Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unexpected behaviour with squid reverse proxy, all HTTPS sent to default site

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awnz
      last edited by

      I'm trying to set up a reverse proxy for a school, testing with an identical setup in my home-office network. I'm getting the same problem on both.

      In each case, I have two HTTP servers - one a web server with multiple sites on aliases, the other a webmail server which also serves HTTPS. I'm also testing by trying to access the first web server over HTTPS. In this setup, the webmail server is configured to redirect any HTTP request for it to HTTPS. Certificates et al are all set up correctly as far as I am aware both at the server and at the proxy.

      I have web server entries for the HTTP server as well as one each for the webmail server's HTTP and HTTPS listeners (to correctly facilitate it's http to https redirects) with mappings referring http or https requests to the appropriate webmail server port.

      This setup of web servers and mappings works as expected for HTTP - it is directed to the correct server based on the URI given.
      I have mappings for http://webserver.site1 to go to its HTTP listener (the redirector) and https://webserver.site1 going to its HTTPS port.

      However all HTTPS requests going through the reverse proxy are all sent to the "reverse HTTPS default site" and URI mappings seem to be completely ignored for incoming HTTPS requests - the hostname+domainname part of the incoming URI is replaced with the "reverse HTTPS default site" and sent to that default site.

      For testing I tried setting the "reverse HTTPS default site" to one alias of the web server, we'll call it www.site2. It will then  direct all HTTPS traffic to that server using the alias entered into that default HTTPS site setting, despite mappings for other other aliases for that server, and for the webmail server.

      i.e. if I have www.site1 and www.site2 served from that server as well as webmail.site1 served by a different server, and I set the "reverse HTTPS default site" to www.site2, and have mappings for www.site1 for that server and webmail.site1 for the webmail server.

      If I access any site via HTTP all the mappings work correctly - www.site1 to www.site1, www.site2 to www.site2, and webmail.site1 to webmail.site1.

      If I access any site via HTTPS then this happens: (all received by the reverse proxy as https) www.site1/some.page.name and webmail.site1/webmail.login.php end up being sent to www.site2 as URI requests for www.site2/some.page.name and www.site2/webmail.login.php which is wrong.
      Similarly, if I change the reverse HTTPS default site to webmail.site1, then www.site.2/some.page.name and www.site.1/some.other.page.name both end up going to the webmail server as webmail.site1/some.page.name and webmail/site1.some.other.page.name respectively.

      Have I missed something? I'm not sure why it's doing this with HTTPS traffic. As mentioned, if the request comes in as HTTP, everything works as expected.

      Tanks in advance for any help or pointers,

      Andrew

      1 Reply Last reply Reply Quote 0
      • J
        jvorhees
        last edited by

        Hello,

        same things for me,

        as said in this topic http://forum.pfsense.org/index.php/topic,48347.135.html

        i've tested without success to make https redirect work, even with latest package update.

        you could try to install (in a vm for quick testing) linux squid and redirect https traffic on the testing vm with the config file generated on pfsense to debug…

        to be continued...

        1 Reply Last reply Reply Quote 0
        • N
          nutt318
          last edited by

          I'm having issues with the HTTPS reverse proxy as well, however the HTTP reverse proxy works fine.

          Currently I'm getting a squid error page saying Access Denied. Access control configuration prevents your request from being allowed at this time.

          Also I believe I found a bug in the HTTPS reverse proxy settings, you need to manually put in the listen port 443. By default it listens on 80 even though it says 443, just manually put it in there.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.