X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=55d7ec9e82aead0b8bd2ac3ac0242385fb2eb3f4;hb=20c5535cf791d06c2ef2a0b49e6073fab182e810;hp=dc46ca56aeebb8310f8bbd3afded04a9e4c679d2;hpb=70df830214c97a68fcb7e89ae0d7df58c35590be;p=people%2Fpmueller%2Fipfire-2.x.git

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index dc46ca56ae..55d7ec9e82 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2009  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -18,6 +18,13 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
 #                                                                             #
 ###############################################################################
+#
+# (c) 2004-2009 marco.s - http://www.advproxy.net
+#
+# This code is distributed under the terms of the GPL
+#
+# $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $
+#
 
 use strict;
 
@@ -102,7 +109,7 @@ my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
 
 my $identhosts = "$identdir/hosts";
 
-my $authdir  = "/usr/lib/squid/auth";
+my $authdir  = "/usr/lib/squid/";
 my $errordir = "/usr/lib/squid/errors";
 
 my $acl_src_subnets = "$acldir/src_subnets.acl";
@@ -112,8 +119,14 @@ my $acl_src_unrestricted_ip  = "$acldir/src_unrestricted_ip.acl";
 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
 my $acl_src_noaccess_ip  = "$acldir/src_noaccess_ip.acl";
 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
-my $acl_dst_nocache  = "$acldir/dst_nocache.acl";
 my $acl_dst_noauth   = "$acldir/dst_noauth.acl";
+my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
+my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
+my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
+my $acl_dst_nocache  = "$acldir/dst_nocache.acl";
+my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
+my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
+my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
 my $acl_ports_safe = "$acldir/ports_safe.acl";
 my $acl_ports_ssl  = "$acldir/ports_ssl.acl";
@@ -144,8 +157,14 @@ unless (-e $acl_src_unrestricted_ip)  { system("touch $acl_src_unrestricted_ip")
 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
 unless (-e $acl_src_noaccess_ip)  { system("touch $acl_src_noaccess_ip"); }
 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
-unless (-e $acl_dst_nocache)   { system("touch $acl_dst_nocache"); }
-unless (-e $acl_dst_noauth)    { system("touch $acl_dst_noauth"); }
+unless (-e $acl_dst_noauth)     { system("touch $acl_dst_noauth"); }
+unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
+unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
+unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
+unless (-e $acl_dst_nocache)     { system("touch $acl_dst_nocache"); }
+unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
+unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
+unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
 unless (-e $acl_dst_throttle)  { system("touch $acl_dst_throttle"); }
 unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
 unless (-e $acl_ports_ssl)  { system("touch $acl_ports_ssl"); }
@@ -161,14 +180,10 @@ close(FILE);
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
 
-$filtersettings{'CHILDREN'} = '5';
-if (-e "${General::swroot}/urlfilter/settings") {
-	&General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
-}
-
-$xlratorsettings{'CHILDREN'} = '5';
-if (-e "${General::swroot}/updatexlrator/settings") {
-	&General::readhash("${General::swroot}/updatexlrator/settings", \%xlratorsettings);
+my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
+my $blue_cidr = "# Blue not defined";
+if ($netsettings{'BLUE_DEV'}) {
+	$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
 }
 
 &Header::showhttpheaders();
@@ -183,6 +198,7 @@ $proxysettings{'TRANSPARENT_BLUE'} = 'off';
 $proxysettings{'PROXY_PORT'} = '800';
 $proxysettings{'VISIBLE_HOSTNAME'} = '';
 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
+$proxysettings{'ADMIN_PASSWORD'} = '';
 $proxysettings{'ERR_LANGUAGE'} = 'German';
 $proxysettings{'ERR_DESIGN'} = 'ipfire';
 $proxysettings{'SUPPRESS_VERSION'} = 'off';
@@ -194,8 +210,10 @@ $proxysettings{'UPSTREAM_PROXY'} = '';
 $proxysettings{'UPSTREAM_USER'} = '';
 $proxysettings{'UPSTREAM_PASSWORD'} = '';
 $proxysettings{'LOGGING'} = 'off';
+$proxysettings{'CACHEMGR'} = 'off';
 $proxysettings{'LOGQUERY'} = 'off';
 $proxysettings{'LOGUSERAGENT'} = 'off';
+$proxysettings{'FILEDESCRIPTORS'} = '4096';
 $proxysettings{'CACHE_MEM'} = '2';
 $proxysettings{'CACHE_SIZE'} = '50';
 $proxysettings{'MAX_SIZE'} = '4096';
@@ -262,6 +280,8 @@ $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
 $proxysettings{'IDENT_USER_ACL'} = 'positive';
 $proxysettings{'ENABLE_FILTER'} = 'off';
 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
+$proxysettings{'ENABLE_CLAMAV'} = 'off';
+$proxysettings{'CHILDREN'} = '10';
 
 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
 
@@ -320,15 +340,15 @@ if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
 	$proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
 }
 
-if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
-{ 
-	if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ || 
-	    $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ || 
-	    $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ || 
+if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
+{
+	if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
+	    $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
+	    $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
 	    $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
 		$errormessage = $Lang::tr{'invalid input'};
 		goto ERROR;
-	} 
+	}
 	if (!(&General::validport($proxysettings{'PROXY_PORT'})))
 	{
 		$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
@@ -337,7 +357,16 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 	if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
 		($proxysettings{'CACHE_SIZE'} < 10))
 	{
-		$errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
+		if (!($proxysettings{'CACHE_SIZE'} eq '0'))
+		{
+			$errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
+			goto ERROR;
+		}
+	}
+	if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
+		($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 16384))
+	{
+		$errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
 		goto ERROR;
 	}
 	if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
@@ -345,7 +374,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 	{
 		$errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
 		goto ERROR;
-	}		
+	}
 	my @free = `/usr/bin/free`;
 	$free[1] =~ m/(\d+)/;
 	$cachemem = int $1 / 2048;
@@ -376,6 +405,11 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 	{
 		$errormessage = $Lang::tr{'invalid maximum incoming size'};
 		goto ERROR;
+	}
+		if (!($proxysettings{'CHILDREN'} =~ /^\d+$/) || ($proxysettings{'CHILDREN'} < 1))
+	{
+		$errormessage = $Lang::tr{'advproxy invalid num of children'};
+		goto ERROR;
 	}
 	if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
 	{
@@ -415,8 +449,8 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 				}
 			}
 		}
-		if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && 
-			((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))	
+		if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
+			((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
 		{
 			$errormessage = $Lang::tr{'advproxy errmsg max userip'};
 			goto ERROR;
@@ -506,6 +540,10 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 			$errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
 			goto ERROR;
 		}
+
+		$proxysettings{'NTLM_DOMAIN'} = lc($proxysettings{'NTLM_DOMAIN'});
+		$proxysettings{'NTLM_PDC'}    = lc($proxysettings{'NTLM_PDC'});
+		$proxysettings{'NTLM_BDC'}    = lc($proxysettings{'NTLM_BDC'});
 	}
 	if ($proxysettings{'AUTH_METHOD'} eq 'radius')
 	{
@@ -591,13 +629,19 @@ ERROR:
 
 		if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
 		$stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
+		$stdproxysettings{'UPSTREAM_PROXY'}    = $proxysettings{'UPSTREAM_PROXY'};
+		$stdproxysettings{'UPSTREAM_USER'}     = $proxysettings{'UPSTREAM_USER'};
+		$stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
 		$stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
 		$stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
+		$stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
 		&General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
 
 		&writeconfig;
 		&writepacfile;
 
+		if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
+
 		system ('/usr/local/bin/squidctrl', 'disable');
 		unlink "${General::swroot}/proxy/enable";
 		unlink "${General::swroot}/proxy/transparent";
@@ -607,16 +651,17 @@ ERROR:
 		if ($proxysettings{'ENABLE'} eq 'on') {
 			system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
 			system ('/usr/local/bin/squidctrl', 'enable'); }
-		if ($proxysettings{'TRANSPARENT'} eq 'on') {
+		if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
 			system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
 		if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
 			system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
 			system ('/usr/local/bin/squidctrl', 'enable'); }
-		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
+		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
 			system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
 
 		if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
-	}
+		if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }	
+  }
 }
 
 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
@@ -677,6 +722,9 @@ $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
 $checked{'LOGGING'}{'off'} = '';
 $checked{'LOGGING'}{'on'} = '';
 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
+$checked{'CACHEMGR'}{'off'} = '';
+$checked{'CACHEMGR'}{'on'} = '';
+$checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
 $checked{'LOGQUERY'}{'off'} = '';
 $checked{'LOGQUERY'}{'on'} = '';
 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
@@ -828,6 +876,10 @@ $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
 
+$checked{'ENABLE_CLAMAV'}{'off'} = '';
+$checked{'ENABLE_CLAMAV'}{'on'} = '';
+$checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
+
 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
 
 &Header::openbigbox('100%', 'left', '', $errormessage);
@@ -884,8 +936,7 @@ if ($netsettings{'BLUE_DEV'}) {
 	print "<td colspan='2'>&nbsp;</td>";
 }
 print <<END
-	<td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
-	<td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
+	<td colspan='2'>&nbsp;</td>
 </tr>
 <tr>
 END
@@ -930,10 +981,34 @@ print <<END
 </table>
 <hr size='1'>
 <table width='100%'>
-<tr>
-	<td class='base' width='50%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
-	<td class='base' width='50%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>
-</tr>
+<tr><td class='base' colspan='4'><b>$Lang::tr{'advproxy redirector children'}</b></td></tr>
+<tr><td class='base' >$Lang::tr{'processes'}<input type='text' name='CHILDREN' value='$proxysettings{'CHILDREN'}' size='5' /></td>
+END
+;
+my $count = `arp -a | wc -l`;
+if ( $count < 1 ){$count = 1;}
+if ( -e "/usr/bin/squidclamav" ) {
+	print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
+	if ( ! -e "/var/run/clamav/clamd.pid" ){
+		print "<font color='red'>clamav not running</font><br /><br />";
+		$proxysettings{'ENABLE_CLAMAV'} = 'off';
+		}
+	else {
+		print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
+		print "+ ".int(( $count**(1/3)) * 8);}
+	print "</td>";
+} else {
+	print "<td></td>";
+}
+print "<td class='base'><b>".$Lang::tr{'advproxy url filter'}."</b><br />";
+print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_FILTER' ".$checked{'ENABLE_FILTER'}{'on'}." /><br />";
+print "+ ".int(($count**(1/3)) * 6);
+print "</td>";
+print "<td class='base'><b>".$Lang::tr{'advproxy update accelerator'}."</b><br />";
+print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_UPDXLRATOR' ".$checked{'ENABLE_UPDXLRATOR'}{'on'}." /><br />";
+print "+ ".int(($count**(1/3)) * 5);
+print "</td></tr>";
+print <<END
 </table>
 <hr size='1'>
 <table width='100%'>
@@ -941,19 +1016,28 @@ print <<END
 	<td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
 </tr>
 <tr>
-	<td class='base'>$Lang::tr{'advproxy via forwarding'}:</td><td><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'advproxy upstream proxy host:port'}<img src='/blob.gif' alt='*' /></td><td><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
+	<td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}:</td>
+	<td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
+	<td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
 </tr>
 <tr>
-	<td class='base'>$Lang::tr{'advproxy client IP forwarding'}:</td><td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'advproxy upstream username'}<img src='/blob.gif' alt='*' /></td><td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
+	<td class='base'>$Lang::tr{'advproxy client IP forwarding'}:</td>
+	<td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
+	<td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
 </tr>
 <tr>
-	<td class='base'>$Lang::tr{'advproxy username forwarding'}:</td><td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} />
-  <td class='base'>$Lang::tr{'advproxy upstream password'}:<img src='/blob.gif' alt='*' /></td><td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
+	<td class='base'>$Lang::tr{'advproxy username forwarding'}:</td>
+	<td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
+	<td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
 </tr>
 <tr>
-	<td class='base' colspan='4'>$Lang::tr{'advproxy no connection auth'}:<input type='checkbox' name='NO_CONNECTION_AUTH' $checked{'NO_CONNECTION_AUTH'}{'on'} /></td>
+	<td class='base'>$Lang::tr{'advproxy no connection auth'}:</td>
+	<td><input type='checkbox' name='NO_CONNECTION_AUTH' $checked{'NO_CONNECTION_AUTH'}{'on'} /></td>
+	<td>&nbsp;</td>
+	<td>&nbsp;</td>
 </tr>
 </table>
 <hr size='1'>
@@ -962,9 +1046,16 @@ print <<END
 	<td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
 </tr>
 <tr>
-	<td class='base'>$Lang::tr{'advproxy log enabled'}:<input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'advproxy log query'}:<input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'advproxy log useragent'}:<input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
+	<td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
+	<td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
+	<td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
+	<td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
+</tr>
+<tr>
+	<td>&nbsp;</td>
+	<td>&nbsp;</td>
+	<td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
+	<td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
 </tr>
 </table>
 <hr size='1'>
@@ -973,7 +1064,19 @@ print <<END
 	<td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
 </tr>
 <tr>
-	<td width='35%'></td><td width='15%'></td><td width='35%'></td><td width='15%'></td>
+	<td class='base'>$Lang::tr{'proxy cachemgr'}:</td>
+	<td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
+	<td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
+</tr>
+<tr>
+	<td class='base'>$Lang::tr{'proxy filedescriptors'}:</td>
+	<td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
+	<td class='base'>$Lang::tr{'proxy admin password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
+</tr>
+<tr>
+	<td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
 </tr>
 <tr>
 	<td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
@@ -1011,7 +1114,7 @@ print <<END
 				<!-- intentionally left empty -->
 			</tr>
 			<tr>
-			<td align=center><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
+			<td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
 END
 ;
 
@@ -1096,10 +1199,10 @@ END
 
 if (!$proxysettings{'SRC_SUBNETS'})
 {
-	print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+	print "$green_cidr\n";
 	if ($netsettings{'BLUE_DEV'})
 	{
-		print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+		print "$blue_cidr\n";
 	}
 } else { print $proxysettings{'SRC_SUBNETS'}; }
 
@@ -1258,7 +1361,7 @@ END
 
 # -------------------------------------------------------------------
 
-print <<END 
+print <<END
 
 <table width='100%'>
 <tr>
@@ -1447,7 +1550,7 @@ print <<END
 	<td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
 	<td width='15%'>&nbsp;</td>
 	<td width='10%'>&nbsp;</td>
-</tr>	
+</tr>
 </table>
 <hr size='1'>
 <table width='100%'>
@@ -1688,9 +1791,9 @@ print <<END
 END
 ;
 if (!$proxysettings{'IDENT_HOSTS'}) {
-	print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+	print "$green_cidr\n";
 	if ($netsettings{'BLUE_DEV'}) {
-		print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+		print "$blue_cidr\n";
 	}
 } else {
 	print $proxysettings{'IDENT_HOSTS'};
@@ -2045,6 +2148,7 @@ print <<END
 <tr>
 	<td>&nbsp;</td>
 	<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+	<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'proxy reconfigure'}' /></td>
 	<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
 	<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy clear cache'}' /></td>
 	<td>&nbsp;</td>
@@ -2154,7 +2258,7 @@ if (-e $disgrp)
 
 # If the password file contains entries, print entries and action icons
 
-if ( $userdb ne "" ) {
+if ( ! -z "$userdb" ) {
 	print <<END
 	<tr>
 		<td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
@@ -2407,10 +2511,11 @@ sub check_acls
 	undef $proxysettings{'DST_NOCACHE'};
 	foreach (@temp)
 	{
-		s/^\s+//g; s/\s+$//g;
+		s/^\s+//g;
+		unless (/^#/) { s/\s+//g; }
 		if ($_)
 		{
-			unless (/^\./) { $_ = '.'.$_; }
+			if (/^\./) { $_ = '*'.$_; }
 			$proxysettings{'DST_NOCACHE'} .= $_."\n";
 		}
 	}
@@ -2479,10 +2584,11 @@ sub check_acls
 	undef $proxysettings{'DST_NOAUTH'};
 	foreach (@temp)
 	{
-		s/^\s+//g; s/\s+$//g;
+		s/^\s+//g;
+		unless (/^#/) { s/\s+//g; }
 		if ($_)
 		{
-			unless (/^\./) { $_ = '.'.$_; }
+			if (/^\./) { $_ = '*'.$_; }
 			$proxysettings{'DST_NOAUTH'} .= $_."\n";
 		}
 	}
@@ -2592,10 +2698,10 @@ sub write_acls
 	flock(FILE, 2);
 	if (!$proxysettings{'SRC_SUBNETS'})
 	{
-		print FILE "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+		print FILE "$green_cidr\n";
 		if ($netsettings{'BLUE_DEV'})
 		{
-			print FILE "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+			print FILE "$blue_cidr\n";
 		}
 	} else { print FILE $proxysettings{'SRC_SUBNETS'}; }
 	close(FILE);
@@ -2620,15 +2726,103 @@ sub write_acls
 	print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
 	close(FILE);
 
+	open(FILE, ">$acl_dst_noauth");
+	flock(FILE, 2);
+	print FILE $proxysettings{'DST_NOAUTH'};
+	close(FILE);
+
+	open(FILE, ">$acl_dst_noauth_net");
+	close(FILE);
+	open(FILE, ">$acl_dst_noauth_dom");
+	close(FILE);
+	open(FILE, ">$acl_dst_noauth_url");
+	close(FILE);
+
+	@temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
+	foreach(@temp)
+	{
+		unless (/^#/)
+		{
+			if (/^\*\.\w/)
+			{
+				s/^\*//;
+				open(FILE, ">>$acl_dst_noauth_dom");
+				flock(FILE, 2);
+				print FILE "$_\n";
+				close(FILE);
+			}
+			elsif (&General::validipormask($_))
+			{
+				open(FILE, ">>$acl_dst_noauth_net");
+				flock(FILE, 2);
+				print FILE "$_\n";
+				close(FILE);
+			}
+			elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
+			{
+				open(FILE, ">>$acl_dst_noauth_net");
+				flock(FILE, 2);
+				print FILE "$_\n";
+				close(FILE);
+			}
+			else
+			{
+				open(FILE, ">>$acl_dst_noauth_url");
+				flock(FILE, 2);
+				if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
+				close(FILE);
+			}
+		}
+	}
+
 	open(FILE, ">$acl_dst_nocache");
 	flock(FILE, 2);
 	print FILE $proxysettings{'DST_NOCACHE'};
 	close(FILE);
 
-	open(FILE, ">$acl_dst_noauth");
-	flock(FILE, 2);
-	print FILE $proxysettings{'DST_NOAUTH'};
+	open(FILE, ">$acl_dst_nocache_net");
 	close(FILE);
+	open(FILE, ">$acl_dst_nocache_dom");
+	close(FILE);
+	open(FILE, ">$acl_dst_nocache_url");
+	close(FILE);
+
+	@temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
+	foreach(@temp)
+	{
+		unless (/^#/)
+		{
+			if (/^\*\.\w/)
+			{
+				s/^\*//;
+				open(FILE, ">>$acl_dst_nocache_dom");
+				flock(FILE, 2);
+				print FILE "$_\n";
+				close(FILE);
+			}
+			elsif (&General::validipormask($_))
+			{
+				open(FILE, ">>$acl_dst_nocache_net");
+				flock(FILE, 2);
+				print FILE "$_\n";
+				close(FILE);
+			}
+			elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
+			{
+				open(FILE, ">>$acl_dst_nocache_net");
+				flock(FILE, 2);
+				print FILE "$_\n";
+				close(FILE);
+			}
+			else
+			{
+				open(FILE, ">>$acl_dst_nocache_url");
+				flock(FILE, 2);
+				if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
+				close(FILE);
+			}
+		}
+	}
 
 	open(FILE, ">$acl_ports_safe");
 	flock(FILE, 2);
@@ -2733,8 +2927,8 @@ if (
      (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
      (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
      (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
-     (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
-     (isInNet(host, "192.168.0.0", "255.255.0.0"))
+     (isInNet(host, "192.168.0.0", "255.255.0.0")) ||
+     (isInNet(host, "169.254.0.0", "255.255.0.0"))
    )
      return "DIRECT";
 
@@ -2758,7 +2952,7 @@ END
 			{
 				@temp = split(/\//);
 				if (
-					($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && 
+					($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
 					($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
 					)
 				{
@@ -2813,7 +3007,7 @@ sub writeconfig
 
 	if ($proxysettings{'AUTH_REALM'} eq '')
 	{
-		$authrealm = "IPCop Advanced Proxy Server";
+		$authrealm = "IPFire Advanced Proxy Server";
 	} else {
 		$authrealm = $proxysettings{'AUTH_REALM'};
 	}
@@ -2851,15 +3045,22 @@ END
 		print FILE "\n";
 	}
 
-	print FILE <<END
+	if ($proxysettings{'CACHE_SIZE'} > 0)
+	{
+		print FILE "\n";
 
-acl QUERY urlpath_regex cgi-bin \\?
-cache deny QUERY
-END
-	;
-	if (!-z $acl_dst_nocache) {
-		print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
-		print FILE "cache deny no_cache_domains\n";
+		if (!-z $acl_dst_nocache_dom) {
+			print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
+			print FILE "cache deny no_cache_domains\n";
+		}
+		if (!-z $acl_dst_nocache_net) {
+			print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
+			print FILE "cache deny no_cache_ipaddr\n";
+		}
+		if (!-z $acl_dst_nocache_url) {
+			print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
+			print FILE "cache deny no_cache_hosts\n";
+		}
 	}
 
 	print FILE <<END
@@ -2871,11 +3072,16 @@ umask 022
 pid_filename /var/run/squid.pid
 
 cache_mem $proxysettings{'CACHE_MEM'} MB
-cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
-
 END
 	;
 
+	if ($proxysettings{'CACHE_SIZE'} eq '0')
+	{
+		print FILE "cache_dir null /var/tmp\n\n";
+	} else {
+		print FILE "cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256\n\n";
+	}
+
 	if (($proxysettings{'ERR_DESIGN'} eq 'ipfire' ))
 	{
 		print FILE "error_directory $errordir.ipfire/$proxysettings{'ERR_LANGUAGE'}\n\n";
@@ -3017,7 +3223,7 @@ END
 						print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
 					} else {
 						print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
-					} 
+					}
 				}
 				close(MSNTCONF);
 			}
@@ -3067,8 +3273,11 @@ END
 		if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
 		print FILE "\n";
 
-		if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n"; }
+		if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
+		if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
+		if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
 		print FILE "\n";
+
 	}
 
 	if ($proxysettings{'AUTH_METHOD'} eq 'ident')
@@ -3088,7 +3297,9 @@ END
 				print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
 			}
 		}
-		if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n"; }
+		if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
+		if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
+		if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
 		print FILE "\n";
 	}
 
@@ -3096,7 +3307,7 @@ END
 
 	if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
 
-	print FILE "acl within_timeframe time "; 
+	print FILE "acl within_timeframe time ";
 	if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
 	if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
 	if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
@@ -3114,8 +3325,8 @@ END
 	}
 
 	print FILE <<END
-acl all src 0.0.0.0/0.0.0.0
-acl localhost src 127.0.0.1/255.255.255.255
+#acl all src all
+acl localhost src 127.0.0.1/32
 END
 ;
 open (PORTS,"$acl_ports_ssl");
@@ -3134,21 +3345,21 @@ if (@temp)
 }
 	print FILE <<END
 
-acl IPCop_http  port $http_port
-acl IPCop_https port $https_port
-acl IPCop_ips              dst $netsettings{'GREEN_ADDRESS'}
-acl IPCop_networks         src "$acl_src_subnets"
-acl IPCop_servers          dst "$acl_src_subnets"
-acl IPCop_green_network    src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
-acl IPCop_green_servers    dst $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
+acl IPFire_http  port $http_port
+acl IPFire_https port $https_port
+acl IPFire_ips              dst $netsettings{'GREEN_ADDRESS'}
+acl IPFire_networks         src "$acl_src_subnets"
+acl IPFire_servers          dst "$acl_src_subnets"
+acl IPFire_green_network    src $green_cidr
+acl IPFire_green_servers    dst $green_cidr
 END
 	;
-	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network     src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
-	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_servers     dst $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
-	if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips       src \"$acl_src_banned_ip\"\n"; }
-	if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac       arp \"$acl_src_banned_mac\"\n"; }
-	if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
-	if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
+	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network     src $blue_cidr\n"; }
+	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers     dst $blue_cidr\n"; }
+	if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips       src \"$acl_src_banned_ip\"\n"; }
+	if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac       arp \"$acl_src_banned_mac\"\n"; }
+	if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
+	if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
 	print FILE <<END
 acl CONNECT method CONNECT
 END
@@ -3158,8 +3369,8 @@ END
 		print FILE <<END
 
 #Classroom extensions
-acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
-acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
+acl IPFire_no_access_ips src "$acl_src_noaccess_ip"
+acl IPFire_no_access_mac arp "$acl_src_noaccess_mac"
 END
 		;
 		print FILE "deny_info ";
@@ -3170,7 +3381,7 @@ END
 		} else {
 			print FILE "ERR_ACCESS_DENIED";
 		}
-		print FILE " IPCop_no_access_ips\n";
+		print FILE " IPFire_no_access_ips\n";
 		print FILE "deny_info ";
 		if ((($proxysettings{'ERR_DESIGN'} eq 'ipfire') && (-e "$errordir.ipfire/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED")) ||
 		    (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED")))
@@ -3179,11 +3390,11 @@ END
 		} else {
 			print FILE "ERR_ACCESS_DENIED";
 		}
-		print FILE " IPCop_no_access_mac\n";
+		print FILE " IPFire_no_access_mac\n";
 
 		print FILE <<END
-http_access deny IPCop_no_access_ips
-http_access deny IPCop_no_access_mac
+http_access deny IPFire_no_access_ips
+http_access deny IPFire_no_access_mac
 END
 	;
 	}
@@ -3192,22 +3403,22 @@ END
 	my $blue_net = ''; #BLUE empty by default
 	my $blue_ip = '';
 	if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
-		$blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+		$blue_net = "$blue_cidr";
 		$blue_ip  = "$netsettings{'BLUE_ADDRESS'}";
 	}
 	if (!-z $acl_include)
 	{
 		open (ACL, "$acl_include");
-		print FILE "\n#Start of custom includes\n";
+		print FILE "\n#Start of custom includes\n\n";
 		while (<ACL>) {
 			$_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
-			$_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
+			$_ =~ s/__GREEN_NET__/$green_cidr/;
 			$_ =~ s/__BLUE_IP__/$blue_ip/;
 			$_ =~ s/__BLUE_NET__/$blue_net/;
 			$_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
 			print FILE $_;
 		}
-		print FILE "#End of custom includes\n";
+		print FILE "\n#End of custom includes\n";
 		close (ACL);
 	}
 	if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
@@ -3218,8 +3429,8 @@ END
 http_access allow         localhost
 
 #GUI admin if local machine connects
-http_access allow         IPCop_ips IPCop_networks IPCop_http
-http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
+http_access allow         IPFire_ips IPFire_networks IPFire_http
+http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
 
 #Deny not web services
 http_access deny          !Safe_ports
@@ -3299,14 +3510,14 @@ if ($delaypools) {
 		print FILE "\n";
 	}
 
-	print FILE "delay_access 1 deny  IPCop_ips\n";
-	if (!-z $acl_src_unrestricted_ip)  { print FILE "delay_access 1 deny  IPCop_unrestricted_ips\n"; }
-	if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny  IPCop_unrestricted_mac\n"; }
+	print FILE "delay_access 1 deny  IPFire_ips\n";
+	if (!-z $acl_src_unrestricted_ip)  { print FILE "delay_access 1 deny  IPFire_unrestricted_ips\n"; }
+	if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny  IPFire_unrestricted_mac\n"; }
 	if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny  for_extended_users\n"; }
 
 	if ($netsettings{'BLUE_DEV'})
 	{
-		print FILE "delay_access 1 allow IPCop_green_network";
+		print FILE "delay_access 1 allow IPFire_green_network";
 		if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
 		print FILE "\n";
 		print FILE "delay_access 1 deny  all\n";
@@ -3318,57 +3529,84 @@ if ($delaypools) {
 
 	if ($netsettings{'BLUE_DEV'})
 	{
-		print FILE "delay_access 2 deny  IPCop_ips\n";
-		if (!-z $acl_src_unrestricted_ip)  { print FILE "delay_access 2 deny  IPCop_unrestricted_ips\n"; }
-		if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny  IPCop_unrestricted_mac\n"; }
+		print FILE "delay_access 2 deny  IPFire_ips\n";
+		if (!-z $acl_src_unrestricted_ip)  { print FILE "delay_access 2 deny  IPFire_unrestricted_ips\n"; }
+		if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny  IPFire_unrestricted_mac\n"; }
 		if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny  for_extended_users\n"; }
-		print FILE "delay_access 2 allow IPCop_blue_network";
+		print FILE "delay_access 2 allow IPFire_blue_network";
 		if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
 		print FILE "\n";
 		print FILE "delay_access 2 deny  all\n";
 	}
 
-	print FILE "delay_initial_bucket_level 100\n"; 
+	print FILE "delay_initial_bucket_level 100\n";
 	print FILE "\n";
 }
 
 if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
 {
 	print FILE "#Prevent internal proxy access to Green\n";
-	print FILE "http_access deny IPCop_green_servers !IPCop_green_network\n\n";
+	print FILE "http_access deny IPFire_green_servers !IPFire_green_network\n\n";
 }
 
 if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
 {
 	print FILE "#Prevent internal proxy access from Blue\n";
-	print FILE "http_access allow IPCop_blue_network IPCop_blue_servers\n";
-	print FILE "http_access deny  IPCop_blue_network IPCop_servers\n\n";
+	print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
+	print FILE "http_access deny  IPFire_blue_network IPFire_servers\n\n";
 }
 
 	print FILE <<END
 #Set custom configured ACLs
 END
 	;
-	if (!-z $acl_src_banned_ip) { print FILE "http_access deny  IPCop_banned_ips\n"; }
-	if (!-z $acl_src_banned_mac) { print FILE "http_access deny  IPCop_banned_mac\n"; }
+	if (!-z $acl_src_banned_ip) { print FILE "http_access deny  IPFire_banned_ips\n"; }
+	if (!-z $acl_src_banned_mac) { print FILE "http_access deny  IPFire_banned_mac\n"; }
 
 	if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
 	{
 		if (!-z $acl_src_unrestricted_ip)
 		{
-			print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
+			if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_ips to_ipaddr_without_auth\n"; }
+			if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_ips to_domains_without_auth\n"; }
+			if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_ips to_hosts_without_auth\n"; }
 		}
 		if (!-z $acl_src_unrestricted_mac)
 		{
-			print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
+			if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_mac to_ipaddr_without_auth\n"; }
+			if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_mac to_domains_without_auth\n"; }
+			if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_mac to_hosts_without_auth\n"; }
+		}
+		if (!-z $acl_dst_noauth_net)
+		{
+			print FILE "http_access allow IPFire_networks";
+			if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
+				print FILE " !within_timeframe";
+			} else {
+				print FILE " within_timeframe"; }
+			if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
+			print FILE " to_ipaddr_without_auth\n";
+		}
+		if (!-z $acl_dst_noauth_dom)
+		{
+			print FILE "http_access allow IPFire_networks";
+			if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
+				print FILE " !within_timeframe";
+			} else {
+				print FILE " within_timeframe"; }
+			if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
+			print FILE " to_domains_without_auth\n";
+		}
+		if (!-z $acl_dst_noauth_url)
+		{
+			print FILE "http_access allow IPFire_networks";
+			if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
+				print FILE " !within_timeframe";
+			} else {
+				print FILE " within_timeframe"; }
+			if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
+			print FILE " to_hosts_without_auth\n";
 		}
-		print FILE "http_access allow IPCop_networks";
-		if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
-			print FILE " !within_timeframe";
-		} else {
-			print FILE " within_timeframe"; }
-		if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
-		print FILE " to_domains_without_auth\n";
 	}
 
 	if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
@@ -3393,7 +3631,7 @@ END
 
 	if (!-z $acl_src_unrestricted_ip)
 	{
-		print FILE "http_access allow IPCop_unrestricted_ips";
+		print FILE "http_access allow IPFire_unrestricted_ips";
 		if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
 		{
 			if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
@@ -3407,7 +3645,7 @@ END
 			if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
 			{
 				if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
-				{	
+				{
 					if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
 					{
 						print FILE " for_acl_users";
@@ -3438,7 +3676,7 @@ END
 
 	if (!-z $acl_src_unrestricted_mac)
 	{
-		print FILE "http_access allow IPCop_unrestricted_mac";
+		print FILE "http_access allow IPFire_unrestricted_mac";
 		if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
 		{
 			if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
@@ -3452,7 +3690,7 @@ END
 			if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
 			{
 				if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
-				{	
+				{
 					if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
 					{
 						print FILE " for_acl_users";
@@ -3484,7 +3722,7 @@ END
 	if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
 	{
 		if (!-z $disgrp) { print FILE "http_access deny  for_disabled_users\n"; }
-		if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
+		if (!-z $extgrp) { print FILE "http_access allow IPFire_networks for_extended_users\n"; }
 	}
 
 	if (
@@ -3528,7 +3766,7 @@ END
 		print FILE " !on_ident_aware_hosts\n";
 	}
 
-	print FILE "http_access allow IPCop_networks";
+	print FILE "http_access allow IPFire_networks";
 	if (
 	    (
 	     ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
@@ -3579,19 +3817,23 @@ END
 
 		if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
 		{
-			print FILE "header_access X-Forwarded-For deny all\n";
+			print FILE "request_header_access X-Forwarded-For deny all\n";
+			print FILE "reply_header_access X-Forwarded-For deny all\n";
 		}
 		if ($proxysettings{'FORWARD_VIA'} eq 'off')
 		{
-			print FILE "header_access Via deny all\n";
+			print FILE "request_header_access Via deny all\n";
+			print FILE "reply_header_access Via deny all\n";
 		}
 		if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
 		{
-			print FILE "header_access User-Agent deny all\n";
+			print FILE "request_header_access User-Agent deny all\n";
+			print FILE "reply_header_access User-Agent deny all\n";
 		}
 		if (!($proxysettings{'FAKE_REFERER'} eq ''))
 		{
-			print FILE "header_access Referer deny all\n";
+			print FILE "request_header_access Referer deny all\n";
+			print FILE "reply_header_access Referer deny all\n";
 		}
 
 		print FILE "\n";
@@ -3613,8 +3855,8 @@ END
 	if ($proxysettings{'SUPPRESS_VERSION'} eq 'on') { print FILE "httpd_suppress_version_string on\n\n" }
 
 	if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
-		if (!-z $acl_src_unrestricted_ip)  { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
-		if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
+		if (!-z $acl_src_unrestricted_ip)  { print FILE "http_reply_access allow IPFire_unrestricted_ips\n"; }
+		if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPFire_unrestricted_mac\n"; }
 		if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
 		{
 			if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
@@ -3623,23 +3865,30 @@ END
 		print FILE "http_reply_access allow all\n\n";
 	}
 
-	print FILE <<END
+	if ($proxysettings{'CACHE_SIZE'} > 0)
+	{
+		print FILE <<END
 maximum_object_size $proxysettings{'MAX_SIZE'} KB
 minimum_object_size $proxysettings{'MIN_SIZE'} KB
 
+END
+		;
+	} else { print FILE "cache deny all\n\n";	}
+
+	print FILE <<END
 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
 END
 	;
 	$replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
 	if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
-		if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
-		if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
+		if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_ips\n"; }
+		if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_mac\n"; }
 		if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
 		{
-			if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
+			if (!-z $extgrp) { print FILE "reply_body_max_size 0 deny for_extended_users\n"; }
 		}
 	}
-	print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
+#FIX ME	print FILE "reply_body_max_size $replybodymaxsize deny all\n\n";
 
 	print FILE "visible_hostname";
 	if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
@@ -3649,7 +3898,11 @@ END
 		print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
 	}
 
-	if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
+	if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
+	if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
+	print FILE "\n";
+
+	print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
 
 	# Write the parent proxy info, if needed.
 	if ($remotehost ne '')
@@ -3667,38 +3920,13 @@ END
 		}
 		elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
 
-		print FILE "\nnever_direct allow all\n\n";
+		print FILE "\nalways_direct allow IPFire_ips\n";
+		print FILE "never_direct  allow all\n\n";
 	}
-	if (($proxysettings{'ENABLE_FILTER'} eq 'on') && ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on'))
+	if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
 	{
 		print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
-		if ($filtersettings{'CHILDREN'} > $xlratorsettings{'CHILDREN'})
-		{
-			print FILE "url_rewrite_children $filtersettings{'CHILDREN'}\n\n";
-		} else {
-			print FILE "url_rewrite_children $xlratorsettings{'CHILDREN'}\n\n";
-		}
-	} else
-	{
-
-		if ($proxysettings{'ENABLE_FILTER'} eq 'on')
-		{
-			print FILE <<END
-url_rewrite_program /usr/bin/squidGuard
-url_rewrite_children $filtersettings{'CHILDREN'}
-
-END
-			;
-		}
-		if ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on')
-		{
-			print FILE <<END
-url_rewrite_program /usr/sbin/updxlrator
-url_rewrite_children $xlratorsettings{'CHILDREN'}
-
-END
-			;
-		}
+		print FILE "url_rewrite_children $proxysettings{'CHILDREN'}\n\n";
 	}
 	close FILE;
 }
@@ -3723,7 +3951,7 @@ sub adduser
 		close(FILE);
 	} else {
 		&deluser($str_user);
-		system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
+		system("/usr/sbin/htpasswd -b $userdb $str_user $str_pass");
 	}
 
 	if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
@@ -3772,3 +4000,15 @@ sub deluser
 }
 
 # -------------------------------------------------------------------
+
+sub writecachemgr
+{
+	open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
+	flock(FILE, 2);
+	print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
+	print FILE "localhost";
+	close(FILE);
+  return;
+}
+
+# -------------------------------------------------------------------