On Fri, 3 Sep 2004 Geoff.Moore@TeamSolutionz.com wrote:
> When users connect from the internet to https://our.portal.url/ they
> receive the usual password dialog box. This is Squid asking for windows
> authentication via Samba-3.0.0 to the Windows DC. After successful
> Windows authentication they are directed to the iNotes logon page for
> Notes authentication.
>
> The problem is that after authenticating in Notes, the browser brings up a
> redirect warning "You are about to be redirected to a connection that is
> not secure". The user can click OK, but the browser then times out.
>
> You then see that the requested URL was:
>
> http://our.portal.url/mail/gmoore.nsf/iNotes/Proxy/?
This is a general problem of reverse proxies when the backend URL is
different from the external URL. There is no very easy solutions to this
problem.
The easiest solution is to make sure there is no difference on the two
sides of the proxy. This you can do by running https:// the whole way to
the server. You can do this with the SSL update by using a redirector
helper to rewrite the protocol back to https:// while it is forwarded by
Squid (SSL update patch required). In Squid-3 this can be done without the
help of a redirector.
The other solution is to make the web server aware of what the externally
visible URL looks like. This is for example the case with the
"Front-End-Https" HTTP header used by MS OWA (and supported by the Squid
SSL update) which indicates to the web application that the externally
visible URL accessed by the end-user is using https:// even if the
connection to the internal web server was using http://.
Regards
Henrik
Received on Fri Sep 03 2004 - 06:19:27 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:01 MDT