Re: [squid-users] Squid3: https virtual domain redirects

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 7 Sep 2003 19:40:59 +0200

On Sunday 07 September 2003 17.02, Jim Flowers wrote:

> Interesting, neither accel nor vhost are listed as https_port
> options and given the note I thought it was automatic. I am now
> using vhost with no defaultsite=... and it seems to work OK for
> both rewrites and cache_peer methods.

https_port supports all the options of http_port, plus a whole lot
more..

accel is automatic and does not need to be mentioned.. (automatically
enabled by vhost/vport/defaultsite, and at least one is required for
accelerator setups)

vhost is not documented in https_port as we have not imagined one
would use https_port in other configurations than defaultsite= due to
the name restrictions of SSL certificates, but when I think about it
I already have customers using vhost https_port with a wildcard
certificate so vhost is meaningful to document for https_port.
Documentation added.

> cache_peer 1.1.1.1 parent 80 0 no-query originserver
> name=www.example.com
> acl my dstdomain www.abc.com.at.example.com
> cache_peer_access www.example.com allow my
>
> Are both methods OK or just yours?

Both are virtually identical. Using the name= option is just to make
things a little more readable.

> One final (ho ho ho :} question: When I rewrite https://accel.com
> to http://origin.com and use always_direct allow http://origin.com
> the browser (IE6) pops up the message that both secure and
> non-secure items are going to be displayed. Any way 'round this?

Works here... but maybe the warning says exacly what happened for you
if the server gave http:// links to objects in the same page? If it
did then you are hitting the border of what can be done with Squid as
a reverse proxy. Squid can map requests freely, but it can not
modify the responses given by the web servers contacted. If the web
server gives an absolute URL to some object in the HTML code or via a
Location header then the same URL will be given to the client.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Sun Sep 07 2003 - 11:41:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:34 MST