[squid-users] On what methods does url filtering needs to apply?

Eliezer Croitoru eliezer at ngtech.co.il
Sun Sep 27 12:32:08 UTC 2015


I am considering what to block.
When I am testing for urls and methods I have discovered that not all 
requests are supported by the browsers and not all of the can contain 
unwanted content.
For example a HEAD request cannot contain any body and there might not 
to be filtered.
A PUT request cannot be issued without some sort of complex JS and this 
comes from GET or POST requests only and also web services do not allow 
the usage of PUT requests to fetch content even if it can be used for that.

So I am looking at the RFC and I think that maybe not all requests needs 
to be inspected in a content filtering solution.
If the issue is security then it's one thing but in most cases it is not 
required.

I am sure that GET and POST requests should be filtered but I am not 
sure that in all cases it is required to filter all other http methods.

What do you think needs to be filtered?(in a more technical aspect)

Thanks,
Eliezer



More information about the squid-users mailing list