Milli Gurung wrote:
> Hello,
>
> I'm in bit of a dilemma here. I have the mail server inside the
> firewall and it redirects all incoming traffic (webmail) on port 80 to
> 443. Hence any internal user trying to access the webmail will be
> redirected to https:..xxx.iii.com
>
> I'm using Squid 2.5 (on Suse Enterprise Server 9) and is configured as
> reverse Proxy sitting on the DMZ. The hostname of thiis proxy, lets
> say xyz. The only changes I made in squid.conf file is :
> http_port 80
> httpd_accel_host abc
> httpd_accel_ port 80
> http_accel_uses_host_header off
> httpd_accel_single_host on
>
> Internal users type http://abc.iii.com, it redirects to
> http://abc.iii.com but external users trying to get to webmail without
> vpn type: xzy.iii.com. It fails to redirect xyz.iii.com to
> https://xyz.com - get the generic IE "page cannot be displayed".
> However users can still get by manually typing : http://xyz.iii.com
> but this is not secured at all.
>
> Does this mean I need to configure squid to use SSL? Since the mail
> server is doing all the redirection itself, I thought I could have
> Squid just redirect anything on port 80 to the emails server and email
> server itself handles the redirection to https port.
Yes, you need to set Squid up such that it listens for (and optionally
terminates) HTTPS connections. Something along the lines of...
https_port 443 cert=/usr/local/squid/etc/cert.pem
key=/usr/local/squid/etc/key.pem
...should do it. For what it's worth, I have never used Squid as an
HTTPS front end, so I might be way off base.
>
> Please help!!!!
>
Chris
Received on Thu Mar 15 2007 - 15:39:55 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:02 MDT