Hey everyone,
I figured out what was going on and have everything working smoothly.
for future references, here's what I did:
1.) configure squid. Here's the relevant chunk of the config:
---
https_port 443 cert=/usr/misc/certs/squid.cert
key=/usr/misc/certs/squid.pem defaultsite=testbench112.cnbc.cmu.edu
http_port 80 defaultsite=testbench112.cnbc.cmu.edu
cache_peer sourceserver112.cnbc.cmu.edu parent 80 0 no-query login=PASS
originserver name=server1
acl our_sites dstdomain localhost 127.0.0.1 sourceserver.cnbc.cmu.edu
testbench112.cnbc.cmu.edu
http_access allow our_sites
cache_peer_access server1 allow our_sites
url_rewrite_program /usr/local/bin/rewritehttps
url_rewrite_children 10
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
---
2.) Rewrite the URLs presented to Squid with a rewrite script as seen
above in /usr/local/bin/rewritehttps:
---
#!/usr/bin/perl
#
# URL rewriter for squid to convert HTTP requests to HTTPS.
$| = 1;
while (<>) {
s/^http:/301:https:/;
print;
}
---
Unless this looks horribly wrong to someone's keen eye, I'm going to
roll with it. Everything seems to be working as planned, and nothing has
caught fire yet :) I'd assume that this would also be useful for going
the opposite way, just change the script's https and http around and
change the cache peer to 443 instead of 80.
Have a great day,
--Anna
On 5/24/11 3:14 PM, Anna K. Hegedus wrote:
Hi Everyone,
I have a bit of an issue that I am trying to resolve with Squid, but I
cannot quite get the hang of things. I was wondering if someone could
help me out or point me in the right direction.
I have a simple piece of hardware that uses a web interface. This
hardware only uses http though, and I would like to make it a bit more
secure. The issue is that all of its internal pages are hard-coded
http. Right now, https and http are working perfectly through Squid on
another side we have, but on this one, whenever I click an http link,
the connection reverts back to an insecure one on port 80. Since there
is no https service on the hardware, I don't think I can just rewrite
the URL, although it would be great if I could.
Is there any way that I can use squid to fix this? So far, most
examples and docs I can see either have an https service listening on
the other side of squid, or they rewrite the urls.
Thanks for your help in advance!
Anna
