Hello all, Straight away I apologise that this is a Notes-specific question. I've also posted to notes.net, but I'd be very interested to hear if other Squid people have come across something similar.
We have a Slackware box running Squid 2.5.STABLE4. The box functions as a secure reverse proxy for a backend Lotus Domino R6.52 box running iNotes webmail. Everything works up to a point. Incoming https web traffic goes to squid https_port 443. The backend connection is unencrypted, and the squid accelerator settings are: ## These are the accelerator (or reverse proxy) settings. httpd_accel_port 80 httpd_accel_host 192.168.0.1 # Notes IP httpd_accel_single_host on # Only one backend. httpd_accel_uses_host_header on When users connect from the internet to https://our.portal.url/ they receive the usual password dialog box. This is Squid asking for windows authentication via Samba-3.0.0 to the Windows DC. After successful Windows authentication they are directed to the iNotes logon page for Notes authentication. The problem is that after authenticating in Notes, the browser brings up a redirect warning "You are about to be redirected to a connection that is not secure". The user can click OK, but the browser then times out. You then see that the requested URL was: http://our.portal.url/mail/gmoore.nsf/iNotes/Proxy/? This redirect is wrong on two counts. First, it's http rather than https, hence the insecure warning. Also, even if it is manually edited to https, it still times out. In order to get past this, the user has to manually edit the browser URL to https://our.portal.url/ and hit return. We obviously need to get rid of this "insecure redirect" warning, and have iNotes fire up without requiring the user to mess about with the URL. This is almost certainly an iNotes issue, and I'll hopefully find a Notes fix or workaround. Has anyone else seen anything similar? Failing a Notes fix, we're a bit stuck for ideas! One idea might be to upgrade to Squid 3 and set up encryption on the backend (ie. from Squid to the Notes box), though I'm not convinced this will make any difference. I just wonder if getting Squid to connect to SSL on the Notes box might somehow bypass the pesky redirect. Hmmmmmmmmmm. Thanks in advance for your thoughts. Geoffrey. ---------------- Geoffrey Moore Team Solutionz Ltd. 07811 031968
