Paul Lesniewski wrote:
> On 6/28/07, Daniel Watts <[EMAIL PROTECTED]> wrote:
>> Dear List,
>>
>> Has anyone got a setup where you have a Pound front end reverse-proxy
>> listening for HTTPS traffic, and redirecting via HTTP to a batch of
>> backend web servers that squirrelmail is installed on?
>>
>> I have this working nicely except that the links and redirects are all
>> then written as "http" rather than "https". Is there any sane way I can
>> get the system so that security is maintained?
>
> If SM has no information about SSL a connection, you simply cannot
> expect it to do anything but what it is doing.
>
>> I'm thinking this might be to do with the "get_location" function in
>> squirrelmail - will I need to modify this somehow?
>
> Most people do that.
Really? How do they rework it?
>
>> The trouble is user's can connect either via HTTP or HTTPS and I don't
>> want just a blanket change of all links to HTTPS.
>
> Why not? Minimal overhead, better email security.
Ah I suppose the get_location could be done to always response with the
HTTPS protocol.
>
>> Perhaps I need to get Pound to insert an X-SSL-Request header which can
>> tell get_location whether to prepend http:// or https://
>
> Might be a good solution.
>
>> But this all sounds quite ugly and I'd rather not change squirrelmail code.
>
> The only other option would be to install the mind_reader plugin that
> knows that despite the fact that page requests come in HTTP, you
> really wanted links in HTTPS, but only in some cases. No sweat. :-)
Lol very funny =)
I thought there might be some other configuration in terms of how my
proxies / apache's work etc. It can't be that rare a task that someone
hasn't come up with a way to make this work nicely.
I noticed that things would be a lot nicer if the header("Location..")'s
where all relative. That way whatever the connection was, the browser
would maintain the type and just change the URI.
I read somewhere that header redirects should always be absolute but
relative ones do seem to always work. Don't suppose squirrelmail would
consider going all relative? ;o)
Thanks for your assistance and thoughts as always Paul.
Dan
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
--
squirrelmail-users mailing list
Posting Guidelines:
http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
