WebApp Sec mailing list archives

Re: Reverse Proxy and Link Encoding

From: Death Star <deathstar2k3 () hotmail com>
Date: 12 Jun 2003 19:52:25 -0000

In-Reply-To: <Pine.LNX.4.44.0305312349140.17988-100000 () kisogawa ethz ch>

Have you ever used SQUID ... there are many ways that you can actually 
custimize this proxy to provide access control. As for content replacement 
it can be done using XML. A nice XML script can be written to parse, 
remove, and replace content on both inbound and outbound communications.

check http://www.squid-cache.org/

________________________

 .:[Death Star]:.

--->.*.<---<<<

Hi all

I have a follow-up question to Dean's inquiry on reverse proxies...

I am looking for a reverse proxy that does not let _any_ client-provided
data through. This would be achieved by parsing all web pages in order to
identify the hyper links contained. Then, all the hyper links would be
replaced by the proxy's address and a suitable encoding. Also, the proxy
would maintain a table with all the encodings and the original link. When
the client requests such an encoded link, the proxy would do a lookup in
the table and retrieve the original link.

Example:

1) Proxy retrieves some web page that contains the link
  http://www.foo.com/
2) Proxy replaces this link in the web page by something like the
  following link: http://proxy/77352102 and sends the resulting
  page to the client.
3) Client hits the link. Proxy analyzes the encoding and does the lookup
  in the table to find the original link. It retrieves the page, parses
  the content, replaces links, and sends the result to the client again.

(Startup: The proxy would have a well-defined collection of possible links
that are already encoded and serve as a starting point.)

I am aware that such a proxy is quite prohibitive with regard to browsing
the web. However, it can be useful in environments that must prevent
potentially hostile traffic (e.g. "hacked" URLs, malformed POST data

etc.)

to leave to the Internet and still allow basic browsing capabilities.

Does anybody know of a proxy that does this (or something similar)? (My 
research has not been successful so far.)


Thanks
myke.

Current thread:

Reverse Proxy and Link Encoding Michael Naef (Jun 01)
- RE: Reverse Proxy and Link Encoding Lluis Mora (Jun 03)
  - RE: Reverse Proxy and Link Encoding Michael Naef (Jun 05)
- Re: Reverse Proxy and Link Encoding security lists (Jun 05)
- <Possible follow-ups>
- RE: Reverse Proxy and Link Encoding Amit Klein (Jun 05)
- RE: Reverse Proxy and Link Encoding Amit Klein (Jun 09)
  - RE: Reverse Proxy and Link Encoding Bill Burge (Jun 09)
- Re: Reverse Proxy and Link Encoding Death Star (Jun 13)