On 04/01/11 08:03, r.cazenave@xxxxxxx wrote:
Dear all, I am facing an issue with Squid configuration for which hopefully you will be able to help. The web server is using http only and is sending redirection (HTTP messages 302) towards its full URL, as in http://172.16.28.43:3080/site/redirect_login.do. Squid proxy (v3) is configured as reverse proxy to handle only HTTPS request from clients (actually any other ports than 443 are blocked by in-between firewall). The proxy is working as expected and is correctly handling clients requests and is replacing in server redirects the IP address:port by its own address and thus client receives the following: 302:http://mydomain.com/site/redirect_login.do.
?? Squid v3 is not yet capable of re-writing server redirect responses as you have described. The location_rewrite feature is needing a port from 2.x to 3.x. Do you have a patch to submit to squid-dev mailing list?
The remaining issue for which I am seeking help is protocol, I would like that http:// is translated to https:// by squid proxy. Without this, the client is then trying to connect to port 80 using http which is discarded by the firewall. I have tried redirector programs but it is not working (I suppose it translates only requests from client).
It sounds like a working redirector for you would be writing https:// in the URL instead of http://. This is easily fixed by altering whatever redirector you are using for Location: header re-write.
The best way to do redirects in reverse-proxy is with deny_info before the request ever gets to the server. Define a deny_info with https:// protocol URL and the client will get that.
What I suggest is this at the top of your squid.conf: acl HTTP proto HTTP deny_info https://mydomain.com/site/redirect_login.do HTTP http_access deny HTTP Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4
