On Sun, 2005-01-30 at 20:29 -0500, Brad Taylor wrote:
> This weekend we tried to deploy our Squid cache without success. Here
> is our setup:
>
> Network is setup with all private IP address 10.10.1.x. Public IP
> addresses are mapped 1 to 1 on our firewall. For example:
>
> y.y.y.y (private address) maps to 10.10.1.11 (Squid)
> Squid is setup to proxy for 10.10.1.21
>
> Our web code on 10.10.1.21 has the following in the default web page:
I have very limited experience in Microsoft Visual Brainfart, but I'll
try to help you all the same
>
> 'STEP 3 : Encrpytion Check
> public sub switchHTTPS ()
> dim serverPort443
> dim onHTTPs
> dim urlEnd
> dim urlBase
>
> serverPort443 = (Request.ServerVariables ("SERVER_PORT")
> = 443)
> onHTTPs = (Request.ServerVariables ("HTTPS") = "on")
>
> if not (serverPort443 and onHTTPs) then
These three lines are the problem. The client is connecting to the
reverse proxies using HTTPs, but then the reverse proxies talk to the
server in plain HTTP. What you need to do is altering this change in a
manner that
- checks if the client-ip is that of one of the reverse-proxies
- checks the Via: header on whether the client-port was :443 (I'm not
sure if Squid adds more HTTP headers indicating the SSL connections
details, you might want to check those instead).
Otherwise you might want to put the SSL-switching logic in a Squid
redirector rather than in the webserver (see the squid FAQ on how to do
this).
> I think this is what is causing the problem because when I comment out
> "Call switchHTTS()" Squid appears to work. How could we still force
> HTTPS but loose the redirect? Or could I be missing something else?
Kinkie
Received on Mon Jan 31 2005 - 04:38:22 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:36 MST