On 6/28/07, Daniel Watts <d@xxxxxxxxxxxxx> wrote: > Dear List, > > Has anyone got a setup where you have a Pound front end reverse-proxy > listening for HTTPS traffic, and redirecting via HTTP to a batch of > backend web servers that squirrelmail is installed on? > > I have this working nicely except that the links and redirects are all > then written as "http" rather than "https". Is there any sane way I can > get the system so that security is maintained? If SM has no information about SSL a connection, you simply cannot expect it to do anything but what it is doing. > I'm thinking this might be to do with the "get_location" function in > squirrelmail - will I need to modify this somehow? Most people do that. > The trouble is user's can connect either via HTTP or HTTPS and I don't > want just a blanket change of all links to HTTPS. Why not? Minimal overhead, better email security. > Perhaps I need to get Pound to insert an X-SSL-Request header which can > tell get_location whether to prepend http:// or https:// Might be a good solution. > But this all sounds quite ugly and I'd rather not change squirrelmail code. The only other option would be to install the mind_reader plugin that knows that despite the fact that page requests come in HTTP, you really wanted links in HTTPS, but only in some cases. No sweat. :-) ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
