[squid-users] Reverse HTTPS Proxy to an HTTP Back-end Server.

From: Gaetan Piche <gaetan.piche@dont-contact.us>
Date: Tue, 03 Sep 2002 14:29:35 -0400

Hi... to all.

I need help on a specific setup.

I succeed doing an HTTPS client request to the front-end SQUID version
2.5.PRE11 configure as a Reverse Proxy, SQUID then request the back-end
server in HTTP.

So far so good, but when SQUID answer to the HTTPS client, any internal
hyperlink inside the web page using http://xyz
when click initiate an HTTP request. So my question is how can I have the
content modified so http://xyz can be rewrite when send to the client as
https://xyz.

I try the redirection but it seem's working only in proxy mode, not in
Reverse Proxy mode.

I also try using a redirector like "squirm" withou any positive result.

here is my SQUID.CONF
# 10.100.10.254 is my squid IP address.
https_port 10.100.10.254:443 cert=/usr/local/ssl/CA/certs/sreq.pem
key=/usr/local/ssl/CA/key/skey.pem version=1
visible_hostname collector.guru.com
emulate_httpd_log off
log_ip_on_direct on
mime_table /usr/local/squid/etc/mime.conf
log_mime_hdrs off
log_fqdn off
client_netmask 255.255.255.255
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
hosts_file /etc/hosts
unlinkd_program /usr/local/squid/libexec/unlinkd
# redirect_program /usr/local/squirm/bin/squirm
# redirect_program /tmp/fred.pl
# redirect_children 10
# redirect_rewrites_host_header off
# redirect_rewrites_host_header on
# TAG: redirector_access
# acl donotfilter dst 216.208.227.51
# acl filter src 127.0.0.1
# redirector_access deny donotfilter
# redirector_access allow filter
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 1024-65535 # unregistered ports
acl CONNECT method CONNECT
acl acceleratedhost dst 216.208.227.51/255.255.255.255
acl acceleratedport port 80
acl securehost dst 216.208.227.51/255.255.255.255
acl secureport port 443
acl allnet src 0.0.0.0/0.0.0.0
http_access allow acceleratedhost acceleratedport allnet
# http_access allow CONNECT securehost secureport allnet
http_access deny CONNECT !secureport
http_access deny all
http_reply_access allow all
cache_effective_user squid
httpd_accel_host www.xyz.com
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy off
httpd_accel_uses_host_header off

Gaetan Piche
E.Mail Gaetan.Piche@videotron.ca
Received on Tue Sep 03 2002 - 12:44:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:03 MST