Re: Data --> object store --> client from Robert Collins on 2002-08-09 (squid-dev)

From: Robert Collins <robertc@dont-contact.us>
Date: 10 Aug 2002 00:02:51 +1000

On Sat, 2002-08-10 at 00:40, Joey Coco wrote:

> > I'm going to address 1) now, 2) is much harder (although some work is
> > underway now that will make developing 2) patchs much easier in the
> > future).
> >
>
> It's #2.. #1 we got figured out. What we want to do is if the content
> matches a certain "criteria" either blank out the content, or display a
> squid access denied page..
>
> I guess the best way would be to insert a meta refresh tag into the store
> and send that to the client, and refresh as an acl blocked URL.. Thats
> quite th hack, however.

Urgh. Thats not the best way!

Here's what you need to do (loosely speaking):
* detect when you *may* alter the content and/or content length before
any reply headers are sent.
* if you may alter the content length, remove any size information
from the object *before* the reply headers are sent.
* if you may alter the content length OR content, remove any ETags
from the object *before* the reply headers are sent.
* detect when you *may* alter the content on requests, and change any
range requests to full object requests. (This is permitted by RFC 2616).
* implement #1
* strip out (don't forward) data that your parser picks up.
* Minimise buffering in your hooked in routine to prevent client
timeouts (as soon as you know a byte is clear, forward it).
* detect EOF conditions and forward any buffered data.

With the above you should not need to do anything fancy like requesting
more data from the store, because you nearly guarantee that any data
hitting your routine will have *some* forwardable bytes. If you need to,
you can add

* Request more data from the store if you have *no* data to forward, to
prevent the connection hanging.

You may find the client side changes in the ESI project of assistance to
your work - they making hooking code in somewhat more modular, and a
little easier.

There is a reasonable amount of work there :}. Some squid-specific, some
not. (Stream parsers are generic, squid streams are not:}). If you need
expert assistance coding for your project, there are several of the core
squid developers that will code on contract - to name a couple, Henrik
Nordstom and I are both interested in doing such work. I'm not sure
about the other guys (Adrian? Duane? Alex? Speak up now!), but if doing
that would make sense for you, simply email the list and ask for
tenders! We are, of course, happy to discuss and guide you in your own
coding efforts.

Cheers,
Rob (who really should get a clear sig, like Henriks).

application/pgp-signature attachment: This is a digitally signed message part

Received on Fri Aug 09 2002 - 08:03:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:02 MST