Hello all,

Straight away I apologise that this is a Notes-specific question.  I've 
also posted to notes.net, but I'd be very interested to hear if other 
Squid people have come across something similar.

We have a Slackware box running Squid 2.5.STABLE4.  The box functions as a 
secure reverse proxy for a backend Lotus Domino R6.52 box running iNotes 
webmail.  Everything works up to a point.  Incoming https web traffic goes 
to squid https_port 443.  The backend connection is unencrypted, and the 
squid accelerator settings are:

## These are the accelerator (or reverse proxy) settings.
httpd_accel_port 80
httpd_accel_host 192.168.0.1            # Notes IP
httpd_accel_single_host on              # Only one backend.
httpd_accel_uses_host_header on

When users connect from the internet to https://our.portal.url/ they 
receive the usual password dialog box.  This is Squid asking for windows 
authentication via Samba-3.0.0 to the Windows DC.  After successful 
Windows authentication they are directed to the iNotes logon page for 
Notes authentication.

The problem is that after authenticating in Notes, the browser brings up a 
redirect warning "You are about to be redirected to a connection that is 
not secure".    The user can click OK, but the browser then times out.

You then see that the requested URL was:

http://our.portal.url/mail/gmoore.nsf/iNotes/Proxy/?

This redirect is wrong on two counts.  First, it's http rather than https, 
hence the insecure warning.  Also, even if it is manually edited to https, 
it still times out.  In order to get past this, the user has to manually 
edit the browser URL to

https://our.portal.url/

and hit return.

We obviously need to get rid of this "insecure redirect" warning, and have 
iNotes fire up without requiring the user to mess about with the URL. This 
is almost certainly an iNotes issue, and I'll hopefully find a Notes fix 
or workaround.  Has anyone else seen anything similar? 

Failing a Notes fix, we're a bit stuck for ideas!  One idea might be to 
upgrade to Squid 3 and set up encryption on the backend (ie. from Squid to 
the Notes box), though I'm not convinced this will make any difference.  I 
just wonder if getting Squid to connect to SSL on the Notes box might 
somehow bypass the pesky redirect.  Hmmmmmmmmmm.

Thanks in advance for your thoughts.

Geoffrey.


----------------
Geoffrey Moore
Team Solutionz Ltd.
07811 031968

Reply via email to