Hello everyone, I'm new to squid and I've been pulling out hairs on this problem all morning. Perhaps someone on the list has some advice.
Here's the situation: I need to setup an SSL reverse proxy that will handle https traffic on port 443 from client (IE6) to proxy, and http traffic on port 8015 from the proxy to the backend server. I installed squid-2.5.STABLE4-20040121 on fedora as an http accelerator only, created my ssl keys and certs, and started everything up. Here is my testing config: http_access allow all http_reply_access allow all httpd_accel_host backend.foo.com httpd_accel_port 8015 httpd_accel_single_host on httpd_accel_uses_host_header off httpd_accel_with_proxy off https_port 443 cert=/tmp/cert.pem key=/tmp/key.pem ssl_unclean_shutdown on cache_store_log none redirect_program /usr/local/squirm/bin/myRedirect redirect_children 10 redirect_rewrites_host_header off The login page to the backend server got proxyed correctly, but after logon the return traffic to the client contained frames with links to 'http://backend.foo.com:8015'. I used split DNS to make the client resolve 'backend.foo.com' to the squid reverse proxy, but since squid is not (and I do not want it to) listen on http port 8015, squid sends RSTs back to the client. Since I can't tell the app to change it's links, I tried implementing a redirector per the squid FAQ section 15.5. Here's my shamelessly ripped code: #!/usr/bin/perl $|=1; while (<>) { @x = split; $url = $x[0]; if ($url =~ /^http:\/\/backend\.foo\.com:8015/) { $url =~ s/^http/https/; $url =~ s/\.com:8015/\.com/; print "301:$url\n"; } else { print "$url\n"; } } This works as I would think it should from the command line, only redirecting requests starting with 'http:backend.foo.com:8015', but according to my tcpdump traces squid is responding to *any* http or https request with a 301 redirect. Thus the loop. I then tried SQUIRM as my redirector with the following pattern: regexi ^http://backend\.foo\.com:8015/(.*$) 301:https://backend.fod.com/\1 This also works as expected via the command line, but again, according to tcpdump I have the exact same looping 301 problem. Anyone have any ideas as to what's wrong? Here is what shows up (repeated many times) in my squid access.log during the looping: 1 10.0.2.50 TCP_MISS/301 171 GET http://backend.foo.com:8015/ - NONE/- - Thank you for your time, Mike
