On Thu, 16 Jun 2005, Laurikainen, Tuukka wrote:
I apologize if this has been asked before (I assume so), but I haven´t been
able to find any good explanations from the archives.
http_port squid-ip:80
https_port squid-ip:443 cert=path/to/cert key=path/to/key
https_port other-squid-ip:443 cert=path/to/cert key=path/to/key
httpd_accel_host virtual
httpd_accel_port 0
In jesred rules I have these two rules for testing:
regexi ^https://squid-ip/tst/(.*) https://server-ip:443/\1
^https://squid-ip/tst
regexi ^http://squid-ip/tst/(.*) http://server-ip/\1
^http://squid-ip/tst
Please note that the reconstructed URL in squid-2.5 is still http:// even
if the request was acceped on an https_port. But thanks to
httpd_accel_port 0 you should be able to identify the requests in the
redirector.
With this configuration if a client tries to access
https://squid-ip/tst/index.html, squid answers with Read Error (104) Connection
reset by peer.
From the cache.log I get this:
2005/06/16 09:42:03| clientNegotiateSSL: Error negotiating SSL connection on FD
20: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
See your access.log...
If I understand right, squid is receiving an http request, while waiting for an
https, or did I get it totally wrong?
You are correct.
Likely cause:
a) You do not have access controls limiting what may be accessed via your
reverse proxy (open proxy).
b) The URL issue mentioned above, causing your redirector rules to not
match the requested URL.
Regards
Henrik
