[squid-users] On what methods does url filtering needs to apply?

Alex Rousskov rousskov at measurement-factory.com
Mon Sep 28 21:31:02 UTC 2015


On 09/28/2015 12:34 PM, Eliezer Croitoru wrote:

> Mainly content filtering is for offensive content.
...
> The main issue is about offensive content in the presentation layer.

If you define "content" as "information that a browser may show to a
regular user", then you have to filter all [responses with] bodies,
authentication-requesting responses (for their realm strings),
certificate names, certificate issuer names, and possibly other things
that browser may display to the user.

And if you add dynamic Javascript-driven pages, there is pretty much
nothing you can reliably filter on the "content" level because the
offensive page may be assembled from non-offensive and/or encrypted parts.

Request methods have pretty much nothing to do with the above.


> A PUT request can contain a response body but it is not used and was not
> designed to send body content and else then that browsers do not really
> implement support for it.

I doubt the above is correct -- I would expect the browser to show PUT
responses to the user -- but this is not my area of expertise.


> So after defining that the main subject as abusive content in the body
> part of the message, POST and GET are a must to check but OPTIONS might
> not be required.

I see no logical connection from "the main subject [is] content in the
body" and "[checking] OPTIONS [bodies] might not be required". Since
OPTIONS responses may have a body, and you said that you want to block
abusive content in the body, it seems logical to filter OPTIONS.


Alex.



> On 27/09/2015 20:58, Alex Rousskov wrote:
>> Your question is impossible to answer correctly until you define
>> "unwanted content". In other words, you need to define what you want to
>> block (in general, non-HTTP terms) before it is possible to identify a
>> subset of HTTP messages that can deliver the corresponding content. What
>> is "desired" by some is "unwanted" by others, so we cannot guess what
>> _your_  blocking objectives are.
>>
>> Alex.
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list