Squid reverse - redirects?



  • how do you use the redirects on squid reverse? do you still have to place the server & mappings into squid as usual and then add this on top?
    or can you simply just specify the redirect by itself?
    any examples of the regex?



  • That's a good question, The redirect rule is a new gui tab contribution so I did not had time to test yet.

    Mappings will "translate" the page for the client, and IIRC it will always see the url he typed.

    Redirect will send a redirect to the client, forcing a new page.



  • I'll give a simple example about the squid-reverse redirects.

    You want to publish mydomain.com but only over https.
    So you add the server and mapping for the site https://mydomain.com
    The site is now available if you enter it including https:// but we're lazy and the customer is stupid or something ;-) so we don't like this, we just want to enter mydomain.com

    Here's where the redirect comes
    You create a redirect with mydomain.com as blocked domain on the http protocol
    Enter ^/$ for the path and https://mydomain.com as redirect url.

    Hit save and now squid-reverse will redirect mydomain.com (on http) to https://mydomain.com
    (Tech info: it give a 30x response (including an url) to the browser so you browser will open the new provided url)

    If you have a second domain (seconddomain.com) and want that to go to https://mydomain.com also you only need to add in in the above created redirect as extra blocked domain.

    I hope the squid-reverse redirects are a little more clear now.

    Note:
    I think to write a wiki page or something with a little more details and screenshots



  • i cant figure out how to redirect http -> https wich will match full url..

    'Redirect Protocol'  = http
    'blocked domain'    = http://sub.mydomain
    'Path regex'          = ^/$
    'URL to redirect to'  = https://sub.mydomain

    So domain redirect is fully working but if i type 'http://sub.mydomain/folder/index.html    <- it doesnt match anymore and does not redirect to https.. so what to change so it will match any url behin http://sub.mydomain/*  -> https://sub.mydomain/*

    br.
    .K



  • I'm afraid the squid redirect can't do the redirect you're looking for.

    The 'URL to redirect to' field is static, if you change the 'Path regex' to something like ^/.$ or ^.$ (what will accept eveything behind the 'blocked domain') the redirect still will go to the URL you put in the 'URL to redirect to' field.
    The 'URL to redirect to' value doesn't use the regex, only the 'blocked domain'



  • Hi, is this feature working?

    I tested it last 1-2 month to map http://timetracker.mydomain.com => https://timetracker.mydomain.com and it was not working ^^

    btw. I've found out after setting up each server for http/https separately howto map additional IPs with separate certificates ;)…
    You need to "patch" your certificates into pfsense to new files and then you can assign in advanced box of "proxy" settings the listen lines as found before in config file



  • @geijt:

    I'm afraid the squid redirect can't do the redirect you're looking for.

    The 'URL to redirect to' field is static, if you change the 'Path regex' to something like ^/.$ or ^.$ (what will accept eveything behind the 'blocked domain') the redirect still will go to the URL you put in the 'URL to redirect to' field.
    The 'URL to redirect to' value doesn't use the regex, only the 'blocked domain'

    • ok, thanks, good to know that it doesnt support… saves time not to try 10000 diferent ways..

    • i think i will redirect it on apache itself...

    br.
    .k



  • @Reiner030:

    Hi, is this feature working?

    I tested it last 1-2 month to map http://timetracker.mydomain.com => https://timetracker.mydomain.com and it was not working ^^

    btw. I've found out after setting up each server for http/https separately howto map additional IPs with separate certificates ;)…
    You need to "patch" your certificates into pfsense to new files and then you can assign in advanced box of "proxy" settings the listen lines as found before in config file

    br.
    .k



  • @geijt:

    I'm afraid the squid redirect can't do the redirect you're looking for.

    The 'URL to redirect to' field is static, if you change the 'Path regex' to something like ^/.$ or ^.$ (what will accept eveything behind the 'blocked domain') the redirect still will go to the URL you put in the 'URL to redirect to' field.
    The 'URL to redirect to' value doesn't use the regex, only the 'blocked domain'

    Does anyone have any idea if this feature will be supported in an upcoming version?  I would very much like to redirect HTTP requests to HTTPS with the relevant path information.  I'm coming from OpenWRT where I was using Nginx to accomplish this previously.



  • Try with squid3-dev. Some time ago I was working on this code.



  • I was working on this exact problem with preserving the URI during redirect and had stumbled upon this thread.  I thought I would share the solution to help others who may be in the same boat.  Squid 3.2 required.

    pfsense 2.0-RELEASE (i386)
    squid3-dev 3.3.8 pkg 2.2

    Use '^/.*$' in the Path regex field to match on domain + whatever.

    http://wiki.squid-cache.org/Features/CustomErrors#deny_info_URL_codes_for_embedding

    Simply add %R to the 'URL to redirect to' field so it looks like this: 'https://pfsense.org%R'  In this case, http://pfsense.org/mysuperpage.php redirects to https://pfsense.org/mysuperpage.php