]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
openvpn: Create database schema if not exists
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
CommitLineData
ac1cfefa 1#!/usr/bin/perl
70df8302
MT		 2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
e698090e 5# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
70df8302
MT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
488d1b7c 21#
37273bc6 22# (c) 2004-2009 marco.s - http://www.advproxy.net
488d1b7c
CS		 23#
24# This code is distributed under the terms of the GPL
25#
37273bc6 26# $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $
488d1b7c 27#
ac1cfefa
MT		 28
29use strict;
0aff7b81 30use Apache::Htpasswd;
ac1cfefa
MT		 31
32# enable only the following on debugging purpose
cb5e9c6c
CS		 33#use warnings;
34#use CGI::Carp 'fatalsToBrowser';
ac1cfefa 35
ed38f89d 36require '/var/ipfire/general-functions.pl';
ac1cfefa
MT		 37require "${General::swroot}/lang.pl";
38require "${General::swroot}/header.pl";
39
e698090e
SS		 40require "${General::swroot}/ids-functions.pl";
41
363fb6af
MT		 42my @squidversion = `/usr/sbin/squid -v`;
43my $http_port='81';
44my $https_port='444';
45
18322edf
CS		 46my %color = ();
47my %mainsettings = ();
48&General::readhash("${General::swroot}/main/settings", \%mainsettings);
49&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
50
ac1cfefa
MT		 51my %proxysettings=();
52my %netsettings=();
ed38f89d 53my %filtersettings=();
9fb25b1c 54my %xlratorsettings=();
ed38f89d 55my %stdproxysettings=();
ac1cfefa 56my %mainsettings=();
ed38f89d
MT		 57
58my %checked=();
59my %selected=();
60
ce1f04ee 61my @throttle_limits=(64,128,256,512,1024,1536,2048,3072,4096,5120,6144,7168,8192,10240,16384,20480,51200,102400);
ed38f89d 62
363fb6af
MT		 63my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
64my $def_ports_ssl="443 # https\n563 # snews\n";
65
ed38f89d
MT		 66my $hintcolour='#FFFFCC';
67my $ncsa_buttontext='';
68my $language='';
69my $i=0;
70my $n=0;
71my $id=0;
72my $line='';
73my $user='';
74my @userlist=();
75my @grouplist=();
76my @temp=();
77my @templist=();
78
79my $cachemem=0;
80my $proxy1='';
81my $proxy2='';
ed38f89d
MT		 82my $browser_regexp='';
83my $needhup = 0;
84my $errormessage='';
85
86my $acldir = "${General::swroot}/proxy/advanced/acls";
87my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
ed38f89d
MT		 88my $raddir = "${General::swroot}/proxy/advanced/radius";
89my $identdir = "${General::swroot}/proxy/advanced/ident";
90my $credir = "${General::swroot}/proxy/advanced/cre";
91
92my $userdb = "$ncsadir/passwd";
93my $stdgrp = "$ncsadir/standard.grp";
94my $extgrp = "$ncsadir/extended.grp";
95my $disgrp = "$ncsadir/disabled.grp";
96
ed38f89d
MT		 97my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
98my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
99
100my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
101my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
102my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
103
104my $identhosts = "$identdir/hosts";
105
d50a7822 106my $authdir = "/usr/lib/squid";
f1baee3e 107my $errordir = "/usr/lib/squid/errors";
ed38f89d
MT		 108
109my $acl_src_subnets = "$acldir/src_subnets.acl";
110my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
111my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
112my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
113my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
114my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
115my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
ed38f89d 116my $acl_dst_noauth = "$acldir/dst_noauth.acl";
488d1b7c
CS		 117my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
118my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
119my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
120my $acl_dst_nocache = "$acldir/dst_nocache.acl";
121my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
122my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
123my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
ed38f89d 124my $acl_dst_throttle = "$acldir/dst_throttle.acl";
363fb6af
MT		 125my $acl_ports_safe = "$acldir/ports_safe.acl";
126my $acl_ports_ssl = "$acldir/ports_ssl.acl";
ed38f89d
MT		 127my $acl_include = "$acldir/include.acl";
128
ddc5602a
AK		 129my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl";
130my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
131
363fb6af
MT		 132my $updaccelversion = 'n/a';
133my $urlfilterversion = 'n/a';
134
ed38f89d
MT		 135unless (-d "$acldir") { mkdir("$acldir"); }
136unless (-d "$ncsadir") { mkdir("$ncsadir"); }
ed38f89d
MT		 137unless (-d "$raddir") { mkdir("$raddir"); }
138unless (-d "$identdir") { mkdir("$identdir"); }
139unless (-d "$credir") { mkdir("$credir"); }
140
141unless (-e $cre_groups) { system("touch $cre_groups"); }
142unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
143
144unless (-e $userdb) { system("touch $userdb"); }
145unless (-e $stdgrp) { system("touch $stdgrp"); }
146unless (-e $extgrp) { system("touch $extgrp"); }
147unless (-e $disgrp) { system("touch $disgrp"); }
148
149unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
150unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
151unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
152unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
153unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
154unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
155unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
488d1b7c
CS		 156unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
157unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
158unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
159unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
160unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
161unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
162unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
163unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
ed38f89d 164unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
363fb6af
MT		 165unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
166unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); }
ed38f89d
MT		 167unless (-e $acl_include) { system("touch $acl_include"); }
168
ed38f89d
MT		 169unless (-e $mimetypes) { system("touch $mimetypes"); }
170
603248db
MT		 171my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
172
ac1cfefa
MT		 173&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
174&General::readhash("${General::swroot}/main/settings", \%mainsettings);
175
f09a0af5 176my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
d3527a38
MT		 177my $blue_cidr = "";
178if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
f09a0af5
AF		 179 $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
180}
181
ac1cfefa
MT		 182&Header::showhttpheaders();
183
184$proxysettings{'ACTION'} = '';
185$proxysettings{'VALID'} = '';
186
ac1cfefa
MT		 187$proxysettings{'ENABLE'} = 'off';
188$proxysettings{'ENABLE_BLUE'} = 'off';
ac1cfefa
MT		 189$proxysettings{'TRANSPARENT'} = 'off';
190$proxysettings{'TRANSPARENT_BLUE'} = 'off';
ed38f89d 191$proxysettings{'PROXY_PORT'} = '800';
0f6b6067 192$proxysettings{'TRANSPARENT_PORT'} = '3128';
ed38f89d
MT		 193$proxysettings{'VISIBLE_HOSTNAME'} = '';
194$proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
fe1656d2 195$proxysettings{'ADMIN_PASSWORD'} = '';
7ec83993 196$proxysettings{'ERR_LANGUAGE'} = 'en';
0d948999 197$proxysettings{'ERR_DESIGN'} = 'ipfire';
363fb6af 198$proxysettings{'SUPPRESS_VERSION'} = 'off';
ed38f89d
MT		 199$proxysettings{'FORWARD_VIA'} = 'off';
200$proxysettings{'FORWARD_IPADDRESS'} = 'off';
201$proxysettings{'FORWARD_USERNAME'} = 'off';
363fb6af 202$proxysettings{'NO_CONNECTION_AUTH'} = 'off';
ed38f89d
MT		 203$proxysettings{'UPSTREAM_PROXY'} = '';
204$proxysettings{'UPSTREAM_USER'} = '';
205$proxysettings{'UPSTREAM_PASSWORD'} = '';
206$proxysettings{'LOGGING'} = 'off';
fe1656d2 207$proxysettings{'CACHEMGR'} = 'off';
ed38f89d
MT		 208$proxysettings{'LOGQUERY'} = 'off';
209$proxysettings{'LOGUSERAGENT'} = 'off';
8dc17705 210$proxysettings{'FILEDESCRIPTORS'} = '16384';
c2f1b818
MT		 211$proxysettings{'CACHE_MEM'} = '128';
212$proxysettings{'CACHE_SIZE'} = '0';
ac1cfefa
MT		 213$proxysettings{'MAX_SIZE'} = '4096';
214$proxysettings{'MIN_SIZE'} = '0';
ed38f89d
MT		 215$proxysettings{'MEM_POLICY'} = 'LRU';
216$proxysettings{'CACHE_POLICY'} = 'LRU';
217$proxysettings{'L1_DIRS'} = '16';
218$proxysettings{'OFFLINE_MODE'} = 'off';
6bea848d 219$proxysettings{'CACHE_DIGESTS'} = 'off';
ed38f89d
MT		 220$proxysettings{'CLASSROOM_EXT'} = 'off';
221$proxysettings{'SUPERVISOR_PASSWORD'} = '';
9fb25b1c
MT		 222$proxysettings{'NO_PROXY_LOCAL'} = 'off';
223$proxysettings{'NO_PROXY_LOCAL_BLUE'} = 'off';
ed38f89d
MT		 224$proxysettings{'TIME_ACCESS_MODE'} = 'allow';
225$proxysettings{'TIME_FROM_HOUR'} = '00';
226$proxysettings{'TIME_FROM_MINUTE'} = '00';
227$proxysettings{'TIME_TO_HOUR'} = '24';
228$proxysettings{'TIME_TO_MINUTE'} = '00';
ac1cfefa
MT		 229$proxysettings{'MAX_OUTGOING_SIZE'} = '0';
230$proxysettings{'MAX_INCOMING_SIZE'} = '0';
ed38f89d
MT		 231$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
232$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
233$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
234$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
ed38f89d 235$proxysettings{'ENABLE_MIME_FILTER'} = 'off';
ed38f89d
MT		 236$proxysettings{'FAKE_USERAGENT'} = '';
237$proxysettings{'FAKE_REFERER'} = '';
238$proxysettings{'AUTH_METHOD'} = 'none';
239$proxysettings{'AUTH_REALM'} = '';
240$proxysettings{'AUTH_MAX_USERIP'} = '';
241$proxysettings{'AUTH_CACHE_TTL'} = '60';
ed38f89d
MT		 242$proxysettings{'AUTH_CHILDREN'} = '5';
243$proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
244$proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
245$proxysettings{'NCSA_USERNAME'} = '';
246$proxysettings{'NCSA_GROUP'} = '';
247$proxysettings{'NCSA_PASS'} = '';
248$proxysettings{'NCSA_PASS_CONFIRM'} = '';
249$proxysettings{'LDAP_BASEDN'} = '';
250$proxysettings{'LDAP_TYPE'} = 'ADS';
251$proxysettings{'LDAP_SERVER'} = '';
252$proxysettings{'LDAP_PORT'} = '389';
253$proxysettings{'LDAP_BINDDN_USER'} = '';
254$proxysettings{'LDAP_BINDDN_PASS'} = '';
255$proxysettings{'LDAP_GROUP'} = '';
b5674643 256$proxysettings{'NTLM_AUTH_GROUP'} = '';
2fc5124b 257$proxysettings{'NTLM_AUTH_BASIC'} = 'off';
ed38f89d
MT		 258$proxysettings{'NTLM_DOMAIN'} = '';
259$proxysettings{'NTLM_PDC'} = '';
260$proxysettings{'NTLM_BDC'} = '';
261$proxysettings{'NTLM_ENABLE_ACL'} = 'off';
262$proxysettings{'NTLM_USER_ACL'} = 'positive';
263$proxysettings{'RADIUS_SERVER'} = '';
363fb6af 264$proxysettings{'RADIUS_PORT'} = '1812';
ed38f89d
MT		 265$proxysettings{'RADIUS_IDENTIFIER'} = '';
266$proxysettings{'RADIUS_SECRET'} = '';
267$proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
268$proxysettings{'RADIUS_USER_ACL'} = 'positive';
269$proxysettings{'IDENT_REQUIRED'} = 'off';
270$proxysettings{'IDENT_TIMEOUT'} = '10';
271$proxysettings{'IDENT_ENABLE_ACL'} = 'off';
272$proxysettings{'IDENT_USER_ACL'} = 'positive';
9fb25b1c
MT		 273$proxysettings{'ENABLE_FILTER'} = 'off';
274$proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
d12aede7 275$proxysettings{'ENABLE_CLAMAV'} = 'off';
ed38f89d
MT		 276
277$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
ac1cfefa
MT		 278
279&Header::getcgihash(\%proxysettings);
280
ed38f89d
MT		 281if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
282if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
283if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
284if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
ac1cfefa 285
ed38f89d 286if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
ac1cfefa 287{
ed38f89d
MT		 288 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
289}
290
291if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
292{
293 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
294 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
295 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
296 }
297 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
298 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
299 }
300 if ($proxysettings{'NCSA_USERNAME'} eq '') {
301 $errormessage = $Lang::tr{'advproxy errmsg no username'};
302 }
303 if (!$errormessage) {
304 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
305 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
306 }
307 $proxysettings{'NCSA_USERNAME'} = '';
308 $proxysettings{'NCSA_GROUP'} = '';
309 $proxysettings{'NCSA_PASS'} = '';
310 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
311}
ac1cfefa 312
ed38f89d
MT		 313if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
314{
315 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
316 &deluser($proxysettings{'ID'});
317}
318
9fb25b1c
MT		 319$checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
320$checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
321$checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
322
ed38f89d
MT		 323if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
324{
325 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
326 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
327 @temp = split(/:/,$proxysettings{'ID'});
328 $proxysettings{'NCSA_USERNAME'} = $temp[0];
329 $proxysettings{'NCSA_GROUP'} = $temp[1];
330 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
331 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
332}
333
fe1656d2 334if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
28c9dec6
CS		 335{
336 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
337 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
338 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
ac1cfefa
MT		 339 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
340 $errormessage = $Lang::tr{'invalid input'};
341 goto ERROR;
28c9dec6 342 }
8b6f424c 343 if($proxysettings{'CACHE_MEM'} > $proxysettings{'CACHE_SIZE'} && $proxysettings{'CACHE_SIZE'} > 0){
d5a7ff95
AM		 344 $errormessage = $Lang::tr{'advproxy errmsg cache'}." ".$proxysettings{'CACHE_MEM'}." > ".$proxysettings{'CACHE_SIZE'};
345 goto ERROR;
346 }
c4b12981 347
f2fdd0c1 348 if (!(&General::validport($proxysettings{'PROXY_PORT'})))
363fb6af
MT		 349 {
350 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
351 goto ERROR;
352 }
0f6b6067
MT		 353 if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
354 {
355 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
356 goto ERROR;
357 }
358 if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
359 $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
360 goto ERROR;
361 }
dcfc6334
SS		 362 if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
363 {
364 my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
365 if (!(&General::validip($temp[0])))
366 {
367 if (!(&General::validdomainname($temp[0])))
368 {
369 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
370 goto ERROR;
371 }
372 }
69491545 373 }
ac1cfefa
MT		 374 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
375 ($proxysettings{'CACHE_SIZE'} < 10))
376 {
488d1b7c
CS		 377 if (!($proxysettings{'CACHE_SIZE'} eq '0'))
378 {
379 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
380 goto ERROR;
381 }
ed38f89d 382 }
fe1656d2 383 if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
4f160f04 384 ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576))
fe1656d2
CS		 385 {
386 $errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
387 goto ERROR;
388 }
53d67554 389 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/))
ed38f89d
MT		 390 {
391 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
ac1cfefa 392 goto ERROR;
28c9dec6 393 }
ed38f89d
MT		 394 my @free = `/usr/bin/free`;
395 $free[1] =~ m/(\d+)/;
396 $cachemem = int $1 / 2048;
397 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
398 $proxysettings{'CACHE_MEM'} = $cachemem;
399 }
ac1cfefa
MT		 400 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
401 {
402 $errormessage = $Lang::tr{'invalid maximum object size'};
403 goto ERROR;
404 }
405 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
406 {
407 $errormessage = $Lang::tr{'invalid minimum object size'};
408 goto ERROR;
409 }
410 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
411 {
412 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
413 goto ERROR;
414 }
ed38f89d
MT		 415 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
416 {
417 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
418 goto ERROR;
419 }
ac1cfefa
MT		 420 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
421 {
422 $errormessage = $Lang::tr{'invalid maximum incoming size'};
423 goto ERROR;
424 }
ed38f89d
MT		 425 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
426 {
363fb6af 427 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
ed38f89d
MT		 428 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
429 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
430 {
431 if ($netsettings{'BLUE_DEV'})
363fb6af 432 {
ed38f89d
MT		 433 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
434 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
435 {
436 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
437 goto ERROR;
438 }
439 } else {
440 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
441 {
442 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
443 goto ERROR;
444 }
445 }
446 }
ed38f89d
MT		 447 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
448 {
449 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
450 goto ERROR;
451 }
dc637f08
MT		 452 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
453 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
ed38f89d 454 {
dc637f08 455 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
ed38f89d
MT		 456 goto ERROR;
457 }
dc637f08 458 if (!($proxysettings{'AUTH_MAX_USERIP'} eq ''))
ed38f89d
MT		 459 {
460 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
461 goto ERROR;
462 }
463 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
464 {
465 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
466 goto ERROR;
467 }
468 }
469 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
470 {
471 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
472 {
473 $errormessage = $Lang::tr{'advproxy errmsg password length'};
474 goto ERROR;
475 }
476 }
477 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
478 {
479 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
480 {
481 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
482 goto ERROR;
483 }
484 }
485 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
486 {
487 if ($proxysettings{'LDAP_BASEDN'} eq '')
488 {
489 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
490 goto ERROR;
491 }
492 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
493 {
e201b6d5
SS		 494 if (!&General::validdomainname($proxysettings{'LDAP_SERVER'}))
495 {
496 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
497 goto ERROR;
498 }
ed38f89d
MT		 499 }
500 if (!&General::validport($proxysettings{'LDAP_PORT'}))
501 {
502 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
503 goto ERROR;
504 }
505 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
506 {
507 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
508 {
509 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
510 goto ERROR;
511 }
512 }
513 }
ed38f89d
MT		 514 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
515 {
516 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
517 {
518 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
519 goto ERROR;
520 }
521 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
522 {
523 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
524 goto ERROR;
525 }
526 if ($proxysettings{'RADIUS_SECRET'} eq '')
527 {
528 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
529 goto ERROR;
530 }
ac1cfefa
MT		 531 }
532
363fb6af
MT		 533 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
534 $proxy1 = 'YES';
535 $proxy2 = 'YES';
536 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
537 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
538 if ($proxysettings{'UPSTREAM_USER'} eq 'PASS') {$proxy1=$proxy2='PASS'; $proxysettings{'UPSTREAM_PASSWORD'} = '';}
539 if (($proxy1 ne $proxy2))
540 {
541 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
542 goto ERROR;
543 }
ac1cfefa 544
ed38f89d
MT		 545ERROR:
546 &check_acls;
ac1cfefa 547
ed38f89d
MT		 548 if ($errormessage) {
549 $proxysettings{'VALID'} = 'no'; }
550 else {
363fb6af 551 $proxysettings{'VALID'} = 'yes'; }
ac1cfefa 552
ed38f89d 553 if ($proxysettings{'VALID'} eq 'yes')
ac1cfefa 554 {
e698090e
SS		 555 # Determine if suricata may needs to be restarted.
556 my $suricata_proxy_ports_changed;
557
558 # Check if the IDS is running
559 if(&IDS::ids_is_running()) {
560 my %oldproxysettings;
561
562 # Read-in current proxy settings and store them as oldsettings hash.
563 &General::readhash("${General::swroot}/proxy/advanced/settings", \%oldproxysettings);
564
565 # Check if the proxy port has been changed.
566 unless ($proxysettings{'PROXY_PORT'} eq $oldproxysettings{'PROXY_PORT'}) {
567 # Port has changed, suricata needs to be adjusted.
568 $suricata_proxy_ports_changed = 1;
569 }
570
571 # Check if the transparent port has been changed.
572 unless ($proxysettings{'TRANSPARENT_PORT'} eq $oldproxysettings{'TRANSPARENT_PORT'}) {
573 # Transparent port has changed, suricata needs to be adjusted.
574 $suricata_proxy_ports_changed = 1;
575 }
576 }
577
ed38f89d 578 &write_acls;
ac1cfefa 579
ed38f89d
MT		 580 delete $proxysettings{'SRC_SUBNETS'};
581 delete $proxysettings{'SRC_BANNED_IP'};
582 delete $proxysettings{'SRC_BANNED_MAC'};
583 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
584 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
585 delete $proxysettings{'DST_NOCACHE'};
586 delete $proxysettings{'DST_NOAUTH'};
ce1c170b
AK		 587 delete $proxysettings{'DST_NOPROXY_IP'};
588 delete $proxysettings{'DST_NOPROXY_URL'};
363fb6af
MT		 589 delete $proxysettings{'PORTS_SAFE'};
590 delete $proxysettings{'PORTS_SSL'};
ed38f89d
MT		 591 delete $proxysettings{'MIME_TYPES'};
592 delete $proxysettings{'NTLM_ALLOW_USERS'};
593 delete $proxysettings{'NTLM_DENY_USERS'};
594 delete $proxysettings{'RADIUS_ALLOW_USERS'};
595 delete $proxysettings{'RADIUS_DENY_USERS'};
596 delete $proxysettings{'IDENT_HOSTS'};
597 delete $proxysettings{'IDENT_ALLOW_USERS'};
598 delete $proxysettings{'IDENT_DENY_USERS'};
ac1cfefa 599
ed38f89d
MT		 600 delete $proxysettings{'CRE_GROUPS'};
601 delete $proxysettings{'CRE_SVHOSTS'};
ac1cfefa 602
ed38f89d
MT		 603 delete $proxysettings{'NCSA_USERNAME'};
604 delete $proxysettings{'NCSA_GROUP'};
605 delete $proxysettings{'NCSA_PASS'};
606 delete $proxysettings{'NCSA_PASS_CONFIRM'};
ac1cfefa 607
ed38f89d
MT		 608 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
609 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
610 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
611 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
612 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
613 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
614 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
ac1cfefa 615
ed38f89d
MT		 616 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
617 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
ac1cfefa 618
ed38f89d 619 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
ac1cfefa 620
363fb6af
MT		 621 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
622 $stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
488d1b7c
CS		 623 $stdproxysettings{'UPSTREAM_PROXY'} = $proxysettings{'UPSTREAM_PROXY'};
624 $stdproxysettings{'UPSTREAM_USER'} = $proxysettings{'UPSTREAM_USER'};
625 $stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
9fb25b1c
MT		 626 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
627 $stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
d12aede7 628 $stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
363fb6af 629 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
ac1cfefa 630
ed38f89d
MT		 631 &writeconfig;
632 &writepacfile;
633
fe1656d2
CS		 634 if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
635
d56fc335 636 system ('/usr/local/bin/squidctrl', 'disable');
ed38f89d
MT		 637 unlink "${General::swroot}/proxy/enable";
638 unlink "${General::swroot}/proxy/transparent";
639 unlink "${General::swroot}/proxy/enable_blue";
640 unlink "${General::swroot}/proxy/transparent_blue";
ac1cfefa 641
ac1cfefa 642 if ($proxysettings{'ENABLE'} eq 'on') {
d56fc335
MT		 643 system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
644 system ('/usr/local/bin/squidctrl', 'enable'); }
6c689591 645 if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
9833e7d8 646 system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
ac1cfefa 647 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
d56fc335
MT		 648 system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
649 system ('/usr/local/bin/squidctrl', 'enable'); }
6c689591 650 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
9833e7d8 651 system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
ed38f89d 652
d56fc335 653 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
c4b12981 654 if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
e698090e
SS		 655
656 # Check if the suricata_proxy_ports_changed flag has been set.
657 if ($suricata_proxy_ports_changed) {
658 # Re-generate HTTP ports file.
659 &IDS::generate_http_ports_file();
660
661 # Restart suricata.
662 &IDS::call_suricatactrl("restart");
663 }
fe1656d2 664 }
ac1cfefa
MT		 665}
666
363fb6af 667if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
ac1cfefa 668{
d56fc335 669 system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
ac1cfefa
MT		 670}
671
ed38f89d
MT		 672if (!$errormessage)
673{
674 if (-e "${General::swroot}/proxy/advanced/settings") {
675 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
676 } elsif (-e "${General::swroot}/proxy/settings") {
677 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
678 }
679 &read_acls;
680}
ac1cfefa 681
dfee7582
SS		 682# ------------------------------------------------------------------
683
684# Hook to regenerate the configuration files, if cgi got called from command line.
685if ($ENV{"REMOTE_ADDR"} eq "") {
686 writeconfig();
687 exit(0);
688}
689
690# -------------------------------------------------------------------
691
ac1cfefa
MT		 692$checked{'ENABLE'}{'off'} = '';
693$checked{'ENABLE'}{'on'} = '';
694$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
695
696$checked{'TRANSPARENT'}{'off'} = '';
697$checked{'TRANSPARENT'}{'on'} = '';
698$checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
699
700$checked{'ENABLE_BLUE'}{'off'} = '';
701$checked{'ENABLE_BLUE'}{'on'} = '';
702$checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
703
704$checked{'TRANSPARENT_BLUE'}{'off'} = '';
705$checked{'TRANSPARENT_BLUE'}{'on'} = '';
706$checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
707
363fb6af
MT		 708$checked{'SUPPRESS_VERSION'}{'off'} = '';
709$checked{'SUPPRESS_VERSION'}{'on'} = '';
710$checked{'SUPPRESS_VERSION'}{$proxysettings{'SUPPRESS_VERSION'}} = "checked='checked'";
711
ed38f89d
MT		 712$checked{'FORWARD_IPADDRESS'}{'off'} = '';
713$checked{'FORWARD_IPADDRESS'}{'on'} = '';
714$checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
715$checked{'FORWARD_USERNAME'}{'off'} = '';
716$checked{'FORWARD_USERNAME'}{'on'} = '';
717$checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
718$checked{'FORWARD_VIA'}{'off'} = '';
719$checked{'FORWARD_VIA'}{'on'} = '';
720$checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
363fb6af
MT		 721$checked{'NO_CONNECTION_AUTH'}{'off'} = '';
722$checked{'NO_CONNECTION_AUTH'}{'on'} = '';
723$checked{'NO_CONNECTION_AUTH'}{$proxysettings{'NO_CONNECTION_AUTH'}} = "checked='checked'";
ed38f89d
MT		 724
725$selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
726$selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
727$selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
728$checked{'OFFLINE_MODE'}{'off'} = '';
729$checked{'OFFLINE_MODE'}{'on'} = '';
730$checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
6bea848d
JB		 731$checked{'CACHE_DIGESTS'}{'off'} = '';
732$checked{'CACHE_DIGESTS'}{'on'} = '';
733$checked{'CACHE_DIGESTS'}{$proxysettings{'CACHE_DIGESTS'}} = "checked='checked'";
ed38f89d 734
ac1cfefa
MT		 735$checked{'LOGGING'}{'off'} = '';
736$checked{'LOGGING'}{'on'} = '';
737$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
fe1656d2
CS		 738$checked{'CACHEMGR'}{'off'} = '';
739$checked{'CACHEMGR'}{'on'} = '';
740$checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
ed38f89d
MT		 741$checked{'LOGQUERY'}{'off'} = '';
742$checked{'LOGQUERY'}{'on'} = '';
743$checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
744$checked{'LOGUSERAGENT'}{'off'} = '';
745$checked{'LOGUSERAGENT'}{'on'} = '';
746$checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
747
748$selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
363fb6af 749$selected{'ERR_DESIGN'}{$proxysettings{'ERR_DESIGN'}} = "selected='selected'";
ed38f89d 750
9fb25b1c
MT		 751$checked{'NO_PROXY_LOCAL'}{'off'} = '';
752$checked{'NO_PROXY_LOCAL'}{'on'} = '';
753$checked{'NO_PROXY_LOCAL'}{$proxysettings{'NO_PROXY_LOCAL'}} = "checked='checked'";
754$checked{'NO_PROXY_LOCAL_BLUE'}{'off'} = '';
755$checked{'NO_PROXY_LOCAL_BLUE'}{'on'} = '';
756$checked{'NO_PROXY_LOCAL_BLUE'}{$proxysettings{'NO_PROXY_LOCAL_BLUE'}} = "checked='checked'";
757
ed38f89d
MT		 758$checked{'CLASSROOM_EXT'}{'off'} = '';
759$checked{'CLASSROOM_EXT'}{'on'} = '';
760$checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
761
762$selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
763$selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
764$selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
765$selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
766$selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
767
768$proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
769$proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
770$proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
771$proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
772$proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
773$proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
774$proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
775
776$checked{'TIME_MON'}{'off'} = '';
777$checked{'TIME_MON'}{'on'} = '';
778$checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
779$checked{'TIME_TUE'}{'off'} = '';
780$checked{'TIME_TUE'}{'on'} = '';
781$checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
782$checked{'TIME_WED'}{'off'} = '';
783$checked{'TIME_WED'}{'on'} = '';
784$checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
785$checked{'TIME_THU'}{'off'} = '';
786$checked{'TIME_THU'}{'on'} = '';
787$checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
788$checked{'TIME_FRI'}{'off'} = '';
789$checked{'TIME_FRI'}{'on'} = '';
790$checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
791$checked{'TIME_SAT'}{'off'} = '';
792$checked{'TIME_SAT'}{'on'} = '';
793$checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
794$checked{'TIME_SUN'}{'off'} = '';
795$checked{'TIME_SUN'}{'on'} = '';
796$checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
797
798$selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
799$selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
800$selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
801$selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
802
ed38f89d
MT		 803$checked{'ENABLE_MIME_FILTER'}{'off'} = '';
804$checked{'ENABLE_MIME_FILTER'}{'on'} = '';
805$checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
806
ed38f89d
MT		 807$checked{'AUTH_METHOD'}{'none'} = '';
808$checked{'AUTH_METHOD'}{'ncsa'} = '';
809$checked{'AUTH_METHOD'}{'ident'} = '';
810$checked{'AUTH_METHOD'}{'ldap'} = '';
603248db 811$checked{'AUTH_METHOD'}{'ntlm-auth'} = '';
ed38f89d
MT		 812$checked{'AUTH_METHOD'}{'radius'} = '';
813$checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
ac1cfefa 814
ed38f89d
MT		 815$proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
816
817$checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
818$checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
819$checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
820
821$checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
822$checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
823$checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
824
825$selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
826
827$selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
828
829$proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
830
831$checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
832$checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
833$checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
834
835$checked{'NTLM_ENABLE_ACL'}{'off'} = '';
836$checked{'NTLM_ENABLE_ACL'}{'on'} = '';
837$checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
838
839$checked{'NTLM_USER_ACL'}{'positive'} = '';
840$checked{'NTLM_USER_ACL'}{'negative'} = '';
841$checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
842
2fc5124b
MT		 843$checked{'NTLM_AUTH_BASIC'}{'on'} = '';
844$checked{'NTLM_AUTH_BASIC'}{'off'} = '';
845$checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'";
846
ed38f89d
MT		 847$checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
848$checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
849$checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
850
851$checked{'RADIUS_USER_ACL'}{'positive'} = '';
852$checked{'RADIUS_USER_ACL'}{'negative'} = '';
853$checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
854
855$checked{'IDENT_REQUIRED'}{'off'} = '';
856$checked{'IDENT_REQUIRED'}{'on'} = '';
857$checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
858
859$checked{'IDENT_ENABLE_ACL'}{'off'} = '';
860$checked{'IDENT_ENABLE_ACL'}{'on'} = '';
861$checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
862
863$checked{'IDENT_USER_ACL'}{'positive'} = '';
864$checked{'IDENT_USER_ACL'}{'negative'} = '';
865$checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
866
9fb25b1c
MT		 867$checked{'ENABLE_FILTER'}{'off'} = '';
868$checked{'ENABLE_FILTER'}{'on'} = '';
869$checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
ed38f89d 870
9fb25b1c
MT		 871$checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
872$checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
873$checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
ed38f89d 874
d12aede7
CS		 875$checked{'ENABLE_CLAMAV'}{'off'} = '';
876$checked{'ENABLE_CLAMAV'}{'on'} = '';
877$checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
878
ed38f89d 879&Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
ac1cfefa
MT		 880
881&Header::openbigbox('100%', 'left', '', $errormessage);
882
883if ($errormessage) {
884 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
885 print "<font class='base'>$errormessage&nbsp;</font>\n";
886 &Header::closebox();
887}
888
363fb6af
MT		 889if ($squidversion[0] =~ /^Squid\sCache:\sVersion\s/i)
890{
891 $squidversion[0] =~ s/^Squid\sCache:\sVersion//i;
892 $squidversion[0] =~ s/^\s+//g;
893 $squidversion[0] =~ s/\s+$//g;
894} else {
895 $squidversion[0] = $Lang::tr{'advproxy unknown'};
896}
897
ed38f89d
MT		 898# ===================================================================
899# Main settings
900# ===================================================================
901
902unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
903
ac1cfefa
MT		 904print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
905
ed38f89d
MT		 906&Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
907
ac1cfefa
MT		 908print <<END
909<table width='100%'>
910<tr>
ed38f89d
MT		 911 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
912</tr>
913<tr>
914 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
915 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
e3edceeb 916 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
ed38f89d 917 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
ac1cfefa
MT		 918</tr>
919<tr>
ed38f89d 920 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
ac1cfefa 921 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
e3edceeb 922 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
0f6b6067 923 <td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
ac1cfefa
MT		 924</tr>
925<tr>
926END
927;
928if ($netsettings{'BLUE_DEV'}) {
ed38f89d 929 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT		 930 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
931} else {
932 print "<td colspan='2'>&nbsp;</td>";
933}
934print <<END
e3edceeb 935 <td class='base'>$Lang::tr{'advproxy visible hostname'}:</td>
0f6b6067 936 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
ac1cfefa
MT		 937</tr>
938<tr>
939END
940;
941if ($netsettings{'BLUE_DEV'}) {
ed38f89d 942 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT		 943 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
944} else {
945 print "<td colspan='2'>&nbsp;</td>";
946}
947print <<END
ed38f89d
MT		 948 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
949 <td class='base'>
950 <select name='ERR_LANGUAGE'>
951END
952;
363fb6af 953 foreach (<$errordir/*>) {
ed38f89d
MT		 954 if (-d) {
955 $language = substr($_,rindex($_,"/")+1);
956 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
957 }
958 }
959print <<END
960 </select>
961 </td>
962</tr>
10e4f239 963<tr>
363fb6af
MT		 964 <td class='base'>$Lang::tr{'advproxy suppress version'}:</td>
965 <td><input type='checkbox' name='SUPPRESS_VERSION' $checked{'SUPPRESS_VERSION'}{'on'} /></td>
966 <td class='base'>$Lang::tr{'advproxy error design'}:</td>
967 <td class='base'><select name='ERR_DESIGN'>
0d948999 968 <option value='ipfire' $selected{'ERR_DESIGN'}{'ipfire'}>IPFire</option>
363fb6af
MT		 969 <option value='squid' $selected{'ERR_DESIGN'}{'squid'}>$Lang::tr{'advproxy standard'}</option>
970 </select></td>
10e4f239
MT		 971</tr>
972<tr>
363fb6af
MT		 973 <td class='base'>$Lang::tr{'advproxy squid version'}:</td>
974 <td class='base'>&nbsp;[<font color='$Header::colourred'> $squidversion[0] </font>]</td>
975 <td>&nbsp;</td>
976 <td>&nbsp;</td>
10e4f239 977</tr>
ed38f89d
MT		 978</table>
979<hr size='1'>
980<table width='100%'>
d12aede7
CS		 981END
982;
983if ( -e "/usr/bin/squidclamav" ) {
01212e04 984 print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
bd027d94
CS		 985 if ( ! -e "/var/run/clamav/clamd.pid" ){
986 print "<font color='red'>clamav not running</font><br /><br />";
987 $proxysettings{'ENABLE_CLAMAV'} = 'off';
988 }
989 else {
990 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
1a3323f2 991}
01212e04
CS		 992 print "</td>";
993} else {
994 print "<td></td>";
d12aede7 995}
082771c1 996print "<td class='base'><a href='/cgi-bin/urlfilter.cgi'><b>".$Lang::tr{'advproxy url filter'}."</a></b><br />";
01212e04 997print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_FILTER' ".$checked{'ENABLE_FILTER'}{'on'}." /><br />";
01212e04 998print "</td>";
082771c1 999print "<td class='base'><a href='/cgi-bin/updatexlrator.cgi'><b>".$Lang::tr{'advproxy update accelerator'}."</a></b><br />";
01212e04 1000print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_UPDXLRATOR' ".$checked{'ENABLE_UPDXLRATOR'}{'on'}." /><br />";
01212e04 1001print "</td></tr>";
d12aede7 1002print <<END
9141bd34
CS		 1003</table>
1004<hr size='1'>
1005<table width='100%'>
ed38f89d
MT		 1006<tr>
1007 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
1008</tr>
1009<tr>
488d1b7c
CS		 1010 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}:</td>
1011 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
e3edceeb 1012 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}:</td>
488d1b7c 1013 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
ed38f89d
MT		 1014</tr>
1015<tr>
488d1b7c
CS		 1016 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}:</td>
1017 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
e3edceeb 1018 <td class='base'>$Lang::tr{'advproxy upstream username'}:</td>
488d1b7c 1019 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
ac1cfefa 1020</tr>
ac1cfefa 1021<tr>
488d1b7c
CS		 1022 <td class='base'>$Lang::tr{'advproxy username forwarding'}:</td>
1023 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
e3edceeb 1024 <td class='base'>$Lang::tr{'advproxy upstream password'}:</td>
488d1b7c 1025 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
ed38f89d 1026</tr>
363fb6af 1027<tr>
488d1b7c
CS		 1028 <td class='base'>$Lang::tr{'advproxy no connection auth'}:</td>
1029 <td><input type='checkbox' name='NO_CONNECTION_AUTH' $checked{'NO_CONNECTION_AUTH'}{'on'} /></td>
1030 <td>&nbsp;</td>
1031 <td>&nbsp;</td>
363fb6af 1032</tr>
ed38f89d
MT		 1033</table>
1034<hr size='1'>
1035<table width='100%'>
1036<tr>
1037 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
1038</tr>
1039<tr>
488d1b7c
CS		 1040 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
1041 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
1042 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
1043 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
1044</tr>
1045<tr>
1046 <td>&nbsp;</td>
1047 <td>&nbsp;</td>
1048 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
1049 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
ed38f89d
MT		 1050</tr>
1051</table>
1052<hr size='1'>
1053<table width='100%'>
1054<tr>
1055 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
1056</tr>
fe1656d2 1057<tr>
c4b12981 1058 <td class='base'><a href='/cgi-bin/cachemgr.cgi' target='_blank'>$Lang::tr{'proxy cachemgr'}:</td>
fe1656d2 1059 <td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
e3edceeb 1060 <td class='base'>$Lang::tr{'advproxy admin mail'}:</td>
fe1656d2
CS		 1061 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
1062</tr>
1063<tr>
e3edceeb 1064 <td class='base'>$Lang::tr{'proxy filedescriptors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
fe1656d2 1065 <td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
e3edceeb 1066 <td class='base'>$Lang::tr{'proxy admin password'}:</td>
fe1656d2
CS		 1067 <td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
1068</tr>
ed38f89d 1069<tr>
488d1b7c 1070 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
ac1cfefa
MT		 1071</tr>
1072<tr>
e3edceeb 1073 <td class='base'>$Lang::tr{'advproxy ram cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
ed38f89d 1074 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
e3edceeb 1075 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
ac1cfefa
MT		 1076 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
1077</tr>
1078<tr>
e3edceeb 1079 <td class='base'>$Lang::tr{'advproxy min size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
ac1cfefa 1080 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
e3edceeb 1081 <td class='base'>$Lang::tr{'advproxy max size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
ac1cfefa
MT		 1082 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
1083</tr>
1084<tr>
ed38f89d 1085 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
363fb6af
MT		 1086 <td class='base'><select name='L1_DIRS'>
1087 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
1088 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
1089 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
1090 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
1091 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
1092 </select></td>
ed38f89d 1093 <td colspan='2' rowspan= '5' valign='top' class='base'>
363fb6af 1094 <table cellspacing='0' cellpadding='0'>
ed38f89d
MT		 1095 <tr>
1096 <!-- intentionally left empty -->
1097 </tr>
1098 <tr>
e3edceeb 1099 <td>$Lang::tr{'advproxy no cache sites'}:</td>
ed38f89d
MT		 1100 </tr>
1101 <tr>
1102 <!-- intentionally left empty -->
1103 </tr>
1104 <tr>
1105 <!-- intentionally left empty -->
1106 </tr>
1107 <tr>
488d1b7c 1108 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
ed38f89d
MT		 1109END
1110;
1111
1112print $proxysettings{'DST_NOCACHE'};
1113
1114print <<END
1115</textarea></td>
1116 </tr>
1117 </table>
1118 </td>
1119</tr>
1120<tr>
363fb6af
MT		 1121 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
1122 <td class='base'><select name='MEM_POLICY'>
1123 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
1124 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1125 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
1126 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
1127 </select></td>
ed38f89d
MT		 1128</tr>
1129<tr>
363fb6af
MT		 1130 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1131 <td class='base'><select name='CACHE_POLICY'>
1132 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1133 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1134 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1135 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1136 </select></td>
ed38f89d
MT		 1137</tr>
1138<tr>
1139 <td colspan='2'>&nbsp;</td>
1140</tr>
1141<tr>
363fb6af 1142 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
ed38f89d
MT		 1143 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1144</tr>
6bea848d
JB		 1145<tr>
1146 <td class='base'>$Lang::tr{'advproxy cache-digest'}:</td>
1147 <td><input type='checkbox' name='CACHE_DIGESTS' $checked{'CACHE_DIGESTS'}{'on'} /></td>
1148</tr>
ed38f89d
MT		 1149</table>
1150<hr size='1'>
1151<table width='100%'>
363fb6af
MT		 1152<tr>
1153 <td colspan='4'><b>$Lang::tr{'advproxy destination ports'}</b></td>
1154</tr>
1155<tr>
631b67b7 1156 <td width='25%' align='center'></td> <td width='20%' align='center'></td><td width='25%' align='center'></td><td width='30%' align='center'></td>
363fb6af
MT		 1157</tr>
1158<tr>
e3edceeb
LS		 1159 <td colspan='2' class='base'>$Lang::tr{'advproxy standard ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1160 <td colspan='2' class='base'>$Lang::tr{'advproxy ssl ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
363fb6af
MT		 1161</tr>
1162<tr>
1163 <td colspan='2'><textarea name='PORTS_SAFE' cols='32' rows='6' wrap='off'>
1164END
1165;
1166 if (!$proxysettings{'PORTS_SAFE'}) { print $def_ports_safe; } else { print $proxysettings{'PORTS_SAFE'}; }
1167
1168print <<END
1169</textarea></td>
1170 <td colspan='2'><textarea name='PORTS_SSL' cols='32' rows='6' wrap='off'>
1171END
1172;
1173 if (!$proxysettings{'PORTS_SSL'}) { print $def_ports_ssl; } else { print $proxysettings{'PORTS_SSL'}; }
1174
1175print <<END
1176</textarea></td>
1177</tr>
1178</table>
1179<hr size='1'>
1180<table width='100%'>
ed38f89d
MT		 1181<tr>
1182 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1183</tr>
1184<tr>
1185 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1186</tr>
1187<tr>
e3edceeb 1188 <td colspan='4' class='base'>$Lang::tr{'advproxy allowed subnets'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
ed38f89d
MT		 1189</tr>
1190<tr>
9141bd34 1191 <td colspan='2' rowspan='4'><textarea name='SRC_SUBNETS' cols='32' rows='3' wrap='off'>
ed38f89d
MT		 1192END
1193;
1194
363fb6af
MT		 1195if (!$proxysettings{'SRC_SUBNETS'})
1196{
f09a0af5 1197 print "$green_cidr\n";
363fb6af
MT		 1198 if ($netsettings{'BLUE_DEV'})
1199 {
f09a0af5 1200 print "$blue_cidr\n";
ed38f89d 1201 }
363fb6af 1202} else { print $proxysettings{'SRC_SUBNETS'}; }
ed38f89d
MT		 1203
1204print <<END
1205</textarea></td>
9fb25b1c
MT		 1206END
1207;
1208
1209$line = $Lang::tr{'advproxy no internal proxy on green'};
1210$line =~ s/Green/<font color="$Header::colourgreen">Green<\/font>/i;
1211print "<td class='base'>$line:</td>\n";
1212print <<END
1213 <td><input type='checkbox' name='NO_PROXY_LOCAL' $checked{'NO_PROXY_LOCAL'}{'on'} /></td>
1214</tr>
1215END
1216;
1217if ($netsettings{'BLUE_DEV'}) {
1218 $line = $Lang::tr{'advproxy no internal proxy on blue'};
1219 $line =~ s/Blue/<font color="$Header::colourblue">Blue<\/font>/i;
1220 print "<tr>\n";
1221 print "<td class='base'>$line:</td>\n";
1222 print <<END
1223 <td><input type='checkbox' name='NO_PROXY_LOCAL_BLUE' $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} /></td>
1224</tr>
1225END
1226;
1227}
1228print <<END
1229<tr>
1230 <td colspan='2'>&nbsp;</td>
1231</tr>
1232<tr>
ed38f89d
MT		 1233 <td colspan='2'>&nbsp;</td>
1234</tr>
1235</table>
1236<table width='100%'>
1237<tr>
1238 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1239</tr>
1240<tr>
e3edceeb
LS		 1241 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:</td>
1242 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:</td>
ed38f89d
MT		 1243</tr>
1244<tr>
9141bd34 1245 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='3' wrap='off'>
ed38f89d
MT		 1246END
1247;
1248
1249 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1250
1251print <<END
1252</textarea></td>
9141bd34 1253 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='3' wrap='off'>
ed38f89d
MT		 1254END
1255;
1256
1257print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1258
1259print <<END
1260</textarea></td>
1261</tr>
1262</table>
1263<table width='100%'>
1264<tr>
1265 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1266</tr>
1267<tr>
e3edceeb
LS		 1268 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:</td>
1269 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:</td>
ed38f89d
MT		 1270</tr>
1271<tr>
9141bd34 1272 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='3' wrap='off'>
ed38f89d
MT		 1273END
1274;
1275
1276 print $proxysettings{'SRC_BANNED_IP'};
1277
1278print <<END
1279</textarea></td>
9141bd34 1280 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='3' wrap='off'>
ed38f89d
MT		 1281END
1282;
1283
1284print $proxysettings{'SRC_BANNED_MAC'};
1285
1286print <<END
1287</textarea></td>
1288</tr>
1289</table>
1290
1291<hr size='1'>
1292
1293END
1294;
1295# -------------------------------------------------------------------
1296# CRE GUI - optional
1297# -------------------------------------------------------------------
1298
1299if (-e $cre_enabled) { print <<END
1300<table width='100%'>
1301
1302<tr>
9141bd34 1303 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
ed38f89d
MT		 1304</tr>
1305<tr>
1306 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1307</tr>
1308<tr>
9141bd34
CS		 1309
1310END
1311;
1312if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1313print <<END
e3edceeb 1314 <td class='base'>$Lang::tr{'advproxy supervisor password'}:</td>
ed38f89d
MT		 1315 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1316</tr>
1317<tr>
1318 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
e3edceeb 1319 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:</td>
9141bd34
CS		 1320END
1321;
1322}
1323print "</tr>";
1324if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1325print <<END
ed38f89d
MT		 1326<tr>
1327 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1328END
1329;
1330
1331 print $proxysettings{'CRE_GROUPS'};
1332
1333print <<END
1334</textarea></td>
1335 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1336END
1337;
1338 print $proxysettings{'CRE_SVHOSTS'};
1339
1340print <<END
1341</textarea></td>
1342</tr>
ed38f89d
MT		 1343END
1344;
9141bd34
CS		 1345}
1346print "</table><hr size='1'>";
1347
ed38f89d
MT		 1348} else {
1349 print <<END
1350 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1351 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1352 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1353END
1354;
1355}
363fb6af 1356
ce1c170b
AK		 1357# ===================================================================
1358# WPAD settings
1359# ===================================================================
1360
1361print <<END
1362<table width='100%'>
1363<tr>
1364 <td colspan='4'><b>$Lang::tr{'advproxy wpad title'}</b></td>
1365</tr>
1366<tr>
1367 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1368</tr>
1369<tr>
1370 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_ip'}:</td>
1371 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_url'}:</td>
1372</tr>
1373<tr>
1374 <td colspan='2'><textarea name='DST_NOPROXY_IP' cols='32' rows='3' wrap='off'>
1375END
1376;
1377
1378 print $proxysettings{'DST_NOPROXY_IP'};
1379
1380print <<END
1381</textarea></td>
1382
1383 <td colspan='2'><textarea name='DST_NOPROXY_URL' cols='32' rows='3' wrap='off'>
1384END
1385;
1386
1387 print $proxysettings{'DST_NOPROXY_URL'};
1388
1389print <<END
1390</textarea></td>
1391</tr>
1392<tr>
1393 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_ip'}</td>
1394 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_url'}</td>
1395</tr>
1396<tr>
1397 <td colspan="4">&nbsp;</td>
1398</tr>
1399<tr>
1400 <td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td>
1401</tr>
cdc82a99
AK		 1402<tr>
1403 <td colspan="4">&nbsp;</td>
1404</tr>
1405<tr>
1406 <td colspan="4">$Lang::tr{'advproxy wpad notice'}</td>
1407</tr>
ce1c170b
AK		 1408</table>
1409
1410<hr size='1'>
1411
1412END
1413;
1414
ed38f89d
MT		 1415# -------------------------------------------------------------------
1416
28c9dec6 1417print <<END
ed38f89d
MT		 1418
1419<table width='100%'>
1420<tr>
363fb6af 1421 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
ed38f89d
MT		 1422</tr>
1423<table width='100%'>
1424<tr>
1425 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1426 <td width='1%'>&nbsp;</td>
1427 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1428 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1429 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1430 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1431 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1432 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1433 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1434 <td width='1%'>&nbsp;&nbsp;</td>
1435 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1436 <td width='1%'>&nbsp;</td>
1437 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1438 <td>&nbsp;</td>
1439</tr>
1440<tr>
1441 <td class='base'>
1442 <select name='TIME_ACCESS_MODE'>
1443 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1444 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1445 </select>
1446 </td>
1447 <td>&nbsp;</td>
1448 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1449 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1450 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1451 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1452 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1453 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1454 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1455 <td>&nbsp;</td>
1456 <td class='base'>
1457 <select name='TIME_FROM_HOUR'>
1458END
1459;
1460for ($i=0;$i<=24;$i++) {
1461 $_ = sprintf("%02s",$i);
1462 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1463}
1464print <<END
1465 </select>
1466 </td>
1467 <td>:</td>
1468 <td class='base'>
1469 <select name='TIME_FROM_MINUTE'>
1470END
1471;
1472for ($i=0;$i<=45;$i+=15) {
1473 $_ = sprintf("%02s",$i);
1474 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1475}
1476print <<END
1477 </select>
1478 <td> - </td>
1479 </td>
1480 <td class='base'>
1481 <select name='TIME_TO_HOUR'>
1482END
1483;
1484for ($i=0;$i<=24;$i++) {
1485 $_ = sprintf("%02s",$i);
1486 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1487}
1488print <<END
1489 </select>
1490 </td>
1491 <td>:</td>
1492 <td class='base'>
1493 <select name='TIME_TO_MINUTE'>
1494END
1495;
1496for ($i=0;$i<=45;$i+=15) {
1497 $_ = sprintf("%02s",$i);
1498 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1499}
1500print <<END
1501 </select>
1502 </td>
1503</tr>
1504</table>
1505<hr size='1'>
1506<table width='100%'>
1507<tr>
1508 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
ac1cfefa
MT		 1509</tr>
1510<tr>
e3edceeb 1511 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
ed38f89d 1512 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
e3edceeb 1513 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
ed38f89d 1514 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
ac1cfefa
MT		 1515</tr>
1516</table>
ed38f89d 1517<hr size='1'>
ac1cfefa 1518<table width='100%'>
ac1cfefa 1519<tr>
ed38f89d
MT		 1520 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1521</tr>
1522<tr>
1523 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1524 <td width='20%' class='base'>
1525 <select name='THROTTLING_GREEN_TOTAL'>
1526END
1527;
1528
1529foreach (@throttle_limits) {
ce1f04ee
MT		 1530 my $val = $_;
1531 my $unit = "kbit/s";
1532
1533 if ($val >= 1024) {
1534 $unit = "Mbit/s";
1535 $val /= 1024;
1536 }
1537
1538 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$val $unit</option>\n";
ed38f89d
MT		 1539}
1540
1541print <<END
1542 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1543 </select>
1544 </td>
1545 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1546 <td width='30%' class='base'>
1547 <select name='THROTTLING_GREEN_HOST'>
1548END
1549;
1550
1551foreach (@throttle_limits) {
f00699e8 1552 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kbit/s</option>\n";
ed38f89d
MT		 1553}
1554
1555print <<END
1556 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1557 </select>
1558 </td>
1559</tr>
1560END
1561;
1562
1563if ($netsettings{'BLUE_DEV'}) {
1564 print <<END
1565<tr>
1566 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1567 <td class='base'>
1568 <select name='THROTTLING_BLUE_TOTAL'>
1569END
1570;
1571
1572foreach (@throttle_limits) {
f00699e8 1573 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kbit/s</option>\n";
ed38f89d
MT		 1574}
1575
1576print <<END
1577 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1578 </select>
1579 </td>
1580 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1581 <td class='base'>
1582 <select name='THROTTLING_BLUE_HOST'>
1583END
1584;
1585
1586foreach (@throttle_limits) {
f00699e8 1587 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kbit/s</option>\n";
ed38f89d
MT		 1588}
1589
1590print <<END
1591 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1592 </select>
ac1cfefa 1593 </td>
ac1cfefa 1594</tr>
ed38f89d
MT		 1595END
1596;
1597}
ac1cfefa 1598
ed38f89d
MT		 1599print <<END
1600</table>
ed38f89d
MT		 1601<hr size='1'>
1602<table width='100%'>
1603<tr>
9141bd34 1604 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
ed38f89d 1605</tr>
9141bd34
CS		 1606END
1607;
1608if ( $proxysettings{'ENABLE_MIME_FILTER'} eq 'on' ){
1609print <<END
ed38f89d 1610<tr>
e3edceeb 1611 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:</td>
363fb6af
MT		 1612 <td>&nbsp;</td>
1613 <td>&nbsp;</td>
ed38f89d
MT		 1614</tr>
1615<tr>
1616 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
ac1cfefa
MT		 1617END
1618;
ac1cfefa 1619
ed38f89d 1620print $proxysettings{'MIME_TYPES'};
ac1cfefa 1621
ed38f89d
MT		 1622print <<END
1623</textarea></td>
363fb6af
MT		 1624 <td>&nbsp;</td>
1625 <td>&nbsp;</td>
ed38f89d 1626</tr>
9141bd34
CS		 1627END
1628;
1629}
1630print <<END
ed38f89d 1631</table>
9141bd34 1632
ed38f89d 1633<hr size='1'>
ac1cfefa 1634
ed38f89d
MT		 1635<table width='100%'>
1636<tr>
1637 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1638</tr>
1639<tr>
e3edceeb
LS		 1640 <td class='base'>$Lang::tr{'advproxy fake useragent'}:</td>
1641 <td class='base'>$Lang::tr{'advproxy fake referer'}:</td>
ed38f89d
MT		 1642</tr>
1643<tr>
73cb6627
AM		 1644 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='40%' /></td>
1645 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='40%' /></td>
ed38f89d
MT		 1646</tr>
1647</table>
1648<hr size='1'>
1649END
1650;
1651
603248db
MT		 1652my $auth_columns = 5;
1653if ($HAVE_NTLM_AUTH) {
1654 $auth_columns++;
1655}
1656my $auth_column_width = 100 / $auth_columns;
1657
1658print <<END;
ed38f89d
MT		 1659<table width='100%'>
1660<tr>
603248db 1661 <td colspan='$auth_columns'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
ed38f89d
MT		 1662</tr>
1663<tr>
603248db
MT		 1664 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1665 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1666 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1667 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
603248db
MT		 1668END
1669
1670if ($HAVE_NTLM_AUTH) {
1671 print <<END;
1672 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm-auth' $checked{'AUTH_METHOD'}{'ntlm-auth'} />$Lang::tr{'advproxy AUTH method ntlm auth'}</td>
1673END
1674}
1675
1676print <<END
1677 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
ed38f89d
MT		 1678</tr>
1679</table>
1680END
1681;
1682
1683if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1684<hr size='1'>
1685<table width='100%'>
1686<tr>
363fb6af 1687 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
ed38f89d
MT		 1688</tr>
1689<tr>
1690 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1691</tr>
1692<tr>
1693 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1694 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1695 <td colspan='2' rowspan= '6' valign='top' class='base'>
1696 <table cellpadding='0' cellspacing='0'>
1697 <tr>
e3edceeb 1698 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:</td>
ed38f89d
MT		 1699 </tr>
1700 <tr>
1701 <!-- intentionally left empty -->
1702 </tr>
1703 <tr>
1704 <!-- intentionally left empty -->
1705 </tr>
1706 <tr>
1707 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1708 </tr>
1709 <tr>
1710 <!-- intentionally left empty -->
1711 </tr>
1712 <tr>
1713 <!-- intentionally left empty -->
1714 </tr>
1715 <tr>
e3edceeb 1716 <td>$Lang::tr{'advproxy AUTH no auth'}:</td>
ed38f89d
MT		 1717 </tr>
1718 <tr>
1719 <!-- intentionally left empty -->
1720 </tr>
1721 <tr>
1722 <!-- intentionally left empty -->
1723 </tr>
1724 <tr>
1725 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1726END
1727;
1728
1729print $proxysettings{'DST_NOAUTH'};
1730
1731print <<END
1732</textarea></td>
1733 </tr>
1734 </table>
1735 </td>
1736</tr>
1737<tr>
1738 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1739 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1740</tr>
1741<tr>
e3edceeb 1742 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
ed38f89d
MT		 1743 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1744</tr>
ed38f89d 1745<tr>
363fb6af
MT		 1746 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1747 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
ed38f89d
MT		 1748</tr>
1749<tr>
1750 <td colspan='2'>&nbsp;</td>
1751</tr>
1752</table>
1753END
1754;
1755}
1756
1757# ===================================================================
1758# NCSA auth settings
1759# ===================================================================
1760
1761if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1762print <<END
1763<hr size='1'>
1764<table width='100%'>
1765<tr>
1766 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1767</tr>
1768<tr>
1769 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1770 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1771 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
363fb6af 1772 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
ed38f89d
MT		 1773</tr>
1774<tr>
1775 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1776 <td>&nbsp;</td>
1777 <td>&nbsp;</td>
1778</tr>
1779</table>
1780END
1781; }
1782
1783# ===================================================================
1784# IDENTD auth settings
1785# ===================================================================
1786
1787if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1788print <<END
1789<hr size ='1'>
1790<table width='100%'>
1791<tr>
1792 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1793</tr>
1794<tr>
1795 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
363fb6af
MT		 1796 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1797 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1798 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
ed38f89d
MT		 1799</tr>
1800<tr>
1801 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1802 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1803 <td>&nbsp;</td>
1804 <td>&nbsp;</td>
1805</tr>
1806<tr>
1807 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
e3edceeb 1808 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:</td>
ed38f89d
MT		 1809</tr>
1810<tr>
1811 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1812END
1813;
1814if (!$proxysettings{'IDENT_HOSTS'}) {
f09a0af5 1815 print "$green_cidr\n";
ed38f89d 1816 if ($netsettings{'BLUE_DEV'}) {
f09a0af5 1817 print "$blue_cidr\n";
ed38f89d
MT		 1818 }
1819} else {
1820 print $proxysettings{'IDENT_HOSTS'};
1821}
1822
1823print <<END
1824</textarea></td>
1825 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1826END
1827;
1828
1829print $proxysettings{'DST_NOAUTH'};
1830
1831print <<END
1832</textarea></td>
1833</tr>
1834</table>
1835<hr size ='1'>
1836<table width='100%'>
1837<tr>
1838 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1839</tr>
1840<tr>
1841 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1842 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1843 <td width='25%'>&nbsp;</td>
1844 <td width='30%'>&nbsp;</td>
1845</tr>
1846<tr>
1847 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1848 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1849 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1850 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1851</tr>
1852<tr>
1853 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1854 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1855</tr>
1856<tr>
363fb6af 1857 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
ed38f89d
MT		 1858END
1859; }
1860
1861if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1862
1863if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1864</textarea></td>
363fb6af 1865 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
ed38f89d
MT		 1866END
1867; }
1868
1869if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1870
1871if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1872</textarea></td>
1873</tr>
1874</table>
1875END
1876; }
1877
b5674643
MT		 1878# ===================================================================
1879# NTLM-AUTH settings
1880# ===================================================================
1881
1882if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
1883 print <<END;
1884 <hr size ='1'>
2fc5124b
MT		 1885 <table width='100%'>
1886 <td width='20%' class='base'>$Lang::tr{'advproxy basic authentication'}:</td>
1887 <td width='40%'><input type='checkbox' name='NTLM_AUTH_BASIC' $checked{'NTLM_AUTH_BASIC'}{'on'} /></td>
1888 <td colspan='2'>&nbsp;</td>
1889 </table>
1890
1891 <hr size='1' />
1892
b5674643
MT		 1893 <table width='100%'>
1894 <tr>
1895 <td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
1896 </tr>
1897 <tr>
e3edceeb 1898 <td width='20%' class='base'>$Lang::tr{'advproxy group required'}:</td>
b5674643
MT		 1899 <td width='40%'><input type='text' name='NTLM_AUTH_GROUP' value='$proxysettings{'NTLM_AUTH_GROUP'}' size='37' /></td>
1900 <td>&nbsp;</td>
1901 <td>&nbsp;</td>
1902 </tr>
1903 </table>
1904END
1905}
1906
ed38f89d
MT		 1907# ===================================================================
1908# LDAP auth settings
1909# ===================================================================
1910
1911if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1912print <<END
1913<hr size='1'>
1914<table width='100%'>
1915<tr>
1916 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1917</tr>
1918<tr>
1919 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1920 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1921 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1922 <td class='base'><select name='LDAP_TYPE'>
1923 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1924 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1925 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1926 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1927 </select></td>
1928</tr>
1929<tr>
1930 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1931 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1932 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1933 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1934</tr>
1935</table>
1936<hr size ='1'>
1937<table width='100%'>
1938<tr>
1939 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1940</tr>
1941<tr>
1942 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1943 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1944 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1945 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1946</tr>
1947</table>
1948<hr size ='1'>
1949<table width='100%'>
1950<tr>
1951 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1952</tr>
1953<tr>
e3edceeb 1954 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:</td>
ed38f89d
MT		 1955 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1956 <td>&nbsp;</td>
1957 <td>&nbsp;</td>
1958</tr>
1959</table>
1960END
1961; }
1962
1963# ===================================================================
1964# RADIUS auth settings
1965# ===================================================================
1966
1967if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1968print <<END
1969<hr size='1'>
1970<table width='100%'>
1971<tr>
1972 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1973</tr>
1974<tr>
1975 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1976 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1977 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1978 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1979</tr>
1980<tr>
e3edceeb 1981 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:</td>
ed38f89d
MT		 1982 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1983 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1984 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1985</tr>
1986</table>
1987<hr size ='1'>
1988<table width='100%'>
1989<tr>
1990 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1991</tr>
1992<tr>
1993 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1994 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1995 <td width='25%'>&nbsp;</td>
1996 <td width='30%'>&nbsp;</td>
1997</tr>
1998<tr>
1999 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
2000 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
2001 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
2002 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
2003</tr>
2004<tr>
2005 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
2006 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
2007</tr>
2008<tr>
363fb6af 2009 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
ed38f89d
MT		 2010END
2011; }
2012
2013if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
2014
2015if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2016</textarea></td>
363fb6af 2017 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
ed38f89d
MT		 2018END
2019; }
2020
2021if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
2022
2023if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2024</textarea></td>
2025</tr>
2026</table>
2027END
2028; }
2029
2030# ===================================================================
2031
2032}
2033
2034print "<table>\n";
2035
2036if ($proxysettings{'AUTH_METHOD'} eq 'none') {
2037print <<END
2038<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2039<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2040<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
ed38f89d
MT		 2041<td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
2042<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2043<td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
2044END
2045; }
2046
2047if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
2048print <<END
2049<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2050<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2051<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
ed38f89d
MT		 2052<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2053END
2054; }
2055
2056if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
2057print <<END
2058<td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2059<td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
2060END
2061; }
2062
2063if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
2064print <<END
2065<td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
2066<td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
2067<td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
2068<td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
2069<td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
2070<td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
2071<td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
2072END
2073; }
2074
2075if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
2076print <<END
2077<td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
2078<td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
2079<td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
2080<td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
2081<td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
2082<td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
2083<td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
2084END
2085; }
2086
ed38f89d
MT		 2087if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
2088print <<END
2089<td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
2090<td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
2091<td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
2092<td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
2093<td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
2094<td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
2095<td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
2096<td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
2097END
2098; }
2099
2100print "</table>\n";
2101
2102print <<END
2103<hr size='1'>
2104END
2105;
2106
2107print <<END
2108<table width='100%'>
2109<tr>
363fb6af 2110 <td>&nbsp;</td>
ed38f89d 2111 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
fe1656d2 2112 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'proxy reconfigure'}' /></td>
ed38f89d 2113 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
363fb6af
MT		 2114 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy clear cache'}' /></td>
2115 <td>&nbsp;</td>
ed38f89d
MT		 2116</tr>
2117
2118</table>
2119<br />
2120<table width='100%'>
2121<tr>
e3edceeb 2122 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'required field'}</font></td>
363fb6af 2123 <td align='right'>&nbsp;</td>
ed38f89d
MT		 2124</tr>
2125</table>
2126</form>
2127END
2128;
2129
2130&Header::closebox();
2131
2132} else {
2133
2134# ===================================================================
2135# NCSA user management
2136# ===================================================================
2137
2138&Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2139print <<END
2140<form method='post' action='$ENV{'SCRIPT_NAME'}'>
2141<table width='100%'>
2142<tr>
363fb6af 2143 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
ed38f89d
MT		 2144</tr>
2145<tr>
2146 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2147 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2148END
2149;
153cf640 2150 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly='readonly' "; }
ed38f89d
MT		 2151 print <<END
2152 /></td>
2153 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2154 <td class='base'>
2155 <select name='NCSA_GROUP'>
2156 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2157 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2158 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2159 </select>
2160 </td>
2161
2162</tr>
2163<tr>
2164 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2165 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2166 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2167 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2168</tr>
2169</table>
2170<br>
2171<table>
2172<tr>
2173 <td>&nbsp;</td>
2174 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2175 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2176 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2177END
2178;
2179 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2180 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2181 }
2182
2183print <<END
2184 <td>&nbsp;</td>
2185 <td>&nbsp;</td>
2186 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2187</tr>
2188</table>
2189</form>
2190<hr size='1'>
2191<table width='100%'>
2192<tr>
363fb6af 2193 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
ed38f89d
MT		 2194</tr>
2195</table>
2196<table width='100%' align='center'>
2197END
2198;
2199
2200if (-e $extgrp)
2201{
2202 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2203 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2204}
2205if (-e $stdgrp)
2206{
2207 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2208 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2209}
2210if (-e $disgrp)
2211{
2212 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2213 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2214}
2215
2216@userlist = sort(@userlist);
2217
2218# If the password file contains entries, print entries and action icons
2219
488d1b7c 2220if ( ! -z "$userdb" ) {
ed38f89d
MT		 2221 print <<END
2222 <tr>
2223 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2224 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2225 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2226 </tr>
2227END
2228;
2229 $id = 0;
2230 foreach $line (@userlist)
2231 {
2232 $id++;
2233 chomp($line);
2234 @temp = split(/:/,$line);
2235 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2236 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2237 elsif ($id % 2) {
4e17adad 2238 print "<tr bgcolor='$color{'color20'}'>\n"; }
ed38f89d 2239 else {
4e17adad 2240 print "<tr bgcolor='$color{'color22'}'>\n"; }
ed38f89d
MT		 2241
2242 print <<END
2243 <td align='center'>$temp[0]</td>
2244 <td align='center'>
2245END
2246;
2247 if ($temp[1] eq 'standard') {
2248 print $Lang::tr{'advproxy NCSA grp standard'};
2249 } elsif ($temp[1] eq 'extended') {
2250 print $Lang::tr{'advproxy NCSA grp extended'};
2251 } elsif ($temp[1] eq 'disabled') {
2252 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2253 print <<END
2254 </td>
2255 <td width='8%' align='center'>
2256 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2257 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2258 <input type='hidden' name='ID' value='$line' />
2259 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2260 </form>
2261 </td>
2262
2263 <td width='8%' align='center'>
2264 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2265 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2266 <input type='hidden' name='ID' value='$temp[0]' />
2267 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2268 </form>
2269 </td>
2270 </tr>
2271END
2272;
2273 }
2274
2275print <<END
2276</table>
2277<br>
9fb25b1c 2278<table>
ed38f89d
MT		 2279<tr>
2280 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2281 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2282 <td class='base'>$Lang::tr{'edit'}</td>
2283 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2284 <td class='base'>$Lang::tr{'remove'}</td>
2285</tr>
2286END
2287;
2288} else {
2289 print <<END
2290 <tr>
363fb6af 2291 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
ed38f89d
MT		 2292 </tr>
2293END
2294;
2295}
2296
2297print <<END
2298</table>
2299END
2300;
2301
2302&Header::closebox();
2303
2304}
2305
2306# ===================================================================
2307
2308&Header::closebigbox();
2309
2310&Header::closepage();
2311
2312# -------------------------------------------------------------------
2313
2314sub read_acls
2315{
2316 if (-e "$acl_src_subnets") {
2317 open(FILE,"$acl_src_subnets");
2318 delete $proxysettings{'SRC_SUBNETS'};
2319 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2320 close(FILE);
2321 }
2322 if (-e "$acl_src_banned_ip") {
2323 open(FILE,"$acl_src_banned_ip");
2324 delete $proxysettings{'SRC_BANNED_IP'};
2325 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2326 close(FILE);
2327 }
2328 if (-e "$acl_src_banned_mac") {
2329 open(FILE,"$acl_src_banned_mac");
2330 delete $proxysettings{'SRC_BANNED_MAC'};
2331 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2332 close(FILE);
2333 }
2334 if (-e "$acl_src_unrestricted_ip") {
2335 open(FILE,"$acl_src_unrestricted_ip");
2336 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2337 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2338 close(FILE);
2339 }
2340 if (-e "$acl_src_unrestricted_mac") {
2341 open(FILE,"$acl_src_unrestricted_mac");
2342 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2343 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2344 close(FILE);
2345 }
2346 if (-e "$acl_dst_nocache") {
2347 open(FILE,"$acl_dst_nocache");
2348 delete $proxysettings{'DST_NOCACHE'};
2349 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2350 close(FILE);
2351 }
2352 if (-e "$acl_dst_noauth") {
2353 open(FILE,"$acl_dst_noauth");
2354 delete $proxysettings{'DST_NOAUTH'};
2355 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2356 close(FILE);
2357 }
ce1c170b
AK		 2358 if (-e "$acl_dst_noproxy_ip") {
2359 open(FILE,"$acl_dst_noproxy_ip");
2360 delete $proxysettings{'DST_NOPROXY_IP'};
2361 while (<FILE>) { $proxysettings{'DST_NOPROXY_IP'} .= $_ };
2362 close(FILE);
2363 }
2364 if (-e "$acl_dst_noproxy_url") {
2365 open(FILE,"$acl_dst_noproxy_url");
2366 delete $proxysettings{'DST_NOPROXY_URL'};
2367 while (<FILE>) { $proxysettings{'DST_NOPROXY_URL'} .= $_ };
2368 close(FILE);
2369 }
363fb6af
MT		 2370 if (-e "$acl_ports_safe") {
2371 open(FILE,"$acl_ports_safe");
2372 delete $proxysettings{'PORTS_SAFE'};
2373 while (<FILE>) { $proxysettings{'PORTS_SAFE'} .= $_ };
2374 close(FILE);
2375 }
2376 if (-e "$acl_ports_ssl") {
2377 open(FILE,"$acl_ports_ssl");
2378 delete $proxysettings{'PORTS_SSL'};
2379 while (<FILE>) { $proxysettings{'PORTS_SSL'} .= $_ };
2380 close(FILE);
2381 }
ed38f89d
MT		 2382 if (-e "$mimetypes") {
2383 open(FILE,"$mimetypes");
2384 delete $proxysettings{'MIME_TYPES'};
2385 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2386 close(FILE);
2387 }
ed38f89d
MT		 2388 if (-e "$raddir/radauth.allowusers") {
2389 open(FILE,"$raddir/radauth.allowusers");
2390 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2391 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2392 close(FILE);
2393 }
2394 if (-e "$raddir/radauth.denyusers") {
2395 open(FILE,"$raddir/radauth.denyusers");
2396 delete $proxysettings{'RADIUS_DENY_USERS'};
2397 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2398 close(FILE);
2399 }
2400 if (-e "$identdir/identauth.allowusers") {
2401 open(FILE,"$identdir/identauth.allowusers");
2402 delete $proxysettings{'IDENT_ALLOW_USERS'};
2403 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2404 close(FILE);
2405 }
2406 if (-e "$identdir/identauth.denyusers") {
2407 open(FILE,"$identdir/identauth.denyusers");
2408 delete $proxysettings{'IDENT_DENY_USERS'};
2409 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2410 close(FILE);
2411 }
2412 if (-e "$identhosts") {
2413 open(FILE,"$identhosts");
2414 delete $proxysettings{'IDENT_HOSTS'};
2415 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2416 close(FILE);
2417 }
2418 if (-e "$cre_groups") {
2419 open(FILE,"$cre_groups");
2420 delete $proxysettings{'CRE_GROUPS'};
2421 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2422 close(FILE);
2423 }
2424 if (-e "$cre_svhosts") {
2425 open(FILE,"$cre_svhosts");
2426 delete $proxysettings{'CRE_SVHOSTS'};
2427 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2428 close(FILE);
2429 }
2430}
2431
2432# -------------------------------------------------------------------
2433
2434sub check_acls
2435{
363fb6af
MT		 2436 @temp = split(/\n/,$proxysettings{'PORTS_SAFE'});
2437 undef $proxysettings{'PORTS_SAFE'};
2438 foreach (@temp)
2439 {
2440 s/^\s+//g; s/\s+$//g;
2441 if ($_)
2442 {
2443 $line = $_;
2444 if (/^[^#]+\s+#\sSquids\sport/) { s/(^[^#]+)(\s+#\sSquids\sport)/$proxysettings{'PROXY_PORT'}\2/; $line=$_; }
2445 s/#.*//g; s/\s+//g;
2446 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2447 @templist = split(/-/);
2448 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2449 $proxysettings{'PORTS_SAFE'} .= $line."\n";
2450 }
2451 }
2452
2453 @temp = split(/\n/,$proxysettings{'PORTS_SSL'});
2454 undef $proxysettings{'PORTS_SSL'};
2455 foreach (@temp)
2456 {
2457 s/^\s+//g; s/\s+$//g;
2458 if ($_)
2459 {
2460 $line = $_;
2461 s/#.*//g; s/\s+//g;
2462 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2463 @templist = split(/-/);
2464 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2465 $proxysettings{'PORTS_SSL'} .= $line."\n";
2466 }
2467 }
2468
2469 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2470 undef $proxysettings{'DST_NOCACHE'};
2471 foreach (@temp)
2472 {
488d1b7c
CS		 2473 s/^\s+//g;
2474 unless (/^#/) { s/\s+//g; }
363fb6af
MT		 2475 if ($_)
2476 {
488d1b7c 2477 if (/^\./) { $_ = '*'.$_; }
363fb6af
MT		 2478 $proxysettings{'DST_NOCACHE'} .= $_."\n";
2479 }
2480 }
2481
ed38f89d
MT		 2482 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2483 undef $proxysettings{'SRC_SUBNETS'};
2484 foreach (@temp)
2485 {
2486 s/^\s+//g; s/\s+$//g;
2487 if ($_)
2488 {
2489 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2490 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2491 }
2492 }
2493
2494 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2495 undef $proxysettings{'SRC_BANNED_IP'};
2496 foreach (@temp)
2497 {
2498 s/^\s+//g; s/\s+$//g;
2499 if ($_)
2500 {
2501 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2502 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2503 }
2504 }
2505
2506 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2507 undef $proxysettings{'SRC_BANNED_MAC'};
2508 foreach (@temp)
2509 {
2510 s/^\s+//g; s/\s+$//g; s/-/:/g;
2511 if ($_)
2512 {
2513 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2514 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2515 }
2516 }
2517
2518 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2519 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2520 foreach (@temp)
2521 {
2522 s/^\s+//g; s/\s+$//g;
2523 if ($_)
2524 {
2525 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2526 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2527 }
2528 }
2529
2530 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2531 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2532 foreach (@temp)
2533 {
2534 s/^\s+//g; s/\s+$//g; s/-/:/g;
2535 if ($_)
2536 {
2537 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2538 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2539 }
2540 }
2541
363fb6af 2542 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
37273bc6 2543 undef $proxysettings{'DST_NOAUTH'};
363fb6af
MT		 2544 foreach (@temp)
2545 {
488d1b7c
CS		 2546 s/^\s+//g;
2547 unless (/^#/) { s/\s+//g; }
363fb6af
MT		 2548 if ($_)
2549 {
488d1b7c 2550 if (/^\./) { $_ = '*'.$_; }
363fb6af
MT		 2551 $proxysettings{'DST_NOAUTH'} .= $_."\n";
2552 }
2553 }
2554
ce1c170b
AK		 2555 @temp = split(/\n/,$proxysettings{'DST_NOPROXY_IP'});
2556 undef $proxysettings{'DST_NOPROXY_IP'};
2557 foreach (@temp)
2558 {
2559 s/^\s+//g; s/\s+$//g;
2560 if ($_)
2561 {
2562 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg wpad invalid ip or mask'}; }
2563 $proxysettings{'DST_NOPROXY_IP'} .= $_."\n";
2564 }
2565 }
2566
2567 @temp = split(/\n/,$proxysettings{'DST_NOPROXY_URL'});
2568 undef $proxysettings{'DST_NOPROXY_URL'};
2569 foreach (@temp)
2570 {
2571 s/^\s+//g;
2572 unless (/^#/) { s/\s+//g; }
2573 if ($_)
2574 {
2575 if (/^\./) { $_ = '*'.$_; }
2576 $proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
2577 }
2578 }
2579
ed38f89d
MT		 2580 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2581 {
2582 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2583 undef $proxysettings{'NTLM_ALLOW_USERS'};
2584 foreach (@temp)
2585 {
2586 s/^\s+//g; s/\s+$//g;
2587 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2588 }
2589 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2590 }
2591
2592 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2593 {
2594 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2595 undef $proxysettings{'NTLM_DENY_USERS'};
2596 foreach (@temp)
2597 {
2598 s/^\s+//g; s/\s+$//g;
2599 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2600 }
2601 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2602 }
2603
2604 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2605 {
2606 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2607 undef $proxysettings{'IDENT_ALLOW_USERS'};
2608 foreach (@temp)
2609 {
2610 s/^\s+//g; s/\s+$//g;
2611 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2612 }
2613 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2614 }
2615
2616 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2617 {
2618 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2619 undef $proxysettings{'IDENT_DENY_USERS'};
2620 foreach (@temp)
2621 {
2622 s/^\s+//g; s/\s+$//g;
2623 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2624 }
2625 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2626 }
2627
2628 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2629 {
2630 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2631 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2632 foreach (@temp)
2633 {
2634 s/^\s+//g; s/\s+$//g;
2635 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2636 }
2637 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2638 }
2639
2640 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2641 {
2642 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2643 undef $proxysettings{'RADIUS_DENY_USERS'};
2644 foreach (@temp)
2645 {
2646 s/^\s+//g; s/\s+$//g;
2647 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2648 }
2649 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2650 }
2651
2652 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2653 undef $proxysettings{'IDENT_HOSTS'};
2654 foreach (@temp)
2655 {
2656 s/^\s+//g; s/\s+$//g;
2657 if ($_)
2658 {
2659 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2660 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2661 }
2662 }
2663
2664 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2665 undef $proxysettings{'CRE_SVHOSTS'};
2666 foreach (@temp)
2667 {
2668 s/^\s+//g; s/\s+$//g;
2669 if ($_)
2670 {
2671 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2672 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2673 }
2674 }
2675}
2676
ed38f89d
MT		 2677# -------------------------------------------------------------------
2678
2679sub write_acls
2680{
2681 open(FILE, ">$acl_src_subnets");
2682 flock(FILE, 2);
363fb6af
MT		 2683 if (!$proxysettings{'SRC_SUBNETS'})
2684 {
f09a0af5 2685 print FILE "$green_cidr\n";
363fb6af
MT		 2686 if ($netsettings{'BLUE_DEV'})
2687 {
f09a0af5 2688 print FILE "$blue_cidr\n";
363fb6af
MT		 2689 }
2690 } else { print FILE $proxysettings{'SRC_SUBNETS'}; }
ed38f89d
MT		 2691 close(FILE);
2692
2693 open(FILE, ">$acl_src_banned_ip");
2694 flock(FILE, 2);
2695 print FILE $proxysettings{'SRC_BANNED_IP'};
2696 close(FILE);
2697
2698 open(FILE, ">$acl_src_banned_mac");
2699 flock(FILE, 2);
2700 print FILE $proxysettings{'SRC_BANNED_MAC'};
2701 close(FILE);
2702
2703 open(FILE, ">$acl_src_unrestricted_ip");
2704 flock(FILE, 2);
2705 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2706 close(FILE);
2707
2708 open(FILE, ">$acl_src_unrestricted_mac");
2709 flock(FILE, 2);
2710 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2711 close(FILE);
2712
488d1b7c
CS		 2713 open(FILE, ">$acl_dst_noauth");
2714 flock(FILE, 2);
2715 print FILE $proxysettings{'DST_NOAUTH'};
2716 close(FILE);
2717
ce1c170b
AK		 2718 open(FILE, ">$acl_dst_noproxy_ip");
2719 flock(FILE, 2);
2720 print FILE $proxysettings{'DST_NOPROXY_IP'};
2721 close(FILE);
2722
2723 open(FILE, ">$acl_dst_noproxy_url");
2724 flock(FILE, 2);
2725 print FILE $proxysettings{'DST_NOPROXY_URL'};
2726 close(FILE);
2727
488d1b7c
CS		 2728 open(FILE, ">$acl_dst_noauth_net");
2729 close(FILE);
2730 open(FILE, ">$acl_dst_noauth_dom");
2731 close(FILE);
2732 open(FILE, ">$acl_dst_noauth_url");
2733 close(FILE);
2734
2735 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2736 foreach(@temp)
2737 {
2738 unless (/^#/)
2739 {
2740 if (/^\*\.\w/)
2741 {
2742 s/^\*//;
2743 open(FILE, ">>$acl_dst_noauth_dom");
2744 flock(FILE, 2);
2745 print FILE "$_\n";
2746 close(FILE);
2747 }
2748 elsif (&General::validipormask($_))
2749 {
2750 open(FILE, ">>$acl_dst_noauth_net");
2751 flock(FILE, 2);
2752 print FILE "$_\n";
2753 close(FILE);
2754 }
2755 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2756 {
2757 open(FILE, ">>$acl_dst_noauth_net");
2758 flock(FILE, 2);
2759 print FILE "$_\n";
2760 close(FILE);
2761 }
2762 else
2763 {
2764 open(FILE, ">>$acl_dst_noauth_url");
2765 flock(FILE, 2);
2766 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2767 close(FILE);
2768 }
2769 }
2770 }
2771
ed38f89d
MT		 2772 open(FILE, ">$acl_dst_nocache");
2773 flock(FILE, 2);
2774 print FILE $proxysettings{'DST_NOCACHE'};
2775 close(FILE);
2776
488d1b7c
CS		 2777 open(FILE, ">$acl_dst_nocache_net");
2778 close(FILE);
2779 open(FILE, ">$acl_dst_nocache_dom");
2780 close(FILE);
2781 open(FILE, ">$acl_dst_nocache_url");
ed38f89d
MT		 2782 close(FILE);
2783
488d1b7c
CS		 2784 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2785 foreach(@temp)
2786 {
2787 unless (/^#/)
2788 {
2789 if (/^\*\.\w/)
2790 {
2791 s/^\*//;
2792 open(FILE, ">>$acl_dst_nocache_dom");
2793 flock(FILE, 2);
2794 print FILE "$_\n";
2795 close(FILE);
2796 }
2797 elsif (&General::validipormask($_))
2798 {
2799 open(FILE, ">>$acl_dst_nocache_net");
2800 flock(FILE, 2);
2801 print FILE "$_\n";
2802 close(FILE);
2803 }
2804 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2805 {
2806 open(FILE, ">>$acl_dst_nocache_net");
2807 flock(FILE, 2);
2808 print FILE "$_\n";
2809 close(FILE);
2810 }
2811 else
2812 {
2813 open(FILE, ">>$acl_dst_nocache_url");
2814 flock(FILE, 2);
2815 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2816 close(FILE);
2817 }
2818 }
2819 }
2820
363fb6af
MT		 2821 open(FILE, ">$acl_ports_safe");
2822 flock(FILE, 2);
2823 if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; }
2824 close(FILE);
2825
2826 open(FILE, ">$acl_ports_ssl");
2827 flock(FILE, 2);
2828 if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; }
2829 close(FILE);
2830
ed38f89d
MT		 2831 if (-s $throttled_urls)
2832 {
2833 open(URLFILE, $throttled_urls);
2834 @temp = <URLFILE>;
2835 close(URLFILE);
363fb6af 2836 foreach (@temp) { print FILE; }
ed38f89d
MT		 2837 }
2838 close(FILE);
2839
2840 open(FILE, ">$mimetypes");
2841 flock(FILE, 2);
2842 print FILE $proxysettings{'MIME_TYPES'};
2843 close(FILE);
2844
ed38f89d
MT		 2845 open(FILE, ">$raddir/radauth.allowusers");
2846 flock(FILE, 2);
2847 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2848 close(FILE);
2849
2850 open(FILE, ">$raddir/radauth.denyusers");
2851 flock(FILE, 2);
2852 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2853 close(FILE);
2854
2855 open(FILE, ">$identdir/identauth.allowusers");
2856 flock(FILE, 2);
2857 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2858 close(FILE);
2859
2860 open(FILE, ">$identdir/identauth.denyusers");
2861 flock(FILE, 2);
2862 print FILE $proxysettings{'IDENT_DENY_USERS'};
2863 close(FILE);
2864
2865 open(FILE, ">$identhosts");
2866 flock(FILE, 2);
2867 print FILE $proxysettings{'IDENT_HOSTS'};
2868 close(FILE);
2869
2870 open(FILE, ">$cre_groups");
2871 flock(FILE, 2);
2872 print FILE $proxysettings{'CRE_GROUPS'};
2873 close(FILE);
2874
2875 open(FILE, ">$cre_svhosts");
2876 flock(FILE, 2);
2877 print FILE $proxysettings{'CRE_SVHOSTS'};
2878 close(FILE);
2879}
2880
2881# -------------------------------------------------------------------
2882
2883sub writepacfile
2884{
bf2a1c52
OF		 2885 my %vpnconfig=();
2886 my %ovpnconfig=();
2887 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
2888 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig);
22527178 2889 open(FILE, ">/srv/web/ipfire/html/proxy.pac");
ed38f89d
MT		 2890 flock(FILE, 2);
2891 print FILE "function FindProxyForURL(url, host)\n";
2892 print FILE "{\n";
2893 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2894 {
2895 print FILE <<END
2896if (
2897 (isPlainHostName(host)) ||
c03cf9ea 2898 (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
7c1b7d3e
BB		 2899END
2900;
2901
2902 if ($netsettings{'GREEN_DEV'}) {
2903 print FILE " (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
2904 }
2905
2906 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
2907 print FILE " (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
2908 }
2909
2910 if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
2911 print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
2912 }
2913
ddc5602a
AK		 2914 # Additional exceptions for URLs
2915 # The file has to be created by the user and should contain one entry per line
2916 # Line-Format: <URL incl. wildcards>
ce1c170b 2917 # e.g. *.ipfire.org*
ddc5602a
AK		 2918 if (-s "$acl_dst_noproxy_url") {
2919 undef @templist;
2920
2921 open(NOPROXY,"$acl_dst_noproxy_url");
2922 @templist = <NOPROXY>;
2923 close(NOPROXY);
2924 chomp (@templist);
2925
2926 foreach (@templist)
2927 {
2928 print FILE " (shExpMatch(url, \"$_\")) ||\n";
2929 }
2930 }
2931
2932 # Additional exceptions for Subnets
2933 # The file has to be created by the user and should contain one entry per line
ce1c170b
AK		 2934 # Line-Format: <IP>/<SUBNET MASK>
2935 # e.g. 192.168.0.0/255.255.255.0
ddc5602a
AK		 2936 if (-s "$acl_dst_noproxy_ip") {
2937 undef @templist;
2938
2939 open(NOPROXY,"$acl_dst_noproxy_ip");
2940 @templist = <NOPROXY>;
2941 close(NOPROXY);
2942 chomp (@templist);
2943
2944 foreach (@templist)
2945 {
ce1c170b
AK		 2946 @temp = split(/\//);
2947 print FILE " (isInNet(host, \"$temp[0]\", \"$temp[1]\")) ||\n";
ddc5602a
AK		 2948 }
2949 }
2950
bf2a1c52
OF		 2951 foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
2952 if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {
2953 my @networks = split(/\|/, $vpnconfig{$key}[11]);
2954 foreach my $network (@networks) {
2955 my ($vpnip, $vpnsub) = split("/", $network);
2956 $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
2957 print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
2958 }
2959 }
2960 }
2961
2962 foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
2963 if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {
2964 my @networks = split(/\|/, $ovpnconfig{$key}[11]);
2965 foreach my $network (@networks) {
2966 my ($vpnip, $vpnsub) = split("/", $network);
2967 print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
2968 }
2969 }
2970 }
2971
7c1b7d3e 2972 print FILE <<END
488d1b7c 2973 (isInNet(host, "169.254.0.0", "255.255.0.0"))
ed38f89d
MT		 2974 )
2975 return "DIRECT";
2976
2977 else
2978
2979END
2980;
2981 if ($proxysettings{'ENABLE'} eq 'on')
2982 {
268292e7
CS		 2983 print FILE "if (\n";
2984 print FILE " (isInNet(myIpAddress(), \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\"))";
2985
2986 undef @templist;
2987 if (-e "$acl_src_subnets") {
2988 open(SUBNETS,"$acl_src_subnets");
2989 @templist = <SUBNETS>;
2990 close(SUBNETS);
2991 }
2992
2993 foreach (@templist)
2994 {
2995 @temp = split(/\//);
2996 if (
28c9dec6 2997 ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
268292e7
CS		 2998 ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
2999 )
3000 {
3001 chomp $temp[1];
3002 print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
3003 }
3004 }
3005
3006 print FILE "\n";
3007
ed38f89d 3008 print FILE <<END
ed38f89d
MT		 3009 )
3010 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3011END
3012;
3013 }
3014 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
3015 {
3016 print FILE "\n else\n\n";
3017 }
3018 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
3019 {
3020 print FILE <<END
3021if (
3022 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
3023 )
3024 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3025END
3026;
3027 }
3028 }
3029 print FILE "}\n";
3030 close(FILE);
3031}
3032
3033# -------------------------------------------------------------------
3034
3035sub writeconfig
3036{
3037 my $authrealm;
3038 my $delaypools;
3039
363fb6af 3040 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
ed38f89d
MT		 3041 $proxysettings{'THROTTLING_GREEN_HOST'} +
3042 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
3043 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
3044 {
3045 $delaypools = 1; } else { $delaypools = 0;
3046 }
3047
3048 if ($proxysettings{'AUTH_REALM'} eq '')
3049 {
d12aede7 3050 $authrealm = "IPFire Advanced Proxy Server";
ed38f89d
MT		 3051 } else {
3052 $authrealm = $proxysettings{'AUTH_REALM'};
3053 }
3054
3055 $_ = $proxysettings{'UPSTREAM_PROXY'};
69491545 3056 my ($remotehost, $remoteport) = split(/:/,$_);
ed38f89d
MT		 3057
3058 if ($remoteport eq '') { $remoteport = 80; }
3059
3060 open(FILE, ">${General::swroot}/proxy/squid.conf");
3061 flock(FILE, 2);
3062 print FILE <<END
363fb6af
MT		 3063# Do not modify '${General::swroot}/proxy/squid.conf' directly since any changes
3064# you make will be overwritten whenever you resave proxy settings using the
3065# web interface!
3066#
3067# Instead, modify the file '$acl_include' and
3068# then restart the proxy service using the web interface. Changes made to the
3069# 'include.acl' file will propagate to the 'squid.conf' file at that time.
3070
ed38f89d
MT		 3071shutdown_lifetime 5 seconds
3072icp_port 0
3073
ed38f89d
MT		 3074END
3075 ;
8b417dd1
MT		 3076
3077 # Include file with user defined settings.
3078 if (-e "/etc/squid/squid.conf.pre.local") {
3079 print FILE "include /etc/squid/squid.conf.pre.local\n\n";
3080 }
3081
363fb6af 3082 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
363fb6af
MT		 3083 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3084 print FILE "\n";
3085
0f6b6067
MT		 3086 if ($proxysettings{'TRANSPARENT'} eq 'on') {
3087 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3088 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3089 print FILE "\n";
3090 }
3091
ed38f89d 3092 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
363fb6af 3093 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
363fb6af
MT		 3094 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3095 print FILE "\n";
0f6b6067
MT		 3096
3097 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
3098 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3099 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3100 print FILE "\n";
3101 }
ed38f89d
MT		 3102 }
3103
53d67554 3104 if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0))
488d1b7c
CS		 3105 {
3106 print FILE "\n";
ed38f89d 3107
488d1b7c
CS		 3108 if (!-z $acl_dst_nocache_dom) {
3109 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
3110 print FILE "cache deny no_cache_domains\n";
3111 }
3112 if (!-z $acl_dst_nocache_net) {
37273bc6 3113 print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
488d1b7c
CS		 3114 print FILE "cache deny no_cache_ipaddr\n";
3115 }
3116 if (!-z $acl_dst_nocache_url) {
3117 print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
3118 print FILE "cache deny no_cache_hosts\n";
3119 }
ed38f89d
MT		 3120 }
3121
3122 print FILE <<END
3123
3124cache_effective_user squid
363fb6af 3125umask 022
ed38f89d
MT		 3126
3127pid_filename /var/run/squid.pid
3128
3129cache_mem $proxysettings{'CACHE_MEM'} MB
ed38f89d
MT		 3130END
3131 ;
ab4a5a35 3132 print FILE "error_directory $errordir/$proxysettings{'ERR_LANGUAGE'}\n\n";
363fb6af 3133
ed38f89d 3134 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
6bea848d 3135 if ($proxysettings{'CACHE_DIGESTS'} eq 'on') { print FILE "digest_generation on\n\n"; } else { print FILE "digest_generation off\n\n"; }
c4b12981 3136
ed38f89d
MT		 3137 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
3138 {
3139 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
3140 {
3141 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
3142 }
3143 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
3144 {
3145 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
3146 }
3147 print FILE "\n";
3148 }
3149
8fbcf730
MT		 3150 open (PORTS,"$acl_ports_ssl");
3151 my @ssl_ports = <PORTS>;
3152 close PORTS;
3153
3154 if (@ssl_ports) {
3155 foreach (@ssl_ports) {
3156 print FILE "acl SSL_ports port $_";
3157 }
3158 }
3159
3160 open (PORTS,"$acl_ports_safe");
3161 my @safe_ports = <PORTS>;
3162 close PORTS;
3163
3164 if (@safe_ports) {
3165 foreach (@safe_ports) {
3166 print FILE "acl Safe_ports port $_";
3167 }
3168 }
3169
3170 print FILE <<END
3171
3172acl IPFire_http port $http_port
3173acl IPFire_https port $https_port
3174acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
3175acl IPFire_networks src "$acl_src_subnets"
3176acl IPFire_servers dst "$acl_src_subnets"
3177acl IPFire_green_network src $green_cidr
3178acl IPFire_green_servers dst $green_cidr
3179END
3180 ;
3181 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
3182 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
3183 if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
3184 if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
3185 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
3186 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
3187 print FILE <<END
3188acl CONNECT method CONNECT
3189END
3190 ;
3191
f0b7534f
MT		 3192 if ($proxysettings{'CACHE_SIZE'} > 0) {
3193 print FILE <<END
3194maximum_object_size $proxysettings{'MAX_SIZE'} KB
3195minimum_object_size $proxysettings{'MIN_SIZE'} KB
3196
3197cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
3198END
3199 ;
3200 } else {
53d67554
DWD		 3201 if ($proxysettings{'CACHE_MEM'} > 0) {
3202 # always 2% of CACHE_MEM defined as max object size
3203 print FILE "maximum_object_size_in_memory " . int($proxysettings{'CACHE_MEM'} * 1024 * 0.02) . " KB\n\n";
3204 } else {
3205 print FILE "cache deny all\n\n";
3206 }
f0b7534f
MT		 3207 }
3208
3209 print FILE <<END
3210request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3211END
3212 ;
3213
3214 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3215 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
3216 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
3217 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3218 {
3219 if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
3220 }
3221 }
3222
3223 if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
e7b7cbae 3224 {
f0b7534f 3225 print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
e7b7cbae
AF		 3226 }
3227
ed38f89d
MT		 3228 if ($proxysettings{'LOGGING'} eq 'on')
3229 {
363fb6af 3230 print FILE <<END
754f508b 3231access_log stdio:/var/log/squid/access.log
ed38f89d
MT		 3232cache_log /var/log/squid/cache.log
3233cache_store_log none
3234END
3235 ;
754f508b 3236 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "access_log stdio:\/var\/log\/squid\/user_agent.log useragent\n"; }
ed38f89d
MT		 3237 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
3238 } else {
3239 print FILE <<END
363fb6af 3240access_log /dev/null
ed38f89d
MT		 3241cache_log /dev/null
3242cache_store_log none
3243END
3244 ;}
3245 print FILE <<END
3246
3247log_mime_hdrs off
3248END
3249 ;
3250
3251 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
3252 {
363fb6af 3253 print FILE "forwarded_for on\n";
ed38f89d 3254 } else {
363fb6af 3255 print FILE "forwarded_for off\n";
ed38f89d 3256 }
363fb6af
MT		 3257 if ($proxysettings{'FORWARD_VIA'} eq 'on')
3258 {
3259 print FILE "via on\n";
3260 } else {
3261 print FILE "via off\n";
3262 }
3263 print FILE "\n";
ed38f89d 3264
dc637f08
MT		 3265 # If we use authentication, users must always authenticate
3266 unless ($proxysettings{"AUTH_METHOD"} eq "") {
3267 print FILE "authenticate_ip_ttl 0\n\n";
3268 }
3269
ed38f89d
MT		 3270 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3271 {
3272 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3273 {
754f508b 3274 print FILE "auth_param basic program $authdir/basic_ncsa_auth $userdb\n";
ed38f89d
MT		 3275 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3276 print FILE "auth_param basic realm $authrealm\n";
3277 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
ed38f89d
MT		 3278 }
3279
3280 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
3281 {
725e3869 3282 print FILE "auth_param basic utf8 on\n";
754f508b 3283 print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
ed38f89d
MT		 3284 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
3285 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
3286 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
3287 {
3288 if ($proxysettings{'LDAP_GROUP'} eq '')
3289 {
3290 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
3291 } else {
3292 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3293 }
3294 print FILE " -u sAMAccountName -P";
3295 }
3296 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
3297 {
3298 if ($proxysettings{'LDAP_GROUP'} eq '')
3299 {
3300 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
3301 } else {
3302 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
3303 }
3304 print FILE " -u cn -P";
3305 }
3306 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
3307 {
3308 if ($proxysettings{'LDAP_GROUP'} eq '')
3309 {
3310 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
3311 } else {
3312 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3313 }
3314 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
3315 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
3316 print FILE " -u uid -P";
3317 }
3318 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
3319 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3320 print FILE "auth_param basic realm $authrealm\n";
3321 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
ed38f89d
MT		 3322 }
3323
603248db
MT		 3324 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
3325 {
b5674643
MT		 3326 print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp";
3327 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3328 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3329 $ntlm_auth_group =~ s/\\/\+/;
3330
a44eed25 3331 print FILE " --require-membership-of=$ntlm_auth_group";
b5674643
MT		 3332 }
3333 print FILE "\n";
3334
2fc5124b 3335 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
a1018d86 3336 print FILE "auth_param ntlm credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
2fc5124b
MT		 3337
3338 # BASIC authentication
3339 if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
3340 print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic";
3341 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3342 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3343 $ntlm_auth_group =~ s/\\/\+/;
3344
a44eed25 3345 print FILE " --require-membership-of=$ntlm_auth_group";
2fc5124b
MT		 3346 }
3347 print FILE "\n";
fa286b13 3348 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
5c2a76f7 3349 print FILE "auth_param basic realm $authrealm\n";
6df2d528 3350 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
2fc5124b 3351 }
603248db
MT		 3352 }
3353
ed38f89d
MT		 3354 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
3355 {
754f508b 3356 print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
ed38f89d
MT		 3357 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
3358 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
3359 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3360 print FILE "auth_param basic realm $authrealm\n";
3361 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
ed38f89d
MT		 3362 }
3363
3364 print FILE "\n";
3365 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
ed38f89d
MT		 3366 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3367 {
3368 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
3369 {
3370 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
3371 }
3372 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
3373 {
3374 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
3375 }
3376 }
3377 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3378 {
3379 print FILE "\n";
3380 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
3381 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
3382 }
3383 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
3384 print FILE "\n";
3385
488d1b7c
CS		 3386 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3387 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3388 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
363fb6af 3389 print FILE "\n";
488d1b7c 3390
ed38f89d
MT		 3391 }
3392
3393 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3394 {
3395 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
3396 {
3397 print FILE "acl for_inetusers ident REQUIRED\n";
3398 }
3399 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
3400 {
3401 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
3402 {
3403 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
3404 }
3405 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
3406 {
3407 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
3408 }
3409 }
488d1b7c
CS		 3410 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3411 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3412 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
363fb6af 3413 print FILE "\n";
ed38f89d
MT		 3414 }
3415
3416 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
3417
28c9dec6 3418 print FILE "acl within_timeframe time ";
ed38f89d
MT		 3419 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
3420 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
3421 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
3422 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
3423 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
3424 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
3425 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
363fb6af
MT		 3426 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
3427 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
3428 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
3429 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
ed38f89d
MT		 3430
3431 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3432 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
3433 }
3434
ed38f89d
MT		 3435 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
3436 print FILE <<END
3437
3438#Classroom extensions
488d1b7c
CS		 3439acl IPFire_no_access_ips src "$acl_src_noaccess_ip"
3440acl IPFire_no_access_mac arp "$acl_src_noaccess_mac"
ed38f89d
MT		 3441END
3442 ;
3443 print FILE "deny_info ";
ab4a5a35 3444 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
363fb6af
MT		 3445 {
3446 print FILE "ERR_ACCESS_DISABLED";
3447 } else {
3448 print FILE "ERR_ACCESS_DENIED";
3449 }
488d1b7c 3450 print FILE " IPFire_no_access_ips\n";
ed38f89d 3451 print FILE "deny_info ";
ab4a5a35 3452 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
363fb6af
MT		 3453 {
3454 print FILE "ERR_ACCESS_DISABLED";
3455 } else {
3456 print FILE "ERR_ACCESS_DENIED";
3457 }
488d1b7c 3458 print FILE " IPFire_no_access_mac\n";
ed38f89d
MT		 3459
3460 print FILE <<END
488d1b7c
CS		 3461http_access deny IPFire_no_access_ips
3462http_access deny IPFire_no_access_mac
ed38f89d
MT		 3463END
3464 ;
3465 }
3466
363fb6af
MT		 3467 #Insert acl file and replace __VAR__ with correct values
3468 my $blue_net = ''; #BLUE empty by default
3469 my $blue_ip = '';
3470 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
f09a0af5 3471 $blue_net = "$blue_cidr";
363fb6af
MT		 3472 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
3473 }
3474 if (!-z $acl_include)
ed38f89d
MT		 3475 {
3476 open (ACL, "$acl_include");
488d1b7c 3477 print FILE "\n#Start of custom includes\n\n";
ed38f89d
MT		 3478 while (<ACL>) {
3479 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
f09a0af5 3480 $_ =~ s/__GREEN_NET__/$green_cidr/;
ed38f89d
MT		 3481 $_ =~ s/__BLUE_IP__/$blue_ip/;
3482 $_ =~ s/__BLUE_NET__/$blue_net/;
363fb6af 3483 $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
ed38f89d
MT		 3484 print FILE $_;
3485 }
488d1b7c 3486 print FILE "\n#End of custom includes\n";
ed38f89d
MT		 3487 close (ACL);
3488 }
3489 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
dfee7582
SS		 3490
3491 # Check if squidclamav is enabled.
3492 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3493 print FILE "\n#Settings for squidclamav:\n";
0f6b6067 3494 print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
dfee7582
SS		 3495 print FILE "acl purge method PURGE\n";
3496 print FILE "http_access deny to_localhost\n";
3497 print FILE "http_access allow localhost\n";
3498 print FILE "http_access allow purge localhost\n";
3499 print FILE "http_access deny purge\n";
3500 print FILE "url_rewrite_access deny localhost\n";
3501 }
3ebc0da7 3502 print FILE <<END;
ed38f89d
MT		 3503
3504#Access to squid:
3505#local machine, no restriction
3506http_access allow localhost
3507
3508#GUI admin if local machine connects
488d1b7c
CS		 3509http_access allow IPFire_ips IPFire_networks IPFire_http
3510http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
ed38f89d
MT		 3511
3512#Deny not web services
ed38f89d 3513END
3ebc0da7
MT		 3514
3515if (@safe_ports) {
3516 print FILE "http_access deny !Safe_ports\n";
3517}
3518
3519if (@ssl_ports) {
3520 print FILE "http_access deny CONNECT !SSL_ports\n";
3521}
ed38f89d
MT		 3522
3523if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3524{
3525print FILE "#Set ident ACLs\n";
3526if (!-z $identhosts)
3527 {
3528 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3529 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3530 print FILE "ident_lookup_access deny all\n";
3531 } else {
3532 print FILE "ident_lookup_access allow all\n";
3533 }
3534 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3535}
3536
3537if ($delaypools) {
3538 print FILE "#Set download throttling\n";
3539
3540 if ($netsettings{'BLUE_DEV'})
3541 {
3542 print FILE "delay_pools 2\n";
3543 } else {
3544 print FILE "delay_pools 1\n";
3545 }
3546
3547 print FILE "delay_class 1 3\n";
3548 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3549
3550 print FILE "delay_parameters 1 ";
3551 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3552 {
3553 print FILE "-1/-1";
3554 } else {
3555 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3556 print FILE "/";
3557 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3558 }
3559
3560 print FILE " -1/-1 ";
3561 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3562 {
3563 print FILE "-1/-1";
3564 } else {
3565 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3566 print FILE "/";
3567 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3568 }
3569 print FILE "\n";
3570
3571 if ($netsettings{'BLUE_DEV'})
3572 {
3573 print FILE "delay_parameters 2 ";
3574 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3575 {
3576 print FILE "-1/-1";
3577 } else {
3578 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3579 print FILE "/";
3580 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3581 }
3582 print FILE " -1/-1 ";
3583 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3584 {
3585 print FILE "-1/-1";
3586 } else {
3587 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3588 print FILE "/";
3589 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3590 }
3591 print FILE "\n";
3592 }
3593
488d1b7c
CS		 3594 print FILE "delay_access 1 deny IPFire_ips\n";
3595 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPFire_unrestricted_ips\n"; }
3596 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPFire_unrestricted_mac\n"; }
ed38f89d
MT		 3597 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3598
3599 if ($netsettings{'BLUE_DEV'})
3600 {
488d1b7c 3601 print FILE "delay_access 1 allow IPFire_green_network";
363fb6af 3602 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
ed38f89d
MT		 3603 print FILE "\n";
3604 print FILE "delay_access 1 deny all\n";
3605 } else {
3606 print FILE "delay_access 1 allow all";
363fb6af 3607 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
ed38f89d
MT		 3608 print FILE "\n";
3609 }
3610
3611 if ($netsettings{'BLUE_DEV'})
3612 {
488d1b7c
CS		 3613 print FILE "delay_access 2 deny IPFire_ips\n";
3614 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPFire_unrestricted_ips\n"; }
3615 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPFire_unrestricted_mac\n"; }
ed38f89d 3616 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
488d1b7c 3617 print FILE "delay_access 2 allow IPFire_blue_network";
363fb6af 3618 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
ed38f89d
MT		 3619 print FILE "\n";
3620 print FILE "delay_access 2 deny all\n";
3621 }
3622
28c9dec6 3623 print FILE "delay_initial_bucket_level 100\n";
ed38f89d
MT		 3624 print FILE "\n";
3625}
9fb25b1c
MT		 3626
3627if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
3628{
b34fdcae
AF		 3629 print FILE "#Prevent internal proxy access to Green except IPFire itself\n";
3630 print FILE "http_access deny IPFire_green_servers !IPFire_ips !IPFire_green_network\n\n";
9fb25b1c
MT		 3631}
3632
3633if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
3634{
b34fdcae 3635 print FILE "#Prevent internal proxy access from Blue except IPFire itself\n";
488d1b7c 3636 print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
b34fdcae 3637 print FILE "http_access deny IPFire_blue_network !IPFire_ips IPFire_servers\n\n";
9fb25b1c
MT		 3638}
3639
ed38f89d
MT		 3640 print FILE <<END
3641#Set custom configured ACLs
3642END
3643 ;
488d1b7c
CS		 3644 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPFire_banned_ips\n"; }
3645 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPFire_banned_mac\n"; }
ed38f89d
MT		 3646
3647 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3648 {
3649 if (!-z $acl_src_unrestricted_ip)
3650 {
488d1b7c
CS		 3651 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_ips to_ipaddr_without_auth\n"; }
3652 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_ips to_domains_without_auth\n"; }
3653 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_ips to_hosts_without_auth\n"; }
ed38f89d
MT		 3654 }
3655 if (!-z $acl_src_unrestricted_mac)
3656 {
488d1b7c
CS		 3657 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_mac to_ipaddr_without_auth\n"; }
3658 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_mac to_domains_without_auth\n"; }
3659 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_mac to_hosts_without_auth\n"; }
3660 }
3661 if (!-z $acl_dst_noauth_net)
3662 {
3663 print FILE "http_access allow IPFire_networks";
3664 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3665 print FILE " !within_timeframe";
3666 } else {
3667 print FILE " within_timeframe"; }
488d1b7c
CS		 3668 print FILE " to_ipaddr_without_auth\n";
3669 }
3670 if (!-z $acl_dst_noauth_dom)
3671 {
3672 print FILE "http_access allow IPFire_networks";
3673 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3674 print FILE " !within_timeframe";
3675 } else {
3676 print FILE " within_timeframe"; }
488d1b7c
CS		 3677 print FILE " to_domains_without_auth\n";
3678 }
3679 if (!-z $acl_dst_noauth_url)
3680 {
3681 print FILE "http_access allow IPFire_networks";
3682 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3683 print FILE " !within_timeframe";
3684 } else {
3685 print FILE " within_timeframe"; }
488d1b7c 3686 print FILE " to_hosts_without_auth\n";
ed38f89d 3687 }
ed38f89d
MT		 3688 }
3689
3690 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3691 {
3692 print FILE "http_access deny !for_inetusers";
3693 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3694 print FILE "\n";
3695 }
3696
3697 if (
3698 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3699 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3700 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3701 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3702 (!-z "$identdir/identauth.denyusers")
3703 )
3704 {
3705 print FILE "http_access deny for_acl_users";
3706 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3707 print FILE "\n";
3708 }
3709
3710 if (!-z $acl_src_unrestricted_ip)
3711 {
488d1b7c 3712 print FILE "http_access allow IPFire_unrestricted_ips";
ed38f89d
MT		 3713 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3714 {
3715 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3716 {
3717 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3718 }
ea72700a 3719 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
ed38f89d
MT		 3720 {
3721 print FILE " for_inetusers";
3722 }
ed38f89d 3723 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
363fb6af 3724 {
ed38f89d 3725 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
363fb6af 3726 {
ed38f89d
MT		 3727 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3728 {
3729 print FILE " for_acl_users";
3730 }
3731 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3732 {
3733 print FILE " !for_acl_users";
3734 }
3735 } else { print FILE " for_inetusers"; }
3736 }
3737 }
3738 print FILE "\n";
3739 }
3740
3741 if (!-z $acl_src_unrestricted_mac)
3742 {
488d1b7c 3743 print FILE "http_access allow IPFire_unrestricted_mac";
ed38f89d
MT		 3744 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3745 {
3746 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3747 {
3748 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3749 }
ea72700a 3750 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
ed38f89d
MT		 3751 {
3752 print FILE " for_inetusers";
3753 }
ed38f89d 3754 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
363fb6af 3755 {
ed38f89d 3756 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
363fb6af 3757 {
ed38f89d
MT		 3758 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3759 {
3760 print FILE " for_acl_users";
3761 }
3762 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3763 {
3764 print FILE " !for_acl_users";
3765 }
3766 } else { print FILE " for_inetusers"; }
3767 }
3768 }
3769 print FILE "\n";
3770 }
3771
3772 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3773 {
3774 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
488d1b7c 3775 if (!-z $extgrp) { print FILE "http_access allow IPFire_networks for_extended_users\n"; }
ed38f89d
MT		 3776 }
3777
3778 if (
ed38f89d
MT		 3779 (
3780 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3781 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3782 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3783 (!-z "$raddir/radauth.denyusers")
3784 )
3785 ||
3786 (
3787 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3788 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3789 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3790 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3791 (!-z "$identdir/identauth.denyusers")
3792 )
3793 )
3794 {
3795 print FILE "http_access deny for_acl_users";
3796 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3797 print FILE "\n";
3798 }
3799
3800 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3801 {
3802 print FILE "http_access allow";
3803 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3804 print FILE " !within_timeframe";
3805 } else {
3806 print FILE " within_timeframe"; }
ed38f89d
MT		 3807 print FILE " !on_ident_aware_hosts\n";
3808 }
3809
488d1b7c 3810 print FILE "http_access allow IPFire_networks";
ed38f89d 3811 if (
ed38f89d
MT		 3812 (
3813 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3814 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3815 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3816 (!-z "$raddir/radauth.allowusers")
3817 )
3818 ||
3819 (
3820 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3821 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3822 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3823 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3824 (!-z "$identdir/identauth.allowusers")
3825 )
3826 )
3827 {
3828 print FILE " for_acl_users";
3829 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3830 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3831 print FILE " for_inetusers";
3832 }
3833 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3834 {
3835 print FILE " !concurrent";
3836 }
3837 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3838 print FILE " !within_timeframe";
3839 } else {
3840 print FILE " within_timeframe"; }
ed38f89d
MT		 3841 print FILE "\n";
3842
3843 print FILE "http_access deny all\n\n";
3844
3845 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3846 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3847 {
3848 print FILE "#Strip HTTP Header\n";
3849
3850 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3851 {
30793ae1
AF		 3852 print FILE "request_header_access X-Forwarded-For deny all\n";
3853 print FILE "reply_header_access X-Forwarded-For deny all\n";
ed38f89d
MT		 3854 }
3855 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3856 {
30793ae1
AF		 3857 print FILE "request_header_access Via deny all\n";
3858 print FILE "reply_header_access Via deny all\n";
ed38f89d
MT		 3859 }
3860 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3861 {
30793ae1
AF		 3862 print FILE "request_header_access User-Agent deny all\n";
3863 print FILE "reply_header_access User-Agent deny all\n";
ed38f89d
MT		 3864 }
3865 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3866 {
30793ae1
AF		 3867 print FILE "request_header_access Referer deny all\n";
3868 print FILE "reply_header_access Referer deny all\n";
ed38f89d
MT		 3869 }
3870
3871 print FILE "\n";
3872
3873 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3874 {
3875 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3876 {
3877 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3878 }
3879 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3880 {
3881 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3882 }
3883 print FILE "\n";
3884 }
3885 }
3886
363fb6af
MT		 3887 if ($proxysettings{'SUPPRESS_VERSION'} eq 'on') { print FILE "httpd_suppress_version_string on\n\n" }
3888
ed38f89d 3889 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
488d1b7c
CS		 3890 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPFire_unrestricted_ips\n"; }
3891 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPFire_unrestricted_mac\n"; }
ed38f89d
MT		 3892 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3893 {
3894 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3895 }
3896 print FILE "http_reply_access deny blocked_mimetypes\n";
3897 print FILE "http_reply_access allow all\n\n";
3898 }
3899
ed38f89d
MT		 3900 print FILE "visible_hostname";
3901 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3902 {
3903 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3904 } else {
3905 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3906 }
3907
fe1656d2
CS		 3908 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
3909 if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
3910 print FILE "\n";
3911
3912 print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
ed38f89d
MT		 3913
3914 # Write the parent proxy info, if needed.
3915 if ($remotehost ne '')
3916 {
ed38f89d 3917 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
363fb6af
MT		 3918
3919 # Enter authentication for the parent cache. Option format is
3920 # login=user:password ($proxy1='YES')
3921 # login=PASS ($proxy1='PASS')
3922 # login=*:password ($proxysettings{'FORWARD_USERNAME'} eq 'on')
3923 if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS'))
3924 {
3925 print FILE " login=$proxysettings{'UPSTREAM_USER'}";
3926 if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; }
ed38f89d 3927 }
363fb6af
MT		 3928 elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3929
488d1b7c
CS		 3930 print FILE "\nalways_direct allow IPFire_ips\n";
3931 print FILE "never_direct allow all\n\n";
ed38f89d 3932 }
3900a6c7 3933 if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
363fb6af
MT		 3934 {
3935 print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
eedca6e3
MT		 3936 print FILE "url_rewrite_children ", &General::number_cpu_cores();
3937 print FILE " startup=", &General::number_cpu_cores();
3938 print FILE " idle=", &General::number_cpu_cores();
3939 print FILE " queue-size=", &General::number_cpu_cores() * 32, "\n\n";
ed38f89d 3940 }
eb3b93cc
MT		 3941
3942 # Include file with user defined settings.
3943 if (-e "/etc/squid/squid.conf.local") {
3944 print FILE "include /etc/squid/squid.conf.local\n";
3945 }
ed38f89d 3946 close FILE;
dfee7582
SS		 3947
3948 # Proxy settings for squidclamav - if installed.
3949 #
3950 # Check if squidclamav is enabled.
3951 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3952
3953 my $configfile='/etc/squidclamav.conf';
3954
3955 my $data = &General::read_file_utf8($configfile);
3956 $data =~ s/squid_port [0-9]+/squid_port $proxysettings{'PROXY_PORT'}/g;
3957 &General::write_file_utf8($configfile, $data);
3958 }
ed38f89d
MT		 3959}
3960
3961# -------------------------------------------------------------------
3962
3963sub adduser
3964{
3965 my ($str_user, $str_pass, $str_group) = @_;
3966 my @groupmembers=();
3967
3968 if ($str_pass eq 'lEaVeAlOnE')
3969 {
3970 open(FILE, "$userdb");
3971 @groupmembers = <FILE>;
3972 close(FILE);
3973 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3974 &deluser($str_user);
3975 open(FILE, ">>$userdb");
3976 flock FILE,2;
3977 print FILE "$str_user$str_pass";
3978 close(FILE);
3979 } else {
3980 &deluser($str_user);
0aff7b81 3981
77ea7462
SS		 3982 my %htpasswd_options = (
3983 passwdFile => "$userdb",
3984 UseMD5 => 1,
3985 );
3986
3987 my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);
3988
0aff7b81 3989 $htpasswd->htpasswd($str_user, $str_pass);
ed38f89d
MT		 3990 }
3991
3992 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3993 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3994 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3995 flock FILE, 2;
3996 print FILE "$str_user\n";
3997 close(FILE);
3998
3999 return;
4000}
4001
4002# -------------------------------------------------------------------
4003
4004sub deluser
4005{
4006 my ($str_user) = @_;
4007 my $groupfile='';
4008 my @groupmembers=();
4009 my @templist=();
4010
4011 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
4012 {
4013 undef @templist;
4014 open(FILE, "$groupfile");
4015 @groupmembers = <FILE>;
4016 close(FILE);
4017 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
4018 open(FILE, ">$groupfile");
4019 flock FILE, 2;
4020 print FILE @templist;
4021 close(FILE);
4022 }
4023
4024 undef @templist;
4025 open(FILE, "$userdb");
4026 @groupmembers = <FILE>;
4027 close(FILE);
4028 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
4029 open(FILE, ">$userdb");
4030 flock FILE, 2;
4031 print FILE @templist;
4032 close(FILE);
4033
4034 return;
4035}
ac1cfefa 4036
ed38f89d 4037# -------------------------------------------------------------------
fe1656d2
CS		 4038
4039sub writecachemgr
4040{
4041 open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
4042 flock(FILE, 2);
4043 print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
4044 print FILE "localhost";
d9f2cfa4 4045 close(FILE);
fe1656d2
CS		 4046 return;
4047}
4048
bd027d94 4049# -------------------------------------------------------------------
IPFire 2.x development tree