Search squid archive

Re: [squid-users] ssl redirections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 16 Jun 2005, Laurikainen, Tuukka wrote:

I apologize if this has been asked before (I assume so), but I haven´t been able to find any good explanations from the archives.

http_port squid-ip:80
https_port squid-ip:443  cert=path/to/cert key=path/to/key
https_port other-squid-ip:443      cert=path/to/cert key=path/to/key
httpd_accel_host virtual
httpd_accel_port 0

In jesred rules I have these two rules for testing:

regexi ^https://squid-ip/tst/(.*)     https://server-ip:443/\1   ^https://squid-ip/tst

regexi ^http://squid-ip/tst/(.*)      http://server-ip/\1           ^http://squid-ip/tst

Please note that the reconstructed URL in squid-2.5 is still http:// even if the request was acceped on an https_port. But thanks to httpd_accel_port 0 you should be able to identify the requests in the redirector.

With this configuration if a client tries to access https://squid-ip/tst/index.html, squid answers with Read Error (104) Connection reset by peer.

From the cache.log I get this:

2005/06/16 09:42:03| clientNegotiateSSL: Error negotiating SSL connection on FD 20: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)

See your access.log...

If I understand right, squid is receiving an http request, while waiting for an https, or did I get it totally wrong?

You are correct.

Likely cause:

a) You do not have access controls limiting what may be accessed via your reverse proxy (open proxy).

b) The URL issue mentioned above, causing your redirector rules to not match the requested URL.

Regards
Henrik

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux