I have successfully set up four Squid reverse proxies (Squid 2.5-STABLE4) listening on port 80 (HTTP) and port 443 (HTTPS). Using a simple perl redirector program the squids are calling a few different backend servers depending on the path, (/app1 goes to appserver1:8080/app1 etc).
SSL is only enabled between the browser and the reverse proxy servers. Traffic between the reverse proxies and all the backend web and appservers is non-encrypted HTTP, on non-standard ports.
The redirector script will bounce you from HTTP to HTTPS for some URLs, namely the URLs for the web applications.
I'm having a problem where the backend appserver sends a 302 (moved temporarily) which is an absolute URL, and begins with "http" rather than "https" because it can't see that it was an https URL that it is servicing.
This results in the browser receiving a redirect to a non-SSL page, then a redirect to an SSL page again (and over again).
How can I get around this? Is it possible to have squid rewrite the URL in the Location: header of the 302 response? (s/http:/https:/) Or is there some other way of altering the HTTP headers that the backend appserver sees such that the appserver will create the correct URL... Or can you send a partial URL in the Location field, eg just "/app1/welcome.xml" ?
By the way this is all on Solaris 8, and the backend appservers are Sun ONE Application Server 7 update 1, so the web apps themselves are servlets.
Thankyou
Jesse
--
::: Jesse Reynolds +61 (0)414 669 790 ::: AIM - jessedreynolds ::: ::: Virtual Artists Pty Ltd, Adelaide ::: http://www.va.com.au :::
