Re: [squid-users] Customize squid to make it understand malformed requests

2017-01-16 Thread Amos Jeffries 
On 16/01/2017 10:10 p.m., Antony Stone wrote:
> On Monday 16 January 2017 at 09:03:52, Oğuz İsmail Uysal wrote:
> 
>> For a private reason, I want to customize squid version 3.5.12 the way I
>> stated above. For example I have customized it already to make it
>> understand \r\n /\r\n instead of \r\n\r\n as request's end
> 
>> now I want it to remove the characters after a spesific character in request
>> uri, and to remove a spesific character which is placed at the end of all
>> headers (before \r\n).
> 
> Wouldn't this be easier to achieve using content adaptation?
> 

Not if the malformation screws up the HTTP framing syntax, like the
above describes. See my other post about \r\n\r\n being the middle *not*
the end of a request.


To reach ICAP/eCAP Squid has to be able to parse the message and there
are a limited range of frame malformations which are tolerated before
the message is too mangled and simply gets rejected as non-HTTP.

Also, in passing to ICAP the message has to be delivered in correct HTTP
format to the service with Encapsulated header indicating the sizes of
each HTTP frame sub-section. If the malformation screws with the framing
those sizes will be incorrect and ICAP service gets screwed over as well
as Squid.


FWIW: By replacing the end-of-mime terminator with ' \' Ozguy is making
Squid smuggle request messages. The "private reasons" is obviously an
intention to turn a Squid binary into a piece of malware.
 

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Customize squid to make it understand malformed requests

2017-01-16 Thread Antony Stone 
On Monday 16 January 2017 at 09:03:52, Oğuz İsmail Uysal wrote:

> For a private reason, I want to customize squid version 3.5.12 the way I
> stated above. For example I have customized it already to make it
> understand \r\n /\r\n instead of \r\n\r\n as request's end

> now I want it to remove the characters after a spesific character in request
> uri, and to remove a spesific character which is placed at the end of all
> headers (before \r\n).

Wouldn't this be easier to achieve using content adaptation?

http://wiki.squid-cache.org/Features/eCAP
http://wiki.squid-cache.org/Features/ICAP

Antony.

-- 
"There is no reason for any individual to have a computer in their home."

 - Ken Olsen, President of Digital Equipment Corporation (DEC, later consumed 
by Compaq, later merged with HP)

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users