<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Good morning,</p>
<p><br /></p>
<p>Thanks a lot mates for your reading time. Alex, Amos speciallý to you that answered too to this mail.</p>
<p><br /></p>
<p>My idea is simple. I wanted specific url, to be filtered through the proxy. How can I manage this URL to be checked by the proxy?. I assumed, I could modify the real and original content where urls appeared by setting for instance :</p>
<p><br /></p>
<p>- Being the real url : <a href="https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">https://oooeeee.eeee.ttt/u?ii=99&j=88</a></p>
<p>- I would rewrite in the own content the URL so that the new URL is now : <a href="https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88</a></p>
<p>The domain <a href="https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">thesquidserver.org</a> will be used for doing wilcards. For instance : *.thesquidserver.org *.*.thesquidserver.org etc... will resolve to the ip of the Squid server. But I don't want any url being asked as whatever.thesquidserver.org to be checked... just those ones I have wrote in some place...</p>
<p><br /></p>
<p>So I was trying to write some content managing script, which should check if that URL is needed to be checked and in case it should, check it against an icap service. If Icap service gives you all to be right, redirect you to the real site (just removing the thesquidserver.org for the URL for instance). If that URL contains malware for instance, give you an error page.</p>
<p><br /></p>
<p>This is all what I was trying to do... Some time ago, I used Squid with Dansguardian for this kind of purposes, but now I wanted to do something slightly different. I wanted to pass a request (if should be passed) to an icap service and later depeding in the result of that ICAP service (which I don't really know how could I check with an script) redirect to the real site or give an error page.</p>
<p><br /></p>
<p>For this purpose is perhaps the reason because url redirector programs exist?. I'm trying to see the entire puzzle :)</p>
<p><br /></p>
<p>Any help would be very appreciatted :)</p>
<p><br /></p>
<p>Thank you so much,</p>
<div>---<br />
<div class="firmasarenet" style="clear: both; text-align: left;">
<div class="imgsarenet" style="margin: 0 0 10px 0;"><img src="https://www.sarenet.es/estaticos/LogoSarenetEmails.png?newlogo" alt="sarenet" /></div>
<div class="titulosarenet" style="font-family: Helvetica, Arial, sans-serif; font-weight: bold; font-size: 14px; color: #333333;"><strong>Egoitz Aurrekoetxea</strong></div>
<div class="dptosarenet" style="font-family: Helvetica, Arial, sans-serif; font-weight: normal; font-size: 12px; color: #333333;">Dpto. de sistemas</div>
<div class="textosarenet" style="font-family: Helvetica, Arial, sans-serif; font-weight: normal; font-size: 12px; color: #333333;">944 209 470<br />Parque Tecnológico. Edificio 103<br />48170 Zamudio (Bizkaia)</div>
<div class="lnksarenet" style="font-family: Helvetica, Arial, sans-serif; font-weight: normal; font-size: 12px; color: #007ac4; line-height: 1.2;"><a id="mailto" style="font-size: 12px; color: #007ac4; text-decoration: underline;" href="mailto:egoitz@sarenet.es"><label id="label_email">egoitz@sarenet.es</label></a></div>
<div class="lnksarenet" style="font-family: Helvetica, Arial, sans-serif; font-weight: normal; font-size: 12px; color: #007ac4; line-height: 1.2;"><a style="font-size: 12px; color: #007ac4; text-decoration: underline;" href="http://www.sarenet.es">www.sarenet.es</a></div>
<br />
<div class="imprimirsarenet" style="font-family: Helvetica, Arial, sans-serif; font-weight: normal; font-size: 10px; color: #a0c361;">Antes de imprimir este correo electrónico piense si es necesario hacerlo.</div>
</div>
</div>
<p><br /></p>
<p>El 2019-03-02 23:21, Alex Rousskov escribió:</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">On 3/1/19 5:59 AM, Egoitz Aurrekoetxea wrote:<br /> <br />
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">Is it possible for Squid to do something like :</blockquote>
<br />
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">- Receive request : <a href="https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88</a></blockquote>
<br />
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">and</blockquote>
<br />
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">to really perform a request as : <a href="https://oooeeee.eeee.ttt/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">https://oooeeee.eeee.ttt/u?ii=99&j=88</a></blockquote>
<br /> How does your Squid receive the former request? Amos' answer probably<br /> assumes that your Squid is _not_ oooeeee.eeee.ttt.thesquidserver.org,<br /> but the name you have chosen for your example may imply that it is.<br /> <br /> * If your Squid is _intercepting_ traffic destined for the real<br /> oooeeee.eeee.ttt.thesquidserver.org, then see Amos' answer.<br /> <br /> * If your Squid is representing oooeeee.eeee.ttt.thesquidserver.org,<br /> then your Squid is a reverse proxy that ought to have the certificate<br /> key for that domain, and none of the SslBump problems that Amos<br /> mentioned apply.<br /> <br /> Please clarify what your use case is.<br /> <br /> Alex.<br /> <br /> <br /> <br />
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">I mean not to redirect users with url redirection. Just act as a proxy<br /> but having Squid the proper acknoledge internally for being able to make<br /> the proper request to the destination?. Is it possible without<br /> redirecting url, to return for instance a 403 error to the source web<br /> browser in order to not be able to access to the site if some kind of<br /> circumstances are given?.<br /> <br /> <br /> If the last config, was not possible... perhaps I needed to just to<br /> redirect forcibly?. I have read for that purpose you can use URL<br /> redirectors.... so I assume the concept is :<br /> <br /> <br /> - Receive request : <a href="https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88</a><br /> <br /> <br /> and<br /> <br /> <br /> to really perform a request as : <a href="https://oooeeee.eeee.ttt/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">https://oooeeee.eeee.ttt/u?ii=99&j=88</a><br /> <<a href="https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88</a>><br /> <br /> <br /> If all conditions for allowing to see the content are OK, return the web<br /> browser a 301 redirect answer with the<br /> <a href="https://oooeeee.eeee.ttt/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">https://oooeeee.eeee.ttt/u?ii=99&j=88</a><br /> <<a href="https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88" target="_blank" rel="noopener noreferrer">https://oooeeee.eeee.ttt.thesquidserver.org/u?ii=99&j=88</a>> URL. Else,<br /> just return a 403 or redirect you to a Forbidden page... I think this<br /> could be implemented with URL redirectors...but... the fact is... which<br /> kind of conditions or env situations can you use for validating the<br /> content inside the url redirector?.<br /> <br /> <br /> <br /> Thanks a lot for your time :)<br /> <br /> <br /> Cheers!<br /> <br /> <br /> <br /> <br /> -- <br /> sarenet<br /> *Egoitz Aurrekoetxea*<br /> Dpto. de sistemas<br /> 944 209 470<br /> Parque Tecnológico. Edificio 103<br /> 48170 Zamudio (Bizkaia)<br /> <a href="mailto:egoitz@sarenet.es">egoitz@sarenet.es</a> <mailto:<a href="mailto:egoitz@sarenet.es">egoitz@sarenet.es</a>><br /> <a href="http://www.sarenet.es" target="_blank" rel="noopener noreferrer">www.sarenet.es</a> <<a href="http://www.sarenet.es" target="_blank" rel="noopener noreferrer">http://www.sarenet.es</a>><br /> <br /> Antes de imprimir este correo electrónico piense si es necesario hacerlo.<br /> <br /> _______________________________________________<br /> squid-users mailing list<br /> <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br /> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank" rel="noopener noreferrer">http://lists.squid-cache.org/listinfo/squid-users</a><br /> </blockquote>
<br /> _______________________________________________<br /> squid-users mailing list<br /> <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br /> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank" rel="noopener noreferrer">http://lists.squid-cache.org/listinfo/squid-users</a></div>
</blockquote>
</body></html>