X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=55d7ec9e82aead0b8bd2ac3ac0242385fb2eb3f4;hb=20c5535cf791d06c2ef2a0b49e6073fab182e810;hp=dc46ca56aeebb8310f8bbd3afded04a9e4c679d2;hpb=70df830214c97a68fcb7e89ae0d7df58c35590be;p=people%2Fpmueller%2Fipfire-2.x.git
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index dc46ca56ae..55d7ec9e82 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2009 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -18,6 +18,13 @@
# along with this program. If not, see . #
# #
###############################################################################
+#
+# (c) 2004-2009 marco.s - http://www.advproxy.net
+#
+# This code is distributed under the terms of the GPL
+#
+# $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $
+#
use strict;
@@ -102,7 +109,7 @@ my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
my $identhosts = "$identdir/hosts";
-my $authdir = "/usr/lib/squid/auth";
+my $authdir = "/usr/lib/squid/";
my $errordir = "/usr/lib/squid/errors";
my $acl_src_subnets = "$acldir/src_subnets.acl";
@@ -112,8 +119,14 @@ my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
-my $acl_dst_nocache = "$acldir/dst_nocache.acl";
my $acl_dst_noauth = "$acldir/dst_noauth.acl";
+my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
+my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
+my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
+my $acl_dst_nocache = "$acldir/dst_nocache.acl";
+my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
+my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
+my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
my $acl_dst_throttle = "$acldir/dst_throttle.acl";
my $acl_ports_safe = "$acldir/ports_safe.acl";
my $acl_ports_ssl = "$acldir/ports_ssl.acl";
@@ -144,8 +157,14 @@ unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip")
unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
-unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
-unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
+unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
+unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
+unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
+unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
+unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
+unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
+unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
+unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); }
@@ -161,14 +180,10 @@ close(FILE);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-$filtersettings{'CHILDREN'} = '5';
-if (-e "${General::swroot}/urlfilter/settings") {
- &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
-}
-
-$xlratorsettings{'CHILDREN'} = '5';
-if (-e "${General::swroot}/updatexlrator/settings") {
- &General::readhash("${General::swroot}/updatexlrator/settings", \%xlratorsettings);
+my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
+my $blue_cidr = "# Blue not defined";
+if ($netsettings{'BLUE_DEV'}) {
+ $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
}
&Header::showhttpheaders();
@@ -183,6 +198,7 @@ $proxysettings{'TRANSPARENT_BLUE'} = 'off';
$proxysettings{'PROXY_PORT'} = '800';
$proxysettings{'VISIBLE_HOSTNAME'} = '';
$proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
+$proxysettings{'ADMIN_PASSWORD'} = '';
$proxysettings{'ERR_LANGUAGE'} = 'German';
$proxysettings{'ERR_DESIGN'} = 'ipfire';
$proxysettings{'SUPPRESS_VERSION'} = 'off';
@@ -194,8 +210,10 @@ $proxysettings{'UPSTREAM_PROXY'} = '';
$proxysettings{'UPSTREAM_USER'} = '';
$proxysettings{'UPSTREAM_PASSWORD'} = '';
$proxysettings{'LOGGING'} = 'off';
+$proxysettings{'CACHEMGR'} = 'off';
$proxysettings{'LOGQUERY'} = 'off';
$proxysettings{'LOGUSERAGENT'} = 'off';
+$proxysettings{'FILEDESCRIPTORS'} = '4096';
$proxysettings{'CACHE_MEM'} = '2';
$proxysettings{'CACHE_SIZE'} = '50';
$proxysettings{'MAX_SIZE'} = '4096';
@@ -262,6 +280,8 @@ $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
$proxysettings{'IDENT_USER_ACL'} = 'positive';
$proxysettings{'ENABLE_FILTER'} = 'off';
$proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
+$proxysettings{'ENABLE_CLAMAV'} = 'off';
+$proxysettings{'CHILDREN'} = '10';
$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
@@ -320,15 +340,15 @@ if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
$proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
}
-if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
-{
- if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
- $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
- $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
+if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
+{
+ if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
+ $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
+ $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
$proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
$errormessage = $Lang::tr{'invalid input'};
goto ERROR;
- }
+ }
if (!(&General::validport($proxysettings{'PROXY_PORT'})))
{
$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
@@ -337,7 +357,16 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
($proxysettings{'CACHE_SIZE'} < 10))
{
- $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
+ if (!($proxysettings{'CACHE_SIZE'} eq '0'))
+ {
+ $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
+ goto ERROR;
+ }
+ }
+ if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
+ ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 16384))
+ {
+ $errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
goto ERROR;
}
if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
@@ -345,7 +374,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
{
$errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
goto ERROR;
- }
+ }
my @free = `/usr/bin/free`;
$free[1] =~ m/(\d+)/;
$cachemem = int $1 / 2048;
@@ -376,6 +405,11 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
{
$errormessage = $Lang::tr{'invalid maximum incoming size'};
goto ERROR;
+ }
+ if (!($proxysettings{'CHILDREN'} =~ /^\d+$/) || ($proxysettings{'CHILDREN'} < 1))
+ {
+ $errormessage = $Lang::tr{'advproxy invalid num of children'};
+ goto ERROR;
}
if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
{
@@ -415,8 +449,8 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
}
}
}
- if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
- ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
+ if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
+ ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
{
$errormessage = $Lang::tr{'advproxy errmsg max userip'};
goto ERROR;
@@ -506,6 +540,10 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
$errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
goto ERROR;
}
+
+ $proxysettings{'NTLM_DOMAIN'} = lc($proxysettings{'NTLM_DOMAIN'});
+ $proxysettings{'NTLM_PDC'} = lc($proxysettings{'NTLM_PDC'});
+ $proxysettings{'NTLM_BDC'} = lc($proxysettings{'NTLM_BDC'});
}
if ($proxysettings{'AUTH_METHOD'} eq 'radius')
{
@@ -591,13 +629,19 @@ ERROR:
if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
$stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
+ $stdproxysettings{'UPSTREAM_PROXY'} = $proxysettings{'UPSTREAM_PROXY'};
+ $stdproxysettings{'UPSTREAM_USER'} = $proxysettings{'UPSTREAM_USER'};
+ $stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
$stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
$stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
+ $stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
&General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
&writeconfig;
&writepacfile;
+ if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
+
system ('/usr/local/bin/squidctrl', 'disable');
unlink "${General::swroot}/proxy/enable";
unlink "${General::swroot}/proxy/transparent";
@@ -607,16 +651,17 @@ ERROR:
if ($proxysettings{'ENABLE'} eq 'on') {
system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
system ('/usr/local/bin/squidctrl', 'enable'); }
- if ($proxysettings{'TRANSPARENT'} eq 'on') {
+ if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
system ('/usr/local/bin/squidctrl', 'enable'); }
- if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
+ if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
- }
+ if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
+ }
}
if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
@@ -677,6 +722,9 @@ $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
$checked{'LOGGING'}{'off'} = '';
$checked{'LOGGING'}{'on'} = '';
$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
+$checked{'CACHEMGR'}{'off'} = '';
+$checked{'CACHEMGR'}{'on'} = '';
+$checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
$checked{'LOGQUERY'}{'off'} = '';
$checked{'LOGQUERY'}{'on'} = '';
$checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
@@ -828,6 +876,10 @@ $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
$checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
$checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
+$checked{'ENABLE_CLAMAV'}{'off'} = '';
+$checked{'ENABLE_CLAMAV'}{'on'} = '';
+$checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
+
&Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -884,8 +936,7 @@ if ($netsettings{'BLUE_DEV'}) {
print "
| ";
}
print <$Lang::tr{'advproxy admin mail'}:
- |
+ |
END
@@ -930,10 +981,34 @@ print <
@@ -973,7 +1064,19 @@ print <$Lang::tr{'advproxy cache management'}
- | | | |
+ $Lang::tr{'proxy cachemgr'}: |
+ |
+ $Lang::tr{'advproxy admin mail'}: |
+ |
+
+
+ $Lang::tr{'proxy filedescriptors'}: |
+ |
+ $Lang::tr{'proxy admin password'}: |
+ |
+
+
+ | | | |
$Lang::tr{'advproxy ram cache size'}: |
@@ -1011,7 +1114,7 @@ print <
- |
@@ -1688,9 +1791,9 @@ print <
|
|
+ |
|
|
|
@@ -2154,7 +2258,7 @@ if (-e $disgrp)
# If the password file contains entries, print entries and action icons
-if ( $userdb ne "" ) {
+if ( ! -z "$userdb" ) {
print <
$Lang::tr{'advproxy NCSA username'} |
@@ -2407,10 +2511,11 @@ sub check_acls
undef $proxysettings{'DST_NOCACHE'};
foreach (@temp)
{
- s/^\s+//g; s/\s+$//g;
+ s/^\s+//g;
+ unless (/^#/) { s/\s+//g; }
if ($_)
{
- unless (/^\./) { $_ = '.'.$_; }
+ if (/^\./) { $_ = '*'.$_; }
$proxysettings{'DST_NOCACHE'} .= $_."\n";
}
}
@@ -2479,10 +2584,11 @@ sub check_acls
undef $proxysettings{'DST_NOAUTH'};
foreach (@temp)
{
- s/^\s+//g; s/\s+$//g;
+ s/^\s+//g;
+ unless (/^#/) { s/\s+//g; }
if ($_)
{
- unless (/^\./) { $_ = '.'.$_; }
+ if (/^\./) { $_ = '*'.$_; }
$proxysettings{'DST_NOAUTH'} .= $_."\n";
}
}
@@ -2592,10 +2698,10 @@ sub write_acls
flock(FILE, 2);
if (!$proxysettings{'SRC_SUBNETS'})
{
- print FILE "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+ print FILE "$green_cidr\n";
if ($netsettings{'BLUE_DEV'})
{
- print FILE "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+ print FILE "$blue_cidr\n";
}
} else { print FILE $proxysettings{'SRC_SUBNETS'}; }
close(FILE);
@@ -2620,15 +2726,103 @@ sub write_acls
print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
close(FILE);
+ open(FILE, ">$acl_dst_noauth");
+ flock(FILE, 2);
+ print FILE $proxysettings{'DST_NOAUTH'};
+ close(FILE);
+
+ open(FILE, ">$acl_dst_noauth_net");
+ close(FILE);
+ open(FILE, ">$acl_dst_noauth_dom");
+ close(FILE);
+ open(FILE, ">$acl_dst_noauth_url");
+ close(FILE);
+
+ @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
+ foreach(@temp)
+ {
+ unless (/^#/)
+ {
+ if (/^\*\.\w/)
+ {
+ s/^\*//;
+ open(FILE, ">>$acl_dst_noauth_dom");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (&General::validipormask($_))
+ {
+ open(FILE, ">>$acl_dst_noauth_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
+ {
+ open(FILE, ">>$acl_dst_noauth_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ else
+ {
+ open(FILE, ">>$acl_dst_noauth_url");
+ flock(FILE, 2);
+ if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
+ close(FILE);
+ }
+ }
+ }
+
open(FILE, ">$acl_dst_nocache");
flock(FILE, 2);
print FILE $proxysettings{'DST_NOCACHE'};
close(FILE);
- open(FILE, ">$acl_dst_noauth");
- flock(FILE, 2);
- print FILE $proxysettings{'DST_NOAUTH'};
+ open(FILE, ">$acl_dst_nocache_net");
close(FILE);
+ open(FILE, ">$acl_dst_nocache_dom");
+ close(FILE);
+ open(FILE, ">$acl_dst_nocache_url");
+ close(FILE);
+
+ @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
+ foreach(@temp)
+ {
+ unless (/^#/)
+ {
+ if (/^\*\.\w/)
+ {
+ s/^\*//;
+ open(FILE, ">>$acl_dst_nocache_dom");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (&General::validipormask($_))
+ {
+ open(FILE, ">>$acl_dst_nocache_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
+ {
+ open(FILE, ">>$acl_dst_nocache_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ else
+ {
+ open(FILE, ">>$acl_dst_nocache_url");
+ flock(FILE, 2);
+ if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
+ close(FILE);
+ }
+ }
+ }
open(FILE, ">$acl_ports_safe");
flock(FILE, 2);
@@ -2733,8 +2927,8 @@ if (
(dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
(isInNet(host, "10.0.0.0", "255.0.0.0")) ||
(isInNet(host, "172.16.0.0", "255.240.0.0")) ||
- (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
- (isInNet(host, "192.168.0.0", "255.255.0.0"))
+ (isInNet(host, "192.168.0.0", "255.255.0.0")) ||
+ (isInNet(host, "169.254.0.0", "255.255.0.0"))
)
return "DIRECT";
@@ -2758,7 +2952,7 @@ END
{
@temp = split(/\//);
if (
- ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
+ ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
)
{
@@ -2813,7 +3007,7 @@ sub writeconfig
if ($proxysettings{'AUTH_REALM'} eq '')
{
- $authrealm = "IPCop Advanced Proxy Server";
+ $authrealm = "IPFire Advanced Proxy Server";
} else {
$authrealm = $proxysettings{'AUTH_REALM'};
}
@@ -2851,15 +3045,22 @@ END
print FILE "\n";
}
- print FILE < 0)
+ {
+ print FILE "\n";
-acl QUERY urlpath_regex cgi-bin \\?
-cache deny QUERY
-END
- ;
- if (!-z $acl_dst_nocache) {
- print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
- print FILE "cache deny no_cache_domains\n";
+ if (!-z $acl_dst_nocache_dom) {
+ print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
+ print FILE "cache deny no_cache_domains\n";
+ }
+ if (!-z $acl_dst_nocache_net) {
+ print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
+ print FILE "cache deny no_cache_ipaddr\n";
+ }
+ if (!-z $acl_dst_nocache_url) {
+ print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
+ print FILE "cache deny no_cache_hosts\n";
+ }
}
print FILE <) {
$_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
- $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
+ $_ =~ s/__GREEN_NET__/$green_cidr/;
$_ =~ s/__BLUE_IP__/$blue_ip/;
$_ =~ s/__BLUE_NET__/$blue_net/;
$_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
print FILE $_;
}
- print FILE "#End of custom includes\n";
+ print FILE "\n#End of custom includes\n";
close (ACL);
}
if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
@@ -3218,8 +3429,8 @@ END
http_access allow localhost
#GUI admin if local machine connects
-http_access allow IPCop_ips IPCop_networks IPCop_http
-http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
+http_access allow IPFire_ips IPFire_networks IPFire_http
+http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
#Deny not web services
http_access deny !Safe_ports
@@ -3299,14 +3510,14 @@ if ($delaypools) {
print FILE "\n";
}
- print FILE "delay_access 1 deny IPCop_ips\n";
- if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
- if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
+ print FILE "delay_access 1 deny IPFire_ips\n";
+ if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPFire_unrestricted_ips\n"; }
+ if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPFire_unrestricted_mac\n"; }
if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
if ($netsettings{'BLUE_DEV'})
{
- print FILE "delay_access 1 allow IPCop_green_network";
+ print FILE "delay_access 1 allow IPFire_green_network";
if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
print FILE "\n";
print FILE "delay_access 1 deny all\n";
@@ -3318,57 +3529,84 @@ if ($delaypools) {
if ($netsettings{'BLUE_DEV'})
{
- print FILE "delay_access 2 deny IPCop_ips\n";
- if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
- if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
+ print FILE "delay_access 2 deny IPFire_ips\n";
+ if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPFire_unrestricted_ips\n"; }
+ if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPFire_unrestricted_mac\n"; }
if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
- print FILE "delay_access 2 allow IPCop_blue_network";
+ print FILE "delay_access 2 allow IPFire_blue_network";
if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
print FILE "\n";
print FILE "delay_access 2 deny all\n";
}
- print FILE "delay_initial_bucket_level 100\n";
+ print FILE "delay_initial_bucket_level 100\n";
print FILE "\n";
}
if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
{
print FILE "#Prevent internal proxy access to Green\n";
- print FILE "http_access deny IPCop_green_servers !IPCop_green_network\n\n";
+ print FILE "http_access deny IPFire_green_servers !IPFire_green_network\n\n";
}
if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
{
print FILE "#Prevent internal proxy access from Blue\n";
- print FILE "http_access allow IPCop_blue_network IPCop_blue_servers\n";
- print FILE "http_access deny IPCop_blue_network IPCop_servers\n\n";
+ print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
+ print FILE "http_access deny IPFire_blue_network IPFire_servers\n\n";
}
print FILE < 0)
+ {
+ print FILE < 0) {
- if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
- if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
+ if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_ips\n"; }
+ if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_mac\n"; }
if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
{
- if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
+ if (!-z $extgrp) { print FILE "reply_body_max_size 0 deny for_extended_users\n"; }
}
}
- print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
+#FIX ME print FILE "reply_body_max_size $replybodymaxsize deny all\n\n";
print FILE "visible_hostname";
if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
@@ -3649,7 +3898,11 @@ END
print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
}
- if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
+ if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
+ if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
+ print FILE "\n";
+
+ print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
# Write the parent proxy info, if needed.
if ($remotehost ne '')
@@ -3667,38 +3920,13 @@ END
}
elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
- print FILE "\nnever_direct allow all\n\n";
+ print FILE "\nalways_direct allow IPFire_ips\n";
+ print FILE "never_direct allow all\n\n";
}
- if (($proxysettings{'ENABLE_FILTER'} eq 'on') && ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on'))
+ if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
{
print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
- if ($filtersettings{'CHILDREN'} > $xlratorsettings{'CHILDREN'})
- {
- print FILE "url_rewrite_children $filtersettings{'CHILDREN'}\n\n";
- } else {
- print FILE "url_rewrite_children $xlratorsettings{'CHILDREN'}\n\n";
- }
- } else
- {
-
- if ($proxysettings{'ENABLE_FILTER'} eq 'on')
- {
- print FILE <>$stdgrp");
@@ -3772,3 +4000,15 @@ sub deluser
}
# -------------------------------------------------------------------
+
+sub writecachemgr
+{
+ open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
+ flock(FILE, 2);
+ print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
+ print FILE "localhost";
+ close(FILE);
+ return;
+}
+
+# -------------------------------------------------------------------