Hello all, I have the following configuration: Inet client (HTTPS) -> proxy/firewall surrogate server (squid-2.5.STABLE5) openbsd -> HTTP -> origin server (Apache/1.3.29 - jakarta-tomcat-4.1.30) openbsd
We have our SSL certs on the squid server and to keep data secure over the internet, squid passes valid requests inside to our webserver / application server. Everything works fine if the client is using HTTP. Everything works fine if the client is using HTTPS _EXCEPT_ if the application resides within a tomcat authentication realm. The problem is once a client authenticates the j_security_check module forwards them to an absolute HTTP URL because between the squid proxy and the webserver everything _IS_ just HTTP. So once they authenticate they end up with HTTP instead of HTTPS. Granted this is probably the expected behavior and there is nothing wrong with this except that I need it to be HTTPS when the request is HTTPS. My question, where should I fix this problem? Is there someway to make a relative HTTP 302 redirect from j_security_check (not sure on the validity of that)? Should I do some manipulation at the squid level (not sure how)? Pretty much what I need is if the request from the client was HTTPS I need the redirected page to be HTTPS. All internal requests from internal clients (non INET) are HTTP and those are all fine. Thank you