On 10/07/24 10:25, Fiehe, Christoph wrote:
Hallo,
I hope that somebody has an idea, what I am doing wrong. I try to build a
generic package proxy with Squid and need the feature to rewrite (not redirect)
a HTTP request to a package repository transparently to a HTTPS-based package
source.
The "Wrong" starts with the very idea you have that re-writing a URL
scheme is even useful.
While it mas *seem* like an okay idea, what you are actually doing is
exposing the HTTPS secured Response message to transmission over
insecure connections from Squid to client. That is prohibited by HTTPS
which assumes/requires encryption negotiated between the origin client
and the origin server.
The best you can do for a regular proxy. Is *redirect* the http://
requests with a 302 message telling the client to use https:// instead.
...
http_access deny !to_archive_mirrors
acl HTTP proto HTTP
deny_info 302:https://%>rd%rp HTTP
http_access deny HTTP
http_access allow src_networks
...
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
