Re: [squid-users] url_rewrite_program and https (secure) sites

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 13 Mar 2009 01:54:39 +1300

Jim wrote:
> Hi,
> I have a url_rewrite_program that will redirect users to an
> accepatable use policy page if they have not agreed to it before. THis
> works fine for any URL except for HTTPS requests.
>
> My log file tells me it is being re-written to my new URL but the
> browser just shows error page.
>
> I have tried making the redirector divert to a https version of the
> error page if it is a https request and a http version if a http
> request but with no difference.
>
> One thing I have noticed and not sure if related or not. If the
> request is HTTPS then the only thing passed to the rewrite program for
> the url is the host and port. No path, scheme (protocol) etc is
> passed. I believe this is because squid only has access to the host
> for HTTPS requests (because they are encrypted).

Squid does not receive such data for HTTPS. What it pases the redirector
is all it sees.
The CONNECT method is how HTTPS appears in logs and ACLs etc.

>
> Could this be relating to my problem.
>
> The redirector will divert to
> 302:http(s)www.mydomain.com/filtering/aup_handler.php if the user has
> not agreed to the acceptable use policy. As I say fine for http but
> can;t get it to work with https.
>
> Can any body help?

HTTPS is not HTTP for Squid.

Your better approach is to use an external ACL + http_access + deny_info
page to do the redirection. That works for any protocol that can display
error pages.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.6
Received on Thu Mar 12 2009 - 12:54:07 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 12 2009 - 12:00:02 MDT