[squid-users] content adaptation using squid

Amos Jeffries squid3 at treenet.co.nz
Thu Sep 6 14:10:58 UTC 2018 

On 6/09/18 6:06 PM, Yosef Meltser wrote:
> 
> Hi,
> 
> We have managed to create a proxy server using a squid in an intercept mode.
> 
> Now we would like to make a content adaptation, for example to show an alert
> every time the user entered a website.
> 
> We are not familiar with this domain, so we are looking for the easiest way
> to inject java script in the http response (of course only http sites).
> 

Simply put. Do not do that.

Please be aware that despite the content HTTP transferring being public
it is still under copyright by the authors who created it and/or the
owners of the domain where it is fetched from. They have implicitly
granted rights only to *view* and distribute the content as-is.

Please check with your legal department about the consequences of
altering copyright content without the copyright holders permission. The
Berne Convention copyright treaty forbidding this type of "piracy"
covers most countries, and the remainder usually have even more harsh
laws of their own.


A much better approach is a "splash page" - to have your proxy respond
with a 302 redirect to a page containing your message, and a
click-through link (or iframe, if that works) to the actual content.
That way the external content remains separate from your content and
everything is good.
 The traditional session splash page details can be found at
<https://wiki.squid-cache.org/ConfigExamples/Portal/Splash>.
 If you have existing system to manage when the messages are to be
displayed you may want the database session helper instead
<http://www.squid-cache.org/Versions/v4/manuals/ext_sql_session_acl.html> which
works from externally managed details in an SQL database.



>  The main two adaptation mechanisms are:
> 
> 1.       Icap
> 
> 2.       Ecap
> 
> For example, in Icap there are some server frameworks that we can use (like
> c-icap, ICAP-server and etc and etc), which one is the most recommended?
> 
> In contrast to the above, ECAP is not using any server, and the whole
> process in embedded into the squid, so it sounds quite easier. Is it?
> 

Neither is more easy or more difficult than the other. They are just
different ways to receive the traffic.


Amos

More information about the squid-users mailing list