Squid reverse proxy redirect / rewrite HTTP to HTTPS

My Squid Reverse Proxy only accepts HTTPS requests. What is a short way to redirect/rewrite a HTTP-request to https? So if the user visits http://foo.server.com he should be automatically redirected to https://foo.server.com


Solution 1:

One way is to get the origin server to do the redirect, but it seems more efficient to get Squid to do it. There are a couple of approaches, but using deny_info seems the easiest.

In the squid.conf configuration file:

acl PORT80 myport 80
acl MYSITE dstdomain foo.server.com
http_access deny PORT80 MYSITE
deny_info 301:https://foo.server.com%R MYSITE

At first glance, the http_access statement just denies access to the HTTP version of your site. However due to the deny_info statement Squid will redirect users to an alternative site (in this case the HTTPS version) rather than simply giving an access-denied message.

The %R tag causes the request URL path to be included in the redirect, so that if users try to visit http://foo.server.com/bar then they'll get directed to https://foo.server.com/bar, rather than just https://foo.server.com.

The full list of URL format tags is available in the Squid documentation: http://www.squid-cache.org/Doc/config/deny_info/

The order of the acl statements is important because Squid only remembers the last http_access deny and looks for the deny_info to match that acl.