Re: [squid-users] SSL rev proxy, redirector, 302 problems

From: Jesse Reynolds <lizst@dont-contact.us>
Date: Thu, 4 Dec 2003 11:23:00 +1100

Thanks Henrik, comments below...

At 0:29 +0100 4/12/03, Henrik Nordstrom wrote:
>On Wed, 3 Dec 2003, Jesse Reynolds wrote:
>
>> I'm having a problem where the backend appserver sends a 302 (moved
>> temporarily) which is an absolute URL, and begins with "http" rather
>> than "https" because it can't see that it was an https URL that it is
>> servicing.
>
>This is one aspect of the general problem of the web server not knowing
>it's real URL.
>
>If you can it is absolutely best to address this in the web server to make
>both the server and applications know the correct URL of the server,
>allowing them to generate correct URLs whenever a full URL needs to be in
>a reply of any form.

Right. So what is the best way of letting the web server know whether
the client is using HTTP or HTTPS ? We are currently thinking of
adding some lines to the redirector to add "&ssl=1" to the URLs if
the user is coming in via HTTPS, so that the application can know to
generate an https:// url rather than http:// - does this sound like
the best solution?

The only other thing I can see in the headers that may help is the
Referrer which will work for pages that haven't been bookmarked by
the user only... so I don't think this is good enough, better to tack
&ssl=1 on the end of the urls I think.

Cheers

Jesse

-- 
   ::: Jesse Reynolds +61 (0)414 669 790 ::: AIM - jessedreynolds :::
   ::: Virtual Artists Pty Ltd, Adelaide ::: http://www.va.com.au :::
Received on Wed Dec 03 2003 - 17:23:17 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:05 MST