On 15/10/2013 3:48 p.m., James Shirley wrote:
Hi! I'm trying to configure a squid acl to control what soap requests are allowed to a backend web server.. Only I cannot see a configuration parameter directly specific to SOAP (or XML) protocol. Or even a way to integrate the POST message content in a helper application..
That is because the message and the message content are two _very_ separate things.
The messages being HTTP protocol and message content being the SOAP/XML stuff.
Squid only operates on the HTTP protocol. The content of messages is outside of Squid scope of operations and treated as opaque data. Manipulation or control based on message content is called "content filtering" and is performed by ICAP services and/or eCAP plugins for Squid.
NP: I'm not yet aware of any plugins/services that manipulate SOAP/XML data. Given that it is XML it should be relatively easy to create your own content filter that meets your needs.
I have looked into validating SOAPAction HTTP header, however this is an optional header which not all SOAP clients use..
For controlling it in Squid that is probably the best way. Unless you can find a better way to identify SOAP from just the HTTP headers (Content-Type perhapse?).
Amos