tis 2006-04-25 klockan 17:18 -0400 skrev DGeorgie@wiley.com:
> Without Squid the SSL authentication works as expected. When Squid is
> added as a reverse proxy the following thing happens. For some reasons
> Squid transforms https://myapp.com/mypath/secure back to
> http://myapp.com/mypath/secure which triggers Apache rewrite rule again
> creates https://myapp.com/mypath/secure redirect.
> This happens again and again creating an endless loop. Squid and Apache
> are on dedicated servers.
Squid-2.5 as reverse proxy terminates the SSL connection. The connecion
Squid->Web server is always HTTP.
With Squid-3 (or the SSL update to 2.5 plus a bit more) it's possible to
tell Squid to initiate an SSL connection to the backend server, but you
should remember that this is independent of the client connection.
If you need full SSL between the client and the web server, as is
required for web servers making use of client-side certificates for
authentication then there is no choice but to publish the web servers
SSL port directly on the Internet. It is not possible to use a
man-in-the-middle such as a reverse proxy in such setups.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT