Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid reverse - redirects?

    pfSense Packages
    7
    11
    17.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      That's a good question, The redirect rule is a new gui tab contribution so I did not had time to test yet.

      Mappings will "translate" the page for the client, and IIRC it will always see the url he typed.

      Redirect will send a redirect to the client, forcing a new page.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • G
        geijt
        last edited by

        I'll give a simple example about the squid-reverse redirects.

        You want to publish mydomain.com but only over https.
        So you add the server and mapping for the site https://mydomain.com
        The site is now available if you enter it including https:// but we're lazy and the customer is stupid or something ;-) so we don't like this, we just want to enter mydomain.com

        Here's where the redirect comes
        You create a redirect with mydomain.com as blocked domain on the http protocol
        Enter ^/$ for the path and https://mydomain.com as redirect url.

        Hit save and now squid-reverse will redirect mydomain.com (on http) to https://mydomain.com
        (Tech info: it give a 30x response (including an url) to the browser so you browser will open the new provided url)

        If you have a second domain (seconddomain.com) and want that to go to https://mydomain.com also you only need to add in in the above created redirect as extra blocked domain.

        I hope the squid-reverse redirects are a little more clear now.

        Note:
        I think to write a wiki page or something with a little more details and screenshots

        1 Reply Last reply Reply Quote 0
        • K
          keysers0ze
          last edited by

          i cant figure out how to redirect http -> https wich will match full url..

          'Redirect Protocol'  = http
          'blocked domain'    = http://sub.mydomain
          'Path regex'          = ^/$
          'URL to redirect to'  = https://sub.mydomain

          So domain redirect is fully working but if i type 'http://sub.mydomain/folder/index.html    <- it doesnt match anymore and does not redirect to https.. so what to change so it will match any url behin http://sub.mydomain/*  -> https://sub.mydomain/*

          br.
          .K

          1 Reply Last reply Reply Quote 0
          • G
            geijt
            last edited by

            I'm afraid the squid redirect can't do the redirect you're looking for.

            The 'URL to redirect to' field is static, if you change the 'Path regex' to something like ^/.$ or ^.$ (what will accept eveything behind the 'blocked domain') the redirect still will go to the URL you put in the 'URL to redirect to' field.
            The 'URL to redirect to' value doesn't use the regex, only the 'blocked domain'

            1 Reply Last reply Reply Quote 0
            • R
              Reiner030
              last edited by

              Hi, is this feature working?

              I tested it last 1-2 month to map http://timetracker.mydomain.com => https://timetracker.mydomain.com and it was not working ^^

              btw. I've found out after setting up each server for http/https separately howto map additional IPs with separate certificates ;)…
              You need to "patch" your certificates into pfsense to new files and then you can assign in advanced box of "proxy" settings the listen lines as found before in config file

              1 Reply Last reply Reply Quote 0
              • K
                keysers0ze
                last edited by

                @geijt:

                I'm afraid the squid redirect can't do the redirect you're looking for.

                The 'URL to redirect to' field is static, if you change the 'Path regex' to something like ^/.$ or ^.$ (what will accept eveything behind the 'blocked domain') the redirect still will go to the URL you put in the 'URL to redirect to' field.
                The 'URL to redirect to' value doesn't use the regex, only the 'blocked domain'

                • ok, thanks, good to know that it doesnt support… saves time not to try 10000 diferent ways..

                • i think i will redirect it on apache itself...

                br.
                .k

                1 Reply Last reply Reply Quote 0
                • K
                  keysers0ze
                  last edited by

                  @Reiner030:

                  Hi, is this feature working?

                  I tested it last 1-2 month to map http://timetracker.mydomain.com => https://timetracker.mydomain.com and it was not working ^^

                  btw. I've found out after setting up each server for http/https separately howto map additional IPs with separate certificates ;)…
                  You need to "patch" your certificates into pfsense to new files and then you can assign in advanced box of "proxy" settings the listen lines as found before in config file

                  • exactly that is fully working.. (http://sub.domain.com –> https://sub.domain.com)

                  br.
                  .k

                  1 Reply Last reply Reply Quote 0
                  • I
                    iolaus
                    last edited by

                    @geijt:

                    I'm afraid the squid redirect can't do the redirect you're looking for.

                    The 'URL to redirect to' field is static, if you change the 'Path regex' to something like ^/.$ or ^.$ (what will accept eveything behind the 'blocked domain') the redirect still will go to the URL you put in the 'URL to redirect to' field.
                    The 'URL to redirect to' value doesn't use the regex, only the 'blocked domain'

                    Does anyone have any idea if this feature will be supported in an upcoming version?  I would very much like to redirect HTTP requests to HTTPS with the relevant path information.  I'm coming from OpenWRT where I was using Nginx to accomplish this previously.

                    1 Reply Last reply Reply Quote 0
                    • marcellocM
                      marcelloc
                      last edited by

                      Try with squid3-dev. Some time ago I was working on this code.

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • P
                        pffan
                        last edited by

                        I was working on this exact problem with preserving the URI during redirect and had stumbled upon this thread.  I thought I would share the solution to help others who may be in the same boat.  Squid 3.2 required.

                        pfsense 2.0-RELEASE (i386)
                        squid3-dev 3.3.8 pkg 2.2

                        Use '^/.*$' in the Path regex field to match on domain + whatever.

                        http://wiki.squid-cache.org/Features/CustomErrors#deny_info_URL_codes_for_embedding

                        Simply add %R to the 'URL to redirect to' field so it looks like this: 'https://pfsense.org%R'  In this case, http://pfsense.org/mysuperpage.php redirects to https://pfsense.org/mysuperpage.php

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.