[packman] https:// packman mirrors can't be used with Squid proxy

Adam Mizerski adam at mizerski.pl
Tue Mar 2 07:53:05 CET 2021


W dniu 01.03.2021 o 21:05, jimc pisze:
> I have a small net of 10 hosts, and I update them from
> http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/
> (also packman.inode.at) through a Squid proxy, squid-4.14 .
> This used to work, but starting about 2012-02-27 I get responses
> of 403 Forbidden.  It looks like the mirror webserver rewrites
> the URL from http://hostname/ to https://hostname/, the client
> (Zypper) follows the 302 Found response, and Squid replies 403
> Forbidden.  It's supposed to be possible to configure Squid to
> act as a "man in the middle", generating a fake server
> certificate certified by a fake Certificate Authority that the
> client is supposed to trust.  But a sysadmin whose paranoia is
> sufficient for the job wouldn't touch the fake cert concept with
> a 3 meter pole!
> 
> Could Packman (specifically its mirrors) please return to
> serving requests to http://packman.../ directly rather than
> rewriting to https?  Thank you.
> 

I'm also using squid, but I don't have such issues. The mirror 
packman.inode.at returns me 403 for everything, regardless of whether I 
use squid or not. ftp.gwdg.de works fine with plain http and I get no 
redirects to https.

Hint: You can test http responses using command "curl --head url"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.links2linux.de/pipermail/packman/attachments/20210302/2be426e2/attachment.sig>


More information about the Packman mailing list