Re: [squid-users] HTTPS Reverse proxy with HTML contents rewrite

From: Merton Campbell Crockett <mcc@dont-contact.us>
Date: Fri, 7 Nov 2003 10:18:42 -0800 (PST)

On Fri, 7 Nov 2003, Henrik Nordstrom wrote:

> On Fri, 7 Nov 2003, Merton Campbell Crockett wrote:
>
> > Apache using mod_rewrite would be the answer. The <VirtualHost ...:80>
> > would need to have a redirect to 443. The problem will be the annoying
> > notices about leaving or entering a protected site.
>
> I don't see how this can be the answer.
>
> Sure, it makes things appear to work, but the https encryption becomes
> virtually useless as all/most requests are sent first unencrypted using
> HTTP (including any sensitive request details) and then repeated using
> https.

It's only sent accross the Internet to the client in encrypted form. Now,
that doesn't mean in won't be slow as each http request will be redirected
to the https port. But the content won't be retrieved from the internal
server except when an https request is made.

You could return a permanently moved status to the http request. If you're
lucky, the browser will "remember" this and translate all http requests to
https requests.

Merton Campbell Crockett

-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence and Exploitation Systems
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=fax,work:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard
Received on Fri Nov 07 2003 - 11:21:31 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:11 MST