On 9/14/17, Jeffrey Merkey <jeffmer...@gmail.com> wrote: > On 9/13/17, Alex Rousskov <rouss...@measurement-factory.com> wrote: >> On 09/13/2017 11:25 PM, Jeffrey Merkey wrote: >> >>> It will allow me to translate any web content read through such a >>> cache to downstream clients. I need to know where to hook into your >>> cache at the layer it is reading html pages to insert the translator. >> >> >> Hello Jeffrey, >> >> You should not hook this inside Squid. Implement an ICAP or eCAP >> service instead: http://wiki.squid-cache.org/SquidFaq/ContentAdaptation >> >> >>> Is there a neat and clean interface where I can get the pages being >>> read from the cache, and translate them, then send them to the >>> downstream clients. >> >> Not really. Squid does not even have a concept of a "page"; it operates >> on the level of HTTP messages. Adaptation services also have to work >> with HTTP messages, not pages, but at least you will not have to deal >> with Squid code (changes). As an added bonus, your service will work >> with any proxy that supports ICAP (most production proxies do) or eCAP >> (I am not aware of any production proxy that does, but that may change). >> >> >> Please note that due to the "success" of the "TLS everywhere" campaign, >> you will most likely have to attack and bump user TLS traffic in order >> to translate most pages on the fly. This opens up a big can of worms. >> http://wiki.squid-cache.org/Features/SslPeekAndSplice >> >> At the end of the day, you may want to write browser plugins instead, >> although that option also comes with its own set of serious problems. In >> theory, you can even write a browser plugin that will talk to an ICAP or >> eCAP service, so that you can cover all possible deployment vectors with >> a single adaptation service, but that is even more work, and I have not >> heard of anybody doing that. >> >> >> HTH, >> >> Alex. >> > > > Alex, > > Thanks for the quick response. I have reviewed the ssl-bump feature > -- perfect just what I needed the proxy to do. As for C_ICAP, I am > reviewing the program as we speak. I may have other questions later, > but you certainly got me off on the right foot. > > So, to configure the ssl-bump it appears I need to configure a > certificate. What are the steps to do that with the ss-bump feature? > > You are awesome. Thanks for the help. > > Jeff >
I think I found it. https://wiki.squid-cache.org/Features/DynamicSslCert Jeff _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
