tis 2007-05-22 klockan 10:02 +1200 skrev Grant McLean:
> Hi All
>
> I'm setting up Squid for the first time, in accelerator mode in front of
> an Apache/mod_perl app. Squid is listening on both port 80 (HTTP) and
> port 443 (HTTPS). The basics (including SSL cert stuff) are working but
> I've hit a bit of a road block.
>
> Is there any way to tell that a particular request came in on the SSL
> port?
Yes.
To have this forwarded to the backend server see the front-end-https
cache_peer option.
To detect this within Squid see the myport acl, or alternatively the
proto acl (but see below).
> It would be even better if I could achieve the redirect magic using a
> squid redirector script, but once again, there doesn't seem to be
> sufficient information passed to the redirector for it to know if the
> request came over a secure channel.
Well, for browsers you have the protocol. https vs http.
But technically an http client could send a fully qualified https:// URI
without using SSL if they insist on it so it's not a 100% indication
that the request was received encrypted on an https_port.
> Strangely, when I was playing around with this on Friday, I could have
> sworn that the redirector script was receiving URLs that started with
> 'https', but I can't reproduce that today so I must have imagined it :-)
It does.. at least unless
a) You tell your https_port to use http as the protocol identified.
or
b) If you are using Squid-2.5 and not the currently supported 2.6
version. The https_port support in Squid-2.5 isn't very friendly..
Regards
Henri
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT