> On Feb 25, 2019, at 11:26 AM, Eric Chaves <[email protected]> wrote:
>
> Hi Folks,
>
> With the help of this community I was able to setup an ATS instance to work
> on. Now I'm trying to write some remap rules in order to work with ATS as ssl
> terminator (in forward proxy mode) so my clients (ie my applications) request
> their URL over HTTP but ATS perform an HTTPS to the origin.
>
> For that I wrote pretty stupid regex remap rule:
> regex_map http://(.*) https://$1.
>
> This rule works when the url does not have a port declared (ie
> http://somesite/somepage?q=. <http://somesite/somepage?q=.>.) but it does not
> work when the source url uses a non standard por (ie
> http://somesite:8443/somepage?q=. <http://somesite:8443/somepage?q=.>.)
>
> I've tried to add a specific map as my first rule for this specific host but
> no success either.
> map http://somesite:8443 <http://somesite:8443/> https://somesite:8443
> <https://somesite:8443/>
> regex_map http://(.*) https://$1.
If I recall, regex_map only matches on the host name … That much said, you
could likely write a trivial plugin in C/C++ or Lua, that just changes the
scheme, and then do something like
map / https://whatever_doesnt_matter @plugin=…
Alternatively, if you truly want to be an open proxy, make it a global plugin,
remove the requirement for remap ((proxy.config.url_remap.remap_required=0),
and just always make the change. Seems unlikely that such a mapping would
always work though, I mean, not every http:// URL has a matching https://
destination (so, you still need some sort of whitelist).
— Leif
