[squid-users] Reverse proxy with Domino Web Server

Hi Henrik,

Thank you for your earlier reply, pardon me that I am quite new to proxy
stuff and still not too clear yet. May be I should first describe my setup.

I need to setup reverse proxy for such connection:

client ------------------------------------------------> reverse proxy
-----------> domino web server
-------------------------------------------------> domino application
        (1) https + (2) proxy authentication (3)
http (4) domino session authentication

I have re-installed squid with version 2.5, with ssl option enabled.
The function (1) - https with client is working fine.

The problem I faced is that, the client browser url changed from
<rproxy.domain.com> to <webserver.domain.com> after the domino session
authentication (4).
This means, up to (3), the client browser url still remain as
rproxy.domain.com , and the page is the domino authentication page. After
entered the id and password at this page, the browser url changed to
webserver.domino.com

When I traced with tcpdump at proxy server and my workstation, it reveals
that after the mentioned authentication session, there are only packets
flow between my workstation and the webserver.

Also, when we traced the header log, we found the below:

==> (0) 'HTTP/1.0 302 Moved Temporarily\r\nServer:
Lotus-Domino/5.0.8\r\nDate: Wed, 25 Oct 2001 06:09:11 GMT\r\nLocation:
http://<webserver.domain.com>/WebMailRedirect.nsf?Open\r\nContent-Type:
text/html\r\nSet-Cookie: DomAuthSessId=1A3343F74667DF3D4DAB31438A63BAFC;
path=/\r\nX-Cache: MISS from <rproxy.domain.com>\r\nConnection:
close\r\n\r\n' <==

When we tested with another domino authentication method (normal domino
authentication, which is not that secure), there is no HTTP 302 response,
and the client url did not changed after the normal domino authentication.

===> Obviously, it is caused by the HTTP 302 things. Can advise whether
there is any work around to resolve this ?

Following is my squid configuration, please advise whether is there any
mistakes:

http_port 80
https_port 443 cert=/usr/local/ssl/certs/sslcert.crt
key=/usr/local/ssl/keys/ssl.key
redirect_rewrites_host_header off
acl server dst webserver.domain.com
http_access allow server
httpd_accel_host webserver.domain.com
httpd_accel_single_host on
httpd_accel_with_proxy on
forwarded_for off

Also, would like to seek for understanding on the options -
"header_replace" . Can it been used as some work around to the issue? and
how?

Best Regards,
Angie Ng

[This e-mail is confidential and may also be privileged. If you are not the
intended recipient, please delete it and notify us immediately; you should
not copy or use it for any purpose, nor disclose its contents to any other
person. Thank you.]
Received on Thu Oct 25 2001 - 23:40:09 MDT