On 15/10/2013 3:48 p.m., James Shirley wrote:
Hi!
I'm trying to configure a squid acl to control what soap requests are
allowed to a backend web server..
Only I cannot see a configuration parameter directly specific to SOAP
(or XML) protocol. Or even a way to integrate the POST message content
in a helper application..
That is because the message and the message content are two _very_
separate things.
The messages being HTTP protocol and message content being the SOAP/XML
stuff.
Squid only operates on the HTTP protocol. The content of messages is
outside of Squid scope of operations and treated as opaque data.
Manipulation or control based on message content is called "content
filtering" and is performed by ICAP services and/or eCAP plugins for Squid.
NP: I'm not yet aware of any plugins/services that manipulate SOAP/XML
data. Given that it is XML it should be relatively easy to create your
own content filter that meets your needs.
I have looked into validating SOAPAction HTTP header, however this is
an optional header which not all SOAP clients use..
For controlling it in Squid that is probably the best way. Unless you
can find a better way to identify SOAP from just the HTTP headers
(Content-Type perhapse?).
Amos
