[squid-users] redirect.pl

Hi,

I haven't gotten a response regarding my SSL Accelerator issue. I guess not
many people are running squid as reverse proxy for SSL.

As an alternative, I'm trying to have Squid "pass through" the SSL traffics.
By that i mean, i don't want squid to do any SSL handshake. What i want
Squid to do though is to rewrite the url to the final destination.

Following is the rewrite.pl i have.. Can you tell what the problem is
because it doesn't work.

#!/usr/bin/perl
use strict;

$|=1;
while(<>) {
        s@http://10.1.1.2@http://fred.callisma.com@;
        s@https://10.1.1.2@https://fred.callisma.com@;
        print;
}

Error message i get at the client's browser is "The page cannot be
displayed"

squid.conf ---
http_port 80
debug_options ALL,1
acl all src 0.0.0.0/0.0.0.0
http_access allow all
cache_mgr root
cache_effective_user squid
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_single_host off
httpd_accel_with_proxy off
httpd_accel_uses_host_header on

redirect_program /usr/local/squid/bin/squid_redirect.pl
redirect_children 30
redirect_rewrites_host_header off

thanks,

Mike

----- Original Message -----
From: "Mike Lee" <mlee@netclimb.com>
To: <squid-users@squid-cache.org>
Sent: Thursday, January 24, 2002 4:58 PM
Subject: [squid-users] squid 2.5pre3 as ssl accelerator. -- almost.. not
quite.

> following config works.
>
> ---------------------------------------
> http_port 80
> https_port 10.1.1.2:443 cert=/usr/local/squid/etc/cert.pem
> key=/usr/local/squid/etc/key.pem
> debug_options ALL,1
> acl all src 0.0.0.0/0.0.0.0
> http_access allow all
> cache_mgr root
> cache_effective_user squid
> httpd_accel_host <target real server's ip address>
> httpd_accel_port 80
> httpd_accel_single_host on
> httpd_accel_with_proxy off
> httpd_accel_uses_host_header on
>
> redirect_program /usr/local/squid/bin/squid_redirect.pl
> redirect_children 30
> redirect_rewrites_host_header off
> --------------------------------------
>
> So, only thing i changed is httpd_accel_host, _single_host and _port.. I
> changed from virtual to single host.
>
> Does this mean that i can't do Squid 2.5Pre3+ssl accel+httpd accel to
> multiple servers in the backend??
>
> thanks,
>
> Mike
>
> ----- Original Message -----
> From: "Mike Lee" <mlee@netclimb.com>
> To: <squid-users@squid-cache.org>
> Sent: Thursday, January 24, 2002 3:35 PM
> Subject: squid 2.5pre3 as ssl accelerator. -- some log messages
>
>
> > Here are more info.
> >
> > cache.log indicated that squid started ok. --------------
> > 2002/01/24 16:19:55| Restarting Squid Cache (version 2.5.PRE3)...
> > 2002/01/24 16:19:55| FD 19 Closing HTTP connection
> > 2002/01/24 16:19:55| FD 54 Closing HTTP connection
> > 2002/01/24 16:19:55| DNS Socket created at 0.0.0.0, port 1043, FD 19
> > 2002/01/24 16:19:55| Adding nameserver 10.1.1.2 from /etc/resolv.conf
> > 2002/01/24 16:19:55| helperOpenServers: Starting 30 'squid_redirect.pl'
> > processes
> > 2002/01/24 16:19:55| Accepting HTTP connections at 0.0.0.0, port 80, FD
> 20.
> > 2002/01/24 16:19:55| Initialising SSL.
> > 2002/01/24 16:19:55| Using certificate in /usr/local/squid/etc/cert.pem
> > 2002/01/24 16:19:55| Using private key in /usr/local/squid/etc/key.pem
> > 2002/01/24 16:19:55| Accepting HTTPS connections at 10.1.1.2, port 443,
FD
> > 55.
> > 2002/01/24 16:19:55| WCCP Disabled.
> > 2002/01/24 16:19:55| Loaded Icons.
> > 2002/01/24 16:19:55| Ready to serve requests.
> >
> > access.log when tried https://server.domain.com ----------------
> > 1011916037.433 4 10.1.1.30 TCP_NEGATIVE_HIT/400 849 GET
> > http://server.domain.com:443/ - NONE/- text/html
> >
> >
> > thanks,
> >
> > Mike
> > ----- Original Message -----
> > From: "Mike Lee" <mlee@netclimb.com>
> > To: <squid-users@squid-cache.org>
> > Sent: Thursday, January 24, 2002 3:09 PM
> > Subject: squid 2.5pre3 as ssl accelerator.
> >
> >
> > > Hi,
> > >
> > > I'm wondering if anyone can help me. I've gotten the httpd
accelerator
> to
> > > work. I'm trying to get SSL Accel to work.
> > >
> > > Here is my squid.conf ----------
> > > http_port 80
> > > https_port 10.1.1.2:443 cert=/usr/local/squid/etc/cert.pem
> > > key=/usr/local/squid/etc/key.pem
> > > httpd_accel_host virtual
> > > httpd_accel_port 0
> > > httpd_accel_single_host off
> > > httpd_accel_with_proxy off
> > > httpd_accel_uses_host_header on
> > >
> > > redirect_program /usr/local/squid/bin/squid_redirect.pl
> > > redirect_children 30
> > > redirect_rewrites_host_header off
> > > -------------------------------------
> > >
> > >
> > > When client tries to get to the SSL site, error message comes up.
> > >
> > > Bad Request
> > > Your browser sent a request that this server could not understand.
> > > Reason: You're speaking plain HTTP to an SSL-enabled server port.
> > > Instead use the HTTPS scheme to access this URL, please.
> > >
> > >
> > > Hint: https://server.domain.com:443/
> >
>
> --------------------------------------------------------------------------
> > --
> > > ---------------
> > >
> > > To explain exactly what happens..
> > >
> > > Certificate window does show up. I click on ok to accept the
> certificate
> > > and this error message shows up.
> > >
> > > When i tcpdump on the target machine(real server), i don't even see
any
> > > packets come in. So, i'm pretty sure it's the squid box that giving
> this
> > > error message back to the client..
> > >
> > >
> > >
> > > Help!!
> > >
> > > Mike
> > >
> > >
> >
>
Received on Fri Jan 25 2002 - 10:54:11 MST