I would like to make my internet site only working with https. I tried the following solution: Squid reverse proxy redirect / rewrite HTTP to HTTPS
acl PORT80 myport 80
acl MYSITE dstdomain foo.server.com
http_access deny PORT80 MYSITE
deny_info 301:https://foo.server.com%R MYSITE
In my case:
acl PORT80 myport 80
acl MYSITE dstdomain www.asrtos.com
http_access deny PORT80 MYSITE
deny_info 301:https://www.asrtos.com%R MYSITE
This does not work because the browser cans still access the port 80
What can I do? Thanks a lot for your help.
My squid.conf file is:
#
# Recommended minimum configuration:
#
debug_options ALL,1 33,2 28,9
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 82.223.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 443 563 # https
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# accept only SSL ports
http_access deny !Safe_ports
http_access allow Safe_ports
acl PORT80 myport 80
acl MYSITE dstdomain www.asrtos.com
http_access deny PORT80 MYSITE
deny_info 301:https://www.asrtos.com%R MYSITE
http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
https_port 443 accel cert=/etc/ssl/certs/asrtos.com_ssl_certificate.cer key=/etc/ssl/certs/_.asrtos.com_private_key.key cafile=/etc/ssl/certs/_.asrtos.com_ssl_certificate_INTERMEDIATE.cer defaultsite=workflow01.asrtos.com
cache_peer 82.223.66.210 parent 80 0 no-query originserver name=hp # If you use one single computer, write this instead:
http_port 3128 accel defaultsite=workflow01.asrtos.com vhost # Doc config reverse proxy sous linux
# And finally deny all other access to this proxy
http_access deny all
# Uncomment the line below to enable disk caching - path format is /cygdrive/<full path to cache folder>, i.e.
#cache_dir aufs /cygdrive/d/squid/cache 3000 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
max_filedescriptors 3200
The infrastructure should be the following:
https--[Reverse Proxy SQUID]--http--[Domino Server]< - - >(Domino data bases)
The http server is a part integrated to the Domino server. (A task of the domino server)
The Squid reverse proxy and the Domino servers are installed on the same Windows 2008 R2 machine. The internet application accesses to domino database thru the Domino server.
According to the user right the server domino sends a login form to identify the user. All the computation of the user rights is assumed automatically by the domino server.
In http mode (non-secure mode all works very well). I have to install a secure mode and all works well with an exception:
When the web client send this url : https://www.asrtos.com/database.nsf
The server sends a login form to check the user rights and then opens the following url: http://www.asrtos.com/database.nsf (the same url in non-secure mode).
If I modify manually the url: https://www.asrtos.com/database.nsf all works well. But it’s always possible to go back manually to a non-secure mode: http://...
I have no access to the HTTP task which is integrated to the Domino server.
So I don’t know how to make a redirect inside the Domino http server.
I hope it’s possible to find a solution inside the proxy.
