On 22.03.2012 12:20, Cliff Hill wrote:
I'm hoping someone can help me here. I'm a bit stumped. I recently
upgraded my Squid 3.1 to Squid 3.2.0.16, because I am attempting to
be
able to have deny_info with the new URL formatting for my reverse
proxy configurations so that I can pass whatever someone uses with
http:// to be transformed automatically into https://.
Anyway, here's the problem I'm having -- after building and deploying
my squid 3.2 server successfully, I no longer am getting a redirect
performed at all on my browsers. Without changing the relevant
components of my squid.conf file from how they worked in 3.1, they
just aren't working in 3.2 at all.
Here's some details -- squid.conf contains the following:
http_port 80 accel defaultsite=darkhelm.org
...
cache_peer 10.18.75.1 parent 80 0 no-query originserver login=PASS
name=xlorep
acl sites_xlorep url_regex ^https://xlorep\.darkhelm\.org
cache_peer_access xlorep allow sites_xlorep
http_access allow sites_xlorep
Equivalent to:
acl HTTPS proto HTTPS
acl xlorep dstdomain xlorep.darkhelm.org
cache_peer_access xlorep allow HTTPS xlorep
http_access allow HTTPS xlorep
acl http_xlorep url_regex ^http://xlorep\.darkhelm\.org
http_access deny http_xlorep
deny_info https://xlorep.darkhelm.org http_xlorep
...
<snip>
NOTE: both of these regex should never have matched in 3.1. defaultsite
explicitly forces the URI to be "http://darkhelm.org/..."; unless you the
vhost option is enabled. It is disabled by default on 3.1 and older.
3.2 uses HTTP/1.1 where vhost is enabled by default. So the regex ACL
might start operating now as you seem to have intended them to.
I'm running this all on a Debian Squeeze server.
When I telnet to the squid server, and make a get request for
http://xlorep.darkhelm.org, I get the following:
root@morsh:/etc/squid3# telnet localhost 3128
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET http://xlorep.darkhelm.org
An HTTP "0.9" format request. HTTP validation is not done beyond the
URL parsing.
HTTP/1.1 302 Moved Temporarily
Server: squid/3.2.0.16
Mime-Version: 1.0
Date: Wed, 21 Mar 2012 23:14:25 GMT
Content-Type: text/html
Content-Length: 0
Location: https://xlorep.darkhelm.org
X-Squid-Error: 403 Access Denied
X-Cache: MISS from morsh
X-Cache-Lookup: NONE from morsh:80
Via: 1.1 morsh (squid/3.2.0.16)
Connection: close
Connection closed by foreign host.
which appears to me to be what I need it to be, a redirect request
that sends me to the corrected address.
Confirmed. It is working.
However whenever I try to go there with a web browser, it just hangs,
and never actually gets redirected.
Right now, I just want it to simply redirect http:// to https:// for
my cache_peers. Can anyone help me?
With the above config...
. The client sends traffic to Squid via port 80. Meaning client<->squid
traffic is plain HTTP.
.. Your access control and deny_info bounces the client to an
"https://"; URI.
... The client should then dutifully connect to port 443 (HTTPS).
What happens then? your displayed config does not show.
Amos
