[squid-users] SSL rev proxy, redirector, 302 problems

From: Jesse Reynolds <lizst@dont-contact.us>
Date: Wed, 3 Dec 2003 23:40:21 +1100

Hi

I have successfully set up four Squid reverse proxies (Squid
2.5-STABLE4) listening on port 80 (HTTP) and port 443 (HTTPS). Using
a simple perl redirector program the squids are calling a few
different backend servers depending on the path, (/app1 goes to
appserver1:8080/app1 etc).

SSL is only enabled between the browser and the reverse proxy
servers. Traffic between the reverse proxies and all the backend web
and appservers is non-encrypted HTTP, on non-standard ports.

The redirector script will bounce you from HTTP to HTTPS for some
URLs, namely the URLs for the web applications.

I'm having a problem where the backend appserver sends a 302 (moved
temporarily) which is an absolute URL, and begins with "http" rather
than "https" because it can't see that it was an https URL that it is
servicing.

This results in the browser receiving a redirect to a non-SSL page,
then a redirect to an SSL page again (and over again).

How can I get around this? Is it possible to have squid rewrite the
URL in the Location: header of the 302 response? (s/http:/https:/) Or
is there some other way of altering the HTTP headers that the backend
appserver sees such that the appserver will create the correct URL...
Or can you send a partial URL in the Location field, eg just
"/app1/welcome.xml" ?

By the way this is all on Solaris 8, and the backend appservers are
Sun ONE Application Server 7 update 1, so the web apps themselves are
servlets.

Thankyou

Jesse

-- 
   ::: Jesse Reynolds +61 (0)414 669 790 ::: AIM - jessedreynolds :::
   ::: Virtual Artists Pty Ltd, Adelaide ::: http://www.va.com.au :::
Received on Wed Dec 03 2003 - 05:40:44 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:04 MST