]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Hinzugefuegt:
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
CommitLineData
ac1cfefa
MT		 1#!/usr/bin/perl
2#
ed38f89d 3# IPCop CGIs
ac1cfefa
MT		 4#
5# This code is distributed under the terms of the GPL
6#
ed38f89d 7# $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $
ac1cfefa
MT		 8#
9
10use strict;
11
12# enable only the following on debugging purpose
13#use warnings;
14#use CGI::Carp 'fatalsToBrowser';
15
ed38f89d
MT		 16use IO::Socket;
17
18require '/var/ipfire/general-functions.pl';
ac1cfefa
MT		 19require "${General::swroot}/lang.pl";
20require "${General::swroot}/header.pl";
21
22my %proxysettings=();
23my %netsettings=();
ed38f89d
MT		 24my %filtersettings=();
25my %updaccsettings=();
26my %stdproxysettings=();
ac1cfefa 27my %mainsettings=();
ed38f89d
MT		 28my $urlfilter_addon=0;
29my $updacclrtr_addon=0;
30
31my %checked=();
32my %selected=();
33
34my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
35my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
36my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
37my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
38
39my @useragent=();
40my @useragentlist=();
41
42my $hintcolour='#FFFFCC';
43my $ncsa_buttontext='';
44my $language='';
45my $i=0;
46my $n=0;
47my $id=0;
48my $line='';
49my $user='';
50my @userlist=();
51my @grouplist=();
52my @temp=();
53my @templist=();
54
55my $cachemem=0;
56my $proxy1='';
57my $proxy2='';
58my $replybodymaxsize=0;
59my $browser_regexp='';
60my $needhup = 0;
61my $errormessage='';
62
63my $acldir = "${General::swroot}/proxy/advanced/acls";
64my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
65my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
66my $raddir = "${General::swroot}/proxy/advanced/radius";
67my $identdir = "${General::swroot}/proxy/advanced/ident";
68my $credir = "${General::swroot}/proxy/advanced/cre";
69
70my $userdb = "$ncsadir/passwd";
71my $stdgrp = "$ncsadir/standard.grp";
72my $extgrp = "$ncsadir/extended.grp";
73my $disgrp = "$ncsadir/disabled.grp";
74
75my $browserdb = "${General::swroot}/proxy/advanced/useragents";
76my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
77my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
78
79my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
80my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
81my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
82
83my $identhosts = "$identdir/hosts";
84
85my $libexecdir = "/usr/lib/squid";
86
87my $acl_src_subnets = "$acldir/src_subnets.acl";
88my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
89my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
90my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
91my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
92my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
93my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
94my $acl_dst_nocache = "$acldir/dst_nocache.acl";
95my $acl_dst_noauth = "$acldir/dst_noauth.acl";
96my $acl_dst_throttle = "$acldir/dst_throttle.acl";
97my $acl_include = "$acldir/include.acl";
98
99unless (-d "$acldir") { mkdir("$acldir"); }
100unless (-d "$ncsadir") { mkdir("$ncsadir"); }
101unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
102unless (-d "$raddir") { mkdir("$raddir"); }
103unless (-d "$identdir") { mkdir("$identdir"); }
104unless (-d "$credir") { mkdir("$credir"); }
105
106unless (-e $cre_groups) { system("touch $cre_groups"); }
107unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
108
109unless (-e $userdb) { system("touch $userdb"); }
110unless (-e $stdgrp) { system("touch $stdgrp"); }
111unless (-e $extgrp) { system("touch $extgrp"); }
112unless (-e $disgrp) { system("touch $disgrp"); }
113
114unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
115unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
116unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
117unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
118unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
119unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
120unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
121unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
122unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
123unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
124unless (-e $acl_include) { system("touch $acl_include"); }
125
126unless (-e $browserdb) { system("touch $browserdb"); }
127unless (-e $mimetypes) { system("touch $mimetypes"); }
128
129open FILE, $browserdb;
130@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
131close(FILE);
ac1cfefa
MT		 132
133&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
134&General::readhash("${General::swroot}/main/settings", \%mainsettings);
135
ed38f89d
MT		 136if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; }
137if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; }
138
139if ($urlfilter_addon) {
140 $filtersettings{'CHILDREN'} = '5';
141 if (-e "${General::swroot}/urlfilter/settings") {
142 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
143 }
144}
145
146if ($updacclrtr_addon) {
147 $updaccsettings{'ACCELERATORS'} = '10';
148 if (-e "${General::swroot}/updacclrtr/settings") {
149 &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings);
150 }
151}
152
ac1cfefa
MT		 153&Header::showhttpheaders();
154
155$proxysettings{'ACTION'} = '';
156$proxysettings{'VALID'} = '';
157
ac1cfefa
MT		 158$proxysettings{'ENABLE'} = 'off';
159$proxysettings{'ENABLE_BLUE'} = 'off';
ac1cfefa
MT		 160$proxysettings{'TRANSPARENT'} = 'off';
161$proxysettings{'TRANSPARENT_BLUE'} = 'off';
ed38f89d
MT		 162$proxysettings{'PROXY_PORT'} = '800';
163$proxysettings{'VISIBLE_HOSTNAME'} = '';
164$proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
165$proxysettings{'ERR_LANGUAGE'} = 'English';
166$proxysettings{'FORWARD_VIA'} = 'off';
167$proxysettings{'FORWARD_IPADDRESS'} = 'off';
168$proxysettings{'FORWARD_USERNAME'} = 'off';
169$proxysettings{'UPSTREAM_PROXY'} = '';
170$proxysettings{'UPSTREAM_USER'} = '';
171$proxysettings{'UPSTREAM_PASSWORD'} = '';
172$proxysettings{'LOGGING'} = 'off';
173$proxysettings{'LOGQUERY'} = 'off';
174$proxysettings{'LOGUSERAGENT'} = 'off';
175$proxysettings{'CACHE_MEM'} = '2';
176$proxysettings{'CACHE_SIZE'} = '50';
ac1cfefa
MT		 177$proxysettings{'MAX_SIZE'} = '4096';
178$proxysettings{'MIN_SIZE'} = '0';
ed38f89d
MT		 179$proxysettings{'MEM_POLICY'} = 'LRU';
180$proxysettings{'CACHE_POLICY'} = 'LRU';
181$proxysettings{'L1_DIRS'} = '16';
182$proxysettings{'OFFLINE_MODE'} = 'off';
183$proxysettings{'CLASSROOM_EXT'} = 'off';
184$proxysettings{'SUPERVISOR_PASSWORD'} = '';
185$proxysettings{'TIME_ACCESS_MODE'} = 'allow';
186$proxysettings{'TIME_FROM_HOUR'} = '00';
187$proxysettings{'TIME_FROM_MINUTE'} = '00';
188$proxysettings{'TIME_TO_HOUR'} = '24';
189$proxysettings{'TIME_TO_MINUTE'} = '00';
ac1cfefa
MT		 190$proxysettings{'MAX_OUTGOING_SIZE'} = '0';
191$proxysettings{'MAX_INCOMING_SIZE'} = '0';
ed38f89d
MT		 192$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
193$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
194$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
195$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
196$proxysettings{'THROTTLE_BINARY'} = 'off';
197$proxysettings{'THROTTLE_DSKIMG'} = 'off';
198$proxysettings{'THROTTLE_MMEDIA'} = 'off';
199$proxysettings{'ENABLE_MIME_FILTER'} = 'off';
200$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
201$proxysettings{'FAKE_USERAGENT'} = '';
202$proxysettings{'FAKE_REFERER'} = '';
203$proxysettings{'AUTH_METHOD'} = 'none';
204$proxysettings{'AUTH_REALM'} = '';
205$proxysettings{'AUTH_MAX_USERIP'} = '';
206$proxysettings{'AUTH_CACHE_TTL'} = '60';
207$proxysettings{'AUTH_IPCACHE_TTL'} = '0';
208$proxysettings{'AUTH_CHILDREN'} = '5';
209$proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
210$proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
211$proxysettings{'NCSA_USERNAME'} = '';
212$proxysettings{'NCSA_GROUP'} = '';
213$proxysettings{'NCSA_PASS'} = '';
214$proxysettings{'NCSA_PASS_CONFIRM'} = '';
215$proxysettings{'LDAP_BASEDN'} = '';
216$proxysettings{'LDAP_TYPE'} = 'ADS';
217$proxysettings{'LDAP_SERVER'} = '';
218$proxysettings{'LDAP_PORT'} = '389';
219$proxysettings{'LDAP_BINDDN_USER'} = '';
220$proxysettings{'LDAP_BINDDN_PASS'} = '';
221$proxysettings{'LDAP_GROUP'} = '';
222$proxysettings{'NTLM_DOMAIN'} = '';
223$proxysettings{'NTLM_PDC'} = '';
224$proxysettings{'NTLM_BDC'} = '';
225$proxysettings{'NTLM_ENABLE_ACL'} = 'off';
226$proxysettings{'NTLM_USER_ACL'} = 'positive';
227$proxysettings{'RADIUS_SERVER'} = '';
228$proxysettings{'RADIUS_PORT'} = '1645';
229$proxysettings{'RADIUS_IDENTIFIER'} = '';
230$proxysettings{'RADIUS_SECRET'} = '';
231$proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
232$proxysettings{'RADIUS_USER_ACL'} = 'positive';
233$proxysettings{'IDENT_REQUIRED'} = 'off';
234$proxysettings{'IDENT_TIMEOUT'} = '10';
235$proxysettings{'IDENT_ENABLE_ACL'} = 'off';
236$proxysettings{'IDENT_USER_ACL'} = 'positive';
237
238if ($urlfilter_addon) {
239 $proxysettings{'ENABLE_FILTER'} = 'off';
240}
241
242if ($updacclrtr_addon) {
243 $proxysettings{'ENABLE_UPDACCEL'} = 'off';
244}
245
246$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
ac1cfefa
MT		 247
248&Header::getcgihash(\%proxysettings);
249
ed38f89d
MT		 250if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
251if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
252if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
253if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
ac1cfefa 254
ed38f89d 255if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
ac1cfefa 256{
ed38f89d
MT		 257 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
258}
259
260if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
261{
262 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
263 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
264 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
265 }
266 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
267 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
268 }
269 if ($proxysettings{'NCSA_USERNAME'} eq '') {
270 $errormessage = $Lang::tr{'advproxy errmsg no username'};
271 }
272 if (!$errormessage) {
273 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
274 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
275 }
276 $proxysettings{'NCSA_USERNAME'} = '';
277 $proxysettings{'NCSA_GROUP'} = '';
278 $proxysettings{'NCSA_PASS'} = '';
279 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
280}
ac1cfefa 281
ed38f89d
MT		 282if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
283{
284 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
285 &deluser($proxysettings{'ID'});
286}
287
288if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
289{
290 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
291 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
292 @temp = split(/:/,$proxysettings{'ID'});
293 $proxysettings{'NCSA_USERNAME'} = $temp[0];
294 $proxysettings{'NCSA_GROUP'} = $temp[1];
295 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
296 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
297}
298
299if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
300{
ac1cfefa
MT		 301 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
302 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
303 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
304 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
305 $errormessage = $Lang::tr{'invalid input'};
306 goto ERROR;
307 }
308 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
309 ($proxysettings{'CACHE_SIZE'} < 10))
310 {
ed38f89d
MT		 311 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
312 goto ERROR;
313 }
314 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
315 ($proxysettings{'CACHE_MEM'} < 1))
316 {
317 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
ac1cfefa
MT		 318 goto ERROR;
319 }
ed38f89d
MT		 320 my @free = `/usr/bin/free`;
321 $free[1] =~ m/(\d+)/;
322 $cachemem = int $1 / 2048;
323 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
324 $proxysettings{'CACHE_MEM'} = $cachemem;
325 }
ac1cfefa
MT		 326 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
327 {
328 $errormessage = $Lang::tr{'invalid maximum object size'};
329 goto ERROR;
330 }
331 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
332 {
333 $errormessage = $Lang::tr{'invalid minimum object size'};
334 goto ERROR;
335 }
336 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
337 {
338 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
339 goto ERROR;
340 }
ed38f89d
MT		 341 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
342 {
343 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
344 goto ERROR;
345 }
ac1cfefa
MT		 346 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
347 {
348 $errormessage = $Lang::tr{'invalid maximum incoming size'};
349 goto ERROR;
350 }
ed38f89d 351 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
ac1cfefa 352 {
ed38f89d
MT		 353 $browser_regexp = '';
354 foreach (@useragentlist)
355 {
356 chomp;
357 @useragent = split(/,/);
358 if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
359 }
360 chop($browser_regexp);
361 if (!$browser_regexp)
362 {
363 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
364 goto ERROR;
365 }
366 }
367 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
368 {
369 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
370 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
371 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
372 {
373 if ($netsettings{'BLUE_DEV'})
374 {
375 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
376 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
377 {
378 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
379 goto ERROR;
380 }
381 } else {
382 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
383 {
384 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
385 goto ERROR;
386 }
387 }
388 }
389 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
390 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
391 {
392 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
393 goto ERROR;
394 }
395 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
396 {
397 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
398 goto ERROR;
399 }
400 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
401 {
402 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
403 goto ERROR;
404 }
405 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
406 {
407 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
408 goto ERROR;
409 }
410 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
411 {
412 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
413 goto ERROR;
414 }
415 }
416 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
417 {
418 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
419 {
420 $errormessage = $Lang::tr{'advproxy errmsg password length'};
421 goto ERROR;
422 }
423 }
424 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
425 {
426 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
427 {
428 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
429 goto ERROR;
430 }
431 }
432 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
433 {
434 if ($proxysettings{'LDAP_BASEDN'} eq '')
435 {
436 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
437 goto ERROR;
438 }
439 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
440 {
441 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
442 goto ERROR;
443 }
444 if (!&General::validport($proxysettings{'LDAP_PORT'}))
445 {
446 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
447 goto ERROR;
448 }
449 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
450 {
451 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
452 {
453 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
454 goto ERROR;
455 }
456 }
457 }
458 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
459 {
460 if ($proxysettings{'NTLM_DOMAIN'} eq '')
461 {
462 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
463 goto ERROR;
464 }
465 if ($proxysettings{'NTLM_PDC'} eq '')
466 {
467 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
468 goto ERROR;
469 }
470 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
471 {
472 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
473 goto ERROR;
474 }
475 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
476 {
477 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
478 goto ERROR;
479 }
480 }
481 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
482 {
483 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
484 {
485 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
486 goto ERROR;
487 }
488 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
489 {
490 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
491 goto ERROR;
492 }
493 if ($proxysettings{'RADIUS_SECRET'} eq '')
494 {
495 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
496 goto ERROR;
497 }
ac1cfefa
MT		 498 }
499
500 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
ed38f89d
MT		 501 $proxy1 = 'YES';
502 $proxy2 = 'YES';
ac1cfefa
MT		 503 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
504 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
505 if (($proxy1 ne $proxy2))
506 {
ed38f89d 507 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
ac1cfefa
MT		 508 goto ERROR;
509 }
510
ed38f89d
MT		 511ERROR:
512 &check_acls;
ac1cfefa 513
ed38f89d
MT		 514 if ($errormessage) {
515 $proxysettings{'VALID'} = 'no'; }
516 else {
517 $proxysettings{'VALID'} = 'yes'; }
ac1cfefa 518
ed38f89d 519 if ($proxysettings{'VALID'} eq 'yes')
ac1cfefa 520 {
ed38f89d 521 &write_acls;
ac1cfefa 522
ed38f89d
MT		 523 delete $proxysettings{'SRC_SUBNETS'};
524 delete $proxysettings{'SRC_BANNED_IP'};
525 delete $proxysettings{'SRC_BANNED_MAC'};
526 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
527 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
528 delete $proxysettings{'DST_NOCACHE'};
529 delete $proxysettings{'DST_NOAUTH'};
530 delete $proxysettings{'MIME_TYPES'};
531 delete $proxysettings{'NTLM_ALLOW_USERS'};
532 delete $proxysettings{'NTLM_DENY_USERS'};
533 delete $proxysettings{'RADIUS_ALLOW_USERS'};
534 delete $proxysettings{'RADIUS_DENY_USERS'};
535 delete $proxysettings{'IDENT_HOSTS'};
536 delete $proxysettings{'IDENT_ALLOW_USERS'};
537 delete $proxysettings{'IDENT_DENY_USERS'};
ac1cfefa 538
ed38f89d
MT		 539 delete $proxysettings{'CRE_GROUPS'};
540 delete $proxysettings{'CRE_SVHOSTS'};
ac1cfefa 541
ed38f89d
MT		 542 delete $proxysettings{'NCSA_USERNAME'};
543 delete $proxysettings{'NCSA_GROUP'};
544 delete $proxysettings{'NCSA_PASS'};
545 delete $proxysettings{'NCSA_PASS_CONFIRM'};
ac1cfefa 546
ed38f89d
MT		 547 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
548 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
549 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
550 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
551 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
552 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
553 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
ac1cfefa 554
ed38f89d
MT		 555 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
556 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
ac1cfefa 557
ed38f89d 558 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
ac1cfefa 559
ed38f89d
MT		 560 if ($urlfilter_addon)
561 {
562 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
563 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
564 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
565 }
ac1cfefa 566
ed38f89d
MT		 567 if ($updacclrtr_addon)
568 {
569 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
570 $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'};
571 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
ac1cfefa 572 }
ac1cfefa 573
ed38f89d
MT		 574 &writeconfig;
575 &writepacfile;
576
577 unlink "${General::swroot}/proxy/enable";
578 unlink "${General::swroot}/proxy/transparent";
579 unlink "${General::swroot}/proxy/enable_blue";
580 unlink "${General::swroot}/proxy/transparent_blue";
ac1cfefa 581
ac1cfefa
MT		 582 if ($proxysettings{'ENABLE'} eq 'on') {
583 system ('/bin/touch', "${General::swroot}/proxy/enable"); }
584 if ($proxysettings{'TRANSPARENT'} eq 'on') {
585 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }
586 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
587 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }
588 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
589 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
ed38f89d
MT		 590
591 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
ac1cfefa
MT		 592 }
593}
594
595if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})
596{
ac1cfefa
MT		 597 system('/usr/local/bin/restartsquid','-f');
598}
599
ed38f89d
MT		 600if (!$errormessage)
601{
602 if (-e "${General::swroot}/proxy/advanced/settings") {
603 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
604 } elsif (-e "${General::swroot}/proxy/settings") {
605 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
606 }
607 &read_acls;
608}
ac1cfefa
MT		 609
610$checked{'ENABLE'}{'off'} = '';
611$checked{'ENABLE'}{'on'} = '';
612$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
613
614$checked{'TRANSPARENT'}{'off'} = '';
615$checked{'TRANSPARENT'}{'on'} = '';
616$checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
617
618$checked{'ENABLE_BLUE'}{'off'} = '';
619$checked{'ENABLE_BLUE'}{'on'} = '';
620$checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
621
622$checked{'TRANSPARENT_BLUE'}{'off'} = '';
623$checked{'TRANSPARENT_BLUE'}{'on'} = '';
624$checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
625
ed38f89d
MT		 626$checked{'FORWARD_IPADDRESS'}{'off'} = '';
627$checked{'FORWARD_IPADDRESS'}{'on'} = '';
628$checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
629$checked{'FORWARD_USERNAME'}{'off'} = '';
630$checked{'FORWARD_USERNAME'}{'on'} = '';
631$checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
632$checked{'FORWARD_VIA'}{'off'} = '';
633$checked{'FORWARD_VIA'}{'on'} = '';
634$checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
635
636$selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
637$selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
638$selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
639$checked{'OFFLINE_MODE'}{'off'} = '';
640$checked{'OFFLINE_MODE'}{'on'} = '';
641$checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
642
ac1cfefa
MT		 643$checked{'LOGGING'}{'off'} = '';
644$checked{'LOGGING'}{'on'} = '';
645$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
ed38f89d
MT		 646$checked{'LOGQUERY'}{'off'} = '';
647$checked{'LOGQUERY'}{'on'} = '';
648$checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
649$checked{'LOGUSERAGENT'}{'off'} = '';
650$checked{'LOGUSERAGENT'}{'on'} = '';
651$checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
652
653$selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
654
655$checked{'CLASSROOM_EXT'}{'off'} = '';
656$checked{'CLASSROOM_EXT'}{'on'} = '';
657$checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
658
659$selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
660$selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
661$selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
662$selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
663$selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
664
665$proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
666$proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
667$proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
668$proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
669$proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
670$proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
671$proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
672
673$checked{'TIME_MON'}{'off'} = '';
674$checked{'TIME_MON'}{'on'} = '';
675$checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
676$checked{'TIME_TUE'}{'off'} = '';
677$checked{'TIME_TUE'}{'on'} = '';
678$checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
679$checked{'TIME_WED'}{'off'} = '';
680$checked{'TIME_WED'}{'on'} = '';
681$checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
682$checked{'TIME_THU'}{'off'} = '';
683$checked{'TIME_THU'}{'on'} = '';
684$checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
685$checked{'TIME_FRI'}{'off'} = '';
686$checked{'TIME_FRI'}{'on'} = '';
687$checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
688$checked{'TIME_SAT'}{'off'} = '';
689$checked{'TIME_SAT'}{'on'} = '';
690$checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
691$checked{'TIME_SUN'}{'off'} = '';
692$checked{'TIME_SUN'}{'on'} = '';
693$checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
694
695$selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
696$selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
697$selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
698$selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
699
700$checked{'THROTTLE_BINARY'}{'off'} = '';
701$checked{'THROTTLE_BINARY'}{'on'} = '';
702$checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
703$checked{'THROTTLE_DSKIMG'}{'off'} = '';
704$checked{'THROTTLE_DSKIMG'}{'on'} = '';
705$checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
706$checked{'THROTTLE_MMEDIA'}{'off'} = '';
707$checked{'THROTTLE_MMEDIA'}{'on'} = '';
708$checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
709
710$checked{'ENABLE_MIME_FILTER'}{'off'} = '';
711$checked{'ENABLE_MIME_FILTER'}{'on'} = '';
712$checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
713
714$checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
715$checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
716$checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
717
718foreach (@useragentlist) {
719 @useragent = split(/,/);
720 $checked{'UA_'.@useragent[0]}{'off'} = '';
721 $checked{'UA_'.@useragent[0]}{'on'} = '';
722 $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
723}
724
725$checked{'AUTH_METHOD'}{'none'} = '';
726$checked{'AUTH_METHOD'}{'ncsa'} = '';
727$checked{'AUTH_METHOD'}{'ident'} = '';
728$checked{'AUTH_METHOD'}{'ldap'} = '';
729$checked{'AUTH_METHOD'}{'ntlm'} = '';
730$checked{'AUTH_METHOD'}{'radius'} = '';
731$checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
ac1cfefa 732
ed38f89d
MT		 733$proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
734
735$checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
736$checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
737$checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
738
739$checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
740$checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
741$checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
742
743$selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
744
745$selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
746
747$proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
748
749$checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
750$checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
751$checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
752
753$checked{'NTLM_ENABLE_ACL'}{'off'} = '';
754$checked{'NTLM_ENABLE_ACL'}{'on'} = '';
755$checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
756
757$checked{'NTLM_USER_ACL'}{'positive'} = '';
758$checked{'NTLM_USER_ACL'}{'negative'} = '';
759$checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
760
761$checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
762$checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
763$checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
764
765$checked{'RADIUS_USER_ACL'}{'positive'} = '';
766$checked{'RADIUS_USER_ACL'}{'negative'} = '';
767$checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
768
769$checked{'IDENT_REQUIRED'}{'off'} = '';
770$checked{'IDENT_REQUIRED'}{'on'} = '';
771$checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
772
773$checked{'IDENT_ENABLE_ACL'}{'off'} = '';
774$checked{'IDENT_ENABLE_ACL'}{'on'} = '';
775$checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
776
777$checked{'IDENT_USER_ACL'}{'positive'} = '';
778$checked{'IDENT_USER_ACL'}{'negative'} = '';
779$checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
780
781if ($urlfilter_addon) {
782 $checked{'ENABLE_FILTER'}{'off'} = '';
783 $checked{'ENABLE_FILTER'}{'on'} = '';
784 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
785}
786
787if ($updacclrtr_addon) {
788 $checked{'ENABLE_UPDACCEL'}{'off'} = '';
789 $checked{'ENABLE_UPDACCEL'}{'on'} = '';
790 $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'";
791}
792
793&Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
ac1cfefa
MT		 794
795&Header::openbigbox('100%', 'left', '', $errormessage);
796
797if ($errormessage) {
798 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
799 print "<font class='base'>$errormessage&nbsp;</font>\n";
800 &Header::closebox();
801}
802
ed38f89d
MT		 803# ===================================================================
804# Main settings
805# ===================================================================
806
807unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
808
ac1cfefa
MT		 809print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
810
ed38f89d
MT		 811&Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
812
ac1cfefa
MT		 813print <<END
814<table width='100%'>
815<tr>
ed38f89d
MT		 816 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
817</tr>
818<tr>
819 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
820 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
821 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:</td>
822 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
ac1cfefa
MT		 823</tr>
824<tr>
ed38f89d 825 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
ac1cfefa 826 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
ed38f89d
MT		 827 <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
828 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
ac1cfefa
MT		 829</tr>
830<tr>
831END
832;
833if ($netsettings{'BLUE_DEV'}) {
ed38f89d 834 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT		 835 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
836} else {
837 print "<td colspan='2'>&nbsp;</td>";
838}
839print <<END
ed38f89d
MT		 840 <td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
841 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
ac1cfefa
MT		 842</tr>
843<tr>
844END
845;
846if ($netsettings{'BLUE_DEV'}) {
ed38f89d 847 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT		 848 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
849} else {
850 print "<td colspan='2'>&nbsp;</td>";
851}
852print <<END
ed38f89d
MT		 853 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
854 <td class='base'>
855 <select name='ERR_LANGUAGE'>
856END
857;
858 foreach (</usr/lib/squid/errors/*>) {
859 if (-d) {
860 $language = substr($_,rindex($_,"/")+1);
861 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
862 }
863 }
864print <<END
865 </select>
866 </td>
867</tr>
868</table>
869<hr size='1'>
870<table width='100%'>
871<tr>
872 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
873</tr>
874<tr>
875 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}</font>:</td>
876 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
877 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
878 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
879</tr>
880<tr>
881 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}</font>:</td>
882 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
883 <td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
884 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
ac1cfefa 885</tr>
ac1cfefa 886<tr>
ed38f89d
MT		 887 <td class='base'>$Lang::tr{'advproxy username forwarding'}</font>:</td>
888 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
889 <td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
890 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
891</tr>
892</table>
893<hr size='1'>
894<table width='100%'>
895<tr>
896 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
897</tr>
898<tr>
899 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
900 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
901 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
902 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
903</tr>
904<tr>
905 <td>&nbsp;</td>
906 <td>&nbsp;</td>
907 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
908 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
909</tr>
910</table>
911<hr size='1'>
912<table width='100%'>
913<tr>
914 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
915</tr>
916<tr>
917 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
ac1cfefa
MT		 918</tr>
919<tr>
ed38f89d
MT		 920 <td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
921 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
922 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:</td>
ac1cfefa
MT		 923 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
924</tr>
925<tr>
ed38f89d 926 <td class='base'>$Lang::tr{'advproxy min size'}:</td>
ac1cfefa 927 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
ed38f89d 928 <td class='base'>$Lang::tr{'advproxy max size'}:</td>
ac1cfefa
MT		 929 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
930</tr>
931<tr>
ed38f89d
MT		 932 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
933 <td class='base'><select name='L1_DIRS'>
934 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
935 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
936 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
937 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
938 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
939 </select></td>
940 <td colspan='2' rowspan= '5' valign='top' class='base'>
941 <table cellpadding='0' cellspacing='0'>
942 <tr>
943 <!-- intentionally left empty -->
944 </tr>
945 <tr>
946 <td>$Lang::tr{'advproxy no cache sites'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
947 </tr>
948 <tr>
949 <!-- intentionally left empty -->
950 </tr>
951 <tr>
952 <!-- intentionally left empty -->
953 </tr>
954 <tr>
955 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
956END
957;
958
959print $proxysettings{'DST_NOCACHE'};
960
961print <<END
962</textarea></td>
963 </tr>
964 </table>
965 </td>
966</tr>
967<tr>
968 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
969 <td class='base'><select name='MEM_POLICY'>
970 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
971 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
972 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
973 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
974 </select></td>
975</tr>
976<tr>
977 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
978 <td class='base'><select name='CACHE_POLICY'>
979 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
980 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
981 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
982 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
983 </select></td>
984</tr>
985<tr>
986 <td colspan='2'>&nbsp;</td>
987</tr>
988<tr>
989 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
990 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
991</tr>
992</table>
993<hr size='1'>
994<table width='100%'>
995<tr>
996 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
997</tr>
998<tr>
999 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1000</tr>
1001<tr>
1002 <td colspan='2' class='base'>$Lang::tr{'advproxy allowed subnets'}:</td>
1003 <td colspan='2'>&nbsp;</td>
1004</tr>
1005<tr>
1006 <td colspan='2'><textarea name='SRC_SUBNETS' cols='32' rows='6' wrap='off'>
1007END
1008;
1009
1010if (!$proxysettings{'SRC_SUBNETS'}) {
1011 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1012 if ($netsettings{'BLUE_DEV'}) {
1013 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1014 }
1015} else {
1016 print $proxysettings{'SRC_SUBNETS'};
1017}
1018
1019print <<END
1020</textarea></td>
1021 <td colspan='2'>&nbsp;</td>
1022</tr>
1023</table>
1024<table width='100%'>
1025<tr>
1026 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1027</tr>
1028<tr>
1029 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1030 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1031</tr>
1032<tr>
1033 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='6' wrap='off'>
1034END
1035;
1036
1037 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1038
1039print <<END
1040</textarea></td>
1041 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='6' wrap='off'>
1042END
1043;
1044
1045print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1046
1047print <<END
1048</textarea></td>
1049</tr>
1050</table>
1051<table width='100%'>
1052<tr>
1053 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1054</tr>
1055<tr>
1056 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1057 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1058</tr>
1059<tr>
1060 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='6' wrap='off'>
1061END
1062;
1063
1064 print $proxysettings{'SRC_BANNED_IP'};
1065
1066print <<END
1067</textarea></td>
1068 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='6' wrap='off'>
1069END
1070;
1071
1072print $proxysettings{'SRC_BANNED_MAC'};
1073
1074print <<END
1075</textarea></td>
1076</tr>
1077</table>
1078
1079<hr size='1'>
1080
1081END
1082;
1083# -------------------------------------------------------------------
1084# CRE GUI - optional
1085# -------------------------------------------------------------------
1086
1087if (-e $cre_enabled) { print <<END
1088<table width='100%'>
1089
1090<tr>
1091 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b></td>
1092</tr>
1093<tr>
1094 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1095</tr>
1096<tr>
1097 <td class='base'>$Lang::tr{'advproxy enabled'}:</td>
1098 <td><input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1099 <td class='base'>$Lang::tr{'advproxy supervisor password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1100 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1101</tr>
1102<tr>
1103 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1104 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1105</tr>
1106<tr>
1107 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1108END
1109;
1110
1111 print $proxysettings{'CRE_GROUPS'};
1112
1113print <<END
1114</textarea></td>
1115 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1116END
1117;
1118 print $proxysettings{'CRE_SVHOSTS'};
1119
1120print <<END
1121</textarea></td>
1122</tr>
1123
1124</table>
1125
1126<hr size='1'>
1127END
1128;
1129} else {
1130 print <<END
1131 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1132 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1133 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1134END
1135;
1136}
1137# -------------------------------------------------------------------
1138
1139print <<END
1140
1141<table width='100%'>
1142<tr>
1143 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1144</tr>
1145<table width='100%'>
1146<tr>
1147 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1148 <td width='1%'>&nbsp;</td>
1149 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1150 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1151 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1152 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1153 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1154 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1155 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1156 <td width='1%'>&nbsp;&nbsp;</td>
1157 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1158 <td width='1%'>&nbsp;</td>
1159 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1160 <td>&nbsp;</td>
1161</tr>
1162<tr>
1163 <td class='base'>
1164 <select name='TIME_ACCESS_MODE'>
1165 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1166 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1167 </select>
1168 </td>
1169 <td>&nbsp;</td>
1170 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1171 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1172 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1173 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1174 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1175 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1176 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1177 <td>&nbsp;</td>
1178 <td class='base'>
1179 <select name='TIME_FROM_HOUR'>
1180END
1181;
1182for ($i=0;$i<=24;$i++) {
1183 $_ = sprintf("%02s",$i);
1184 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1185}
1186print <<END
1187 </select>
1188 </td>
1189 <td>:</td>
1190 <td class='base'>
1191 <select name='TIME_FROM_MINUTE'>
1192END
1193;
1194for ($i=0;$i<=45;$i+=15) {
1195 $_ = sprintf("%02s",$i);
1196 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1197}
1198print <<END
1199 </select>
1200 <td> - </td>
1201 </td>
1202 <td class='base'>
1203 <select name='TIME_TO_HOUR'>
1204END
1205;
1206for ($i=0;$i<=24;$i++) {
1207 $_ = sprintf("%02s",$i);
1208 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1209}
1210print <<END
1211 </select>
1212 </td>
1213 <td>:</td>
1214 <td class='base'>
1215 <select name='TIME_TO_MINUTE'>
1216END
1217;
1218for ($i=0;$i<=45;$i+=15) {
1219 $_ = sprintf("%02s",$i);
1220 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1221}
1222print <<END
1223 </select>
1224 </td>
1225</tr>
1226</table>
1227<hr size='1'>
1228<table width='100%'>
1229<tr>
1230 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
ac1cfefa
MT		 1231</tr>
1232<tr>
ed38f89d
MT		 1233 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:</td>
1234 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1235 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:</td>
1236 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
ac1cfefa
MT		 1237</tr>
1238</table>
ed38f89d 1239<hr size='1'>
ac1cfefa 1240<table width='100%'>
ac1cfefa 1241<tr>
ed38f89d
MT		 1242 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1243</tr>
1244<tr>
1245 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1246 <td width='20%' class='base'>
1247 <select name='THROTTLING_GREEN_TOTAL'>
1248END
1249;
1250
1251foreach (@throttle_limits) {
1252 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
1253}
1254
1255print <<END
1256 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1257 </select>
1258 </td>
1259 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1260 <td width='30%' class='base'>
1261 <select name='THROTTLING_GREEN_HOST'>
1262END
1263;
1264
1265foreach (@throttle_limits) {
1266 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
1267}
1268
1269print <<END
1270 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1271 </select>
1272 </td>
1273</tr>
1274END
1275;
1276
1277if ($netsettings{'BLUE_DEV'}) {
1278 print <<END
1279<tr>
1280 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1281 <td class='base'>
1282 <select name='THROTTLING_BLUE_TOTAL'>
1283END
1284;
1285
1286foreach (@throttle_limits) {
1287 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
1288}
1289
1290print <<END
1291 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1292 </select>
1293 </td>
1294 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1295 <td class='base'>
1296 <select name='THROTTLING_BLUE_HOST'>
1297END
1298;
1299
1300foreach (@throttle_limits) {
1301 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
1302}
1303
1304print <<END
1305 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1306 </select>
ac1cfefa 1307 </td>
ac1cfefa 1308</tr>
ed38f89d
MT		 1309END
1310;
1311}
ac1cfefa 1312
ed38f89d
MT		 1313print <<END
1314</table>
1315<table width='100%'>
1316<tr>
1317 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1318</tr>
1319<tr>
1320 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1321 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1322 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1323 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1324 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1325 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1326 <td width='15%'>&nbsp;</td>
1327 <td width='10%'>&nbsp;</td>
1328</tr>
ac1cfefa 1329</table>
ed38f89d
MT		 1330<hr size='1'>
1331<table width='100%'>
1332<tr>
1333 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b></td>
1334</tr>
1335<tr>
1336 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1337 <td width='20%'><input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1338</tr>
1339<tr>
1340 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1341 <td>&nbsp;</td>
1342 <td>&nbsp;</td>
1343</tr>
1344<tr>
1345 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
ac1cfefa
MT		 1346END
1347;
ac1cfefa 1348
ed38f89d 1349print $proxysettings{'MIME_TYPES'};
ac1cfefa 1350
ed38f89d
MT		 1351print <<END
1352</textarea></td>
1353 <td>&nbsp;</td>
1354 <td>&nbsp;</td>
1355</tr>
1356</table>
1357<hr size='1'>
1358<table width='100%'>
1359<tr>
1360 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b></td>
1361</tr>
1362<tr>
1363 <td width='25%' class='base'>$Lang::tr{'advproxy UA enable filter'}:</td>
1364 <td width='20%'><input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1365 <td>&nbsp;</td>
1366 <td>&nbsp;</td>
1367</tr>
1368<tr>
1369 <td colspan='4'><i>
1370END
1371;
1372if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1373print <<END
1374</i></td>
1375</tr>
1376</table>
1377<table width='100%'>
1378END
1379;
ac1cfefa 1380
ed38f89d
MT		 1381for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1382 for ($i=0; $i<=3; $i++) {
1383 if ($i eq 0) { print "<tr>\n"; }
1384 if (($n+$i) < @useragentlist) {
1385 @useragent = split(/,/,@useragentlist[$n+$i]);
1386 print "<td width='15%'>@useragent[1]:<\/td>\n";
1387 print "<td width='10%'><input type='checkbox' name='UA_@useragent[0]' $checked{'UA_'.@useragent[0]}{'on'} /></td>\n";
1388 }
1389 if ($i eq 3) { print "<\/tr>\n"; }
1390 }
1391}
1392
1393print <<END
1394</table>
1395<hr size='1'>
1396<table width='100%'>
1397<tr>
1398 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1399</tr>
1400<tr>
1401 <td class='base'>$Lang::tr{'advproxy fake useragent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1402</tr>
1403<tr>
1404 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
1405</tr>
1406<tr>
1407 <td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1408</tr>
1409<tr>
1410 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
1411</tr>
1412</table>
1413<hr size='1'>
1414END
1415;
1416
1417if ($urlfilter_addon) {
1418 print <<END
1419<table width='100%'>
1420<tr>
1421 <td colspan='4'><b>$Lang::tr{'advproxy url filter'}</b></td>
1422</tr>
1423<tr>
1424 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1425 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
1426 <td>&nbsp;</td>
1427 <td>&nbsp;</td>
1428</tr>
1429</table>
1430<hr size='1'>
1431END
1432; }
1433
1434if (($updacclrtr_addon) && (!($urlfilter_addon))) {
1435 print <<END
1436<table width='100%'>
1437<tr>
1438 <td colspan='4'><b>$Lang::tr{'advproxy update accelerator'}</b></td>
1439</tr>
1440<tr>
1441 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1442 <td><input type='checkbox' name='ENABLE_UPDACCEL' $checked{'ENABLE_UPDACCEL'}{'on'} /></td>
1443 <td>&nbsp;</td>
1444 <td>&nbsp;</td>
1445</tr>
1446</table>
1447<hr size='1'>
1448END
1449; }
1450
1451print <<END
1452<table width='100%'>
1453<tr>
1454 <td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1455</tr>
1456<tr>
1457 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1458 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1459 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1460 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1461 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1462 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1463</tr>
1464</table>
1465END
1466;
1467
1468if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1469<hr size='1'>
1470<table width='100%'>
1471<tr>
1472 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1473</tr>
1474<tr>
1475 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1476</tr>
1477<tr>
1478 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1479 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1480 <td colspan='2' rowspan= '6' valign='top' class='base'>
1481 <table cellpadding='0' cellspacing='0'>
1482 <tr>
1483 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1484 </tr>
1485 <tr>
1486 <!-- intentionally left empty -->
1487 </tr>
1488 <tr>
1489 <!-- intentionally left empty -->
1490 </tr>
1491 <tr>
1492 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1493 </tr>
1494 <tr>
1495 <!-- intentionally left empty -->
1496 </tr>
1497 <tr>
1498 <!-- intentionally left empty -->
1499 </tr>
1500 <tr>
1501 <td>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1502 </tr>
1503 <tr>
1504 <!-- intentionally left empty -->
1505 </tr>
1506 <tr>
1507 <!-- intentionally left empty -->
1508 </tr>
1509 <tr>
1510 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1511END
1512;
1513
1514print $proxysettings{'DST_NOAUTH'};
1515
1516print <<END
1517</textarea></td>
1518 </tr>
1519 </table>
1520 </td>
1521</tr>
1522<tr>
1523 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1524 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1525</tr>
1526<tr>
1527 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1528 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1529</tr>
1530<tr>
1531 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1532 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1533</tr>
1534<tr>
1535 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1536 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1537</tr>
1538<tr>
1539 <td colspan='2'>&nbsp;</td>
1540</tr>
1541</table>
1542END
1543;
1544}
1545
1546# ===================================================================
1547# NCSA auth settings
1548# ===================================================================
1549
1550if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1551print <<END
1552<hr size='1'>
1553<table width='100%'>
1554<tr>
1555 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1556</tr>
1557<tr>
1558 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1559 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1560 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1561 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1562</tr>
1563<tr>
1564 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1565 <td>&nbsp;</td>
1566 <td>&nbsp;</td>
1567</tr>
1568</table>
1569END
1570; }
1571
1572# ===================================================================
1573# IDENTD auth settings
1574# ===================================================================
1575
1576if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1577print <<END
1578<hr size ='1'>
1579<table width='100%'>
1580<tr>
1581 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1582</tr>
1583<tr>
1584 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1585 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1586 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1587 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1588</tr>
1589<tr>
1590 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1591 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1592 <td>&nbsp;</td>
1593 <td>&nbsp;</td>
1594</tr>
1595<tr>
1596 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1597 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1598</tr>
1599<tr>
1600 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1601END
1602;
1603if (!$proxysettings{'IDENT_HOSTS'}) {
1604 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1605 if ($netsettings{'BLUE_DEV'}) {
1606 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1607 }
1608} else {
1609 print $proxysettings{'IDENT_HOSTS'};
1610}
1611
1612print <<END
1613</textarea></td>
1614 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1615END
1616;
1617
1618print $proxysettings{'DST_NOAUTH'};
1619
1620print <<END
1621</textarea></td>
1622</tr>
1623</table>
1624<hr size ='1'>
1625<table width='100%'>
1626<tr>
1627 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1628</tr>
1629<tr>
1630 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1631 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1632 <td width='25%'>&nbsp;</td>
1633 <td width='30%'>&nbsp;</td>
1634</tr>
1635<tr>
1636 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1637 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1638 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1639 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1640</tr>
1641<tr>
1642 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1643 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1644</tr>
1645<tr>
1646 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1647END
1648; }
1649
1650if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1651
1652if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1653</textarea></td>
1654 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1655END
1656; }
1657
1658if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1659
1660if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1661</textarea></td>
1662</tr>
1663</table>
1664END
1665; }
1666
1667# ===================================================================
1668# NTLM auth settings
1669# ===================================================================
1670
1671if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1672print <<END
1673<hr size='1'>
1674<table width='100%'>
1675<tr>
1676 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1677</tr>
1678<tr>
1679 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1680 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1681 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1682 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1683 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1684 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1685</tr>
1686</table>
1687<hr size ='1'>
1688<table width='100%'>
1689<tr>
1690 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1691</tr>
1692<tr>
1693 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1694 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1695 <td>&nbsp;</td>
1696</tr>
1697</table>
1698<hr size ='1'>
1699<table width='100%'>
1700<tr>
1701 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1702</tr>
1703<tr>
1704 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1705 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1706 <td width='25%'>&nbsp;</td>
1707 <td width='30%'>&nbsp;</td>
1708</tr>
1709<tr>
1710 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1711 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1712 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1713 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1714</tr>
1715<tr>
1716 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1717 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1718</tr>
1719<tr>
1720 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1721END
1722; }
1723
1724if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1725
1726if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1727</textarea></td>
1728 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1729END
1730; }
1731
1732if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1733
1734if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1735</textarea></td>
1736</tr>
1737</table>
1738END
1739; }
1740
1741# ===================================================================
1742# LDAP auth settings
1743# ===================================================================
1744
1745if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1746print <<END
1747<hr size='1'>
1748<table width='100%'>
1749<tr>
1750 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1751</tr>
1752<tr>
1753 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1754 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1755 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1756 <td class='base'><select name='LDAP_TYPE'>
1757 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1758 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1759 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1760 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1761 </select></td>
1762</tr>
1763<tr>
1764 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1765 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1766 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1767 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1768</tr>
1769</table>
1770<hr size ='1'>
1771<table width='100%'>
1772<tr>
1773 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1774</tr>
1775<tr>
1776 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1777 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1778 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1779 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1780</tr>
1781</table>
1782<hr size ='1'>
1783<table width='100%'>
1784<tr>
1785 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1786</tr>
1787<tr>
1788 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1789 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1790 <td>&nbsp;</td>
1791 <td>&nbsp;</td>
1792</tr>
1793</table>
1794END
1795; }
1796
1797# ===================================================================
1798# RADIUS auth settings
1799# ===================================================================
1800
1801if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1802print <<END
1803<hr size='1'>
1804<table width='100%'>
1805<tr>
1806 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1807</tr>
1808<tr>
1809 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1810 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1811 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1812 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1813</tr>
1814<tr>
1815 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1816 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1817 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1818 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1819</tr>
1820</table>
1821<hr size ='1'>
1822<table width='100%'>
1823<tr>
1824 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1825</tr>
1826<tr>
1827 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1828 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1829 <td width='25%'>&nbsp;</td>
1830 <td width='30%'>&nbsp;</td>
1831</tr>
1832<tr>
1833 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1834 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1835 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1836 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1837</tr>
1838<tr>
1839 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1840 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1841</tr>
1842<tr>
1843 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1844END
1845; }
1846
1847if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
1848
1849if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1850</textarea></td>
1851 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
1852END
1853; }
1854
1855if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
1856
1857if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1858</textarea></td>
1859</tr>
1860</table>
1861END
1862; }
1863
1864# ===================================================================
1865
1866}
1867
1868print "<table>\n";
1869
1870if ($proxysettings{'AUTH_METHOD'} eq 'none') {
1871print <<END
1872<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1873<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1874<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1875<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1876<td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
1877<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1878<td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
1879END
1880; }
1881
1882if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1883print <<END
1884<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1885<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1886<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1887<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1888<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1889END
1890; }
1891
1892if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
1893print <<END
1894<td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
1895<td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
1896END
1897; }
1898
1899if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
1900print <<END
1901<td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
1902<td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
1903<td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
1904<td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
1905<td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
1906<td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
1907<td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
1908END
1909; }
1910
1911if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
1912print <<END
1913<td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
1914<td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
1915<td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
1916<td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
1917<td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
1918<td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
1919<td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
1920END
1921; }
1922
1923if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
1924print <<END
1925<td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
1926<td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
1927<td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
1928<td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
1929<td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
1930<td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
1931<td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
1932<td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
1933END
1934; }
1935
1936if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
1937print <<END
1938<td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
1939<td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
1940<td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
1941<td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
1942<td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
1943<td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
1944<td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
1945<td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
1946END
1947; }
1948
1949print "</table>\n";
1950
1951print <<END
1952<hr size='1'>
1953END
1954;
1955
1956print <<END
1957<table width='100%'>
1958<tr>
1959 <td>&nbsp;</td>
1960 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
1961 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
1962 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>
1963 <td>&nbsp;</td>
1964</tr>
1965
1966</table>
1967<br />
1968<table width='100%'>
1969<tr>
1970 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;
1971 <font class='base'>$Lang::tr{'this field may be blank'}</font>
1972 </td>
1973 <td align='right'>
60cbd6e7 1974 &nbsp;
ed38f89d
MT		 1975 </td>
1976</tr>
1977</table>
1978</form>
1979END
1980;
1981
1982&Header::closebox();
1983
1984} else {
1985
1986# ===================================================================
1987# NCSA user management
1988# ===================================================================
1989
1990&Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
1991print <<END
1992<form method='post' action='$ENV{'SCRIPT_NAME'}'>
1993<table width='100%'>
1994<tr>
1995 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
1996</tr>
1997<tr>
1998 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
1999 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2000END
2001;
2002 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
2003 print <<END
2004 /></td>
2005 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2006 <td class='base'>
2007 <select name='NCSA_GROUP'>
2008 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2009 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2010 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2011 </select>
2012 </td>
2013
2014</tr>
2015<tr>
2016 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2017 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2018 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2019 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2020</tr>
2021</table>
2022<br>
2023<table>
2024<tr>
2025 <td>&nbsp;</td>
2026 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2027 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2028 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2029END
2030;
2031 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2032 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2033 }
2034
2035print <<END
2036 <td>&nbsp;</td>
2037 <td>&nbsp;</td>
2038 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2039</tr>
2040</table>
2041</form>
2042<hr size='1'>
2043<table width='100%'>
2044<tr>
2045 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2046</tr>
2047</table>
2048<table width='100%' align='center'>
2049END
2050;
2051
2052if (-e $extgrp)
2053{
2054 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2055 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2056}
2057if (-e $stdgrp)
2058{
2059 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2060 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2061}
2062if (-e $disgrp)
2063{
2064 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2065 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2066}
2067
2068@userlist = sort(@userlist);
2069
2070# If the password file contains entries, print entries and action icons
2071
2072if (! -z "$userdb") {
2073 print <<END
2074 <tr>
2075 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2076 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2077 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2078 </tr>
2079END
2080;
2081 $id = 0;
2082 foreach $line (@userlist)
2083 {
2084 $id++;
2085 chomp($line);
2086 @temp = split(/:/,$line);
2087 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2088 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2089 elsif ($id % 2) {
2090 print "<tr bgcolor='$Header::table1colour'>\n"; }
2091 else {
2092 print "<tr bgcolor='$Header::table2colour'>\n"; }
2093
2094 print <<END
2095 <td align='center'>$temp[0]</td>
2096 <td align='center'>
2097END
2098;
2099 if ($temp[1] eq 'standard') {
2100 print $Lang::tr{'advproxy NCSA grp standard'};
2101 } elsif ($temp[1] eq 'extended') {
2102 print $Lang::tr{'advproxy NCSA grp extended'};
2103 } elsif ($temp[1] eq 'disabled') {
2104 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2105 print <<END
2106 </td>
2107 <td width='8%' align='center'>
2108 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2109 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2110 <input type='hidden' name='ID' value='$line' />
2111 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2112 </form>
2113 </td>
2114
2115 <td width='8%' align='center'>
2116 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2117 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2118 <input type='hidden' name='ID' value='$temp[0]' />
2119 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2120 </form>
2121 </td>
2122 </tr>
2123END
2124;
2125 }
2126
2127print <<END
2128</table>
2129<br>
2130<table witdh='100%'>
2131<tr>
2132 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2133 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2134 <td class='base'>$Lang::tr{'edit'}</td>
2135 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2136 <td class='base'>$Lang::tr{'remove'}</td>
2137</tr>
2138END
2139;
2140} else {
2141 print <<END
2142 <tr>
2143 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2144 </tr>
2145END
2146;
2147}
2148
2149print <<END
2150</table>
2151END
2152;
2153
2154&Header::closebox();
2155
2156}
2157
2158# ===================================================================
2159
2160&Header::closebigbox();
2161
2162&Header::closepage();
2163
2164# -------------------------------------------------------------------
2165
2166sub read_acls
2167{
2168 if (-e "$acl_src_subnets") {
2169 open(FILE,"$acl_src_subnets");
2170 delete $proxysettings{'SRC_SUBNETS'};
2171 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2172 close(FILE);
2173 }
2174 if (-e "$acl_src_banned_ip") {
2175 open(FILE,"$acl_src_banned_ip");
2176 delete $proxysettings{'SRC_BANNED_IP'};
2177 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2178 close(FILE);
2179 }
2180 if (-e "$acl_src_banned_mac") {
2181 open(FILE,"$acl_src_banned_mac");
2182 delete $proxysettings{'SRC_BANNED_MAC'};
2183 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2184 close(FILE);
2185 }
2186 if (-e "$acl_src_unrestricted_ip") {
2187 open(FILE,"$acl_src_unrestricted_ip");
2188 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2189 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2190 close(FILE);
2191 }
2192 if (-e "$acl_src_unrestricted_mac") {
2193 open(FILE,"$acl_src_unrestricted_mac");
2194 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2195 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2196 close(FILE);
2197 }
2198 if (-e "$acl_dst_nocache") {
2199 open(FILE,"$acl_dst_nocache");
2200 delete $proxysettings{'DST_NOCACHE'};
2201 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2202 close(FILE);
2203 }
2204 if (-e "$acl_dst_noauth") {
2205 open(FILE,"$acl_dst_noauth");
2206 delete $proxysettings{'DST_NOAUTH'};
2207 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2208 close(FILE);
2209 }
2210 if (-e "$mimetypes") {
2211 open(FILE,"$mimetypes");
2212 delete $proxysettings{'MIME_TYPES'};
2213 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2214 close(FILE);
2215 }
2216 if (-e "$ntlmdir/msntauth.allowusers") {
2217 open(FILE,"$ntlmdir/msntauth.allowusers");
2218 delete $proxysettings{'NTLM_ALLOW_USERS'};
2219 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2220 close(FILE);
2221 }
2222 if (-e "$ntlmdir/msntauth.denyusers") {
2223 open(FILE,"$ntlmdir/msntauth.denyusers");
2224 delete $proxysettings{'NTLM_DENY_USERS'};
2225 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2226 close(FILE);
2227 }
2228 if (-e "$raddir/radauth.allowusers") {
2229 open(FILE,"$raddir/radauth.allowusers");
2230 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2231 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2232 close(FILE);
2233 }
2234 if (-e "$raddir/radauth.denyusers") {
2235 open(FILE,"$raddir/radauth.denyusers");
2236 delete $proxysettings{'RADIUS_DENY_USERS'};
2237 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2238 close(FILE);
2239 }
2240 if (-e "$identdir/identauth.allowusers") {
2241 open(FILE,"$identdir/identauth.allowusers");
2242 delete $proxysettings{'IDENT_ALLOW_USERS'};
2243 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2244 close(FILE);
2245 }
2246 if (-e "$identdir/identauth.denyusers") {
2247 open(FILE,"$identdir/identauth.denyusers");
2248 delete $proxysettings{'IDENT_DENY_USERS'};
2249 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2250 close(FILE);
2251 }
2252 if (-e "$identhosts") {
2253 open(FILE,"$identhosts");
2254 delete $proxysettings{'IDENT_HOSTS'};
2255 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2256 close(FILE);
2257 }
2258 if (-e "$cre_groups") {
2259 open(FILE,"$cre_groups");
2260 delete $proxysettings{'CRE_GROUPS'};
2261 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2262 close(FILE);
2263 }
2264 if (-e "$cre_svhosts") {
2265 open(FILE,"$cre_svhosts");
2266 delete $proxysettings{'CRE_SVHOSTS'};
2267 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2268 close(FILE);
2269 }
2270}
2271
2272# -------------------------------------------------------------------
2273
2274sub check_acls
2275{
2276 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2277 undef $proxysettings{'SRC_SUBNETS'};
2278 foreach (@temp)
2279 {
2280 s/^\s+//g; s/\s+$//g;
2281 if ($_)
2282 {
2283 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2284 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2285 }
2286 }
2287
2288 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2289 undef $proxysettings{'SRC_BANNED_IP'};
2290 foreach (@temp)
2291 {
2292 s/^\s+//g; s/\s+$//g;
2293 if ($_)
2294 {
2295 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2296 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2297 }
2298 }
2299
2300 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2301 undef $proxysettings{'SRC_BANNED_MAC'};
2302 foreach (@temp)
2303 {
2304 s/^\s+//g; s/\s+$//g; s/-/:/g;
2305 if ($_)
2306 {
2307 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2308 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2309 }
2310 }
2311
2312 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2313 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2314 foreach (@temp)
2315 {
2316 s/^\s+//g; s/\s+$//g;
2317 if ($_)
2318 {
2319 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2320 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2321 }
2322 }
2323
2324 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2325 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2326 foreach (@temp)
2327 {
2328 s/^\s+//g; s/\s+$//g; s/-/:/g;
2329 if ($_)
2330 {
2331 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2332 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2333 }
2334 }
2335
2336 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2337 {
2338 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2339 undef $proxysettings{'NTLM_ALLOW_USERS'};
2340 foreach (@temp)
2341 {
2342 s/^\s+//g; s/\s+$//g;
2343 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2344 }
2345 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2346 }
2347
2348 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2349 {
2350 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2351 undef $proxysettings{'NTLM_DENY_USERS'};
2352 foreach (@temp)
2353 {
2354 s/^\s+//g; s/\s+$//g;
2355 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2356 }
2357 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2358 }
2359
2360 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2361 {
2362 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2363 undef $proxysettings{'IDENT_ALLOW_USERS'};
2364 foreach (@temp)
2365 {
2366 s/^\s+//g; s/\s+$//g;
2367 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2368 }
2369 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2370 }
2371
2372 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2373 {
2374 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2375 undef $proxysettings{'IDENT_DENY_USERS'};
2376 foreach (@temp)
2377 {
2378 s/^\s+//g; s/\s+$//g;
2379 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2380 }
2381 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2382 }
2383
2384 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2385 {
2386 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2387 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2388 foreach (@temp)
2389 {
2390 s/^\s+//g; s/\s+$//g;
2391 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2392 }
2393 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2394 }
2395
2396 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2397 {
2398 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2399 undef $proxysettings{'RADIUS_DENY_USERS'};
2400 foreach (@temp)
2401 {
2402 s/^\s+//g; s/\s+$//g;
2403 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2404 }
2405 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2406 }
2407
2408 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2409 undef $proxysettings{'IDENT_HOSTS'};
2410 foreach (@temp)
2411 {
2412 s/^\s+//g; s/\s+$//g;
2413 if ($_)
2414 {
2415 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2416 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2417 }
2418 }
2419
2420 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2421 undef $proxysettings{'CRE_SVHOSTS'};
2422 foreach (@temp)
2423 {
2424 s/^\s+//g; s/\s+$//g;
2425 if ($_)
2426 {
2427 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2428 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2429 }
2430 }
2431}
2432
2433
2434# -------------------------------------------------------------------
2435
2436sub write_acls
2437{
2438 open(FILE, ">$acl_src_subnets");
2439 flock(FILE, 2);
2440 print FILE $proxysettings{'SRC_SUBNETS'};
2441 close(FILE);
2442
2443 open(FILE, ">$acl_src_banned_ip");
2444 flock(FILE, 2);
2445 print FILE $proxysettings{'SRC_BANNED_IP'};
2446 close(FILE);
2447
2448 open(FILE, ">$acl_src_banned_mac");
2449 flock(FILE, 2);
2450 print FILE $proxysettings{'SRC_BANNED_MAC'};
2451 close(FILE);
2452
2453 open(FILE, ">$acl_src_unrestricted_ip");
2454 flock(FILE, 2);
2455 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2456 close(FILE);
2457
2458 open(FILE, ">$acl_src_unrestricted_mac");
2459 flock(FILE, 2);
2460 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2461 close(FILE);
2462
2463 open(FILE, ">$acl_dst_nocache");
2464 flock(FILE, 2);
2465 print FILE $proxysettings{'DST_NOCACHE'};
2466 close(FILE);
2467
2468 open(FILE, ">$acl_dst_noauth");
2469 flock(FILE, 2);
2470 print FILE $proxysettings{'DST_NOAUTH'};
2471 close(FILE);
2472
2473 open(FILE, ">$acl_dst_throttle");
2474 flock(FILE, 2);
2475 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2476 {
2477 @temp = split(/\|/,$throttle_binary);
2478 foreach (@temp) { print FILE "\\.$_\$\n"; }
2479 }
2480 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2481 {
2482 @temp = split(/\|/,$throttle_dskimg);
2483 foreach (@temp) { print FILE "\\.$_\$\n"; }
2484 }
2485 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2486 {
2487 @temp = split(/\|/,$throttle_mmedia);
2488 foreach (@temp) { print FILE "\\.$_\$\n"; }
2489 }
2490 if (-s $throttled_urls)
2491 {
2492 open(URLFILE, $throttled_urls);
2493 @temp = <URLFILE>;
2494 close(URLFILE);
2495 foreach (@temp) { print FILE; }
2496 }
2497 close(FILE);
2498
2499 open(FILE, ">$mimetypes");
2500 flock(FILE, 2);
2501 print FILE $proxysettings{'MIME_TYPES'};
2502 close(FILE);
2503
2504 open(FILE, ">$ntlmdir/msntauth.allowusers");
2505 flock(FILE, 2);
2506 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2507 close(FILE);
2508
2509 open(FILE, ">$ntlmdir/msntauth.denyusers");
2510 flock(FILE, 2);
2511 print FILE $proxysettings{'NTLM_DENY_USERS'};
2512 close(FILE);
2513
2514 open(FILE, ">$raddir/radauth.allowusers");
2515 flock(FILE, 2);
2516 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2517 close(FILE);
2518
2519 open(FILE, ">$raddir/radauth.denyusers");
2520 flock(FILE, 2);
2521 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2522 close(FILE);
2523
2524 open(FILE, ">$identdir/identauth.allowusers");
2525 flock(FILE, 2);
2526 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2527 close(FILE);
2528
2529 open(FILE, ">$identdir/identauth.denyusers");
2530 flock(FILE, 2);
2531 print FILE $proxysettings{'IDENT_DENY_USERS'};
2532 close(FILE);
2533
2534 open(FILE, ">$identhosts");
2535 flock(FILE, 2);
2536 print FILE $proxysettings{'IDENT_HOSTS'};
2537 close(FILE);
2538
2539 open(FILE, ">$cre_groups");
2540 flock(FILE, 2);
2541 print FILE $proxysettings{'CRE_GROUPS'};
2542 close(FILE);
2543
2544 open(FILE, ">$cre_svhosts");
2545 flock(FILE, 2);
2546 print FILE $proxysettings{'CRE_SVHOSTS'};
2547 close(FILE);
2548}
2549
2550# -------------------------------------------------------------------
2551
2552sub writepacfile
2553{
2554 open(FILE, ">/home/httpd/html/proxy.pac");
2555 flock(FILE, 2);
2556 print FILE "function FindProxyForURL(url, host)\n";
2557 print FILE "{\n";
2558 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2559 {
2560 print FILE <<END
2561if (
2562 (isPlainHostName(host)) ||
2563 (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
2564 (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
2565 (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
2566 (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
2567 (isInNet(host, "192.168.0.0", "255.255.0.0"))
2568 )
2569 return "DIRECT";
2570
2571 else
2572
2573END
2574;
2575 if ($proxysettings{'ENABLE'} eq 'on')
2576 {
2577 print FILE <<END
2578if (
2579 (isInNet(myIpAddress(), "$netsettings{'GREEN_NETADDRESS'}", "$netsettings{'GREEN_NETMASK'}"))
2580 )
2581 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2582END
2583;
2584 }
2585 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2586 {
2587 print FILE "\n else\n\n";
2588 }
2589 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2590 {
2591 print FILE <<END
2592if (
2593 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2594 )
2595 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2596END
2597;
2598 }
2599 }
2600 print FILE "}\n";
2601 close(FILE);
2602}
2603
2604# -------------------------------------------------------------------
2605
2606sub writeconfig
2607{
2608 my $authrealm;
2609 my $delaypools;
2610
2611 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2612 $proxysettings{'THROTTLING_GREEN_HOST'} +
2613 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2614 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2615 {
2616 $delaypools = 1; } else { $delaypools = 0;
2617 }
2618
2619 if ($proxysettings{'AUTH_REALM'} eq '')
2620 {
2621 $authrealm = "IPFire Advanced Proxy Server";
2622 } else {
2623 $authrealm = $proxysettings{'AUTH_REALM'};
2624 }
2625
2626 $_ = $proxysettings{'UPSTREAM_PROXY'};
2627 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
2628
2629 if ($remoteport eq '') { $remoteport = 80; }
2630
2631 open(FILE, ">${General::swroot}/proxy/squid.conf");
2632 flock(FILE, 2);
2633 print FILE <<END
2634shutdown_lifetime 5 seconds
2635icp_port 0
2636
2637http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}
2638END
2639 ;
2640 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2641 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
2642 }
2643
2644 print FILE <<END
2645
2646acl QUERY urlpath_regex cgi-bin \\?
2647no_cache deny QUERY
2648END
2649 ;
2650 if (!-z $acl_dst_nocache) {
2651 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
2652 print FILE "no_cache deny no_cache_domains\n";
2653 }
2654
2655 print FILE <<END
2656
2657cache_effective_user squid
2658cache_effective_group squid
2659
2660pid_filename /var/run/squid.pid
2661
2662cache_mem $proxysettings{'CACHE_MEM'} MB
2663cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
2664
2665error_directory /usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}
2666
2667END
2668 ;
2669
2670 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
2671
2672 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
2673 {
2674 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
2675 {
2676 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
2677 }
2678 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
2679 {
2680 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
2681 }
2682 print FILE "\n";
2683 }
2684
2685 if ($proxysettings{'LOGGING'} eq 'on')
2686 {
2687 print FILE <<END
2688cache_access_log /var/log/squid/access.log
2689cache_log /var/log/squid/cache.log
2690cache_store_log none
2691END
2692 ;
2693 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
2694 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
2695 } else {
2696 print FILE <<END
2697cache_access_log /dev/null
2698cache_log /dev/null
2699cache_store_log none
2700END
2701 ;}
2702 print FILE <<END
2703
2704log_mime_hdrs off
2705END
2706 ;
2707
2708 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
2709 {
2710 print FILE "forwarded_for on\n\n";
2711 } else {
2712 print FILE "forwarded_for off\n\n";
2713 }
2714
2715 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
2716 {
2717 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2718 {
2719 print FILE "auth_param basic program $libexecdir/ncsa_auth $userdb\n";
2720 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2721 print FILE "auth_param basic realm $authrealm\n";
2722 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2723 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2724 }
2725
2726 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
2727 {
2728 print FILE "auth_param basic program $libexecdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
2729 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
2730 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
2731 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
2732 {
2733 if ($proxysettings{'LDAP_GROUP'} eq '')
2734 {
2735 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
2736 } else {
2737 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2738 }
2739 print FILE " -u sAMAccountName -P";
2740 }
2741 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
2742 {
2743 if ($proxysettings{'LDAP_GROUP'} eq '')
2744 {
2745 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
2746 } else {
2747 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
2748 }
2749 print FILE " -u cn -P";
2750 }
2751 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
2752 {
2753 if ($proxysettings{'LDAP_GROUP'} eq '')
2754 {
2755 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
2756 } else {
2757 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2758 }
2759 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
2760 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
2761 print FILE " -u uid -P";
2762 }
2763 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
2764 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2765 print FILE "auth_param basic realm $authrealm\n";
2766 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2767 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2768 }
2769
2770 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
2771 {
2772 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
2773 {
2774 print FILE "auth_param ntlm program $libexecdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
2775 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
2776 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
2777 print FILE "auth_param ntlm max_challenge_reuses 0\n";
2778 print FILE "auth_param ntlm max_challenge_lifetime 2 minutes\n";
2779 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2780 } else {
2781 print FILE "auth_param basic program $libexecdir/msnt_auth\n";
2782 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2783 print FILE "auth_param basic realm $authrealm\n";
2784 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2785 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2786
2787 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
2788 flock(MSNTCONF,2);
2789 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
2790 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
2791 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
2792 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
2793 {
2794 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
2795 {
2796 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
2797 } else {
2798 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
2799 }
2800 }
2801 close(MSNTCONF);
2802 }
2803 }
2804
2805 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
2806 {
2807 print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
2808 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
2809 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
2810 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2811 print FILE "auth_param basic realm $authrealm\n";
2812 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2813 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2814 }
2815
2816 print FILE "\n";
2817 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
2818 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
2819 {
2820 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2821 {
2822 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
2823 }
2824 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2825 {
2826 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
2827 }
2828 }
2829 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
2830 {
2831 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2832 {
2833 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
2834 }
2835 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2836 {
2837 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
2838 }
2839 }
2840 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2841 {
2842 print FILE "\n";
2843 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
2844 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
2845 }
2846 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
2847 print FILE "\n";
2848
2849 if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; }
2850 }
2851
2852 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2853 {
2854 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
2855 {
2856 print FILE "acl for_inetusers ident REQUIRED\n";
2857 }
2858 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
2859 {
2860 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2861 {
2862 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
2863 }
2864 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2865 {
2866 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
2867 }
2868 }
2869 }
2870
2871 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
2872
2873 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
2874
2875 print FILE "acl within_timeframe time ";
2876 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
2877 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
2878 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
2879 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
2880 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
2881 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
2882 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
2883 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
2884 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
2885 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
2886 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
2887
2888 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
2889 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
2890 }
2891
2892 print FILE <<END
2893acl all src 0.0.0.0/0.0.0.0
2894acl localhost src 127.0.0.1/255.255.255.255
2895acl SSL_ports port 443 563
2896acl Safe_ports port 80 # http
2897acl Safe_ports port 21 # ftp
2898acl Safe_ports port 443 563 # https, snews
2899acl Safe_ports port 70 # gopher
2900acl Safe_ports port 210 # wais
2901acl Safe_ports port 1025-65535 # unregistered ports
2902acl Safe_ports port 280 # http-mgmt
2903acl Safe_ports port 488 # gss-http
2904acl Safe_ports port 591 # filemaker
2905acl Safe_ports port 777 # multiling http
2906acl Safe_ports port 800 # Squids port (for icons)
2907
2908acl IPCop_http port 81
2909acl IPCop_https port 445
2910acl IPCop_ips dst $netsettings{'GREEN_ADDRESS'}
2911acl IPCop_networks src "$acl_src_subnets"
2912acl IPCop_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
2913END
2914 ;
2915 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
2916 if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips src \"$acl_src_banned_ip\"\n"; }
2917 if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac arp \"$acl_src_banned_mac\"\n"; }
2918 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
2919 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
2920 print FILE <<END
2921acl CONNECT method CONNECT
2922END
2923 ;
2924
2925 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
2926 print FILE <<END
2927
2928#Classroom extensions
2929acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
2930acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
2931END
2932 ;
2933 print FILE "deny_info ";
2934 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2935 print FILE "ERR_ACCESS_DISABLED";
2936 } else { print FILE "ERR_ACCESS_DENIED"; }
2937 print FILE " IPCop_no_access_ips\n";
2938 print FILE "deny_info ";
2939 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2940 print FILE "ERR_ACCESS_DISABLED";
2941 } else { print FILE "ERR_ACCESS_DENIED"; }
2942 print FILE " IPCop_no_access_mac\n";
2943
2944 print FILE <<END
2945http_access deny IPCop_no_access_ips
2946http_access deny IPCop_no_access_mac
2947END
2948 ;
2949 }
2950
2951 #Insert acl file and replace __VAR__ with correct values
2952 my $blue_net = ''; #BLUE empty by default
2953 my $blue_ip = '';
2954 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2955 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
2956 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
2957 }
2958 if (!-z $acl_include)
2959 {
2960 open (ACL, "$acl_include");
2961 print FILE "\n#Start of custom includes\n";
2962 while (<ACL>) {
2963 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
2964 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
2965 $_ =~ s/__BLUE_IP__/$blue_ip/;
2966 $_ =~ s/__BLUE_NET__/$blue_net/;
2967 print FILE $_;
2968 }
2969 print FILE "#End of custom includes\n";
2970 close (ACL);
2971 }
2972 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
2973 print FILE <<END
2974
2975#Access to squid:
2976#local machine, no restriction
2977http_access allow localhost
2978
2979#GUI admin if local machine connects
2980http_access allow IPCop_ips IPCop_networks IPCop_http
2981http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
2982
2983#Deny not web services
2984http_access deny !Safe_ports
2985http_access deny CONNECT !SSL_ports
2986
2987END
2988 ;
2989
2990if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2991{
2992print FILE "#Set ident ACLs\n";
2993if (!-z $identhosts)
2994 {
2995 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
2996 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
2997 print FILE "ident_lookup_access deny all\n";
2998 } else {
2999 print FILE "ident_lookup_access allow all\n";
3000 }
3001 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3002}
3003
3004if ($delaypools) {
3005 print FILE "#Set download throttling\n";
3006
3007 if ($netsettings{'BLUE_DEV'})
3008 {
3009 print FILE "delay_pools 2\n";
3010 } else {
3011 print FILE "delay_pools 1\n";
3012 }
3013
3014 print FILE "delay_class 1 3\n";
3015 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3016
3017 print FILE "delay_parameters 1 ";
3018 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3019 {
3020 print FILE "-1/-1";
3021 } else {
3022 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3023 print FILE "/";
3024 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3025 }
3026
3027 print FILE " -1/-1 ";
3028 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3029 {
3030 print FILE "-1/-1";
3031 } else {
3032 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3033 print FILE "/";
3034 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3035 }
3036 print FILE "\n";
3037
3038 if ($netsettings{'BLUE_DEV'})
3039 {
3040 print FILE "delay_parameters 2 ";
3041 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3042 {
3043 print FILE "-1/-1";
3044 } else {
3045 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3046 print FILE "/";
3047 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3048 }
3049 print FILE " -1/-1 ";
3050 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3051 {
3052 print FILE "-1/-1";
3053 } else {
3054 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3055 print FILE "/";
3056 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3057 }
3058 print FILE "\n";
3059 }
3060
3061 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
3062 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
3063 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3064
3065 if ($netsettings{'BLUE_DEV'})
3066 {
3067 print FILE "delay_access 1 allow IPCop_green_network";
3068 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3069 print FILE "\n";
3070 print FILE "delay_access 1 deny all\n";
3071 } else {
3072 print FILE "delay_access 1 allow all";
3073 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3074 print FILE "\n";
3075 }
3076
3077 if ($netsettings{'BLUE_DEV'})
3078 {
3079 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
3080 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
3081 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3082 print FILE "delay_access 2 allow IPCop_blue_network";
3083 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3084 print FILE "\n";
3085 print FILE "delay_access 2 deny all\n";
3086 }
3087
3088 print FILE "delay_initial_bucket_level 100%\n";
3089 print FILE "\n";
3090}
3091 print FILE <<END
3092#Set custom configured ACLs
3093END
3094 ;
3095 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPCop_banned_ips\n"; }
3096 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPCop_banned_mac\n"; }
3097
3098 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3099 {
3100 if (!-z $acl_src_unrestricted_ip)
3101 {
3102 print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
3103 }
3104 if (!-z $acl_src_unrestricted_mac)
3105 {
3106 print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
3107 }
3108 print FILE "http_access allow IPCop_networks";
3109 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3110 print FILE " !within_timeframe";
3111 } else {
3112 print FILE " within_timeframe"; }
3113 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3114 print FILE " to_domains_without_auth\n";
3115 }
3116
3117 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3118 {
3119 print FILE "http_access deny !for_inetusers";
3120 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3121 print FILE "\n";
3122 }
3123
3124 if (
3125 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3126 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3127 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3128 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3129 (!-z "$identdir/identauth.denyusers")
3130 )
3131 {
3132 print FILE "http_access deny for_acl_users";
3133 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3134 print FILE "\n";
3135 }
3136
3137 if (!-z $acl_src_unrestricted_ip)
3138 {
3139 print FILE "http_access allow IPCop_unrestricted_ips";
3140 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3141 {
3142 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3143 {
3144 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3145 }
3146 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3147 {
3148 print FILE " for_inetusers";
3149 }
3150 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3151 {
3152 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3153 {
3154 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3155 {
3156 print FILE " for_acl_users";
3157 }
3158 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3159 {
3160 print FILE " !for_acl_users";
3161 }
3162 } else { print FILE " for_inetusers"; }
3163 }
3164 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3165 {
3166 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3167 {
3168 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3169 {
3170 print FILE " for_acl_users";
3171 }
3172 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3173 {
3174 print FILE " !for_acl_users";
3175 }
3176 } else { print FILE " for_inetusers"; }
3177 }
3178 }
3179 print FILE "\n";
3180 }
3181
3182 if (!-z $acl_src_unrestricted_mac)
3183 {
3184 print FILE "http_access allow IPCop_unrestricted_mac";
3185 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3186 {
3187 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3188 {
3189 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3190 }
3191 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3192 {
3193 print FILE " for_inetusers";
3194 }
3195 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3196 {
3197 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3198 {
3199 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3200 {
3201 print FILE " for_acl_users";
3202 }
3203 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3204 {
3205 print FILE " !for_acl_users";
3206 }
3207 } else { print FILE " for_inetusers"; }
3208 }
3209 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3210 {
3211 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3212 {
3213 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3214 {
3215 print FILE " for_acl_users";
3216 }
3217 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3218 {
3219 print FILE " !for_acl_users";
3220 }
3221 } else { print FILE " for_inetusers"; }
3222 }
3223 }
3224 print FILE "\n";
3225 }
3226
3227 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3228 {
3229 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3230 if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
3231 }
3232
3233 if (
3234 (
3235 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3236 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3237 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3238 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3239 (!-z "$ntlmdir/msntauth.denyusers")
3240 )
3241 ||
3242 (
3243 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3244 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3245 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3246 (!-z "$raddir/radauth.denyusers")
3247 )
3248 ||
3249 (
3250 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3251 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3252 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3253 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3254 (!-z "$identdir/identauth.denyusers")
3255 )
3256 )
3257 {
3258 print FILE "http_access deny for_acl_users";
3259 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3260 print FILE "\n";
3261 }
3262
3263 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3264 {
3265 print FILE "http_access allow";
3266 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3267 print FILE " !within_timeframe";
3268 } else {
3269 print FILE " within_timeframe"; }
3270 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3271 print FILE " !on_ident_aware_hosts\n";
3272 }
3273
3274 print FILE "http_access allow IPCop_networks";
3275 if (
3276 (
3277 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3278 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3279 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3280 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3281 (!-z "$ntlmdir/msntauth.allowusers")
3282 )
3283 ||
3284 (
3285 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3286 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3287 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3288 (!-z "$raddir/radauth.allowusers")
3289 )
3290 ||
3291 (
3292 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3293 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3294 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3295 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3296 (!-z "$identdir/identauth.allowusers")
3297 )
3298 )
3299 {
3300 print FILE " for_acl_users";
3301 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3302 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3303 print FILE " for_inetusers";
3304 }
3305 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3306 {
3307 print FILE " !concurrent";
3308 }
3309 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3310 print FILE " !within_timeframe";
3311 } else {
3312 print FILE " within_timeframe"; }
3313 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3314 print FILE "\n";
3315
3316 print FILE "http_access deny all\n\n";
3317
3318 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3319 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3320 {
3321 print FILE "#Strip HTTP Header\n";
3322
3323 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3324 {
3325 print FILE "header_access X-Forwarded-For deny all\n";
3326 }
3327 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3328 {
3329 print FILE "header_access Via deny all\n";
3330 }
3331 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3332 {
3333 print FILE "header_access User-Agent deny all\n";
3334 }
3335 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3336 {
3337 print FILE "header_access Referer deny all\n";
3338 }
3339
3340 print FILE "\n";
3341
3342 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3343 {
3344 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3345 {
3346 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3347 }
3348 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3349 {
3350 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3351 }
3352 print FILE "\n";
3353 }
3354 }
3355
3356 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3357 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
3358 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
3359 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3360 {
3361 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3362 }
3363 print FILE "http_reply_access deny blocked_mimetypes\n";
3364 print FILE "http_reply_access allow all\n\n";
3365 }
3366
3367 print FILE <<END
3368maximum_object_size $proxysettings{'MAX_SIZE'} KB
3369minimum_object_size $proxysettings{'MIN_SIZE'} KB
3370
3371request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3372END
3373 ;
3374 $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
3375 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3376 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
3377 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
3378 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3379 {
3380 if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
3381 }
3382 }
3383 print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
3384
3385 print FILE "visible_hostname";
3386 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3387 {
3388 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3389 } else {
3390 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3391 }
3392
3393 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
3394
3395 # Write the parent proxy info, if needed.
3396 if ($remotehost ne '')
3397 {
3398 # Enter authentication for the parent cache (format is login=user:password)
3399 if ($proxy1 eq 'YES') {
3400 print FILE <<END
3401cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query
3402
3403END
3404 ;
3405 } else {
3406 # Not using authentication with the parent cache
3407 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3408 if ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3409 print FILE "\n";
3410 }
3411 print FILE "never_direct allow all\n\n";
3412 }
3413 if ($urlfilter_addon) {
3414 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
3415 {
3416 print FILE <<END
3417redirect_program /usr/sbin/squidGuard
3418redirect_children $filtersettings{'CHILDREN'}
3419
3420END
3421 ;
3422 }
3423 }
3424 if ($updacclrtr_addon) {
3425 if ($proxysettings{'ENABLE_UPDACCEL'} eq 'on')
3426 {
3427 print FILE <<END
3428redirect_program /usr/local/bin/updacclrtr
3429redirect_children $updaccsettings{'ACCELERATORS'}
3430
3431END
3432 ;
3433 }
3434 }
3435 if (($proxysettings{'TRANSPARENT'} eq 'on') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))
3436 {
3437 print FILE <<END
3438httpd_accel_host virtual
3439httpd_accel_port 80
3440httpd_accel_with_proxy on
3441httpd_accel_uses_host_header on
3442END
3443 ;
3444 }
3445 close FILE;
3446}
3447
3448# -------------------------------------------------------------------
3449
3450sub adduser
3451{
3452 my ($str_user, $str_pass, $str_group) = @_;
3453 my @groupmembers=();
3454
3455 if ($str_pass eq 'lEaVeAlOnE')
3456 {
3457 open(FILE, "$userdb");
3458 @groupmembers = <FILE>;
3459 close(FILE);
3460 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3461 &deluser($str_user);
3462 open(FILE, ">>$userdb");
3463 flock FILE,2;
3464 print FILE "$str_user$str_pass";
3465 close(FILE);
3466 } else {
3467 &deluser($str_user);
3468 system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
3469 }
3470
3471 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3472 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3473 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3474 flock FILE, 2;
3475 print FILE "$str_user\n";
3476 close(FILE);
3477
3478 return;
3479}
3480
3481# -------------------------------------------------------------------
3482
3483sub deluser
3484{
3485 my ($str_user) = @_;
3486 my $groupfile='';
3487 my @groupmembers=();
3488 my @templist=();
3489
3490 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3491 {
3492 undef @templist;
3493 open(FILE, "$groupfile");
3494 @groupmembers = <FILE>;
3495 close(FILE);
3496 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3497 open(FILE, ">$groupfile");
3498 flock FILE, 2;
3499 print FILE @templist;
3500 close(FILE);
3501 }
3502
3503 undef @templist;
3504 open(FILE, "$userdb");
3505 @groupmembers = <FILE>;
3506 close(FILE);
3507 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3508 open(FILE, ">$userdb");
3509 flock FILE, 2;
3510 print FILE @templist;
3511 close(FILE);
3512
3513 return;
3514}
ac1cfefa 3515
ed38f89d 3516# -------------------------------------------------------------------
IPFire 2.x development tree