[squid-users] reverse proxy and HTTP redirects

Amos Jeffries squid3 at treenet.co.nz
Thu Dec 5 10:48:11 UTC 2019

On 5/12/19 11:17 pm, Vieri Di Paola wrote:
> I could try to use a redirector with location_rewrite_program, but
> this directive is not available anymore.
> I presume I need to use url_rewrite_program instead.

No, that only re-writes the client requested URLs.

You can try using a rewriter on the external_acl_type helper interface.
Something like this (untested):

  external_acl_type location_rewriter %<h{Location} /path/to/rewriter
  acl bad_Location external location_rewriter

  deny_info 302:%note{location-rewrite} bad_Location
  acl 302 http_status 302
  http_reply_access deny 302 bad_Location

The idea being that you pass the helper the Location header. If that
value is http:// it produces the new URL in a response like:
  "OK location-rewrite=https://... \n"

Since this is a Cookie based login check, you probably need to also pass
the Set-Cookie header to the helper and forward it back out as another
kv-pair so the reply_header_add directive can add that header back onto
the new Squid generated 302 message.

Alternative to his would be an eCAP module that just re-writes the
Location headers in place. That would be simpler, but requires some
coding to create the module.


More information about the squid-users mailing list