Re: [squid-users] Replacing an image based on the refer...

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 15 Aug 2008 19:57:16 +1200

John Doe wrote:
>> You are much better off doing this with Apache's rewrite, if that happens to
>> be your http server. Sadly Squid is pretty awkward for rewriting purposes.

It's not Squid at fault. It's the HTTP standard and all compliant
softwares do not react well when people playing games with the absolute
location of things based on some private knowledge which they refuse to
share with the rest of he net (ie via 30x messages).

>
> But there are two rewritings needed at this time.
> Basic rewritings (URLs translation from old to new style by example).
> And more complex ones, which decisions must be as follow:
> 1. Is the referrer external.
> 2. If it is external, is the object blacklisted in our database (potentialy hundreds of thousands after a while).
> 3. If blacklisted, rewrite URL to fetch "do not abuse" object (several objects possible).
> So it needs an external program.
>
> And if I rewrite (or not) an URL in the webserver, will squid have the 2 objects (legit or abuser) cached separately...?
> GET /path/image.gif with referrer=oursite => /path/image.gif
> GET /path/image.gif with referrer=external but not blacklisted => /path/image.gif
> GET /path/image.gif with referrer=external and blacklisted => /path2/abuser.gif

Squid will cache the URL it received from the client and the object it
got back for that URL.

>
>>> Or, could I use a dirty trick like 'user=NEWURL' set by external_acl helper
>>> program and then get it from url_rewrite input parameters...?
>>> So far we don't need authentification, but can the variable handle an URL...
>
> I tried using the user variable as a message between the external_acl (that can look at the referrer) and the url_rewrite programs and it seems to work fine.
> And I don't need to pass an URL; I just need to pass something like an "legit" or "abuser" message.
> 1. external_acl program looks at referrer and returns user=legit or user=abuser
> 2. url_rewrite program do its basic rewritings and, if user=abuser, also check if object is blacklisted...
> Without any authentication needs, do you forsee any problem with this trick?
>

Only problems to clients who get the re-written objects. Same as
expected with any re-writing.

However, what I understand of your usage is that those are the clients
you wish to screw over anyway, so problems are an added bonus for them. ;-)

Amos

-- 
Please use Squid 2.7.STABLE3 or 3.0.STABLE8
Received on Fri Aug 15 2008 - 07:59:16 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 15 2008 - 12:00:03 MDT