On 10/07/24 10:25, Fiehe, Christoph wrote:
Hallo, I hope that somebody has an idea, what I am doing wrong. I try to build a generic package proxy with Squid and need the feature to rewrite (not redirect) a HTTP request to a package repository transparently to a HTTPS-based package source.
The "Wrong" starts with the very idea you have that re-writing a URL scheme is even useful.
While it mas *seem* like an okay idea, what you are actually doing is exposing the HTTPS secured Response message to transmission over insecure connections from Squid to client. That is prohibited by HTTPS which assumes/requires encryption negotiated between the origin client and the origin server.
The best you can do for a regular proxy. Is *redirect* the http:// requests with a 302 message telling the client to use https:// instead.
... http_access deny !to_archive_mirrors acl HTTP proto HTTP deny_info 302:https://%>rd%rp HTTP http_access deny HTTP http_access allow src_networks ... HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
