Re: [squid-users] reverse proxying https

From: Merton Campbell Crockett <[email protected]>
Date: Wed, 12 Jul 2006 06:36:52 -0700

On 12 Jul 2006, at 24:56 , Richard Patterson wrote:

> I've got squid sitting acting as a reverse proxy (http_accel) like
> this.
>
> client -----https----> squid ----http----> web_server
>
> This is all fine and well, however, the web_server is returning urls
> with "http://" hardcoded back to the client.
>
> The two easiest solutions (make squid talk https to the server, or
> make
> the server not pass the URI "http://" back) aren't possible.
>
> So my idea is to have squid listening on tcp80 aswell, and use a
> redirector to s@http://@302:https://@
>
> Is there something I'm missing? another way to solve this?
>
> *sigh* any hints?

I needed to provide this capability to a customer in 1998. The
solution to the problem was to use split DNS, Apache, virtual hosts,
and mod_rewrite. The internal web server was never "visible" to the
Internet and with mod_rewrite the content didn't need to be on a
single server. The one other advantage of this approach was that I
could use mod_rewrite to address probes for vulnerabilities.

Merton Campbell Crockett
m.c.crockett@adelphia.net
Received on Wed Jul 12 2006 - 07:36:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT