Milli Gurung wrote:
Hello,
I'm in bit of a dilemma here. I have the mail server inside the
firewall and it redirects all incoming traffic (webmail) on port 80 to
443. Hence any internal user trying to access the webmail will be
redirected to https:..xxx.iii.com
I'm using Squid 2.5 (on Suse Enterprise Server 9) and is configured as
reverse Proxy sitting on the DMZ. The hostname of thiis proxy, lets
say xyz. The only changes I made in squid.conf file is :
http_port 80
httpd_accel_host abc
httpd_accel_ port 80
http_accel_uses_host_header off
httpd_accel_single_host on
Internal users type http://abc.iii.com, it redirects to
http://abc.iii.com but external users trying to get to webmail without
vpn type: xzy.iii.com. It fails to redirect xyz.iii.com to
https://xyz.com - get the generic IE "page cannot be displayed".
However users can still get by manually typing : http://xyz.iii.com
but this is not secured at all.
Does this mean I need to configure squid to use SSL? Since the mail
server is doing all the redirection itself, I thought I could have
Squid just redirect anything on port 80 to the emails server and email
server itself handles the redirection to https port.
Yes, you need to set Squid up such that it listens for (and optionally
terminates) HTTPS connections. Something along the lines of...
https_port 443 cert=/usr/local/squid/etc/cert.pem
key=/usr/local/squid/etc/key.pem
...should do it. For what it's worth, I have never used Squid as an
HTTPS front end, so I might be way off base.
Please help!!!!
Chris
