Proxing only special file types

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Proxing only special file types

alexmaystat
Hello. I have squid proxy server.
Configured SSL inspection and add your JS code.
Is it possible to inspect and add JS code only to files of a specific file
type (for example, only to JS text/javascript).
Or it is possible to proxy only JS files, and send the rest of the content
and requests outside squid proxy?

Thanks.



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxing only special file types

Antony Stone
On Wednesday 06 February 2019 at 10:48:19, alexmaystat wrote:

> Hello. I have squid proxy server.

Version?  Operating system?

> Configured SSL inspection

How?  Give us some details.

> and add your JS code.

What?

> Is it possible to inspect and add JS code only to files of a specific file
> type (for example, only to JS text/javascript).

Yes - try content adaptation.

> Or it is possible to proxy only JS files, and send the rest of the content
> and requests outside squid proxy?

No.


Antony.

--
Wanted: telepath.   You know where to apply.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxing only special file types

alexmaystat
Squid version - 3.5
Operation system - CentOS
SSL inspection - use SSL_Bump + ECAP for content modification.
I mean add my own JS code.

I need user ECAP with modification to parse what file type and after that,
if javascript file - inject my additional code, yes?



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxing only special file types

Antony Stone
On Wednesday 06 February 2019 at 11:21:57, alexmaystat wrote:

> Squid version - 3.5
> Operation system - CentOS
> SSL inspection - use SSL_Bump + ECAP for content modification.
> I mean add my own JS code.
>
> I need user ECAP with modification to parse what file type and after that,
> if javascript file - inject my additional code, yes?

Sounds good to me.


Antony.

--
#define SIX 1+5
#define NINE 8+1

int main() {
    printf("%d\n", SIX * NINE);
}
        - thanks to ECB for bringing this to my attention

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxing only special file types

alexmaystat
Do you think this is possible, right?



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxing only special file types

Amos Jeffries
Administrator
On 7/02/19 3:39 am, alexmaystat wrote:
> Do you think this is possible, right?
>

Which of the multiple questions and ideas stated earlier do you mean by
"this" ?

Content Adaptation is possible.

Causing a process which finished previously (ie send to the proxy) to
not happen based on things only found out later - is not possible.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxing only special file types

alexmaystat
I mean:
Do you think that it is possible to implement the ECAP module with the
injecting code into content adaptation, after check and verify in ECAP that
content-type is js code (text/javascript)?



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxing only special file types

Amos Jeffries
Administrator
On 7/02/19 6:28 pm, alexmaystat wrote:
> I mean:
> Do you think that it is possible to implement the ECAP module with the
> injecting code into content adaptation, after check and verify in ECAP that
> content-type is js code (text/javascript)?
>

That is possible.

But consider this:
 It is also *possible* to take a running jump off a cliff. Sometimes one
will even survive. Does not make it a good idea.



More specifically I caution you to consider also the social and legal
consequences of altering other peoples content without their permission.

In most countries content adaptation is actually illegal and the content
providers have a right to sue for compensation of damages. The legal
situation ranges from copyright violation to fraud.

With in-transit adaptation you are:
 a) using other peoples content (piracy, theft), and
 b) without copyright permission to do so (copyright violation, theft
and digital piracy), and
 c) presenting the result as if it were by the original author
(misrepresentation, aka fraud).

Several relatively large companies were sued out of existence, and
others suffered massive reputation damage last decade by getting content
adaptation wrong. So please see a qualified lawyer before you go any
further with this idea.


PS. Most times this question of injecting javascript has come up there
were other far better and absolutely legal ways to achieve the desired
end that did not involve JS injection attacks against the clients. If
you care to explain the purpose of this JS perhapse we can help guide
you towards better ways to do the task.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Proxing only special file types

Alex Rousskov
In reply to this post by alexmaystat
On 2/6/19 3:48 AM, alexmaystat wrote:

> Is it possible to inspect and add JS code only to files of a specific file
> type (for example, only to JS text/javascript).

Yes, provided you can trust Content-Type response headers (or
equivalent). If you do trust them, then you can configure Squid to adapt
only responses that have Content-Type set to, say, text/javascript.

The above assumes that by "inspect" you mean inspect by an eCAP adapter.
Squid itself would still inspect (i.e., "see" and "parse") every HTTP
message it proxies, of course.


> Or it is possible to proxy only JS files, and send the rest of the content
> and requests outside squid proxy?

This is only possible (in some cases) using client-side tools like
browser PAC configuration files. If you can write a simple Javascript
program that can determine whether the pending request is for a "JS
file", and you can configure the browser to use your program (by loading
your PAC file), then you can restrict Squid traffic to those "JS file"
transactions.


As you probably know by now, modifying proxied response content is
usually difficult and often illegal. For more details, see
https://answers.launchpad.net/ecap/+faq/1793


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users