Re: [squid-users] HTTPS Reverse proxy URL rewrite.

Dwyer, Simon wrote:
> Hi,
>
> https_port 443 accel cert=/opt/ssl/mypage/my.page.com.crt
> key=/opt/ssl/mypage/my.page.com.key defaultsite=my.page.com vhost
>
> cache_peer 192.168.0.1 parent 80 0 no-query originserver login=PASS
> name=my.page.com

Hmm, thats the right config for it. Methinks its the backend server
doing the URL re-writing since its generating pages for what it thinks
is HTTP.

Seeing as it is unencrypted squid->server then you should be able to
tcpdump/wireshark the requests and confirm which one is re-writing.

Amos

>
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> cache_mem 50 MB
> cache_dir ufs /opt/csw/var/cache 1000 16 256
> access_log /opt/csw/var/logs/access.log squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl CONNECT method CONNECT
> http_access allow all
> http_reply_access allow all
> icp_access allow all
> cache_mgr admin@home.com
> visible_hostname hostname.com
> coredump_dir /opt/csw/var/cache
>
>
> I have not touched anything other than the cache peer, https_ports and
> chaning the http_access to all. I will locked it down once I have it
> working.
>
> Cheers,
>
> Simon.
>
> -----Original Message-----
> From: Keshava M P [mailto:keshava.mp@gmail.com]
> Sent: Tuesday, 30 October 2007 2:06 AM
> To: Dwyer, Simon
> Cc: squid-users
> Subject: Re: [squid-users] HTTPS Reverse proxy URL rewrite.
>
> Hi,
> can you post config?
> regards,
>
> On 10/29/07, Dwyer, Simon <sdwyer@federalit.net> wrote:
>> Hey everyone.
>>
>>
>>
>> Still setting up my reverse https proxy server. I have it working to a
>> degree except that when I connect to the site it seems to be rewriting the
>> address from https to http.
>>
>>
>>
>> The server in the back end is talking to squid with http but I want it
> https
>> from squid to the user. I was under the understanding that this is
>> possible.
>>
>>
>>
>> What I need to know is if its squid rewriting the url or the back end
>> server.
>>
>>
>>
>> Cheers,
>>
>>
>>
>> Simon Dwyer
>>
>
>
Received on Wed Oct 31 2007 - 04:12:29 MDT