Eric Marquez wrote:
> How do I setup a rule so squid knows how to handle a redirect response from a server to internal IP. I setup squid to use destdomain as in the acl for allowed sites.
>
> Here's the interaction:
> 1. connect to http://gui-ui.example.com/
> 2. Authenticate against squid proxy
> 3. login to http://gui-ui.example.com/
> 4. gui-ui.example.com server responds with a redirect to one of its nodes IP address 10.10 4.45
> 5. connection broken at this point.
>
> Is there a way to setup squid so it can handle the redirect?
>
> Eric Marquez
>
The answer to your exact question is:
acl foo ...
deny_info http://10.10 4.45 foo
http_access deny auth foo
(require authentication, then when authenticated, if matches rule foo,
bounce to URL listed by deny_info).
However... why bother with redirection at all?
Is sounds like you actually need a reverse proxy configuration for the
'redirected node':
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
Note that authenticating against a squid proxy, then sending to
somewhere else as first asked. Will cause re-authentication to happen if
the remote node needs any auth done. Since the browser only sends the
auth to the machine/website it is asked to authenticate against.
Using a reverse proxy the browser is only talking to the main Squid
which can pass on auth details as needed.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13Received on Fri Aug 21 2009 - 00:46:29 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 21 2009 - 12:00:03 MDT