[squid-users] Squid and url modifying

Egoitz Aurrekoetxea egoitz at sarenet.es
Mon Mar 4 07:53:47 UTC 2019 

Good morning, 

Thanks a lot mates for your reading time. Alex, Amos speciallý to you
that answered too to this mail. 

My idea is simple. I wanted specific url, to be filtered through the
proxy. How can I manage this URL to be checked by the proxy?. I assumed,
I could modify the real and original content where urls appeared by
setting for instance : 

- Being the real url : https://oooeeee.eeee.ttt/u?ii=99&j=88 [2] 

- I would rewrite in the own content the URL so that  the new URL is now
: https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88 

The domain thesquidserver.org [2] will be used for doing wilcards. For
instance : *.thesquidserver.org *.*.thesquidserver.org etc... will
resolve to the ip of the Squid server. But I don't want any url being
asked as whatever.thesquidserver.org to be checked... just those ones I
have wrote in some place... 

So I was trying to write some content managing script, which should
check if that URL is needed to be checked and in case it should, check
it against an icap service. If Icap service gives you all to be right,
redirect you to the real site (just removing the thesquidserver.org for
the URL for instance). If that URL contains malware for instance, give
you an error page. 

This is all what I was trying to do... Some time ago, I used Squid with
Dansguardian for this kind of purposes, but now I wanted to do something
slightly different. I wanted to pass a request (if should be passed) to
an icap service and later depeding in the result of that ICAP service
(which I don't really know how could I check with an script) redirect to
the real site or give an error page. 

For this purpose is perhaps the reason because url redirector programs
exist?. I'm trying to see the entire puzzle :) 

Any help would be very appreciatted :) 

Thank you so much,

---

EGOITZ AURREKOETXEA 
Dpto. de sistemas 
944 209 470
Parque Tecnológico. Edificio 103
48170 Zamudio (Bizkaia) 
egoitz at sarenet.es 
www.sarenet.es [1] 
Antes de imprimir este correo electrónico piense si es necesario
hacerlo. 

El 2019-03-02 23:21, Alex Rousskov escribió:

> On 3/1/19 5:59 AM, Egoitz Aurrekoetxea wrote:
> 
>> Is it possible for Squid to do something like :
> 
>> - Receive request : https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88
> 
>> and
> 
>> to really perform a request as : https://oooeeee.eeee.ttt/u?ii=99&j=88
> 
> How does your Squid receive the former request? Amos' answer probably
> assumes that your Squid is _not_ oooeeee.eeee.ttt.thesquidserver.org,
> but the name you have chosen for your example may imply that it is.
> 
> * If your Squid is _intercepting_ traffic destined for the real
> oooeeee.eeee.ttt.thesquidserver.org, then see Amos' answer.
> 
> * If your Squid is representing oooeeee.eeee.ttt.thesquidserver.org,
> then your Squid is a reverse proxy that ought to have the certificate
> key for that domain, and none of the SslBump problems that Amos
> mentioned apply.
> 
> Please clarify what your use case is.
> 
> Alex.
> 
>> I mean not to redirect users with url redirection. Just act as a proxy
>> but having Squid the proper acknoledge internally for being able to make
>> the proper request to the destination?. Is it possible without
>> redirecting url, to return for instance a 403 error to the source web
>> browser in order to not be able to access to the site if some kind of
>> circumstances are given?.
>> 
>> If the last config, was not possible... perhaps I needed to just to
>> redirect forcibly?. I have read for that purpose you can use URL
>> redirectors.... so I assume the concept is :
>> 
>> - Receive request : https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88
>> 
>> and
>> 
>> to really perform a request as : https://oooeeee.eeee.ttt/u?ii=99&j=88
>> <https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88>
>> 
>> If all conditions for allowing to see the content are OK, return the web
>> browser a 301 redirect answer with the
>> https://oooeeee.eeee.ttt/u?ii=99&j=88
>> <https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88> URL. Else,
>> just return a 403 or redirect you to a Forbidden page... I think this
>> could be implemented with URL redirectors...but... the fact is... which
>> kind of conditions or env situations can you use for validating the
>> content inside the url redirector?.
>> 
>> Thanks a lot for your time :)
>> 
>> Cheers!
>> 
>> -- 
>> sarenet
>> *Egoitz Aurrekoetxea*
>> Dpto. de sistemas
>> 944 209 470
>> Parque Tecnológico. Edificio 103
>> 48170 Zamudio (Bizkaia)
>> egoitz at sarenet.es <mailto:egoitz at sarenet.es>
>> www.sarenet.es [1] <http://www.sarenet.es>
>> 
>> Antes de imprimir este correo electrónico piense si es necesario hacerlo.
>> 
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
 

Links:
------
[1] http://www.sarenet.es
[2] https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190304/b64f94bb/attachment-0001.html>

More information about the squid-users mailing list