Re: [squid-users] squid acl soap request method

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 15 Oct 2013 16:43:54 +1300

On 15/10/2013 3:48 p.m., James Shirley wrote:
> Hi!
>
> I'm trying to configure a squid acl to control what soap requests are
> allowed to a backend web server..
>
> Only I cannot see a configuration parameter directly specific to SOAP
> (or XML) protocol. Or even a way to integrate the POST message content
> in a helper application..

That is because the message and the message content are two _very_
separate things.

The messages being HTTP protocol and message content being the SOAP/XML
stuff.

Squid only operates on the HTTP protocol. The content of messages is
outside of Squid scope of operations and treated as opaque data.
Manipulation or control based on message content is called "content
filtering" and is performed by ICAP services and/or eCAP plugins for Squid.

NP: I'm not yet aware of any plugins/services that manipulate SOAP/XML
data. Given that it is XML it should be relatively easy to create your
own content filter that meets your needs.

> I have looked into validating SOAPAction HTTP header, however this is
> an optional header which not all SOAP clients use..

For controlling it in Squid that is probably the best way. Unless you
can find a better way to identify SOAP from just the HTTP headers
(Content-Type perhapse?).

Amos
Received on Tue Oct 15 2013 - 03:44:02 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 15 2013 - 12:00:05 MDT