pfsense(2.3.1_5) Squid transparent proxy redirects internally hosted sites from http to https
I'm having an issue with Squid's transparent proxy on my pfSense firewall.
My company hosts an internal git server at the following address (for example purposes) http://git.gitserver.com/. From our domain registrar there is a dns record to forward to one of our public IP addresses that is managed by pfsense, which is (for example purposes) 1.2.3.4. From within pfSense I have a 1:1 NAT setup that NATs 1.2.3.4 to an internal address of (for example purposes) 10.10.10.11. Everything is up and running and is accessible from within the network (lan side) as well as from outside the network (WAN side).
My issue is when enabling Squid's transparent proxy(for antivirus, website logging, and eventually reverse proxy functionality), and I am inside the network (lan side), all sites that are hosted internally on our servers are redirected from http to https automatically.
Is there something I'm missing or should be keeping in my for squid and how it functions? Is this a default feature of squid? At this time, I want to keep SSL out of the equation, and will eventually be switching over in due time.
Дело не в том, что Squid меняет его с HTTP на HTTPS, дело в том, что отражение NAT не применяется к трафику, инициированному самим хостом (как в случае Squid). Трафик от хостов LAN попадет в отражение. Итак, на самом деле вы попадаете в веб-интерфейс брандмауэра, а не на ваш внутренний сервер. Вот откуда происходит перенаправление с HTTP на HTTPS.
Вам понадобится разделенный DNS для Squid, чтобы иметь доступ к вашим внутренним сайтам, поэтому git.gitserver.com внутренне разрешает 10.10.10.11, а не 1.2.3.4.