On Fri, 3 Sep 2004 [EMAIL PROTECTED] wrote:
When users connect from the internet to https://our.portal.url/ they receive the usual password dialog box. This is Squid asking for windows authentication via Samba-3.0.0 to the Windows DC. After successful Windows authentication they are directed to the iNotes logon page for Notes authentication.
The problem is that after authenticating in Notes, the browser brings up a redirect warning "You are about to be redirected to a connection that is not secure". The user can click OK, but the browser then times out.
You then see that the requested URL was:
http://our.portal.url/mail/gmoore.nsf/iNotes/Proxy/?
This is a general problem of reverse proxies when the backend URL is different from the external URL. There is no very easy solutions to this problem.
The easiest solution is to make sure there is no difference on the two sides of the proxy. This you can do by running https:// the whole way to the server. You can do this with the SSL update by using a redirector helper to rewrite the protocol back to https:// while it is forwarded by Squid (SSL update patch required). In Squid-3 this can be done without the help of a redirector.
The other solution is to make the web server aware of what the externally visible URL looks like. This is for example the case with the "Front-End-Https" HTTP header used by MS OWA (and supported by the Squid SSL update) which indicates to the web application that the externally visible URL accessed by the end-user is using https:// even if the connection to the internal web server was using http://.
Regards Henrik
