CONNECT + custom data

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CONNECT + custom data

Richard Peeters
Hi All,

I have a requirement to forward proxy an opaque stream of data. One of
the servers (acting as a client -A- to SQUID ) will use the CONNECT
method to connect to SQUID (on server B) and squid will then proxy
this data for A.

My question is I want to pass metadata from A to B which B will strip
out before proxying the data outbound, and I cannot find a way to do
that.

If this was an HTTP stream, headers could have been added by A and B
could have stripped them, but with my case I dont think even content
adaptation will help.

Can someone please advise on what feature of SQUID I should be looking
at to achieve this ot whether it is possible or not.

I have been reading documentation for less than 24 hours, please
pardon my ignorance.

Thanks,
Rich
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: CONNECT + custom data

Amos Jeffries
Administrator
On 17/11/17 15:09, Richard Peeters wrote:

> Hi All,
>
> I have a requirement to forward proxy an opaque stream of data. One of
> the servers (acting as a client -A- to SQUID ) will use the CONNECT
> method to connect to SQUID (on server B) and squid will then proxy
> this data for A.
>
> My question is I want to pass metadata from A to B which B will strip
> out before proxying the data outbound, and I cannot find a way to do
> that.

"metadata" in HTTP just means headers.

For custom hop-by-hop headers your client application needs to use
Connection: header to control their removal by the recieving next-hop
HTTP agent. See <https://tools.ietf.org/html/rfc7230#section-6.1>.
  The custom header field-values can be accessed using the various
request/reply header regex ACL types, same as any header.

Squid does not touch any of the 'payload' section following a CONNECT
message. It always gets relayed as-is or rejected completely.
  Except when SSL-Bump is configured to decrypt tunnelled TLS traffic.
Custom payload formats are not possible there, only TLS syntax.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: CONNECT + custom data

Alex Rousskov
On 11/16/2017 08:39 PM, Amos Jeffries wrote:
> On 17/11/17 15:09, Richard Peeters wrote:
>> I have a requirement to forward proxy an opaque stream of data. One of
>> the servers (acting as a client -A- to SQUID ) will use the CONNECT
>> method to connect to SQUID (on server B) and squid will then proxy
>> this data for A.
>>
>> My question is I want to pass metadata from A to B which B will strip
>> out before proxying the data outbound, and I cannot find a way to do
>> that.


> "metadata" in HTTP just means headers.
>
> For custom hop-by-hop headers your client application needs to use
> Connection: header to control their removal by the recieving next-hop
> HTTP agent. See <https://tools.ietf.org/html/rfc7230#section-6.1>.
> The custom header field-values can be accessed using the various
> request/reply header regex ACL types, same as any header.

Also, if Squid (B) does not talk to another proxy and instead connects
to the origin server directly, then no Connection listing is required
for the CONNECT request headers. In this case, the CONNECT request
received by B is the only HTTP request; it is not forwarded anywhere.

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users