On Mon, Jan 17, 2005 at 11:04:17AM +0100, Henrik Nordstrom wrote: > On Fri, 14 Jan 2005, Brett Lymn wrote: > > >their redirector was seeing the https requests. So, can a redirector > >rewrite a https request to go to a http server? Would squid ignore the > >redirect and just go to the https server anyway? > > In theory it should be able to send a browser redirect, but I am not sure > if either Squid or the clients supports this.. >
I may have been a bit sloppy in my terminology there. When I said redirect I meant "rewrite the URL", this is what Websense does in the normal case if the page is blocked the redirector process rewrites the URL to point at a "this access is blocked" page. Anyway, I think you have confirmed what I understood to be happening. > It should be possible to redirect to another https server specifically > designed to return the block page no matter what the client requests, but > not without a browser warning about the certificate name due to the nature > of SSL. > Yes, that was my thinking. The certificate issue should not be too bad since the block page server would be under our control so our users would only have to accept the certificate once.... in an ideal world they would never need to see the blocked page anyway since it is somewhere they should not be going using work's resources. -- Brett Lymn
