On 04/01/11 08:03, [email protected] wrote:
Dear all,
I am facing an issue with Squid configuration for which hopefully you
will be able to help.
The web server is using http only and is sending redirection (HTTP
messages 302) towards its full URL, as in
http://172.16.28.43:3080/site/redirect_login.do.
Squid proxy (v3) is configured as reverse proxy to handle only HTTPS
request from clients (actually any other ports than 443 are blocked
by in-between firewall).
The proxy is working as expected and is correctly handling clients
requests and is replacing in server redirects the IP address:port by
its own address and thus client receives the following:
302:http://mydomain.com/site/redirect_login.do.
?? Squid v3 is not yet capable of re-writing server redirect responses
as you have described. The location_rewrite feature is needing a port
from 2.x to 3.x. Do you have a patch to submit to squid-dev mailing list?
The remaining issue for which I am seeking help is protocol, I would
like that http:// is translated to https:// by squid proxy. Without
this, the client is then trying to connect to port 80 using http
which is discarded by the firewall. I have tried redirector programs
but it is not working (I suppose it translates only requests from
client).
It sounds like a working redirector for you would be writing https:// in
the URL instead of http://. This is easily fixed by altering whatever
redirector you are using for Location: header re-write.
The best way to do redirects in reverse-proxy is with deny_info before
the request ever gets to the server. Define a deny_info with https://
protocol URL and the client will get that.
What I suggest is this at the top of your squid.conf:
acl HTTP proto HTTP
deny_info https://mydomain.com/site/redirect_login.do HTTP
http_access deny HTTP
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
