tis 2007-05-22 klockan 10:02 +1200 skrev Grant McLean: > Hi All > > I'm setting up Squid for the first time, in accelerator mode in front of > an Apache/mod_perl app. Squid is listening on both port 80 (HTTP) and > port 443 (HTTPS). The basics (including SSL cert stuff) are working but > I've hit a bit of a road block. > > Is there any way to tell that a particular request came in on the SSL > port? Yes. To have this forwarded to the backend server see the front-end-https cache_peer option. To detect this within Squid see the myport acl, or alternatively the proto acl (but see below). > It would be even better if I could achieve the redirect magic using a > squid redirector script, but once again, there doesn't seem to be > sufficient information passed to the redirector for it to know if the > request came over a secure channel. Well, for browsers you have the protocol. https vs http. But technically an http client could send a fully qualified https:// URI without using SSL if they insist on it so it's not a 100% indication that the request was received encrypted on an https_port. > Strangely, when I was playing around with this on Friday, I could have > sworn that the redirector script was receiving URLs that started with > 'https', but I can't reproduce that today so I must have imagined it :-) It does.. at least unless a) You tell your https_port to use http as the protocol identified. or b) If you are using Squid-2.5 and not the currently supported 2.6 version. The https_port support in Squid-2.5 isn't very friendly.. Regards Henri
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
