the client periodically gets delivered a
> 511 status code with your message on a page you created instead of the
> item they requested. You just need to make sure to detect points in the
> trafffic which actually reach users eyeballs, and a way for them to
> continue on to get what they wanted earlier. Quite a lot of HTTP traffic
> (~80% IIRC) is software<->software and never reaches any user eyeballs.
>
> You can modify the splash page approach by having your page use an
> iframe to embed the original requestors response. Publishers can
> explicitly indicate whether they grant permission for that to be done
> (eg opt-out).
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
Amos,
Does this apply to folks who are providing a translation service via
eCap or C-ICAP? Google provides web page translation so how does this
affect folks who are using squid and C-ICAP for translating content
between different languages?
Jeff
More information about the squid-users
mailing list