Re: [squid-users] handle server redirect to an internal IP

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 21 Aug 2009 12:46:22 +1200

Eric Marquez wrote:
> How do I setup a rule so squid knows how to handle a redirect response from a server to internal IP. I setup squid to use destdomain as in the acl for allowed sites.
>
> Here's the interaction:
> 1. connect to http://gui-ui.example.com/
> 2. Authenticate against squid proxy
> 3. login to http://gui-ui.example.com/
> 4. gui-ui.example.com server responds with a redirect to one of its nodes IP address 10.10 4.45
> 5. connection broken at this point.
>
> Is there a way to setup squid so it can handle the redirect?
>
> Eric Marquez
>

The answer to your exact question is:
  acl foo ...
  deny_info http://10.10 4.45 foo
  http_access deny auth foo
(require authentication, then when authenticated, if matches rule foo,
bounce to URL listed by deny_info).

However... why bother with redirection at all?

  Is sounds like you actually need a reverse proxy configuration for the
'redirected node':
  http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

Note that authenticating against a squid proxy, then sending to
somewhere else as first asked. Will cause re-authentication to happen if
the remote node needs any auth done. Since the browser only sends the
auth to the machine/website it is asked to authenticate against.
Using a reverse proxy the browser is only talking to the main Squid
which can pass on auth details as needed.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13
Received on Fri Aug 21 2009 - 00:46:29 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 21 2009 - 12:00:03 MDT