Re: [squid-users] Reverse proxy with Domino Web Server

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 26 Oct 2001 22:40:02 +0200

Quite likely the same problem, or the problem of the web mail
application generating full URL's in HTML content.

Squid will reply using https to the queries it has received using https,
but it will not rewrite any content. If your server in one way or
another returns a full http:// URL either in a Location header of a
redirect, or embedded in HTML content, Squid will pass this one on to
the client as it is.

The previously mentioned "rproxy" branch of Squid has the capability of
rewriting Location headers before passed on to the client, thus allowing
you to rewrite http://your.server/ Location headers to https.

If the problem is URLs embedded in HTML content generated by some
application, there currently is not much you can do, except possibly
setting up a redirector that will bounce the client back to https:// if
it attempts to contact the service using http://, but this is of very
limited use as the first attempt to contact the server will then use
unencrypted http, possibly revealing private information.

Regards
Henrik Nordström
Squid Hacker

ng.angie@i-stt.com wrote:
>
> Hi Henrik,
>
> Many thanks for your advise, it works. But, another problem here, the
> domino web server is link to the domino mail server, the session at client
> browser remain as https after I login (this is good), but, it switch to
> http while I try to create new memo/reply mail/forward mail... This is
> mainly that the domino web server and mail server has turn off ssl?
>
> client ----------> reverse proxy ------------> domino web server
> https http
> <---------- <------------
> https http
>
> Correct me if I'm wrong, my understanding is, although squid talk in http
> with webserver, but will then reply to client using https (as above
> diagram), right?
>
> Can advise on what can I configure to resolve the switching between https
> and http problem?
Received on Fri Oct 26 2001 - 14:39:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:09 MST