On Mon, Jan 17, 2005 at 11:04:17AM +0100, Henrik Nordstrom wrote:
> On Fri, 14 Jan 2005, Brett Lymn wrote:
>
> >their redirector was seeing the https requests. So, can a redirector
> >rewrite a https request to go to a http server? Would squid ignore the
> >redirect and just go to the https server anyway?
>
> In theory it should be able to send a browser redirect, but I am not sure
> if either Squid or the clients supports this..
>
I may have been a bit sloppy in my terminology there. When I said redirect
I meant "rewrite the URL", this is what Websense does in the normal case
if the page is blocked the redirector process rewrites the URL to point
at a "this access is blocked" page. Anyway, I think you have confirmed
what I understood to be happening.
> It should be possible to redirect to another https server specifically
> designed to return the block page no matter what the client requests, but
> not without a browser warning about the certificate name due to the nature
> of SSL.
>
Yes, that was my thinking. The certificate issue should not be too bad
since the block page server would be under our control so our users would
only have to accept the certificate once.... in an ideal world they would
never need to see the blocked page anyway since it is somewhere they should
not be going using work's resources.
-- Brett LymnReceived on Mon Jan 17 2005 - 05:09:08 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST