]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
update.sh: Stop|Start OpenVPN for update
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21 #
22 # (c) 2004-2009 marco.s - http://www.advproxy.net
23 #
24 # This code is distributed under the terms of the GPL
25 #
26 # $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $
27 #
28
29 use strict;
30 use Apache::Htpasswd;
31
32 # enable only the following on debugging purpose
33 #use warnings;
34 #use CGI::Carp 'fatalsToBrowser';
35
36 require '/var/ipfire/general-functions.pl';
37 require "${General::swroot}/lang.pl";
38 require "${General::swroot}/header.pl";
39
40 require "${General::swroot}/ids-functions.pl";
41
42 my @squidversion = `/usr/sbin/squid -v`;
43 my $http_port='81';
44 my $https_port='444';
45
46 my %color = ();
47 my %mainsettings = ();
48 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
49 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
50
51 my %proxysettings=();
52 my %netsettings=();
53 my %filtersettings=();
54 my %xlratorsettings=();
55 my %stdproxysettings=();
56 my %mainsettings=();
57
58 my %checked=();
59 my %selected=();
60
61 my @throttle_limits=(64,128,256,512,1024,1536,2048,3072,4096,5120,6144,7168,8192,10240,16384,20480,51200,102400);
62
63 my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
64 my $def_ports_ssl="443 # https\n563 # snews\n";
65
66 my $hintcolour='#FFFFCC';
67 my $ncsa_buttontext='';
68 my $language='';
69 my $i=0;
70 my $n=0;
71 my $id=0;
72 my $line='';
73 my $user='';
74 my @userlist=();
75 my @grouplist=();
76 my @temp=();
77 my @templist=();
78
79 my $cachemem=0;
80 my $proxy1='';
81 my $proxy2='';
82 my $browser_regexp='';
83 my $needhup = 0;
84 my $errormessage='';
85
86 my $acldir = "${General::swroot}/proxy/advanced/acls";
87 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
88 my $raddir = "${General::swroot}/proxy/advanced/radius";
89 my $identdir = "${General::swroot}/proxy/advanced/ident";
90 my $credir = "${General::swroot}/proxy/advanced/cre";
91
92 my $userdb = "$ncsadir/passwd";
93 my $stdgrp = "$ncsadir/standard.grp";
94 my $extgrp = "$ncsadir/extended.grp";
95 my $disgrp = "$ncsadir/disabled.grp";
96
97 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
98 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
99
100 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
101 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
102 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
103
104 my $identhosts = "$identdir/hosts";
105
106 my $authdir = "/usr/lib/squid";
107 my $errordir = "/usr/lib/squid/errors";
108
109 my $acl_src_subnets = "$acldir/src_subnets.acl";
110 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
111 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
112 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
113 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
114 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
115 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
116 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
117 my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
118 my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
119 my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
120 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
121 my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
122 my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
123 my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
124 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
125 my $acl_ports_safe = "$acldir/ports_safe.acl";
126 my $acl_ports_ssl = "$acldir/ports_ssl.acl";
127 my $acl_include = "$acldir/include.acl";
128
129 my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl";
130 my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
131
132 my $updaccelversion = 'n/a';
133 my $urlfilterversion = 'n/a';
134
135 unless (-d "$acldir") { mkdir("$acldir"); }
136 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
137 unless (-d "$raddir") { mkdir("$raddir"); }
138 unless (-d "$identdir") { mkdir("$identdir"); }
139 unless (-d "$credir") { mkdir("$credir"); }
140
141 unless (-e $cre_groups) { system("touch $cre_groups"); }
142 unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
143
144 unless (-e $userdb) { system("touch $userdb"); }
145 unless (-e $stdgrp) { system("touch $stdgrp"); }
146 unless (-e $extgrp) { system("touch $extgrp"); }
147 unless (-e $disgrp) { system("touch $disgrp"); }
148
149 unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
150 unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
151 unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
152 unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
153 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
154 unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
155 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
156 unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
157 unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
158 unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
159 unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
160 unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
161 unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
162 unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
163 unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
164 unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
165 unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
166 unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); }
167 unless (-e $acl_include) { system("touch $acl_include"); }
168
169 unless (-e $mimetypes) { system("touch $mimetypes"); }
170
171 my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
172
173 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
174 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
175
176 my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
177 my $blue_cidr = "";
178 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
179 $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
180 }
181
182 &Header::showhttpheaders();
183
184 $proxysettings{'ACTION'} = '';
185 $proxysettings{'VALID'} = '';
186
187 $proxysettings{'ENABLE'} = 'off';
188 $proxysettings{'ENABLE_BLUE'} = 'off';
189 $proxysettings{'TRANSPARENT'} = 'off';
190 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
191 $proxysettings{'PROXY_PORT'} = '800';
192 $proxysettings{'TRANSPARENT_PORT'} = '3128';
193 $proxysettings{'VISIBLE_HOSTNAME'} = '';
194 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
195 $proxysettings{'ADMIN_PASSWORD'} = '';
196 $proxysettings{'ERR_LANGUAGE'} = 'en';
197 $proxysettings{'ERR_DESIGN'} = 'ipfire';
198 $proxysettings{'SUPPRESS_VERSION'} = 'off';
199 $proxysettings{'FORWARD_VIA'} = 'off';
200 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
201 $proxysettings{'FORWARD_USERNAME'} = 'off';
202 $proxysettings{'NO_CONNECTION_AUTH'} = 'off';
203 $proxysettings{'UPSTREAM_PROXY'} = '';
204 $proxysettings{'UPSTREAM_USER'} = '';
205 $proxysettings{'UPSTREAM_PASSWORD'} = '';
206 $proxysettings{'LOGGING'} = 'off';
207 $proxysettings{'CACHEMGR'} = 'off';
208 $proxysettings{'LOGQUERY'} = 'off';
209 $proxysettings{'LOGUSERAGENT'} = 'off';
210 $proxysettings{'FILEDESCRIPTORS'} = '16384';
211 $proxysettings{'CACHE_MEM'} = '128';
212 $proxysettings{'CACHE_SIZE'} = '0';
213 $proxysettings{'MAX_SIZE'} = '4096';
214 $proxysettings{'MIN_SIZE'} = '0';
215 $proxysettings{'MEM_POLICY'} = 'LRU';
216 $proxysettings{'CACHE_POLICY'} = 'LRU';
217 $proxysettings{'L1_DIRS'} = '16';
218 $proxysettings{'OFFLINE_MODE'} = 'off';
219 $proxysettings{'CACHE_DIGESTS'} = 'off';
220 $proxysettings{'CLASSROOM_EXT'} = 'off';
221 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
222 $proxysettings{'NO_PROXY_LOCAL'} = 'off';
223 $proxysettings{'NO_PROXY_LOCAL_BLUE'} = 'off';
224 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
225 $proxysettings{'TIME_FROM_HOUR'} = '00';
226 $proxysettings{'TIME_FROM_MINUTE'} = '00';
227 $proxysettings{'TIME_TO_HOUR'} = '24';
228 $proxysettings{'TIME_TO_MINUTE'} = '00';
229 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
230 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
231 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
232 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
233 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
234 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
235 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
236 $proxysettings{'FAKE_USERAGENT'} = '';
237 $proxysettings{'FAKE_REFERER'} = '';
238 $proxysettings{'AUTH_METHOD'} = 'none';
239 $proxysettings{'AUTH_REALM'} = '';
240 $proxysettings{'AUTH_MAX_USERIP'} = '';
241 $proxysettings{'AUTH_CACHE_TTL'} = '60';
242 $proxysettings{'AUTH_CHILDREN'} = '5';
243 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
244 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
245 $proxysettings{'NCSA_USERNAME'} = '';
246 $proxysettings{'NCSA_GROUP'} = '';
247 $proxysettings{'NCSA_PASS'} = '';
248 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
249 $proxysettings{'LDAP_BASEDN'} = '';
250 $proxysettings{'LDAP_TYPE'} = 'ADS';
251 $proxysettings{'LDAP_SERVER'} = '';
252 $proxysettings{'LDAP_PORT'} = '389';
253 $proxysettings{'LDAP_BINDDN_USER'} = '';
254 $proxysettings{'LDAP_BINDDN_PASS'} = '';
255 $proxysettings{'LDAP_GROUP'} = '';
256 $proxysettings{'NTLM_AUTH_GROUP'} = '';
257 $proxysettings{'NTLM_AUTH_BASIC'} = 'off';
258 $proxysettings{'NTLM_DOMAIN'} = '';
259 $proxysettings{'NTLM_PDC'} = '';
260 $proxysettings{'NTLM_BDC'} = '';
261 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
262 $proxysettings{'NTLM_USER_ACL'} = 'positive';
263 $proxysettings{'RADIUS_SERVER'} = '';
264 $proxysettings{'RADIUS_PORT'} = '1812';
265 $proxysettings{'RADIUS_IDENTIFIER'} = '';
266 $proxysettings{'RADIUS_SECRET'} = '';
267 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
268 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
269 $proxysettings{'IDENT_REQUIRED'} = 'off';
270 $proxysettings{'IDENT_TIMEOUT'} = '10';
271 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
272 $proxysettings{'IDENT_USER_ACL'} = 'positive';
273 $proxysettings{'ENABLE_FILTER'} = 'off';
274 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
275 $proxysettings{'ENABLE_CLAMAV'} = 'off';
276
277 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
278
279 &Header::getcgihash(\%proxysettings);
280
281 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
282 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
283 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
284 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
285
286 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
287 {
288 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
289 }
290
291 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
292 {
293 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
294 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
295 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
296 }
297 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
298 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
299 }
300 if ($proxysettings{'NCSA_USERNAME'} eq '') {
301 $errormessage = $Lang::tr{'advproxy errmsg no username'};
302 }
303 if (!$errormessage) {
304 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
305 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
306 }
307 $proxysettings{'NCSA_USERNAME'} = '';
308 $proxysettings{'NCSA_GROUP'} = '';
309 $proxysettings{'NCSA_PASS'} = '';
310 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
311 }
312
313 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
314 {
315 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
316 &deluser($proxysettings{'ID'});
317 }
318
319 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
320 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
321 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
322
323 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
324 {
325 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
326 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
327 @temp = split(/:/,$proxysettings{'ID'});
328 $proxysettings{'NCSA_USERNAME'} = $temp[0];
329 $proxysettings{'NCSA_GROUP'} = $temp[1];
330 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
331 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
332 }
333
334 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
335 {
336 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
337 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
338 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
339 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
340 $errormessage = $Lang::tr{'invalid input'};
341 goto ERROR;
342 }
343 if($proxysettings{'CACHE_MEM'} > $proxysettings{'CACHE_SIZE'} && $proxysettings{'CACHE_SIZE'} > 0){
344 $errormessage = $Lang::tr{'advproxy errmsg cache'}." ".$proxysettings{'CACHE_MEM'}." > ".$proxysettings{'CACHE_SIZE'};
345 goto ERROR;
346 }
347
348 if (!(&General::validport($proxysettings{'PROXY_PORT'})))
349 {
350 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
351 goto ERROR;
352 }
353 if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
354 {
355 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
356 goto ERROR;
357 }
358 if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
359 $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
360 goto ERROR;
361 }
362 if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
363 {
364 my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
365 if (!(&General::validip($temp[0])))
366 {
367 if (!(&General::validdomainname($temp[0])))
368 {
369 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
370 goto ERROR;
371 }
372 }
373 }
374 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
375 ($proxysettings{'CACHE_SIZE'} < 10))
376 {
377 if (!($proxysettings{'CACHE_SIZE'} eq '0'))
378 {
379 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
380 goto ERROR;
381 }
382 }
383 if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
384 ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576))
385 {
386 $errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
387 goto ERROR;
388 }
389 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/))
390 {
391 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
392 goto ERROR;
393 }
394 my @free = `/usr/bin/free`;
395 $free[1] =~ m/(\d+)/;
396 $cachemem = int $1 / 2048;
397 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
398 $proxysettings{'CACHE_MEM'} = $cachemem;
399 }
400 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
401 {
402 $errormessage = $Lang::tr{'invalid maximum object size'};
403 goto ERROR;
404 }
405 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
406 {
407 $errormessage = $Lang::tr{'invalid minimum object size'};
408 goto ERROR;
409 }
410 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
411 {
412 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
413 goto ERROR;
414 }
415 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
416 {
417 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
418 goto ERROR;
419 }
420 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
421 {
422 $errormessage = $Lang::tr{'invalid maximum incoming size'};
423 goto ERROR;
424 }
425 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
426 {
427 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
428 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
429 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
430 {
431 if ($netsettings{'BLUE_DEV'})
432 {
433 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
434 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
435 {
436 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
437 goto ERROR;
438 }
439 } else {
440 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
441 {
442 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
443 goto ERROR;
444 }
445 }
446 }
447 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
448 {
449 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
450 goto ERROR;
451 }
452 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
453 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
454 {
455 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
456 goto ERROR;
457 }
458 if (!($proxysettings{'AUTH_MAX_USERIP'} eq ''))
459 {
460 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
461 goto ERROR;
462 }
463 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
464 {
465 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
466 goto ERROR;
467 }
468 }
469 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
470 {
471 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
472 {
473 $errormessage = $Lang::tr{'advproxy errmsg password length'};
474 goto ERROR;
475 }
476 }
477 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
478 {
479 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
480 {
481 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
482 goto ERROR;
483 }
484 }
485 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
486 {
487 if ($proxysettings{'LDAP_BASEDN'} eq '')
488 {
489 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
490 goto ERROR;
491 }
492 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
493 {
494 if (!&General::validdomainname($proxysettings{'LDAP_SERVER'}))
495 {
496 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
497 goto ERROR;
498 }
499 }
500 if (!&General::validport($proxysettings{'LDAP_PORT'}))
501 {
502 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
503 goto ERROR;
504 }
505 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
506 {
507 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
508 {
509 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
510 goto ERROR;
511 }
512 }
513 }
514 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
515 {
516 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
517 {
518 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
519 goto ERROR;
520 }
521 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
522 {
523 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
524 goto ERROR;
525 }
526 if ($proxysettings{'RADIUS_SECRET'} eq '')
527 {
528 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
529 goto ERROR;
530 }
531 }
532
533 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
534 $proxy1 = 'YES';
535 $proxy2 = 'YES';
536 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
537 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
538 if ($proxysettings{'UPSTREAM_USER'} eq 'PASS') {$proxy1=$proxy2='PASS'; $proxysettings{'UPSTREAM_PASSWORD'} = '';}
539 if (($proxy1 ne $proxy2))
540 {
541 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
542 goto ERROR;
543 }
544
545 ERROR:
546 &check_acls;
547
548 if ($errormessage) {
549 $proxysettings{'VALID'} = 'no'; }
550 else {
551 $proxysettings{'VALID'} = 'yes'; }
552
553 if ($proxysettings{'VALID'} eq 'yes')
554 {
555 # Determine if suricata may needs to be restarted.
556 my $suricata_proxy_ports_changed;
557
558 # Check if the IDS is running
559 if(&IDS::ids_is_running()) {
560 my %oldproxysettings;
561
562 # Read-in current proxy settings and store them as oldsettings hash.
563 &General::readhash("${General::swroot}/proxy/advanced/settings", \%oldproxysettings);
564
565 # Check if the proxy port has been changed.
566 unless ($proxysettings{'PROXY_PORT'} eq $oldproxysettings{'PROXY_PORT'}) {
567 # Port has changed, suricata needs to be adjusted.
568 $suricata_proxy_ports_changed = 1;
569 }
570
571 # Check if the transparent port has been changed.
572 unless ($proxysettings{'TRANSPARENT_PORT'} eq $oldproxysettings{'TRANSPARENT_PORT'}) {
573 # Transparent port has changed, suricata needs to be adjusted.
574 $suricata_proxy_ports_changed = 1;
575 }
576 }
577
578 &write_acls;
579
580 delete $proxysettings{'SRC_SUBNETS'};
581 delete $proxysettings{'SRC_BANNED_IP'};
582 delete $proxysettings{'SRC_BANNED_MAC'};
583 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
584 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
585 delete $proxysettings{'DST_NOCACHE'};
586 delete $proxysettings{'DST_NOAUTH'};
587 delete $proxysettings{'DST_NOPROXY_IP'};
588 delete $proxysettings{'DST_NOPROXY_URL'};
589 delete $proxysettings{'PORTS_SAFE'};
590 delete $proxysettings{'PORTS_SSL'};
591 delete $proxysettings{'MIME_TYPES'};
592 delete $proxysettings{'NTLM_ALLOW_USERS'};
593 delete $proxysettings{'NTLM_DENY_USERS'};
594 delete $proxysettings{'RADIUS_ALLOW_USERS'};
595 delete $proxysettings{'RADIUS_DENY_USERS'};
596 delete $proxysettings{'IDENT_HOSTS'};
597 delete $proxysettings{'IDENT_ALLOW_USERS'};
598 delete $proxysettings{'IDENT_DENY_USERS'};
599
600 delete $proxysettings{'CRE_GROUPS'};
601 delete $proxysettings{'CRE_SVHOSTS'};
602
603 delete $proxysettings{'NCSA_USERNAME'};
604 delete $proxysettings{'NCSA_GROUP'};
605 delete $proxysettings{'NCSA_PASS'};
606 delete $proxysettings{'NCSA_PASS_CONFIRM'};
607
608 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
609 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
610 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
611 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
612 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
613 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
614 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
615
616 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
617 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
618
619 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
620
621 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
622 $stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
623 $stdproxysettings{'UPSTREAM_PROXY'} = $proxysettings{'UPSTREAM_PROXY'};
624 $stdproxysettings{'UPSTREAM_USER'} = $proxysettings{'UPSTREAM_USER'};
625 $stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
626 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
627 $stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
628 $stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
629 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
630
631 &writeconfig;
632 &writepacfile;
633
634 if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
635
636 system ('/usr/local/bin/squidctrl', 'disable');
637 unlink "${General::swroot}/proxy/enable";
638 unlink "${General::swroot}/proxy/transparent";
639 unlink "${General::swroot}/proxy/enable_blue";
640 unlink "${General::swroot}/proxy/transparent_blue";
641
642 if ($proxysettings{'ENABLE'} eq 'on') {
643 system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
644 system ('/usr/local/bin/squidctrl', 'enable'); }
645 if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
646 system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
647 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
648 system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
649 system ('/usr/local/bin/squidctrl', 'enable'); }
650 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
651 system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
652
653 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
654 if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
655
656 # Check if the suricata_proxy_ports_changed flag has been set.
657 if ($suricata_proxy_ports_changed) {
658 # Re-generate HTTP ports file.
659 &IDS::generate_http_ports_file();
660
661 # Restart suricata.
662 &IDS::call_suricatactrl("restart");
663 }
664 }
665 }
666
667 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
668 {
669 system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
670 }
671
672 if (!$errormessage)
673 {
674 if (-e "${General::swroot}/proxy/advanced/settings") {
675 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
676 } elsif (-e "${General::swroot}/proxy/settings") {
677 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
678 }
679 &read_acls;
680 }
681
682 # ------------------------------------------------------------------
683
684 # Hook to regenerate the configuration files, if cgi got called from command line.
685 if ($ENV{"REMOTE_ADDR"} eq "") {
686 writeconfig();
687 exit(0);
688 }
689
690 # -------------------------------------------------------------------
691
692 $checked{'ENABLE'}{'off'} = '';
693 $checked{'ENABLE'}{'on'} = '';
694 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
695
696 $checked{'TRANSPARENT'}{'off'} = '';
697 $checked{'TRANSPARENT'}{'on'} = '';
698 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
699
700 $checked{'ENABLE_BLUE'}{'off'} = '';
701 $checked{'ENABLE_BLUE'}{'on'} = '';
702 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
703
704 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
705 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
706 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
707
708 $checked{'SUPPRESS_VERSION'}{'off'} = '';
709 $checked{'SUPPRESS_VERSION'}{'on'} = '';
710 $checked{'SUPPRESS_VERSION'}{$proxysettings{'SUPPRESS_VERSION'}} = "checked='checked'";
711
712 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
713 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
714 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
715 $checked{'FORWARD_USERNAME'}{'off'} = '';
716 $checked{'FORWARD_USERNAME'}{'on'} = '';
717 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
718 $checked{'FORWARD_VIA'}{'off'} = '';
719 $checked{'FORWARD_VIA'}{'on'} = '';
720 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
721 $checked{'NO_CONNECTION_AUTH'}{'off'} = '';
722 $checked{'NO_CONNECTION_AUTH'}{'on'} = '';
723 $checked{'NO_CONNECTION_AUTH'}{$proxysettings{'NO_CONNECTION_AUTH'}} = "checked='checked'";
724
725 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
726 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
727 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
728 $checked{'OFFLINE_MODE'}{'off'} = '';
729 $checked{'OFFLINE_MODE'}{'on'} = '';
730 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
731 $checked{'CACHE_DIGESTS'}{'off'} = '';
732 $checked{'CACHE_DIGESTS'}{'on'} = '';
733 $checked{'CACHE_DIGESTS'}{$proxysettings{'CACHE_DIGESTS'}} = "checked='checked'";
734
735 $checked{'LOGGING'}{'off'} = '';
736 $checked{'LOGGING'}{'on'} = '';
737 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
738 $checked{'CACHEMGR'}{'off'} = '';
739 $checked{'CACHEMGR'}{'on'} = '';
740 $checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
741 $checked{'LOGQUERY'}{'off'} = '';
742 $checked{'LOGQUERY'}{'on'} = '';
743 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
744 $checked{'LOGUSERAGENT'}{'off'} = '';
745 $checked{'LOGUSERAGENT'}{'on'} = '';
746 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
747
748 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
749 $selected{'ERR_DESIGN'}{$proxysettings{'ERR_DESIGN'}} = "selected='selected'";
750
751 $checked{'NO_PROXY_LOCAL'}{'off'} = '';
752 $checked{'NO_PROXY_LOCAL'}{'on'} = '';
753 $checked{'NO_PROXY_LOCAL'}{$proxysettings{'NO_PROXY_LOCAL'}} = "checked='checked'";
754 $checked{'NO_PROXY_LOCAL_BLUE'}{'off'} = '';
755 $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} = '';
756 $checked{'NO_PROXY_LOCAL_BLUE'}{$proxysettings{'NO_PROXY_LOCAL_BLUE'}} = "checked='checked'";
757
758 $checked{'CLASSROOM_EXT'}{'off'} = '';
759 $checked{'CLASSROOM_EXT'}{'on'} = '';
760 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
761
762 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
763 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
764 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
765 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
766 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
767
768 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
769 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
770 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
771 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
772 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
773 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
774 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
775
776 $checked{'TIME_MON'}{'off'} = '';
777 $checked{'TIME_MON'}{'on'} = '';
778 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
779 $checked{'TIME_TUE'}{'off'} = '';
780 $checked{'TIME_TUE'}{'on'} = '';
781 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
782 $checked{'TIME_WED'}{'off'} = '';
783 $checked{'TIME_WED'}{'on'} = '';
784 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
785 $checked{'TIME_THU'}{'off'} = '';
786 $checked{'TIME_THU'}{'on'} = '';
787 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
788 $checked{'TIME_FRI'}{'off'} = '';
789 $checked{'TIME_FRI'}{'on'} = '';
790 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
791 $checked{'TIME_SAT'}{'off'} = '';
792 $checked{'TIME_SAT'}{'on'} = '';
793 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
794 $checked{'TIME_SUN'}{'off'} = '';
795 $checked{'TIME_SUN'}{'on'} = '';
796 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
797
798 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
799 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
800 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
801 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
802
803 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
804 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
805 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
806
807 $checked{'AUTH_METHOD'}{'none'} = '';
808 $checked{'AUTH_METHOD'}{'ncsa'} = '';
809 $checked{'AUTH_METHOD'}{'ident'} = '';
810 $checked{'AUTH_METHOD'}{'ldap'} = '';
811 $checked{'AUTH_METHOD'}{'ntlm-auth'} = '';
812 $checked{'AUTH_METHOD'}{'radius'} = '';
813 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
814
815 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
816
817 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
818 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
819 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
820
821 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
822 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
823 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
824
825 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
826
827 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
828
829 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
830
831 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
832 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
833 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
834
835 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
836 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
837 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
838
839 $checked{'NTLM_USER_ACL'}{'positive'} = '';
840 $checked{'NTLM_USER_ACL'}{'negative'} = '';
841 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
842
843 $checked{'NTLM_AUTH_BASIC'}{'on'} = '';
844 $checked{'NTLM_AUTH_BASIC'}{'off'} = '';
845 $checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'";
846
847 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
848 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
849 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
850
851 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
852 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
853 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
854
855 $checked{'IDENT_REQUIRED'}{'off'} = '';
856 $checked{'IDENT_REQUIRED'}{'on'} = '';
857 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
858
859 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
860 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
861 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
862
863 $checked{'IDENT_USER_ACL'}{'positive'} = '';
864 $checked{'IDENT_USER_ACL'}{'negative'} = '';
865 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
866
867 $checked{'ENABLE_FILTER'}{'off'} = '';
868 $checked{'ENABLE_FILTER'}{'on'} = '';
869 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
870
871 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
872 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
873 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
874
875 $checked{'ENABLE_CLAMAV'}{'off'} = '';
876 $checked{'ENABLE_CLAMAV'}{'on'} = '';
877 $checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
878
879 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
880
881 &Header::openbigbox('100%', 'left', '', $errormessage);
882
883 if ($errormessage) {
884 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
885 print "<font class='base'>$errormessage&nbsp;</font>\n";
886 &Header::closebox();
887 }
888
889 if ($squidversion[0] =~ /^Squid\sCache:\sVersion\s/i)
890 {
891 $squidversion[0] =~ s/^Squid\sCache:\sVersion//i;
892 $squidversion[0] =~ s/^\s+//g;
893 $squidversion[0] =~ s/\s+$//g;
894 } else {
895 $squidversion[0] = $Lang::tr{'advproxy unknown'};
896 }
897
898 # ===================================================================
899 # Main settings
900 # ===================================================================
901
902 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
903
904 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
905
906 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
907
908 print <<END
909 <table width='100%'>
910 <tr>
911 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
912 </tr>
913 <tr>
914 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
915 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
916 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
917 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
918 </tr>
919 <tr>
920 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
921 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
922 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
923 <td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
924 </tr>
925 <tr>
926 END
927 ;
928 if ($netsettings{'BLUE_DEV'}) {
929 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
930 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
931 } else {
932 print "<td colspan='2'>&nbsp;</td>";
933 }
934 print <<END
935 <td class='base'>$Lang::tr{'advproxy visible hostname'}:</td>
936 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
937 </tr>
938 <tr>
939 END
940 ;
941 if ($netsettings{'BLUE_DEV'}) {
942 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
943 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
944 } else {
945 print "<td colspan='2'>&nbsp;</td>";
946 }
947 print <<END
948 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
949 <td class='base'>
950 <select name='ERR_LANGUAGE'>
951 END
952 ;
953 foreach (<$errordir/*>) {
954 if (-d) {
955 $language = substr($_,rindex($_,"/")+1);
956 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
957 }
958 }
959 print <<END
960 </select>
961 </td>
962 </tr>
963 <tr>
964 <td class='base'>$Lang::tr{'advproxy suppress version'}:</td>
965 <td><input type='checkbox' name='SUPPRESS_VERSION' $checked{'SUPPRESS_VERSION'}{'on'} /></td>
966 <td class='base'>$Lang::tr{'advproxy error design'}:</td>
967 <td class='base'><select name='ERR_DESIGN'>
968 <option value='ipfire' $selected{'ERR_DESIGN'}{'ipfire'}>IPFire</option>
969 <option value='squid' $selected{'ERR_DESIGN'}{'squid'}>$Lang::tr{'advproxy standard'}</option>
970 </select></td>
971 </tr>
972 <tr>
973 <td class='base'>$Lang::tr{'advproxy squid version'}:</td>
974 <td class='base'>&nbsp;[<font color='$Header::colourred'> $squidversion[0] </font>]</td>
975 <td>&nbsp;</td>
976 <td>&nbsp;</td>
977 </tr>
978 </table>
979 <hr size='1'>
980 <table width='100%'>
981 END
982 ;
983 if ( -e "/usr/bin/squidclamav" ) {
984 print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
985 if ( ! -e "/var/run/clamav/clamd.pid" ){
986 print "<font color='red'>clamav not running</font><br /><br />";
987 $proxysettings{'ENABLE_CLAMAV'} = 'off';
988 }
989 else {
990 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
991 }
992 print "</td>";
993 } else {
994 print "<td></td>";
995 }
996 print "<td class='base'><a href='/cgi-bin/urlfilter.cgi'><b>".$Lang::tr{'advproxy url filter'}."</a></b><br />";
997 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_FILTER' ".$checked{'ENABLE_FILTER'}{'on'}." /><br />";
998 print "</td>";
999 print "<td class='base'><a href='/cgi-bin/updatexlrator.cgi'><b>".$Lang::tr{'advproxy update accelerator'}."</a></b><br />";
1000 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_UPDXLRATOR' ".$checked{'ENABLE_UPDXLRATOR'}{'on'}." /><br />";
1001 print "</td></tr>";
1002 print <<END
1003 </table>
1004 <hr size='1'>
1005 <table width='100%'>
1006 <tr>
1007 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
1008 </tr>
1009 <tr>
1010 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}:</td>
1011 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
1012 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}:</td>
1013 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
1014 </tr>
1015 <tr>
1016 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}:</td>
1017 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
1018 <td class='base'>$Lang::tr{'advproxy upstream username'}:</td>
1019 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
1020 </tr>
1021 <tr>
1022 <td class='base'>$Lang::tr{'advproxy username forwarding'}:</td>
1023 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
1024 <td class='base'>$Lang::tr{'advproxy upstream password'}:</td>
1025 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
1026 </tr>
1027 <tr>
1028 <td class='base'>$Lang::tr{'advproxy no connection auth'}:</td>
1029 <td><input type='checkbox' name='NO_CONNECTION_AUTH' $checked{'NO_CONNECTION_AUTH'}{'on'} /></td>
1030 <td>&nbsp;</td>
1031 <td>&nbsp;</td>
1032 </tr>
1033 </table>
1034 <hr size='1'>
1035 <table width='100%'>
1036 <tr>
1037 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
1038 </tr>
1039 <tr>
1040 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
1041 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
1042 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
1043 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
1044 </tr>
1045 <tr>
1046 <td>&nbsp;</td>
1047 <td>&nbsp;</td>
1048 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
1049 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
1050 </tr>
1051 </table>
1052 <hr size='1'>
1053 <table width='100%'>
1054 <tr>
1055 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
1056 </tr>
1057 <tr>
1058 <td class='base'><a href='/cgi-bin/cachemgr.cgi' target='_blank'>$Lang::tr{'proxy cachemgr'}:</td>
1059 <td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
1060 <td class='base'>$Lang::tr{'advproxy admin mail'}:</td>
1061 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
1062 </tr>
1063 <tr>
1064 <td class='base'>$Lang::tr{'proxy filedescriptors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1065 <td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
1066 <td class='base'>$Lang::tr{'proxy admin password'}:</td>
1067 <td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
1068 </tr>
1069 <tr>
1070 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1071 </tr>
1072 <tr>
1073 <td class='base'>$Lang::tr{'advproxy ram cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1074 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
1075 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1076 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
1077 </tr>
1078 <tr>
1079 <td class='base'>$Lang::tr{'advproxy min size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1080 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
1081 <td class='base'>$Lang::tr{'advproxy max size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1082 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
1083 </tr>
1084 <tr>
1085 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
1086 <td class='base'><select name='L1_DIRS'>
1087 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
1088 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
1089 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
1090 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
1091 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
1092 </select></td>
1093 <td colspan='2' rowspan= '5' valign='top' class='base'>
1094 <table cellspacing='0' cellpadding='0'>
1095 <tr>
1096 <!-- intentionally left empty -->
1097 </tr>
1098 <tr>
1099 <td>$Lang::tr{'advproxy no cache sites'}:</td>
1100 </tr>
1101 <tr>
1102 <!-- intentionally left empty -->
1103 </tr>
1104 <tr>
1105 <!-- intentionally left empty -->
1106 </tr>
1107 <tr>
1108 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
1109 END
1110 ;
1111
1112 print $proxysettings{'DST_NOCACHE'};
1113
1114 print <<END
1115 </textarea></td>
1116 </tr>
1117 </table>
1118 </td>
1119 </tr>
1120 <tr>
1121 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
1122 <td class='base'><select name='MEM_POLICY'>
1123 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
1124 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1125 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
1126 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
1127 </select></td>
1128 </tr>
1129 <tr>
1130 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1131 <td class='base'><select name='CACHE_POLICY'>
1132 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1133 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1134 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1135 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1136 </select></td>
1137 </tr>
1138 <tr>
1139 <td colspan='2'>&nbsp;</td>
1140 </tr>
1141 <tr>
1142 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1143 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1144 </tr>
1145 <tr>
1146 <td class='base'>$Lang::tr{'advproxy cache-digest'}:</td>
1147 <td><input type='checkbox' name='CACHE_DIGESTS' $checked{'CACHE_DIGESTS'}{'on'} /></td>
1148 </tr>
1149 </table>
1150 <hr size='1'>
1151 <table width='100%'>
1152 <tr>
1153 <td colspan='4'><b>$Lang::tr{'advproxy destination ports'}</b></td>
1154 </tr>
1155 <tr>
1156 <td width='25%' align='center'></td> <td width='20%' align='center'></td><td width='25%' align='center'></td><td width='30%' align='center'></td>
1157 </tr>
1158 <tr>
1159 <td colspan='2' class='base'>$Lang::tr{'advproxy standard ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1160 <td colspan='2' class='base'>$Lang::tr{'advproxy ssl ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1161 </tr>
1162 <tr>
1163 <td colspan='2'><textarea name='PORTS_SAFE' cols='32' rows='6' wrap='off'>
1164 END
1165 ;
1166 if (!$proxysettings{'PORTS_SAFE'}) { print $def_ports_safe; } else { print $proxysettings{'PORTS_SAFE'}; }
1167
1168 print <<END
1169 </textarea></td>
1170 <td colspan='2'><textarea name='PORTS_SSL' cols='32' rows='6' wrap='off'>
1171 END
1172 ;
1173 if (!$proxysettings{'PORTS_SSL'}) { print $def_ports_ssl; } else { print $proxysettings{'PORTS_SSL'}; }
1174
1175 print <<END
1176 </textarea></td>
1177 </tr>
1178 </table>
1179 <hr size='1'>
1180 <table width='100%'>
1181 <tr>
1182 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1183 </tr>
1184 <tr>
1185 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1186 </tr>
1187 <tr>
1188 <td colspan='4' class='base'>$Lang::tr{'advproxy allowed subnets'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1189 </tr>
1190 <tr>
1191 <td colspan='2' rowspan='4'><textarea name='SRC_SUBNETS' cols='32' rows='3' wrap='off'>
1192 END
1193 ;
1194
1195 if (!$proxysettings{'SRC_SUBNETS'})
1196 {
1197 print "$green_cidr\n";
1198 if ($netsettings{'BLUE_DEV'})
1199 {
1200 print "$blue_cidr\n";
1201 }
1202 } else { print $proxysettings{'SRC_SUBNETS'}; }
1203
1204 print <<END
1205 </textarea></td>
1206 END
1207 ;
1208
1209 $line = $Lang::tr{'advproxy no internal proxy on green'};
1210 $line =~ s/Green/<font color="$Header::colourgreen">Green<\/font>/i;
1211 print "<td class='base'>$line:</td>\n";
1212 print <<END
1213 <td><input type='checkbox' name='NO_PROXY_LOCAL' $checked{'NO_PROXY_LOCAL'}{'on'} /></td>
1214 </tr>
1215 END
1216 ;
1217 if ($netsettings{'BLUE_DEV'}) {
1218 $line = $Lang::tr{'advproxy no internal proxy on blue'};
1219 $line =~ s/Blue/<font color="$Header::colourblue">Blue<\/font>/i;
1220 print "<tr>\n";
1221 print "<td class='base'>$line:</td>\n";
1222 print <<END
1223 <td><input type='checkbox' name='NO_PROXY_LOCAL_BLUE' $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} /></td>
1224 </tr>
1225 END
1226 ;
1227 }
1228 print <<END
1229 <tr>
1230 <td colspan='2'>&nbsp;</td>
1231 </tr>
1232 <tr>
1233 <td colspan='2'>&nbsp;</td>
1234 </tr>
1235 </table>
1236 <table width='100%'>
1237 <tr>
1238 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1239 </tr>
1240 <tr>
1241 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:</td>
1242 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:</td>
1243 </tr>
1244 <tr>
1245 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='3' wrap='off'>
1246 END
1247 ;
1248
1249 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1250
1251 print <<END
1252 </textarea></td>
1253 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='3' wrap='off'>
1254 END
1255 ;
1256
1257 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1258
1259 print <<END
1260 </textarea></td>
1261 </tr>
1262 </table>
1263 <table width='100%'>
1264 <tr>
1265 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1266 </tr>
1267 <tr>
1268 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:</td>
1269 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:</td>
1270 </tr>
1271 <tr>
1272 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='3' wrap='off'>
1273 END
1274 ;
1275
1276 print $proxysettings{'SRC_BANNED_IP'};
1277
1278 print <<END
1279 </textarea></td>
1280 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='3' wrap='off'>
1281 END
1282 ;
1283
1284 print $proxysettings{'SRC_BANNED_MAC'};
1285
1286 print <<END
1287 </textarea></td>
1288 </tr>
1289 </table>
1290
1291 <hr size='1'>
1292
1293 END
1294 ;
1295 # -------------------------------------------------------------------
1296 # CRE GUI - optional
1297 # -------------------------------------------------------------------
1298
1299 if (-e $cre_enabled) { print <<END
1300 <table width='100%'>
1301
1302 <tr>
1303 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1304 </tr>
1305 <tr>
1306 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1307 </tr>
1308 <tr>
1309
1310 END
1311 ;
1312 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1313 print <<END
1314 <td class='base'>$Lang::tr{'advproxy supervisor password'}:</td>
1315 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1316 </tr>
1317 <tr>
1318 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1319 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:</td>
1320 END
1321 ;
1322 }
1323 print "</tr>";
1324 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1325 print <<END
1326 <tr>
1327 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1328 END
1329 ;
1330
1331 print $proxysettings{'CRE_GROUPS'};
1332
1333 print <<END
1334 </textarea></td>
1335 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1336 END
1337 ;
1338 print $proxysettings{'CRE_SVHOSTS'};
1339
1340 print <<END
1341 </textarea></td>
1342 </tr>
1343 END
1344 ;
1345 }
1346 print "</table><hr size='1'>";
1347
1348 } else {
1349 print <<END
1350 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1351 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1352 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1353 END
1354 ;
1355 }
1356
1357 # ===================================================================
1358 # WPAD settings
1359 # ===================================================================
1360
1361 print <<END
1362 <table width='100%'>
1363 <tr>
1364 <td colspan='4'><b>$Lang::tr{'advproxy wpad title'}</b></td>
1365 </tr>
1366 <tr>
1367 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1368 </tr>
1369 <tr>
1370 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_ip'}:</td>
1371 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_url'}:</td>
1372 </tr>
1373 <tr>
1374 <td colspan='2'><textarea name='DST_NOPROXY_IP' cols='32' rows='3' wrap='off'>
1375 END
1376 ;
1377
1378 print $proxysettings{'DST_NOPROXY_IP'};
1379
1380 print <<END
1381 </textarea></td>
1382
1383 <td colspan='2'><textarea name='DST_NOPROXY_URL' cols='32' rows='3' wrap='off'>
1384 END
1385 ;
1386
1387 print $proxysettings{'DST_NOPROXY_URL'};
1388
1389 print <<END
1390 </textarea></td>
1391 </tr>
1392 <tr>
1393 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_ip'}</td>
1394 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_url'}</td>
1395 </tr>
1396 <tr>
1397 <td colspan="4">&nbsp;</td>
1398 </tr>
1399 <tr>
1400 <td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td>
1401 </tr>
1402 <tr>
1403 <td colspan="4">&nbsp;</td>
1404 </tr>
1405 <tr>
1406 <td colspan="4">$Lang::tr{'advproxy wpad notice'}</td>
1407 </tr>
1408 </table>
1409
1410 <hr size='1'>
1411
1412 END
1413 ;
1414
1415 # -------------------------------------------------------------------
1416
1417 print <<END
1418
1419 <table width='100%'>
1420 <tr>
1421 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1422 </tr>
1423 <table width='100%'>
1424 <tr>
1425 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1426 <td width='1%'>&nbsp;</td>
1427 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1428 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1429 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1430 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1431 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1432 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1433 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1434 <td width='1%'>&nbsp;&nbsp;</td>
1435 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1436 <td width='1%'>&nbsp;</td>
1437 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1438 <td>&nbsp;</td>
1439 </tr>
1440 <tr>
1441 <td class='base'>
1442 <select name='TIME_ACCESS_MODE'>
1443 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1444 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1445 </select>
1446 </td>
1447 <td>&nbsp;</td>
1448 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1449 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1450 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1451 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1452 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1453 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1454 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1455 <td>&nbsp;</td>
1456 <td class='base'>
1457 <select name='TIME_FROM_HOUR'>
1458 END
1459 ;
1460 for ($i=0;$i<=24;$i++) {
1461 $_ = sprintf("%02s",$i);
1462 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1463 }
1464 print <<END
1465 </select>
1466 </td>
1467 <td>:</td>
1468 <td class='base'>
1469 <select name='TIME_FROM_MINUTE'>
1470 END
1471 ;
1472 for ($i=0;$i<=45;$i+=15) {
1473 $_ = sprintf("%02s",$i);
1474 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1475 }
1476 print <<END
1477 </select>
1478 <td> - </td>
1479 </td>
1480 <td class='base'>
1481 <select name='TIME_TO_HOUR'>
1482 END
1483 ;
1484 for ($i=0;$i<=24;$i++) {
1485 $_ = sprintf("%02s",$i);
1486 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1487 }
1488 print <<END
1489 </select>
1490 </td>
1491 <td>:</td>
1492 <td class='base'>
1493 <select name='TIME_TO_MINUTE'>
1494 END
1495 ;
1496 for ($i=0;$i<=45;$i+=15) {
1497 $_ = sprintf("%02s",$i);
1498 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1499 }
1500 print <<END
1501 </select>
1502 </td>
1503 </tr>
1504 </table>
1505 <hr size='1'>
1506 <table width='100%'>
1507 <tr>
1508 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1509 </tr>
1510 <tr>
1511 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1512 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1513 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1514 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1515 </tr>
1516 </table>
1517 <hr size='1'>
1518 <table width='100%'>
1519 <tr>
1520 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1521 </tr>
1522 <tr>
1523 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1524 <td width='20%' class='base'>
1525 <select name='THROTTLING_GREEN_TOTAL'>
1526 END
1527 ;
1528
1529 foreach (@throttle_limits) {
1530 my $val = $_;
1531 my $unit = "kbit/s";
1532
1533 if ($val >= 1024) {
1534 $unit = "Mbit/s";
1535 $val /= 1024;
1536 }
1537
1538 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$val $unit</option>\n";
1539 }
1540
1541 print <<END
1542 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1543 </select>
1544 </td>
1545 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1546 <td width='30%' class='base'>
1547 <select name='THROTTLING_GREEN_HOST'>
1548 END
1549 ;
1550
1551 foreach (@throttle_limits) {
1552 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kbit/s</option>\n";
1553 }
1554
1555 print <<END
1556 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1557 </select>
1558 </td>
1559 </tr>
1560 END
1561 ;
1562
1563 if ($netsettings{'BLUE_DEV'}) {
1564 print <<END
1565 <tr>
1566 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1567 <td class='base'>
1568 <select name='THROTTLING_BLUE_TOTAL'>
1569 END
1570 ;
1571
1572 foreach (@throttle_limits) {
1573 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kbit/s</option>\n";
1574 }
1575
1576 print <<END
1577 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1578 </select>
1579 </td>
1580 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1581 <td class='base'>
1582 <select name='THROTTLING_BLUE_HOST'>
1583 END
1584 ;
1585
1586 foreach (@throttle_limits) {
1587 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kbit/s</option>\n";
1588 }
1589
1590 print <<END
1591 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1592 </select>
1593 </td>
1594 </tr>
1595 END
1596 ;
1597 }
1598
1599 print <<END
1600 </table>
1601 <hr size='1'>
1602 <table width='100%'>
1603 <tr>
1604 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1605 </tr>
1606 END
1607 ;
1608 if ( $proxysettings{'ENABLE_MIME_FILTER'} eq 'on' ){
1609 print <<END
1610 <tr>
1611 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:</td>
1612 <td>&nbsp;</td>
1613 <td>&nbsp;</td>
1614 </tr>
1615 <tr>
1616 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1617 END
1618 ;
1619
1620 print $proxysettings{'MIME_TYPES'};
1621
1622 print <<END
1623 </textarea></td>
1624 <td>&nbsp;</td>
1625 <td>&nbsp;</td>
1626 </tr>
1627 END
1628 ;
1629 }
1630 print <<END
1631 </table>
1632
1633 <hr size='1'>
1634
1635 <table width='100%'>
1636 <tr>
1637 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1638 </tr>
1639 <tr>
1640 <td class='base'>$Lang::tr{'advproxy fake useragent'}:</td>
1641 <td class='base'>$Lang::tr{'advproxy fake referer'}:</td>
1642 </tr>
1643 <tr>
1644 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='40%' /></td>
1645 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='40%' /></td>
1646 </tr>
1647 </table>
1648 <hr size='1'>
1649 END
1650 ;
1651
1652 my $auth_columns = 5;
1653 if ($HAVE_NTLM_AUTH) {
1654 $auth_columns++;
1655 }
1656 my $auth_column_width = 100 / $auth_columns;
1657
1658 print <<END;
1659 <table width='100%'>
1660 <tr>
1661 <td colspan='$auth_columns'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1662 </tr>
1663 <tr>
1664 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1665 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1666 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1667 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1668 END
1669
1670 if ($HAVE_NTLM_AUTH) {
1671 print <<END;
1672 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm-auth' $checked{'AUTH_METHOD'}{'ntlm-auth'} />$Lang::tr{'advproxy AUTH method ntlm auth'}</td>
1673 END
1674 }
1675
1676 print <<END
1677 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1678 </tr>
1679 </table>
1680 END
1681 ;
1682
1683 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1684 <hr size='1'>
1685 <table width='100%'>
1686 <tr>
1687 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1688 </tr>
1689 <tr>
1690 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1691 </tr>
1692 <tr>
1693 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1694 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1695 <td colspan='2' rowspan= '6' valign='top' class='base'>
1696 <table cellpadding='0' cellspacing='0'>
1697 <tr>
1698 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:</td>
1699 </tr>
1700 <tr>
1701 <!-- intentionally left empty -->
1702 </tr>
1703 <tr>
1704 <!-- intentionally left empty -->
1705 </tr>
1706 <tr>
1707 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1708 </tr>
1709 <tr>
1710 <!-- intentionally left empty -->
1711 </tr>
1712 <tr>
1713 <!-- intentionally left empty -->
1714 </tr>
1715 <tr>
1716 <td>$Lang::tr{'advproxy AUTH no auth'}:</td>
1717 </tr>
1718 <tr>
1719 <!-- intentionally left empty -->
1720 </tr>
1721 <tr>
1722 <!-- intentionally left empty -->
1723 </tr>
1724 <tr>
1725 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1726 END
1727 ;
1728
1729 print $proxysettings{'DST_NOAUTH'};
1730
1731 print <<END
1732 </textarea></td>
1733 </tr>
1734 </table>
1735 </td>
1736 </tr>
1737 <tr>
1738 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1739 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1740 </tr>
1741 <tr>
1742 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
1743 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1744 </tr>
1745 <tr>
1746 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1747 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1748 </tr>
1749 <tr>
1750 <td colspan='2'>&nbsp;</td>
1751 </tr>
1752 </table>
1753 END
1754 ;
1755 }
1756
1757 # ===================================================================
1758 # NCSA auth settings
1759 # ===================================================================
1760
1761 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1762 print <<END
1763 <hr size='1'>
1764 <table width='100%'>
1765 <tr>
1766 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1767 </tr>
1768 <tr>
1769 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1770 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1771 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1772 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1773 </tr>
1774 <tr>
1775 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1776 <td>&nbsp;</td>
1777 <td>&nbsp;</td>
1778 </tr>
1779 </table>
1780 END
1781 ; }
1782
1783 # ===================================================================
1784 # IDENTD auth settings
1785 # ===================================================================
1786
1787 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1788 print <<END
1789 <hr size ='1'>
1790 <table width='100%'>
1791 <tr>
1792 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1793 </tr>
1794 <tr>
1795 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1796 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1797 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1798 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1799 </tr>
1800 <tr>
1801 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1802 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1803 <td>&nbsp;</td>
1804 <td>&nbsp;</td>
1805 </tr>
1806 <tr>
1807 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1808 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:</td>
1809 </tr>
1810 <tr>
1811 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1812 END
1813 ;
1814 if (!$proxysettings{'IDENT_HOSTS'}) {
1815 print "$green_cidr\n";
1816 if ($netsettings{'BLUE_DEV'}) {
1817 print "$blue_cidr\n";
1818 }
1819 } else {
1820 print $proxysettings{'IDENT_HOSTS'};
1821 }
1822
1823 print <<END
1824 </textarea></td>
1825 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1826 END
1827 ;
1828
1829 print $proxysettings{'DST_NOAUTH'};
1830
1831 print <<END
1832 </textarea></td>
1833 </tr>
1834 </table>
1835 <hr size ='1'>
1836 <table width='100%'>
1837 <tr>
1838 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1839 </tr>
1840 <tr>
1841 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1842 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1843 <td width='25%'>&nbsp;</td>
1844 <td width='30%'>&nbsp;</td>
1845 </tr>
1846 <tr>
1847 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1848 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1849 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1850 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1851 </tr>
1852 <tr>
1853 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1854 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1855 </tr>
1856 <tr>
1857 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1858 END
1859 ; }
1860
1861 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1862
1863 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1864 </textarea></td>
1865 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1866 END
1867 ; }
1868
1869 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1870
1871 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1872 </textarea></td>
1873 </tr>
1874 </table>
1875 END
1876 ; }
1877
1878 # ===================================================================
1879 # NTLM-AUTH settings
1880 # ===================================================================
1881
1882 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
1883 print <<END;
1884 <hr size ='1'>
1885 <table width='100%'>
1886 <td width='20%' class='base'>$Lang::tr{'advproxy basic authentication'}:</td>
1887 <td width='40%'><input type='checkbox' name='NTLM_AUTH_BASIC' $checked{'NTLM_AUTH_BASIC'}{'on'} /></td>
1888 <td colspan='2'>&nbsp;</td>
1889 </table>
1890
1891 <hr size='1' />
1892
1893 <table width='100%'>
1894 <tr>
1895 <td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
1896 </tr>
1897 <tr>
1898 <td width='20%' class='base'>$Lang::tr{'advproxy group required'}:</td>
1899 <td width='40%'><input type='text' name='NTLM_AUTH_GROUP' value='$proxysettings{'NTLM_AUTH_GROUP'}' size='37' /></td>
1900 <td>&nbsp;</td>
1901 <td>&nbsp;</td>
1902 </tr>
1903 </table>
1904 END
1905 }
1906
1907 # ===================================================================
1908 # LDAP auth settings
1909 # ===================================================================
1910
1911 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1912 print <<END
1913 <hr size='1'>
1914 <table width='100%'>
1915 <tr>
1916 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1917 </tr>
1918 <tr>
1919 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1920 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1921 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1922 <td class='base'><select name='LDAP_TYPE'>
1923 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1924 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1925 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1926 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1927 </select></td>
1928 </tr>
1929 <tr>
1930 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1931 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1932 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1933 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1934 </tr>
1935 </table>
1936 <hr size ='1'>
1937 <table width='100%'>
1938 <tr>
1939 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1940 </tr>
1941 <tr>
1942 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1943 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1944 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1945 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1946 </tr>
1947 </table>
1948 <hr size ='1'>
1949 <table width='100%'>
1950 <tr>
1951 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1952 </tr>
1953 <tr>
1954 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:</td>
1955 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1956 <td>&nbsp;</td>
1957 <td>&nbsp;</td>
1958 </tr>
1959 </table>
1960 END
1961 ; }
1962
1963 # ===================================================================
1964 # RADIUS auth settings
1965 # ===================================================================
1966
1967 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1968 print <<END
1969 <hr size='1'>
1970 <table width='100%'>
1971 <tr>
1972 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1973 </tr>
1974 <tr>
1975 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1976 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1977 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1978 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1979 </tr>
1980 <tr>
1981 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:</td>
1982 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1983 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1984 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1985 </tr>
1986 </table>
1987 <hr size ='1'>
1988 <table width='100%'>
1989 <tr>
1990 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1991 </tr>
1992 <tr>
1993 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1994 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1995 <td width='25%'>&nbsp;</td>
1996 <td width='30%'>&nbsp;</td>
1997 </tr>
1998 <tr>
1999 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
2000 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
2001 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
2002 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
2003 </tr>
2004 <tr>
2005 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
2006 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
2007 </tr>
2008 <tr>
2009 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
2010 END
2011 ; }
2012
2013 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
2014
2015 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2016 </textarea></td>
2017 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
2018 END
2019 ; }
2020
2021 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
2022
2023 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2024 </textarea></td>
2025 </tr>
2026 </table>
2027 END
2028 ; }
2029
2030 # ===================================================================
2031
2032 }
2033
2034 print "<table>\n";
2035
2036 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
2037 print <<END
2038 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2039 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2040 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2041 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
2042 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2043 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
2044 END
2045 ; }
2046
2047 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
2048 print <<END
2049 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2050 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2051 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2052 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2053 END
2054 ; }
2055
2056 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
2057 print <<END
2058 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2059 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
2060 END
2061 ; }
2062
2063 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
2064 print <<END
2065 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
2066 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
2067 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
2068 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
2069 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
2070 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
2071 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
2072 END
2073 ; }
2074
2075 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
2076 print <<END
2077 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
2078 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
2079 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
2080 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
2081 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
2082 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
2083 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
2084 END
2085 ; }
2086
2087 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
2088 print <<END
2089 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
2090 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
2091 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
2092 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
2093 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
2094 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
2095 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
2096 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
2097 END
2098 ; }
2099
2100 print "</table>\n";
2101
2102 print <<END
2103 <hr size='1'>
2104 END
2105 ;
2106
2107 print <<END
2108 <table width='100%'>
2109 <tr>
2110 <td>&nbsp;</td>
2111 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
2112 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'proxy reconfigure'}' /></td>
2113 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
2114 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy clear cache'}' /></td>
2115 <td>&nbsp;</td>
2116 </tr>
2117
2118 </table>
2119 <br />
2120 <table width='100%'>
2121 <tr>
2122 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'required field'}</font></td>
2123 <td align='right'>&nbsp;</td>
2124 </tr>
2125 </table>
2126 </form>
2127 END
2128 ;
2129
2130 &Header::closebox();
2131
2132 } else {
2133
2134 # ===================================================================
2135 # NCSA user management
2136 # ===================================================================
2137
2138 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2139 print <<END
2140 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2141 <table width='100%'>
2142 <tr>
2143 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2144 </tr>
2145 <tr>
2146 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2147 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2148 END
2149 ;
2150 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly='readonly' "; }
2151 print <<END
2152 /></td>
2153 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2154 <td class='base'>
2155 <select name='NCSA_GROUP'>
2156 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2157 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2158 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2159 </select>
2160 </td>
2161
2162 </tr>
2163 <tr>
2164 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2165 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2166 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2167 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2168 </tr>
2169 </table>
2170 <br>
2171 <table>
2172 <tr>
2173 <td>&nbsp;</td>
2174 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2175 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2176 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2177 END
2178 ;
2179 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2180 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2181 }
2182
2183 print <<END
2184 <td>&nbsp;</td>
2185 <td>&nbsp;</td>
2186 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2187 </tr>
2188 </table>
2189 </form>
2190 <hr size='1'>
2191 <table width='100%'>
2192 <tr>
2193 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2194 </tr>
2195 </table>
2196 <table width='100%' align='center'>
2197 END
2198 ;
2199
2200 if (-e $extgrp)
2201 {
2202 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2203 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2204 }
2205 if (-e $stdgrp)
2206 {
2207 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2208 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2209 }
2210 if (-e $disgrp)
2211 {
2212 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2213 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2214 }
2215
2216 @userlist = sort(@userlist);
2217
2218 # If the password file contains entries, print entries and action icons
2219
2220 if ( ! -z "$userdb" ) {
2221 print <<END
2222 <tr>
2223 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2224 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2225 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2226 </tr>
2227 END
2228 ;
2229 $id = 0;
2230 foreach $line (@userlist)
2231 {
2232 $id++;
2233 chomp($line);
2234 @temp = split(/:/,$line);
2235 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2236 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2237 elsif ($id % 2) {
2238 print "<tr bgcolor='$color{'color20'}'>\n"; }
2239 else {
2240 print "<tr bgcolor='$color{'color22'}'>\n"; }
2241
2242 print <<END
2243 <td align='center'>$temp[0]</td>
2244 <td align='center'>
2245 END
2246 ;
2247 if ($temp[1] eq 'standard') {
2248 print $Lang::tr{'advproxy NCSA grp standard'};
2249 } elsif ($temp[1] eq 'extended') {
2250 print $Lang::tr{'advproxy NCSA grp extended'};
2251 } elsif ($temp[1] eq 'disabled') {
2252 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2253 print <<END
2254 </td>
2255 <td width='8%' align='center'>
2256 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2257 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2258 <input type='hidden' name='ID' value='$line' />
2259 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2260 </form>
2261 </td>
2262
2263 <td width='8%' align='center'>
2264 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2265 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2266 <input type='hidden' name='ID' value='$temp[0]' />
2267 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2268 </form>
2269 </td>
2270 </tr>
2271 END
2272 ;
2273 }
2274
2275 print <<END
2276 </table>
2277 <br>
2278 <table>
2279 <tr>
2280 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2281 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2282 <td class='base'>$Lang::tr{'edit'}</td>
2283 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2284 <td class='base'>$Lang::tr{'remove'}</td>
2285 </tr>
2286 END
2287 ;
2288 } else {
2289 print <<END
2290 <tr>
2291 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2292 </tr>
2293 END
2294 ;
2295 }
2296
2297 print <<END
2298 </table>
2299 END
2300 ;
2301
2302 &Header::closebox();
2303
2304 }
2305
2306 # ===================================================================
2307
2308 &Header::closebigbox();
2309
2310 &Header::closepage();
2311
2312 # -------------------------------------------------------------------
2313
2314 sub read_acls
2315 {
2316 if (-e "$acl_src_subnets") {
2317 open(FILE,"$acl_src_subnets");
2318 delete $proxysettings{'SRC_SUBNETS'};
2319 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2320 close(FILE);
2321 }
2322 if (-e "$acl_src_banned_ip") {
2323 open(FILE,"$acl_src_banned_ip");
2324 delete $proxysettings{'SRC_BANNED_IP'};
2325 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2326 close(FILE);
2327 }
2328 if (-e "$acl_src_banned_mac") {
2329 open(FILE,"$acl_src_banned_mac");
2330 delete $proxysettings{'SRC_BANNED_MAC'};
2331 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2332 close(FILE);
2333 }
2334 if (-e "$acl_src_unrestricted_ip") {
2335 open(FILE,"$acl_src_unrestricted_ip");
2336 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2337 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2338 close(FILE);
2339 }
2340 if (-e "$acl_src_unrestricted_mac") {
2341 open(FILE,"$acl_src_unrestricted_mac");
2342 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2343 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2344 close(FILE);
2345 }
2346 if (-e "$acl_dst_nocache") {
2347 open(FILE,"$acl_dst_nocache");
2348 delete $proxysettings{'DST_NOCACHE'};
2349 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2350 close(FILE);
2351 }
2352 if (-e "$acl_dst_noauth") {
2353 open(FILE,"$acl_dst_noauth");
2354 delete $proxysettings{'DST_NOAUTH'};
2355 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2356 close(FILE);
2357 }
2358 if (-e "$acl_dst_noproxy_ip") {
2359 open(FILE,"$acl_dst_noproxy_ip");
2360 delete $proxysettings{'DST_NOPROXY_IP'};
2361 while (<FILE>) { $proxysettings{'DST_NOPROXY_IP'} .= $_ };
2362 close(FILE);
2363 }
2364 if (-e "$acl_dst_noproxy_url") {
2365 open(FILE,"$acl_dst_noproxy_url");
2366 delete $proxysettings{'DST_NOPROXY_URL'};
2367 while (<FILE>) { $proxysettings{'DST_NOPROXY_URL'} .= $_ };
2368 close(FILE);
2369 }
2370 if (-e "$acl_ports_safe") {
2371 open(FILE,"$acl_ports_safe");
2372 delete $proxysettings{'PORTS_SAFE'};
2373 while (<FILE>) { $proxysettings{'PORTS_SAFE'} .= $_ };
2374 close(FILE);
2375 }
2376 if (-e "$acl_ports_ssl") {
2377 open(FILE,"$acl_ports_ssl");
2378 delete $proxysettings{'PORTS_SSL'};
2379 while (<FILE>) { $proxysettings{'PORTS_SSL'} .= $_ };
2380 close(FILE);
2381 }
2382 if (-e "$mimetypes") {
2383 open(FILE,"$mimetypes");
2384 delete $proxysettings{'MIME_TYPES'};
2385 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2386 close(FILE);
2387 }
2388 if (-e "$raddir/radauth.allowusers") {
2389 open(FILE,"$raddir/radauth.allowusers");
2390 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2391 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2392 close(FILE);
2393 }
2394 if (-e "$raddir/radauth.denyusers") {
2395 open(FILE,"$raddir/radauth.denyusers");
2396 delete $proxysettings{'RADIUS_DENY_USERS'};
2397 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2398 close(FILE);
2399 }
2400 if (-e "$identdir/identauth.allowusers") {
2401 open(FILE,"$identdir/identauth.allowusers");
2402 delete $proxysettings{'IDENT_ALLOW_USERS'};
2403 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2404 close(FILE);
2405 }
2406 if (-e "$identdir/identauth.denyusers") {
2407 open(FILE,"$identdir/identauth.denyusers");
2408 delete $proxysettings{'IDENT_DENY_USERS'};
2409 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2410 close(FILE);
2411 }
2412 if (-e "$identhosts") {
2413 open(FILE,"$identhosts");
2414 delete $proxysettings{'IDENT_HOSTS'};
2415 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2416 close(FILE);
2417 }
2418 if (-e "$cre_groups") {
2419 open(FILE,"$cre_groups");
2420 delete $proxysettings{'CRE_GROUPS'};
2421 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2422 close(FILE);
2423 }
2424 if (-e "$cre_svhosts") {
2425 open(FILE,"$cre_svhosts");
2426 delete $proxysettings{'CRE_SVHOSTS'};
2427 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2428 close(FILE);
2429 }
2430 }
2431
2432 # -------------------------------------------------------------------
2433
2434 sub check_acls
2435 {
2436 @temp = split(/\n/,$proxysettings{'PORTS_SAFE'});
2437 undef $proxysettings{'PORTS_SAFE'};
2438 foreach (@temp)
2439 {
2440 s/^\s+//g; s/\s+$//g;
2441 if ($_)
2442 {
2443 $line = $_;
2444 if (/^[^#]+\s+#\sSquids\sport/) { s/(^[^#]+)(\s+#\sSquids\sport)/$proxysettings{'PROXY_PORT'}\2/; $line=$_; }
2445 s/#.*//g; s/\s+//g;
2446 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2447 @templist = split(/-/);
2448 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2449 $proxysettings{'PORTS_SAFE'} .= $line."\n";
2450 }
2451 }
2452
2453 @temp = split(/\n/,$proxysettings{'PORTS_SSL'});
2454 undef $proxysettings{'PORTS_SSL'};
2455 foreach (@temp)
2456 {
2457 s/^\s+//g; s/\s+$//g;
2458 if ($_)
2459 {
2460 $line = $_;
2461 s/#.*//g; s/\s+//g;
2462 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2463 @templist = split(/-/);
2464 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2465 $proxysettings{'PORTS_SSL'} .= $line."\n";
2466 }
2467 }
2468
2469 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2470 undef $proxysettings{'DST_NOCACHE'};
2471 foreach (@temp)
2472 {
2473 s/^\s+//g;
2474 unless (/^#/) { s/\s+//g; }
2475 if ($_)
2476 {
2477 if (/^\./) { $_ = '*'.$_; }
2478 $proxysettings{'DST_NOCACHE'} .= $_."\n";
2479 }
2480 }
2481
2482 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2483 undef $proxysettings{'SRC_SUBNETS'};
2484 foreach (@temp)
2485 {
2486 s/^\s+//g; s/\s+$//g;
2487 if ($_)
2488 {
2489 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2490 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2491 }
2492 }
2493
2494 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2495 undef $proxysettings{'SRC_BANNED_IP'};
2496 foreach (@temp)
2497 {
2498 s/^\s+//g; s/\s+$//g;
2499 if ($_)
2500 {
2501 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2502 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2503 }
2504 }
2505
2506 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2507 undef $proxysettings{'SRC_BANNED_MAC'};
2508 foreach (@temp)
2509 {
2510 s/^\s+//g; s/\s+$//g; s/-/:/g;
2511 if ($_)
2512 {
2513 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2514 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2515 }
2516 }
2517
2518 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2519 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2520 foreach (@temp)
2521 {
2522 s/^\s+//g; s/\s+$//g;
2523 if ($_)
2524 {
2525 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2526 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2527 }
2528 }
2529
2530 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2531 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2532 foreach (@temp)
2533 {
2534 s/^\s+//g; s/\s+$//g; s/-/:/g;
2535 if ($_)
2536 {
2537 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2538 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2539 }
2540 }
2541
2542 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2543 undef $proxysettings{'DST_NOAUTH'};
2544 foreach (@temp)
2545 {
2546 s/^\s+//g;
2547 unless (/^#/) { s/\s+//g; }
2548 if ($_)
2549 {
2550 if (/^\./) { $_ = '*'.$_; }
2551 $proxysettings{'DST_NOAUTH'} .= $_."\n";
2552 }
2553 }
2554
2555 @temp = split(/\n/,$proxysettings{'DST_NOPROXY_IP'});
2556 undef $proxysettings{'DST_NOPROXY_IP'};
2557 foreach (@temp)
2558 {
2559 s/^\s+//g; s/\s+$//g;
2560 if ($_)
2561 {
2562 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg wpad invalid ip or mask'}; }
2563 $proxysettings{'DST_NOPROXY_IP'} .= $_."\n";
2564 }
2565 }
2566
2567 @temp = split(/\n/,$proxysettings{'DST_NOPROXY_URL'});
2568 undef $proxysettings{'DST_NOPROXY_URL'};
2569 foreach (@temp)
2570 {
2571 s/^\s+//g;
2572 unless (/^#/) { s/\s+//g; }
2573 if ($_)
2574 {
2575 if (/^\./) { $_ = '*'.$_; }
2576 $proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
2577 }
2578 }
2579
2580 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2581 {
2582 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2583 undef $proxysettings{'NTLM_ALLOW_USERS'};
2584 foreach (@temp)
2585 {
2586 s/^\s+//g; s/\s+$//g;
2587 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2588 }
2589 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2590 }
2591
2592 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2593 {
2594 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2595 undef $proxysettings{'NTLM_DENY_USERS'};
2596 foreach (@temp)
2597 {
2598 s/^\s+//g; s/\s+$//g;
2599 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2600 }
2601 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2602 }
2603
2604 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2605 {
2606 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2607 undef $proxysettings{'IDENT_ALLOW_USERS'};
2608 foreach (@temp)
2609 {
2610 s/^\s+//g; s/\s+$//g;
2611 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2612 }
2613 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2614 }
2615
2616 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2617 {
2618 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2619 undef $proxysettings{'IDENT_DENY_USERS'};
2620 foreach (@temp)
2621 {
2622 s/^\s+//g; s/\s+$//g;
2623 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2624 }
2625 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2626 }
2627
2628 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2629 {
2630 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2631 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2632 foreach (@temp)
2633 {
2634 s/^\s+//g; s/\s+$//g;
2635 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2636 }
2637 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2638 }
2639
2640 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2641 {
2642 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2643 undef $proxysettings{'RADIUS_DENY_USERS'};
2644 foreach (@temp)
2645 {
2646 s/^\s+//g; s/\s+$//g;
2647 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2648 }
2649 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2650 }
2651
2652 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2653 undef $proxysettings{'IDENT_HOSTS'};
2654 foreach (@temp)
2655 {
2656 s/^\s+//g; s/\s+$//g;
2657 if ($_)
2658 {
2659 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2660 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2661 }
2662 }
2663
2664 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2665 undef $proxysettings{'CRE_SVHOSTS'};
2666 foreach (@temp)
2667 {
2668 s/^\s+//g; s/\s+$//g;
2669 if ($_)
2670 {
2671 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2672 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2673 }
2674 }
2675 }
2676
2677 # -------------------------------------------------------------------
2678
2679 sub write_acls
2680 {
2681 open(FILE, ">$acl_src_subnets");
2682 flock(FILE, 2);
2683 if (!$proxysettings{'SRC_SUBNETS'})
2684 {
2685 print FILE "$green_cidr\n";
2686 if ($netsettings{'BLUE_DEV'})
2687 {
2688 print FILE "$blue_cidr\n";
2689 }
2690 } else { print FILE $proxysettings{'SRC_SUBNETS'}; }
2691 close(FILE);
2692
2693 open(FILE, ">$acl_src_banned_ip");
2694 flock(FILE, 2);
2695 print FILE $proxysettings{'SRC_BANNED_IP'};
2696 close(FILE);
2697
2698 open(FILE, ">$acl_src_banned_mac");
2699 flock(FILE, 2);
2700 print FILE $proxysettings{'SRC_BANNED_MAC'};
2701 close(FILE);
2702
2703 open(FILE, ">$acl_src_unrestricted_ip");
2704 flock(FILE, 2);
2705 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2706 close(FILE);
2707
2708 open(FILE, ">$acl_src_unrestricted_mac");
2709 flock(FILE, 2);
2710 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2711 close(FILE);
2712
2713 open(FILE, ">$acl_dst_noauth");
2714 flock(FILE, 2);
2715 print FILE $proxysettings{'DST_NOAUTH'};
2716 close(FILE);
2717
2718 open(FILE, ">$acl_dst_noproxy_ip");
2719 flock(FILE, 2);
2720 print FILE $proxysettings{'DST_NOPROXY_IP'};
2721 close(FILE);
2722
2723 open(FILE, ">$acl_dst_noproxy_url");
2724 flock(FILE, 2);
2725 print FILE $proxysettings{'DST_NOPROXY_URL'};
2726 close(FILE);
2727
2728 open(FILE, ">$acl_dst_noauth_net");
2729 close(FILE);
2730 open(FILE, ">$acl_dst_noauth_dom");
2731 close(FILE);
2732 open(FILE, ">$acl_dst_noauth_url");
2733 close(FILE);
2734
2735 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2736 foreach(@temp)
2737 {
2738 unless (/^#/)
2739 {
2740 if (/^\*\.\w/)
2741 {
2742 s/^\*//;
2743 open(FILE, ">>$acl_dst_noauth_dom");
2744 flock(FILE, 2);
2745 print FILE "$_\n";
2746 close(FILE);
2747 }
2748 elsif (&General::validipormask($_))
2749 {
2750 open(FILE, ">>$acl_dst_noauth_net");
2751 flock(FILE, 2);
2752 print FILE "$_\n";
2753 close(FILE);
2754 }
2755 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2756 {
2757 open(FILE, ">>$acl_dst_noauth_net");
2758 flock(FILE, 2);
2759 print FILE "$_\n";
2760 close(FILE);
2761 }
2762 else
2763 {
2764 open(FILE, ">>$acl_dst_noauth_url");
2765 flock(FILE, 2);
2766 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2767 close(FILE);
2768 }
2769 }
2770 }
2771
2772 open(FILE, ">$acl_dst_nocache");
2773 flock(FILE, 2);
2774 print FILE $proxysettings{'DST_NOCACHE'};
2775 close(FILE);
2776
2777 open(FILE, ">$acl_dst_nocache_net");
2778 close(FILE);
2779 open(FILE, ">$acl_dst_nocache_dom");
2780 close(FILE);
2781 open(FILE, ">$acl_dst_nocache_url");
2782 close(FILE);
2783
2784 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2785 foreach(@temp)
2786 {
2787 unless (/^#/)
2788 {
2789 if (/^\*\.\w/)
2790 {
2791 s/^\*//;
2792 open(FILE, ">>$acl_dst_nocache_dom");
2793 flock(FILE, 2);
2794 print FILE "$_\n";
2795 close(FILE);
2796 }
2797 elsif (&General::validipormask($_))
2798 {
2799 open(FILE, ">>$acl_dst_nocache_net");
2800 flock(FILE, 2);
2801 print FILE "$_\n";
2802 close(FILE);
2803 }
2804 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2805 {
2806 open(FILE, ">>$acl_dst_nocache_net");
2807 flock(FILE, 2);
2808 print FILE "$_\n";
2809 close(FILE);
2810 }
2811 else
2812 {
2813 open(FILE, ">>$acl_dst_nocache_url");
2814 flock(FILE, 2);
2815 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2816 close(FILE);
2817 }
2818 }
2819 }
2820
2821 open(FILE, ">$acl_ports_safe");
2822 flock(FILE, 2);
2823 if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; }
2824 close(FILE);
2825
2826 open(FILE, ">$acl_ports_ssl");
2827 flock(FILE, 2);
2828 if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; }
2829 close(FILE);
2830
2831 if (-s $throttled_urls)
2832 {
2833 open(URLFILE, $throttled_urls);
2834 @temp = <URLFILE>;
2835 close(URLFILE);
2836 foreach (@temp) { print FILE; }
2837 }
2838 close(FILE);
2839
2840 open(FILE, ">$mimetypes");
2841 flock(FILE, 2);
2842 print FILE $proxysettings{'MIME_TYPES'};
2843 close(FILE);
2844
2845 open(FILE, ">$raddir/radauth.allowusers");
2846 flock(FILE, 2);
2847 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2848 close(FILE);
2849
2850 open(FILE, ">$raddir/radauth.denyusers");
2851 flock(FILE, 2);
2852 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2853 close(FILE);
2854
2855 open(FILE, ">$identdir/identauth.allowusers");
2856 flock(FILE, 2);
2857 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2858 close(FILE);
2859
2860 open(FILE, ">$identdir/identauth.denyusers");
2861 flock(FILE, 2);
2862 print FILE $proxysettings{'IDENT_DENY_USERS'};
2863 close(FILE);
2864
2865 open(FILE, ">$identhosts");
2866 flock(FILE, 2);
2867 print FILE $proxysettings{'IDENT_HOSTS'};
2868 close(FILE);
2869
2870 open(FILE, ">$cre_groups");
2871 flock(FILE, 2);
2872 print FILE $proxysettings{'CRE_GROUPS'};
2873 close(FILE);
2874
2875 open(FILE, ">$cre_svhosts");
2876 flock(FILE, 2);
2877 print FILE $proxysettings{'CRE_SVHOSTS'};
2878 close(FILE);
2879 }
2880
2881 # -------------------------------------------------------------------
2882
2883 sub writepacfile
2884 {
2885 my %vpnconfig=();
2886 my %ovpnconfig=();
2887 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
2888 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig);
2889 open(FILE, ">/srv/web/ipfire/html/proxy.pac");
2890 flock(FILE, 2);
2891 print FILE "function FindProxyForURL(url, host)\n";
2892 print FILE "{\n";
2893 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2894 {
2895 print FILE <<END
2896 if (
2897 (isPlainHostName(host)) ||
2898 (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
2899 END
2900 ;
2901
2902 if ($netsettings{'GREEN_DEV'}) {
2903 print FILE " (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
2904 }
2905
2906 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
2907 print FILE " (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
2908 }
2909
2910 if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
2911 print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
2912 }
2913
2914 # Additional exceptions for URLs
2915 # The file has to be created by the user and should contain one entry per line
2916 # Line-Format: <URL incl. wildcards>
2917 # e.g. *.ipfire.org*
2918 if (-s "$acl_dst_noproxy_url") {
2919 undef @templist;
2920
2921 open(NOPROXY,"$acl_dst_noproxy_url");
2922 @templist = <NOPROXY>;
2923 close(NOPROXY);
2924 chomp (@templist);
2925
2926 foreach (@templist)
2927 {
2928 print FILE " (shExpMatch(url, \"$_\")) ||\n";
2929 }
2930 }
2931
2932 # Additional exceptions for Subnets
2933 # The file has to be created by the user and should contain one entry per line
2934 # Line-Format: <IP>/<SUBNET MASK>
2935 # e.g. 192.168.0.0/255.255.255.0
2936 if (-s "$acl_dst_noproxy_ip") {
2937 undef @templist;
2938
2939 open(NOPROXY,"$acl_dst_noproxy_ip");
2940 @templist = <NOPROXY>;
2941 close(NOPROXY);
2942 chomp (@templist);
2943
2944 foreach (@templist)
2945 {
2946 @temp = split(/\//);
2947 print FILE " (isInNet(host, \"$temp[0]\", \"$temp[1]\")) ||\n";
2948 }
2949 }
2950
2951 foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
2952 if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {
2953 my @networks = split(/\|/, $vpnconfig{$key}[11]);
2954 foreach my $network (@networks) {
2955 my ($vpnip, $vpnsub) = split("/", $network);
2956 $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
2957 print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
2958 }
2959 }
2960 }
2961
2962 foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
2963 if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {
2964 my @networks = split(/\|/, $ovpnconfig{$key}[11]);
2965 foreach my $network (@networks) {
2966 my ($vpnip, $vpnsub) = split("/", $network);
2967 print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
2968 }
2969 }
2970 }
2971
2972 print FILE <<END
2973 (isInNet(host, "169.254.0.0", "255.255.0.0"))
2974 )
2975 return "DIRECT";
2976
2977 else
2978
2979 END
2980 ;
2981 if ($proxysettings{'ENABLE'} eq 'on')
2982 {
2983 print FILE "if (\n";
2984 print FILE " (isInNet(myIpAddress(), \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\"))";
2985
2986 undef @templist;
2987 if (-e "$acl_src_subnets") {
2988 open(SUBNETS,"$acl_src_subnets");
2989 @templist = <SUBNETS>;
2990 close(SUBNETS);
2991 }
2992
2993 foreach (@templist)
2994 {
2995 @temp = split(/\//);
2996 if (
2997 ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
2998 ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
2999 )
3000 {
3001 chomp $temp[1];
3002 print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
3003 }
3004 }
3005
3006 print FILE "\n";
3007
3008 print FILE <<END
3009 )
3010 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3011 END
3012 ;
3013 }
3014 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
3015 {
3016 print FILE "\n else\n\n";
3017 }
3018 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
3019 {
3020 print FILE <<END
3021 if (
3022 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
3023 )
3024 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3025 END
3026 ;
3027 }
3028 }
3029 print FILE "}\n";
3030 close(FILE);
3031 }
3032
3033 # -------------------------------------------------------------------
3034
3035 sub writeconfig
3036 {
3037 my $authrealm;
3038 my $delaypools;
3039
3040 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
3041 $proxysettings{'THROTTLING_GREEN_HOST'} +
3042 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
3043 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
3044 {
3045 $delaypools = 1; } else { $delaypools = 0;
3046 }
3047
3048 if ($proxysettings{'AUTH_REALM'} eq '')
3049 {
3050 $authrealm = "IPFire Advanced Proxy Server";
3051 } else {
3052 $authrealm = $proxysettings{'AUTH_REALM'};
3053 }
3054
3055 $_ = $proxysettings{'UPSTREAM_PROXY'};
3056 my ($remotehost, $remoteport) = split(/:/,$_);
3057
3058 if ($remoteport eq '') { $remoteport = 80; }
3059
3060 open(FILE, ">${General::swroot}/proxy/squid.conf");
3061 flock(FILE, 2);
3062 print FILE <<END
3063 # Do not modify '${General::swroot}/proxy/squid.conf' directly since any changes
3064 # you make will be overwritten whenever you resave proxy settings using the
3065 # web interface!
3066 #
3067 # Instead, modify the file '$acl_include' and
3068 # then restart the proxy service using the web interface. Changes made to the
3069 # 'include.acl' file will propagate to the 'squid.conf' file at that time.
3070
3071 shutdown_lifetime 5 seconds
3072 icp_port 0
3073
3074 END
3075 ;
3076
3077 # Include file with user defined settings.
3078 if (-e "/etc/squid/squid.conf.pre.local") {
3079 print FILE "include /etc/squid/squid.conf.pre.local\n\n";
3080 }
3081
3082 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3083 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3084 print FILE "\n";
3085
3086 if ($proxysettings{'TRANSPARENT'} eq 'on') {
3087 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3088 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3089 print FILE "\n";
3090 }
3091
3092 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3093 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3094 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3095 print FILE "\n";
3096
3097 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
3098 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3099 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3100 print FILE "\n";
3101 }
3102 }
3103
3104 if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0))
3105 {
3106 print FILE "\n";
3107
3108 if (!-z $acl_dst_nocache_dom) {
3109 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
3110 print FILE "cache deny no_cache_domains\n";
3111 }
3112 if (!-z $acl_dst_nocache_net) {
3113 print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
3114 print FILE "cache deny no_cache_ipaddr\n";
3115 }
3116 if (!-z $acl_dst_nocache_url) {
3117 print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
3118 print FILE "cache deny no_cache_hosts\n";
3119 }
3120 }
3121
3122 print FILE <<END
3123
3124 cache_effective_user squid
3125 umask 022
3126
3127 pid_filename /var/run/squid.pid
3128
3129 cache_mem $proxysettings{'CACHE_MEM'} MB
3130 END
3131 ;
3132 print FILE "error_directory $errordir/$proxysettings{'ERR_LANGUAGE'}\n\n";
3133
3134 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
3135 if ($proxysettings{'CACHE_DIGESTS'} eq 'on') { print FILE "digest_generation on\n\n"; } else { print FILE "digest_generation off\n\n"; }
3136
3137 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
3138 {
3139 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
3140 {
3141 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
3142 }
3143 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
3144 {
3145 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
3146 }
3147 print FILE "\n";
3148 }
3149
3150 open (PORTS,"$acl_ports_ssl");
3151 my @ssl_ports = <PORTS>;
3152 close PORTS;
3153
3154 if (@ssl_ports) {
3155 foreach (@ssl_ports) {
3156 print FILE "acl SSL_ports port $_";
3157 }
3158 }
3159
3160 open (PORTS,"$acl_ports_safe");
3161 my @safe_ports = <PORTS>;
3162 close PORTS;
3163
3164 if (@safe_ports) {
3165 foreach (@safe_ports) {
3166 print FILE "acl Safe_ports port $_";
3167 }
3168 }
3169
3170 print FILE <<END
3171
3172 acl IPFire_http port $http_port
3173 acl IPFire_https port $https_port
3174 acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
3175 acl IPFire_networks src "$acl_src_subnets"
3176 acl IPFire_servers dst "$acl_src_subnets"
3177 acl IPFire_green_network src $green_cidr
3178 acl IPFire_green_servers dst $green_cidr
3179 END
3180 ;
3181 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
3182 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
3183 if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
3184 if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
3185 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
3186 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
3187 print FILE <<END
3188 acl CONNECT method CONNECT
3189 END
3190 ;
3191
3192 if ($proxysettings{'CACHE_SIZE'} > 0) {
3193 print FILE <<END
3194 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3195 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3196
3197 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
3198 END
3199 ;
3200 } else {
3201 if ($proxysettings{'CACHE_MEM'} > 0) {
3202 # always 2% of CACHE_MEM defined as max object size
3203 print FILE "maximum_object_size_in_memory " . int($proxysettings{'CACHE_MEM'} * 1024 * 0.02) . " KB\n\n";
3204 } else {
3205 print FILE "cache deny all\n\n";
3206 }
3207 }
3208
3209 print FILE <<END
3210 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3211 END
3212 ;
3213
3214 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3215 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
3216 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
3217 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3218 {
3219 if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
3220 }
3221 }
3222
3223 if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
3224 {
3225 print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
3226 }
3227
3228 if ($proxysettings{'LOGGING'} eq 'on')
3229 {
3230 print FILE <<END
3231 access_log stdio:/var/log/squid/access.log
3232 cache_log /var/log/squid/cache.log
3233 cache_store_log none
3234 END
3235 ;
3236 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "access_log stdio:\/var\/log\/squid\/user_agent.log useragent\n"; }
3237 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
3238 } else {
3239 print FILE <<END
3240 access_log /dev/null
3241 cache_log /dev/null
3242 cache_store_log none
3243 END
3244 ;}
3245 print FILE <<END
3246
3247 log_mime_hdrs off
3248 END
3249 ;
3250
3251 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
3252 {
3253 print FILE "forwarded_for on\n";
3254 } else {
3255 print FILE "forwarded_for off\n";
3256 }
3257 if ($proxysettings{'FORWARD_VIA'} eq 'on')
3258 {
3259 print FILE "via on\n";
3260 } else {
3261 print FILE "via off\n";
3262 }
3263 print FILE "\n";
3264
3265 # If we use authentication, users must always authenticate
3266 unless ($proxysettings{"AUTH_METHOD"} eq "") {
3267 print FILE "authenticate_ip_ttl 0\n\n";
3268 }
3269
3270 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3271 {
3272 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3273 {
3274 print FILE "auth_param basic program $authdir/basic_ncsa_auth $userdb\n";
3275 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3276 print FILE "auth_param basic realm $authrealm\n";
3277 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3278 }
3279
3280 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
3281 {
3282 print FILE "auth_param basic utf8 on\n";
3283 print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
3284 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
3285 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
3286 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
3287 {
3288 if ($proxysettings{'LDAP_GROUP'} eq '')
3289 {
3290 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
3291 } else {
3292 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3293 }
3294 print FILE " -u sAMAccountName -P";
3295 }
3296 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
3297 {
3298 if ($proxysettings{'LDAP_GROUP'} eq '')
3299 {
3300 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
3301 } else {
3302 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
3303 }
3304 print FILE " -u cn -P";
3305 }
3306 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
3307 {
3308 if ($proxysettings{'LDAP_GROUP'} eq '')
3309 {
3310 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
3311 } else {
3312 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3313 }
3314 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
3315 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
3316 print FILE " -u uid -P";
3317 }
3318 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
3319 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3320 print FILE "auth_param basic realm $authrealm\n";
3321 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3322 }
3323
3324 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
3325 {
3326 print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp";
3327 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3328 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3329 $ntlm_auth_group =~ s/\\/\+/;
3330
3331 print FILE " --require-membership-of=$ntlm_auth_group";
3332 }
3333 print FILE "\n";
3334
3335 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
3336 print FILE "auth_param ntlm credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
3337
3338 # BASIC authentication
3339 if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
3340 print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic";
3341 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3342 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3343 $ntlm_auth_group =~ s/\\/\+/;
3344
3345 print FILE " --require-membership-of=$ntlm_auth_group";
3346 }
3347 print FILE "\n";
3348 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3349 print FILE "auth_param basic realm $authrealm\n";
3350 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
3351 }
3352 }
3353
3354 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
3355 {
3356 print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
3357 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
3358 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
3359 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3360 print FILE "auth_param basic realm $authrealm\n";
3361 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3362 }
3363
3364 print FILE "\n";
3365 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
3366 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3367 {
3368 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
3369 {
3370 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
3371 }
3372 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
3373 {
3374 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
3375 }
3376 }
3377 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3378 {
3379 print FILE "\n";
3380 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
3381 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
3382 }
3383 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
3384 print FILE "\n";
3385
3386 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3387 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3388 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3389 print FILE "\n";
3390
3391 }
3392
3393 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3394 {
3395 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
3396 {
3397 print FILE "acl for_inetusers ident REQUIRED\n";
3398 }
3399 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
3400 {
3401 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
3402 {
3403 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
3404 }
3405 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
3406 {
3407 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
3408 }
3409 }
3410 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3411 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3412 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3413 print FILE "\n";
3414 }
3415
3416 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
3417
3418 print FILE "acl within_timeframe time ";
3419 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
3420 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
3421 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
3422 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
3423 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
3424 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
3425 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
3426 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
3427 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
3428 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
3429 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
3430
3431 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3432 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
3433 }
3434
3435 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
3436 print FILE <<END
3437
3438 #Classroom extensions
3439 acl IPFire_no_access_ips src "$acl_src_noaccess_ip"
3440 acl IPFire_no_access_mac arp "$acl_src_noaccess_mac"
3441 END
3442 ;
3443 print FILE "deny_info ";
3444 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3445 {
3446 print FILE "ERR_ACCESS_DISABLED";
3447 } else {
3448 print FILE "ERR_ACCESS_DENIED";
3449 }
3450 print FILE " IPFire_no_access_ips\n";
3451 print FILE "deny_info ";
3452 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3453 {
3454 print FILE "ERR_ACCESS_DISABLED";
3455 } else {
3456 print FILE "ERR_ACCESS_DENIED";
3457 }
3458 print FILE " IPFire_no_access_mac\n";
3459
3460 print FILE <<END
3461 http_access deny IPFire_no_access_ips
3462 http_access deny IPFire_no_access_mac
3463 END
3464 ;
3465 }
3466
3467 #Insert acl file and replace __VAR__ with correct values
3468 my $blue_net = ''; #BLUE empty by default
3469 my $blue_ip = '';
3470 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3471 $blue_net = "$blue_cidr";
3472 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
3473 }
3474 if (!-z $acl_include)
3475 {
3476 open (ACL, "$acl_include");
3477 print FILE "\n#Start of custom includes\n\n";
3478 while (<ACL>) {
3479 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
3480 $_ =~ s/__GREEN_NET__/$green_cidr/;
3481 $_ =~ s/__BLUE_IP__/$blue_ip/;
3482 $_ =~ s/__BLUE_NET__/$blue_net/;
3483 $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
3484 print FILE $_;
3485 }
3486 print FILE "\n#End of custom includes\n";
3487 close (ACL);
3488 }
3489 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
3490
3491 # Check if squidclamav is enabled.
3492 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3493 print FILE "\n#Settings for squidclamav:\n";
3494 print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
3495 print FILE "acl purge method PURGE\n";
3496 print FILE "http_access deny to_localhost\n";
3497 print FILE "http_access allow localhost\n";
3498 print FILE "http_access allow purge localhost\n";
3499 print FILE "http_access deny purge\n";
3500 print FILE "url_rewrite_access deny localhost\n";
3501 }
3502 print FILE <<END;
3503
3504 #Access to squid:
3505 #local machine, no restriction
3506 http_access allow localhost
3507
3508 #GUI admin if local machine connects
3509 http_access allow IPFire_ips IPFire_networks IPFire_http
3510 http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
3511
3512 #Deny not web services
3513 END
3514
3515 if (@safe_ports) {
3516 print FILE "http_access deny !Safe_ports\n";
3517 }
3518
3519 if (@ssl_ports) {
3520 print FILE "http_access deny CONNECT !SSL_ports\n";
3521 }
3522
3523 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3524 {
3525 print FILE "#Set ident ACLs\n";
3526 if (!-z $identhosts)
3527 {
3528 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3529 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3530 print FILE "ident_lookup_access deny all\n";
3531 } else {
3532 print FILE "ident_lookup_access allow all\n";
3533 }
3534 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3535 }
3536
3537 if ($delaypools) {
3538 print FILE "#Set download throttling\n";
3539
3540 if ($netsettings{'BLUE_DEV'})
3541 {
3542 print FILE "delay_pools 2\n";
3543 } else {
3544 print FILE "delay_pools 1\n";
3545 }
3546
3547 print FILE "delay_class 1 3\n";
3548 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3549
3550 print FILE "delay_parameters 1 ";
3551 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3552 {
3553 print FILE "-1/-1";
3554 } else {
3555 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3556 print FILE "/";
3557 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3558 }
3559
3560 print FILE " -1/-1 ";
3561 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3562 {
3563 print FILE "-1/-1";
3564 } else {
3565 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3566 print FILE "/";
3567 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3568 }
3569 print FILE "\n";
3570
3571 if ($netsettings{'BLUE_DEV'})
3572 {
3573 print FILE "delay_parameters 2 ";
3574 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3575 {
3576 print FILE "-1/-1";
3577 } else {
3578 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3579 print FILE "/";
3580 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3581 }
3582 print FILE " -1/-1 ";
3583 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3584 {
3585 print FILE "-1/-1";
3586 } else {
3587 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3588 print FILE "/";
3589 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3590 }
3591 print FILE "\n";
3592 }
3593
3594 print FILE "delay_access 1 deny IPFire_ips\n";
3595 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPFire_unrestricted_ips\n"; }
3596 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPFire_unrestricted_mac\n"; }
3597 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3598
3599 if ($netsettings{'BLUE_DEV'})
3600 {
3601 print FILE "delay_access 1 allow IPFire_green_network";
3602 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3603 print FILE "\n";
3604 print FILE "delay_access 1 deny all\n";
3605 } else {
3606 print FILE "delay_access 1 allow all";
3607 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3608 print FILE "\n";
3609 }
3610
3611 if ($netsettings{'BLUE_DEV'})
3612 {
3613 print FILE "delay_access 2 deny IPFire_ips\n";
3614 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPFire_unrestricted_ips\n"; }
3615 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPFire_unrestricted_mac\n"; }
3616 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3617 print FILE "delay_access 2 allow IPFire_blue_network";
3618 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3619 print FILE "\n";
3620 print FILE "delay_access 2 deny all\n";
3621 }
3622
3623 print FILE "delay_initial_bucket_level 100\n";
3624 print FILE "\n";
3625 }
3626
3627 if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
3628 {
3629 print FILE "#Prevent internal proxy access to Green except IPFire itself\n";
3630 print FILE "http_access deny IPFire_green_servers !IPFire_ips !IPFire_green_network\n\n";
3631 }
3632
3633 if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
3634 {
3635 print FILE "#Prevent internal proxy access from Blue except IPFire itself\n";
3636 print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
3637 print FILE "http_access deny IPFire_blue_network !IPFire_ips IPFire_servers\n\n";
3638 }
3639
3640 print FILE <<END
3641 #Set custom configured ACLs
3642 END
3643 ;
3644 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPFire_banned_ips\n"; }
3645 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPFire_banned_mac\n"; }
3646
3647 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3648 {
3649 if (!-z $acl_src_unrestricted_ip)
3650 {
3651 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_ips to_ipaddr_without_auth\n"; }
3652 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_ips to_domains_without_auth\n"; }
3653 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_ips to_hosts_without_auth\n"; }
3654 }
3655 if (!-z $acl_src_unrestricted_mac)
3656 {
3657 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_mac to_ipaddr_without_auth\n"; }
3658 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_mac to_domains_without_auth\n"; }
3659 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_mac to_hosts_without_auth\n"; }
3660 }
3661 if (!-z $acl_dst_noauth_net)
3662 {
3663 print FILE "http_access allow IPFire_networks";
3664 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3665 print FILE " !within_timeframe";
3666 } else {
3667 print FILE " within_timeframe"; }
3668 print FILE " to_ipaddr_without_auth\n";
3669 }
3670 if (!-z $acl_dst_noauth_dom)
3671 {
3672 print FILE "http_access allow IPFire_networks";
3673 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3674 print FILE " !within_timeframe";
3675 } else {
3676 print FILE " within_timeframe"; }
3677 print FILE " to_domains_without_auth\n";
3678 }
3679 if (!-z $acl_dst_noauth_url)
3680 {
3681 print FILE "http_access allow IPFire_networks";
3682 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3683 print FILE " !within_timeframe";
3684 } else {
3685 print FILE " within_timeframe"; }
3686 print FILE " to_hosts_without_auth\n";
3687 }
3688 }
3689
3690 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3691 {
3692 print FILE "http_access deny !for_inetusers";
3693 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3694 print FILE "\n";
3695 }
3696
3697 if (
3698 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3699 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3700 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3701 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3702 (!-z "$identdir/identauth.denyusers")
3703 )
3704 {
3705 print FILE "http_access deny for_acl_users";
3706 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3707 print FILE "\n";
3708 }
3709
3710 if (!-z $acl_src_unrestricted_ip)
3711 {
3712 print FILE "http_access allow IPFire_unrestricted_ips";
3713 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3714 {
3715 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3716 {
3717 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3718 }
3719 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3720 {
3721 print FILE " for_inetusers";
3722 }
3723 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3724 {
3725 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3726 {
3727 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3728 {
3729 print FILE " for_acl_users";
3730 }
3731 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3732 {
3733 print FILE " !for_acl_users";
3734 }
3735 } else { print FILE " for_inetusers"; }
3736 }
3737 }
3738 print FILE "\n";
3739 }
3740
3741 if (!-z $acl_src_unrestricted_mac)
3742 {
3743 print FILE "http_access allow IPFire_unrestricted_mac";
3744 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3745 {
3746 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3747 {
3748 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3749 }
3750 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3751 {
3752 print FILE " for_inetusers";
3753 }
3754 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3755 {
3756 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3757 {
3758 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3759 {
3760 print FILE " for_acl_users";
3761 }
3762 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3763 {
3764 print FILE " !for_acl_users";
3765 }
3766 } else { print FILE " for_inetusers"; }
3767 }
3768 }
3769 print FILE "\n";
3770 }
3771
3772 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3773 {
3774 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3775 if (!-z $extgrp) { print FILE "http_access allow IPFire_networks for_extended_users\n"; }
3776 }
3777
3778 if (
3779 (
3780 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3781 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3782 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3783 (!-z "$raddir/radauth.denyusers")
3784 )
3785 ||
3786 (
3787 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3788 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3789 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3790 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3791 (!-z "$identdir/identauth.denyusers")
3792 )
3793 )
3794 {
3795 print FILE "http_access deny for_acl_users";
3796 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3797 print FILE "\n";
3798 }
3799
3800 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3801 {
3802 print FILE "http_access allow";
3803 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3804 print FILE " !within_timeframe";
3805 } else {
3806 print FILE " within_timeframe"; }
3807 print FILE " !on_ident_aware_hosts\n";
3808 }
3809
3810 print FILE "http_access allow IPFire_networks";
3811 if (
3812 (
3813 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3814 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3815 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3816 (!-z "$raddir/radauth.allowusers")
3817 )
3818 ||
3819 (
3820 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3821 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3822 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3823 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3824 (!-z "$identdir/identauth.allowusers")
3825 )
3826 )
3827 {
3828 print FILE " for_acl_users";
3829 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3830 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3831 print FILE " for_inetusers";
3832 }
3833 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3834 {
3835 print FILE " !concurrent";
3836 }
3837 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3838 print FILE " !within_timeframe";
3839 } else {
3840 print FILE " within_timeframe"; }
3841 print FILE "\n";
3842
3843 print FILE "http_access deny all\n\n";
3844
3845 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3846 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3847 {
3848 print FILE "#Strip HTTP Header\n";
3849
3850 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3851 {
3852 print FILE "request_header_access X-Forwarded-For deny all\n";
3853 print FILE "reply_header_access X-Forwarded-For deny all\n";
3854 }
3855 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3856 {
3857 print FILE "request_header_access Via deny all\n";
3858 print FILE "reply_header_access Via deny all\n";
3859 }
3860 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3861 {
3862 print FILE "request_header_access User-Agent deny all\n";
3863 print FILE "reply_header_access User-Agent deny all\n";
3864 }
3865 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3866 {
3867 print FILE "request_header_access Referer deny all\n";
3868 print FILE "reply_header_access Referer deny all\n";
3869 }
3870
3871 print FILE "\n";
3872
3873 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3874 {
3875 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3876 {
3877 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3878 }
3879 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3880 {
3881 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3882 }
3883 print FILE "\n";
3884 }
3885 }
3886
3887 if ($proxysettings{'SUPPRESS_VERSION'} eq 'on') { print FILE "httpd_suppress_version_string on\n\n" }
3888
3889 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3890 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPFire_unrestricted_ips\n"; }
3891 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPFire_unrestricted_mac\n"; }
3892 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3893 {
3894 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3895 }
3896 print FILE "http_reply_access deny blocked_mimetypes\n";
3897 print FILE "http_reply_access allow all\n\n";
3898 }
3899
3900 print FILE "visible_hostname";
3901 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3902 {
3903 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3904 } else {
3905 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3906 }
3907
3908 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
3909 if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
3910 print FILE "\n";
3911
3912 print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
3913
3914 # Write the parent proxy info, if needed.
3915 if ($remotehost ne '')
3916 {
3917 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3918
3919 # Enter authentication for the parent cache. Option format is
3920 # login=user:password ($proxy1='YES')
3921 # login=PASS ($proxy1='PASS')
3922 # login=*:password ($proxysettings{'FORWARD_USERNAME'} eq 'on')
3923 if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS'))
3924 {
3925 print FILE " login=$proxysettings{'UPSTREAM_USER'}";
3926 if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; }
3927 }
3928 elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3929
3930 print FILE "\nalways_direct allow IPFire_ips\n";
3931 print FILE "never_direct allow all\n\n";
3932 }
3933 if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
3934 {
3935 print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
3936 print FILE "url_rewrite_children ", &General::number_cpu_cores();
3937 print FILE " startup=", &General::number_cpu_cores();
3938 print FILE " idle=", &General::number_cpu_cores();
3939 print FILE " queue-size=", &General::number_cpu_cores() * 32, "\n\n";
3940 }
3941
3942 # Include file with user defined settings.
3943 if (-e "/etc/squid/squid.conf.local") {
3944 print FILE "include /etc/squid/squid.conf.local\n";
3945 }
3946 close FILE;
3947
3948 # Proxy settings for squidclamav - if installed.
3949 #
3950 # Check if squidclamav is enabled.
3951 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3952
3953 my $configfile='/etc/squidclamav.conf';
3954
3955 my $data = &General::read_file_utf8($configfile);
3956 $data =~ s/squid_port [0-9]+/squid_port $proxysettings{'PROXY_PORT'}/g;
3957 &General::write_file_utf8($configfile, $data);
3958 }
3959 }
3960
3961 # -------------------------------------------------------------------
3962
3963 sub adduser
3964 {
3965 my ($str_user, $str_pass, $str_group) = @_;
3966 my @groupmembers=();
3967
3968 if ($str_pass eq 'lEaVeAlOnE')
3969 {
3970 open(FILE, "$userdb");
3971 @groupmembers = <FILE>;
3972 close(FILE);
3973 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3974 &deluser($str_user);
3975 open(FILE, ">>$userdb");
3976 flock FILE,2;
3977 print FILE "$str_user$str_pass";
3978 close(FILE);
3979 } else {
3980 &deluser($str_user);
3981
3982 my %htpasswd_options = (
3983 passwdFile => "$userdb",
3984 UseMD5 => 1,
3985 );
3986
3987 my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);
3988
3989 $htpasswd->htpasswd($str_user, $str_pass);
3990 }
3991
3992 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3993 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3994 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3995 flock FILE, 2;
3996 print FILE "$str_user\n";
3997 close(FILE);
3998
3999 return;
4000 }
4001
4002 # -------------------------------------------------------------------
4003
4004 sub deluser
4005 {
4006 my ($str_user) = @_;
4007 my $groupfile='';
4008 my @groupmembers=();
4009 my @templist=();
4010
4011 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
4012 {
4013 undef @templist;
4014 open(FILE, "$groupfile");
4015 @groupmembers = <FILE>;
4016 close(FILE);
4017 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
4018 open(FILE, ">$groupfile");
4019 flock FILE, 2;
4020 print FILE @templist;
4021 close(FILE);
4022 }
4023
4024 undef @templist;
4025 open(FILE, "$userdb");
4026 @groupmembers = <FILE>;
4027 close(FILE);
4028 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
4029 open(FILE, ">$userdb");
4030 flock FILE, 2;
4031 print FILE @templist;
4032 close(FILE);
4033
4034 return;
4035 }
4036
4037 # -------------------------------------------------------------------
4038
4039 sub writecachemgr
4040 {
4041 open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
4042 flock(FILE, 2);
4043 print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
4044 print FILE "localhost";
4045 close(FILE);
4046 return;
4047 }
4048
4049 # -------------------------------------------------------------------
IPFire 2.x development tree