[squid-dev] Online Translator interface for Squid

Jeffrey Merkey jeffmerkey at gmail.com
Thu Sep 14 06:11:27 UTC 2017


On 9/13/17, Alex Rousskov <rousskov at measurement-factory.com> wrote:
> On 09/13/2017 11:25 PM, Jeffrey Merkey wrote:
>
>> It will allow me to translate any web content read through such a
>> cache to downstream clients.  I need to know where to hook into your
>> cache at the layer it is reading html pages to insert the translator.
>
>
> Hello Jeffrey,
>
>     You should not hook this inside Squid. Implement an ICAP or eCAP
> service instead: http://wiki.squid-cache.org/SquidFaq/ContentAdaptation
>
>
>> Is there a neat and clean interface where I can get the pages being
>> read from the cache, and translate them, then send them to the
>> downstream clients.
>
> Not really. Squid does not even have a concept of a "page"; it operates
> on the level of HTTP messages. Adaptation services also have to work
> with HTTP messages, not pages, but at least you will not have to deal
> with Squid code (changes). As an added bonus, your service will work
> with any proxy that supports ICAP (most production proxies do) or eCAP
> (I am not aware of any production proxy that does, but that may change).
>
>
> Please note that due to the "success" of the "TLS everywhere" campaign,
> you will most likely have to attack and bump user TLS traffic in order
> to translate most pages on the fly. This opens up a big can of worms.
> http://wiki.squid-cache.org/Features/SslPeekAndSplice
>
> At the end of the day, you may want to write browser plugins instead,
> although that option also comes with its own set of serious problems. In
> theory, you can even write a browser plugin that will talk to an ICAP or
> eCAP service, so that you can cover all possible deployment vectors with
> a single adaptation service, but that is even more work, and I have not
> heard of anybody doing that.
>
>
> HTH,
>
> Alex.
>


Alex,

Thanks for the quick response.  I have reviewed the ssl-bump feature
-- perfect just what I needed the proxy to do.  As for C_ICAP, I am
reviewing the program as we speak.  I may have other questions later,
but you certainly got me off on the right foot.

So, to configure the ssl-bump it appears I need to configure a
certificate.  What are the steps to do that with the ss-bump feature?

You are awesome.  Thanks for the help.

Jeff


More information about the squid-dev mailing list