Eric Marquez wrote:
How do I setup a rule so squid knows how to handle a redirect response from a server to internal IP. I setup squid to use destdomain as in the acl for allowed sites.
Here's the interaction:
1. connect to http://gui-ui.example.com/
2. Authenticate against squid proxy
3. login to http://gui-ui.example.com/
4. gui-ui.example.com server responds with a redirect to one of its nodes IP address 10.10 4.45
5. connection broken at this point.
Is there a way to setup squid so it can handle the redirect?
Eric Marquez
The answer to your exact question is:
acl foo ...
deny_info http://10.10 4.45 foo
http_access deny auth foo
(require authentication, then when authenticated, if matches rule foo,
bounce to URL listed by deny_info).
However... why bother with redirection at all?
Is sounds like you actually need a reverse proxy configuration for the
'redirected node':
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
Note that authenticating against a squid proxy, then sending to
somewhere else as first asked. Will cause re-authentication to happen if
the remote node needs any auth done. Since the browser only sends the
auth to the machine/website it is asked to authenticate against.
Using a reverse proxy the browser is only talking to the main Squid
which can pass on auth details as needed.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
Current Beta Squid 3.1.0.13
