RE: [squid-users] No SSL to SSL redirection problem from Roberto O. Fernández Crisial on 2009-02-24 (squid-users)

From: Roberto O. Fernández Crisial <rfernandez_at_bumeran.com>
Date: Tue, 24 Feb 2009 09:51:14 -0200

Hi guys,

I made the easy way. My Squid is Listen on ports 80 and 443, so the Apache (in httpd_accel_... mode) was configured to rewrite url via .htaccess file.

1st request: http://www.foo.com/bar
2nd request (forwarded): https://www.foo.com/bar

Here is the .htaccess file's lines:

RewriteEngine On
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Thank you for your help!

Regards,
Roberto.

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Lunes 23 de Febrero de 2009 22:32
To: Roberto O. FernÃ¡ndez Crisial
Cc: 'John Doe'; squid-users_at_squid-cache.org
Subject: RE: [squid-users] No SSL to SSL redirection problem

> I think url_rewrite_access is not supported by Squid 2.5 and supported on
> Squid 2.6+.
>
> I was looking and I found this
> http://www.squid-cache.org/mail-archive/squid-users/200502/0150.html but I
> do not want to limit access on port 80.
>
> Any ideas?

Step 1: upgrade to a current Squid which support your requirements.

Step 2: try the advised rewriter access controls.

Amos

>
> Thank you,
>
> Roberto O. FernÃ¡ndez Crisial
>
>
> -----Original Message-----
> From: John Doe [mailto:jdmls_at_yahoo.com]
> Sent: Lunes 23 de Febrero de 2009 14:41
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] No SSL to SSL redirection problem
>
>
>> > > â€œhttp://...%c3%a2%e2%82%ac%c2%9d, even after be matched with script, and makes an
>> infinite loop
>> > > requests (the script redirects to https but the Squid take it as
>> http and
>> > > make the redirection again). What I can do? How can I make the
>> â€œhttpâ€ to
>> > > â€œhttpsâ€ to work fine?
>> >
>> > What is your acl for the rewrite?
>> > Maybe that would prevent the loops...
>> >
>> > url_rewrite_access allow !SSL_ports
>> >
>> I do not have a line " url_rewrite_access allow !SSL_ports" I have one
>> like
>> this "http_access deny CONNECT !SSL_ports"..
>
> This access is just basic security.
>
> I was suggesting:
> url_rewrite_access allow !SSL_ports
> in order to only rewrite non-https URLs.... to avoid the loops.
>
> JD
>
>
>
>
>
Received on Tue Feb 24 2009 - 11:51:16 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 24 2009 - 12:00:02 MST