Re: Using ACLs to filter content on responses

From: Willy Tarreau <>
Date: Mon, 28 Jan 2008 22:14:31 +0100

Hello Ron,

On Sat, Jan 26, 2008 at 03:27:19PM -0600, Ron Miller wrote:
> Hello,
> Is it possible to filter responses returned from the back end web
> servers based on content using ACLs? I would be interested in
> filtering on the data returned from the servers (a URL embedded in
> html), as opposed to the headers.

No, and you are mixing two concepts it seems. You can block some response headers (not using the ACLs yet, but using "rspdeny"). However, nothing applies to data. And when you think about it, you cannot touch nor even inspect data before returning it to the requester, otherwise you have to buffer everything. Think about what anti-viruses are doing for instance. They often resort to cheats such as trickling so that the client does not time-out before all the data is inspected.

If you're really looking for a solution to transform or block any data, you should check tools such as ngrep or netsed, though I've never used either myself.

Willy Received on 2008/01/28 22:14

This archive was generated by hypermail 2.2.0 : 2008/01/28 23:00 CET