how to replace the file to be downloaded by the user

Asked by Bob on 2015-11-16

now I begin to plan writing an adapter to replace the file that the user want to download, since there is no good document to read, I have to ask you for help.

I know there are three adapter examples, and I have briefly read them, but frankly I am still very not clear about how to write an adapter. firstly, can you tell me which example should i pay attention to?

Question information

Language:
English Edit question
Status:
Answered
For:
eCAP Edit question
Assignee:
No assignee Edit question
Last query:
2015-11-21
Last reply:
2015-11-21
sam (sadegh-sal) said : #1

If I understand your questing correctly
you can do this :

in the request mode you can get the user request URL with method

libecap::Area uri;
const libecap::RequestLine *CLRLP;

if (CLRLP requestLine = dynamic_cast<CLRLP>(&hostx->virgin().firstLine()))
 uri = requestLine->uri();
 else
      if (CLRLP requestLine = dynamic_cast<CLRLP>(&hostx->cause().firstLine()))
       uri = requestLine->uri();

std::cout<< uri.toString().c_str() << std::endl;

and modify this hostx->virgin().firstLine()

Bob (362061693-k) said : #2

well, thank you for your answer, Sam.

I am new to eCAP, so I am not sure if your answer is correct. let me clarify my question further.

if a user download a file like this: http://www.abc.com/url/xyz.exe, I want to give him a file say a.exe existing in a local directory, so your answer can make it?

furthermore, I want to learn the way writing an adapter, not just the pure answer :) , but i do prefer your answer if it is right:)

Alex Rousskov (rousskov) said : #3

FWIW, the answer provided by Sam is incorrect on two counts:

* It is usually not possible to redirect a host application to fetch something from the local disk (where your /tmp/a.exe is).
* Modifying the virgin transaction is not possible (it is constant).

Before you can select the right sample and write your adapter, you need to select between these two very different options:

1. Allow the host application download the resource requested by the user from the origin server (e.g., http://example.com/xyz.exe) and rewrite/adapt that origin server response to match some local resource (e.g., /tmp/a.exe). This is called RESPMOD adaptation. The best sample to use might be adapter_modifying.cc but there is no sample that does exactly what you want.

2. Respond to the user request (e.g., for http://example.com/xyz.exe) with some local resource (e.g., /tmp/a.exe) without going to the origin server. This is called REQMOD request satisfaction. I cannot think of a good sample for this, but there is a sketch in FAQ #2516 linked below. You may also search other Answers for the word "satisfaction".

FAQ #2516: “Can an adapter respond to requests instead of adapting them?”.

Bob (362061693-k) said : #4

thanks Alex.

Both the two options you gave me can do what i want? namely I am concerned about whether my requirement can be satisfied to some extent by your two options. if so, which option do you think is the best choice?

Alex Rousskov (rousskov) said : #5

AFAICT, both option #1 and option #2 fit your [probably incomplete] requirements.

I may be missing some other factors that are important to you, but I can suggest the following simple decision logic: If

A) you do not care about the host application caching the adapted response and
B) you do not need to know anything about the origin server response to generate the right adapter response,

then use option #2. Otherwise, you have to use option #1 (because only option #1 allows the host application to cache the adapter response (**) and gives you the information about the origin server response).

(**) In theory, caching is possible with option #1 as well, but no host application I know supports such post-cache REQMOD caching so, in practice, only option #2 gives you caching.

Bob (362061693-k) said : #7

well, actually I prefer to choose the option #2, since there is no need at all to let squid download the resource requested by the user from the origin server.

however you said you cannot think of a good sample for this(option #2), does it only mean that there is no any ready-made example, and option #2 can absolutely satisfy my requirement?

thanks.

Alex Rousskov (rousskov) said : #8

Yes, provided I interpret your requirements correctly.

Bob (362061693-k) said : #9

ok, I will carefully do some research on FAQ #2516. thanks a lot, Alex.

Bob (362061693-k) said : #10

Hi, Alex

I am now doing some research on FAQ #2516 and the source code for libecap-1.0.0, there is one thing that I want to know, that is when an user is downloading a file named abc.exe, and by ecap I can replace abc.exe with a local file named a.exe with the way(option #2) you told me, but i don't want the user know it obviously, namely the download prompt should not say that the user is downloading a.exe, if so the user will know he has been hijacked, thus the best way is that the download prompt still keep
the file name as abc.exe, only the file size changed since the size of abc.exe doesn't match that of a.exe. Can option #2 make it?

thanks.

Alex Rousskov (rousskov) said : #11

eCAP is an HTTP adaptation tool. HTTP [responses] do not have a notion of a "file name" (even though some HTTP headers may carry that information for higher level protocols/applications) so the question is not really about eCAP (wrong layer).

If you only replace HTTP response body (and the required body-tied HTTP meta information such as any Content-Length and Content-MD5 headers), a naive user will not see the difference. Needless to say, a knowledgeable user may compare the checksum with an authoritative source or use other means of validating the content and bypassing your adapter. Furthermore, web sites may use encryption or other means to make such content rewrites difficult or impossible.

Disclaimer: As a proxy operator (or equivalent), _you_ are responsible for protecting the integrity of web communications and doing the right thing for the user and/or content provider. Just because you can technically do something, does not mean you should do it. I trust you are using these tools and my advice for something good, despite the [easily misinterpreted but still user-unfriendly] terminology in your question.

Bob (362061693-k) said : #12

thanks Alex for your advice and your suggestion about using eCAP for good thing :)

because I am doing some research on web security, I must know the way some people can operate on it, that's why I use some user-unfriendly terminology in my question.

Can you help with this problem?

Provide an answer of your own, or ask Bob for more information if necessary.

To post a message you must log in.