Brad,
have you tried enforcing secure connections to (parts of) an OpenACS site. You can't do that in OpenACS any more because Squid only supports HTTP between the virtual server and the proxy (Squid).
I've tried using a Squid redirector but that doesn't seem to work as redirectors are called when the Squid contacts the virtual server. Each request to the virtual server is a HTTP request one can not redirect HTTP requests to HTTPS requests. Redirected HTTPS requests show up in to the redirector as HTTP request and thus there doesn't appear to be a way to use redirectors.
Then again it might be my mistake so here's what I've done:
The redirector code (in Tcl of course).
!/usr/local/bin/tclsh
# squid redirector program. Squid has been configured to call the
# redirector for HTTP requests only. This program then redirects those
# requests to the HTTPS port.
# Keep a log of all redirects. Squid keeps the log open for as long as
# squid is running. Stop squid see the contents of the log.
set log [open "/var/log/squid/redir.log" a+]
while {[gets stdin line] >= 0} {
foreach {url addr_fqdn ident method} [split $line ] {
# Only redirect http requests.
regsub -nocase -- http: $url https: redir_url
# Log the redirect. First the verbatim request to squid
# followed by the URL the request is redirected to.
puts $log "\[$url $addr_fqdn $ident $method\] --> $redir_url"
# Return the redirection URL to squid.
# puts "301:$redir_url"
}
}
close $log
Additional Squid.conf lines
redirect_program /etc/squid/redirector
acl http port 80
acl https port 443
redirector_access allow http
redirector_access deny https
But now matter how I configure Squid it seems to always call the redirector, even for https connections.
/Bart
