Search squid archive

Re: reverse proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Milli Gurung wrote:
Hello,

I'm in bit of a dilemma here. I have the mail server inside the firewall and it redirects all incoming traffic (webmail) on port 80 to 443. Hence any internal user trying to access the webmail will be redirected to https:..xxx.iii.com

I'm using Squid 2.5 (on Suse Enterprise Server 9) and is configured as reverse Proxy sitting on the DMZ. The hostname of thiis proxy, lets say xyz. The only changes I made in squid.conf file is :
http_port 80
httpd_accel_host abc
httpd_accel_ port 80
http_accel_uses_host_header off
httpd_accel_single_host on

Internal users type http://abc.iii.com, it redirects to http://abc.iii.com but external users trying to get to webmail without vpn type: xzy.iii.com. It fails to redirect xyz.iii.com to https://xyz.com - get the generic IE "page cannot be displayed". However users can still get by manually typing : http://xyz.iii.com but this is not secured at all.

Does this mean I need to configure squid to use SSL? Since the mail server is doing all the redirection itself, I thought I could have Squid just redirect anything on port 80 to the emails server and email server itself handles the redirection to https port.

Yes, you need to set Squid up such that it listens for (and optionally terminates) HTTPS connections. Something along the lines of...

https_port 443 cert=/usr/local/squid/etc/cert.pem key=/usr/local/squid/etc/key.pem

...should do it. For what it's worth, I have never used Squid as an HTTPS front end, so I might be way off base.


Please help!!!!


Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux