On 09/18/2013 11:10 AM, Sachin Gupta wrote:
> We are in a stage where even ICAP cannot be deployed :(
but eCAP probably can be.
> So i had started digging into SQUID code to find where hooks can be placed.
Squid development questions should be posted to the squid-dev mailing
list, but here are few hints to get you started if you do not like the
eCAP route:
1a) You may be able to detect matched URLs and compute their tags in
ACLUrlStrategy::match() located in src/acl/Url.cc. Please note that a
local acl match does not mean the request is going to be allowed. Thus,
you may not want to bother with detecting matches like this at all.
1b) While inside ACLUrlStrategy::match(), you may be able to store the
computed tag in checklist->request. This may require casting away any
const-protection.
2) To locate where to add a request header, look for httpHdrMangleList()
call in src/http.cc. As I mentioned above, you may be able to just
compute the tag there (from the request URL) and avoid (1a) and (1b).
Please note that I do not know exactly how you want to match URLs with
new header values so some or all of the above items may not apply to
your specific case and/or more work may be needed. Needless to say, all
of the above comes with a risk of breaking your Squid.
HTH,
Alex.
> I was trying to do the following:
> 1. Configured and ACL (whiteLst) in squid.conf for the allowed list of file.
> 2. In code i am trying to find a place where it says that url abc,com
> matches ACL (whiteLst) specified in conf file. If the ACL name matches
> to whiteLst, i will call a function to add a custom header.
>
> I have not been able to find such a place in the code as of yet where
> i can safely say that my ACL (whiteLst) match has happened.
> Found a code where "ACLMatchedList" is populated, but on debugging it
> seems to be generally populated with ACL "ALL".
> Not sure where the "ALL" acl is being picked up. Some "indent_*" acl
> is being matched.
>
> Even tried with enabling debug logs for squid. Seems it matches the
> ACL (whiteLst) but then also matches some ACL "ALL", hence overwriting
> the Matched ACL name.
>
> Still debugging, though some pointers or inputs would be welcome here.
>
> Thanks in Adv.
> Regards
>
> On Wed, Sep 18, 2013 at 9:41 PM, Alex Rousskov
> <rousskov_at_measurement-factory.com> wrote:
>> On 09/17/2013 09:48 PM, Sachin Gupta wrote:
>>
>>> We are using Squid 3.1 and need to do the following:
>>> 1. We have a list of URLs which we want to allow.
>>> 2. Squid to read this list of URLs and for each matching entry in the
>>> list, set a particular field (insert a string) in the HTTP header.
>>> 3. Using this header string, a URL filtering program will allow the
>>> URLs to be accessed.
>>>
>>> I explored the squid functionality and came across following:
>>> a. header_replace : Not sure how i can use this for my case. Examples
>>> and references are welcome.
>>> b. request_header_replace: Not available in 3.1. Not possible to
>>> upgrade to latest squid release.
>>>
>>> Is there any other option to do the same? Please suggest.
>>
>>
>> If Squid upgrade is not an option, you can either modify your Squid
>> sources or use eCAP/ICAP to do the adaptations you need.
>>
>>
>>
>> HTH,
>>
>> Alex.
>>
Received on Wed Sep 18 2013 - 17:59:00 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 19 2013 - 12:00:04 MDT