Re: [squid-users] clarification about url rewriters from Amos Jeffries on 2011-01-06 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 07 Jan 2011 18:47:12 +1300

On 01/01/11 03:54, Hasanen AL-Bana wrote:
> I suppose your script is working just fine , however it would be
> better if you post it here.
> If your script have no problem , then I guess your HTTPS requests are
> not being forwarded to Squid. like in my case only requests on port 80
> (http) are being forwarded. that could be the reason for not getting
> any https converted into http.
>
> On Fri, Dec 31, 2010 at 5:47 PM, Roberto Franchesco
> <robfranchesco_at_gmail.com> wrote:
>> I have a question about URL rewriters that I couldn't really figure
>> out from reading the faqs/wiki on the squid site...
>>
>> I've seen many examples of how to set up a url rewriter to handle urls
>> like http://website.com and turn the urls into https://website.com
>> which works very well without a hitch.
>>
>> My question is whether or not it is possible to use url rewriters to
>> take urls like https://website.com and turn them into
>> http://website.com (essentially the reverse of the many examples out
>> there).
>>
>> I've tried doing this by editing the perl code in my url rewriter
>> script, but it doesn't seem to be working. More specifically, I've
>> tried having the script handle urls that begin with https and it
>> doesn't seem to pass those urls to the rewriter. So another question
>> is whether or not its possible to have url rewriters do something
>> along the lines of taking: https://site1.com and turning it into
>> https://site2.com ?
>>
>> My thoughts are that IF url rewriters can be used oh https url
>> requests, then I probably have to set up my config file to tell it to
>> use the url rewriters for https requests?

The problem is that https:// does not exist on URLs. What gets sent
instead by the browser is a special "CONNECT host:port" request with a
body of encrypted blob.

HTTP redirect, the real kind using 30x status code, is possible to
bounce the client to an http:// URL when it sends CONNECT. The very
latest Squid releases will use 307 by default on redirected CONNECT
requests. But the redirect status is only known to be handled properly
by Firefox at present. We are awaiting HTTP compliance from the other
browsers.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4

Received on Fri Jan 07 2011 - 05:47:20 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 07 2011 - 12:00:02 MST