X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=9c3be0b054446066331b13c2d039c28ed860306a;hb=a78470dc17d2f3bfb563ff58ebec1299f5a408cb;hp=97e752e28d202a8e6f7d3098396f7ff0c3502e77;hpb=ff6f40b1f52970e0ba0c78942c1ae728b62e04bd;p=people%2Fteissler%2Fipfire-2.x.git

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 97e752e28..9c3be0b05 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -195,6 +195,7 @@ $proxysettings{'ENABLE_BLUE'} = 'off';
 $proxysettings{'TRANSPARENT'} = 'off';
 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
 $proxysettings{'PROXY_PORT'} = '800';
+$proxysettings{'TRANSPARENT_PORT'} = '3128';
 $proxysettings{'VISIBLE_HOSTNAME'} = '';
 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
 $proxysettings{'ADMIN_PASSWORD'} = '';
@@ -212,7 +213,7 @@ $proxysettings{'LOGGING'} = 'off';
 $proxysettings{'CACHEMGR'} = 'off';
 $proxysettings{'LOGQUERY'} = 'off';
 $proxysettings{'LOGUSERAGENT'} = 'off';
-$proxysettings{'FILEDESCRIPTORS'} = '4096';
+$proxysettings{'FILEDESCRIPTORS'} = '16384';
 $proxysettings{'CACHE_MEM'} = '2';
 $proxysettings{'CACHE_SIZE'} = '50';
 $proxysettings{'MAX_SIZE'} = '4096';
@@ -359,6 +360,15 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 		$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
 		goto ERROR;
 	}
+	if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
+	{
+		$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
+		goto ERROR;
+	}
+	if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
+		$errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
+		goto ERROR;
+	}
 	if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
 	{
 		my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
@@ -381,7 +391,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 		}
 	}
 	if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
-		($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 65536))
+		($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576))
 	{
 		$errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
 		goto ERROR;
@@ -956,8 +966,8 @@ print <<END
 <tr>
 	<td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
 	<td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
-	<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
+	<td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:</td>
+	<td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
 </tr>
 <tr>
 END
@@ -969,7 +979,8 @@ if ($netsettings{'BLUE_DEV'}) {
 	print "<td colspan='2'>&nbsp;</td>";
 }
 print <<END
-	<td colspan='2'>&nbsp;</td>
+	<td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
 </tr>
 <tr>
 END
@@ -1195,7 +1206,7 @@ print <<END
 	<td colspan='4'><b>$Lang::tr{'advproxy destination ports'}</b></td>
 </tr>
 <tr>
-	<td width='25%' align=center></td> <td width='20%' align=center></td><td width='25%' align=center></td><td width='30%' align=center></td>
+	<td width='25%' align='center'></td> <td width='20%' align='center'></td><td width='25%' align='center'></td><td width='30%' align='center'></td>
 </tr>
 <tr>
 	<td colspan='2' class='base'>$Lang::tr{'advproxy standard ports'}:</td>
@@ -1667,8 +1678,8 @@ print <<END
 	<td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
 </tr>
 <tr>
-	<td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
-	<td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
+	<td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='40%' /></td>
+	<td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='40%' /></td>
 </tr>
 </table>
 <hr size='1'>
@@ -2225,7 +2236,7 @@ print <<END
 	<td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
 END
 ;
-	if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
+	if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly='readonly' "; }
 	print <<END
 	 /></td>
 	<td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
@@ -2961,11 +2972,23 @@ sub writepacfile
 		print FILE <<END
 if (
      (isPlainHostName(host)) ||
-     (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
      (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
-     (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
-     (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
-     (isInNet(host, "192.168.0.0", "255.255.0.0")) ||
+END
+;
+
+	if ($netsettings{'GREEN_DEV'}) {
+		print FILE "     (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
+	}
+
+	if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
+		print FILE "     (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
+	}
+
+	if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
+		print FILE "     (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
+	}
+
+	print FILE <<END
      (isInNet(host, "169.254.0.0", "255.255.0.0"))
    )
      return "DIRECT";
@@ -3078,15 +3101,25 @@ END
 	}
 
 	print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
-	if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" }
 	if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
 	print FILE "\n";
 
+	if ($proxysettings{'TRANSPARENT'} eq 'on') {
+		print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
+		if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
+		print FILE "\n";
+	}
+
 	if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
 		print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
-		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { print FILE " transparent" }
 		if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
 		print FILE "\n";
+
+		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
+			print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
+			if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
+			print FILE "\n";
+		}
 	}
 
 	if ($proxysettings{'CACHE_SIZE'} > 0)
@@ -3136,9 +3169,35 @@ END
 		print FILE "\n";
 	}
 
-	if ($proxysettings{'CACHE_SIZE'} ne '0')
+	if ($proxysettings{'CACHE_SIZE'} > 0) {
+		print FILE <<END
+maximum_object_size $proxysettings{'MAX_SIZE'} KB
+minimum_object_size $proxysettings{'MIN_SIZE'} KB
+
+cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
+END
+		;
+	} else {
+		print FILE "cache deny all\n\n";
+	}
+
+	print FILE <<END
+request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
+END
+	;
+
+	if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
+		if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
+		if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
+		if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
+		{
+			if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
+		}
+	}
+
+	if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
 	{
-		print FILE "cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256\n\n";
+		print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
 	}
 
 	if ($proxysettings{'LOGGING'} eq 'on')
@@ -3363,19 +3422,25 @@ END
 	}
 
 open (PORTS,"$acl_ports_ssl");
-@temp = <PORTS>;
+my @ssl_ports = <PORTS>;
 close PORTS;
-if (@temp)
-{
-	foreach (@temp) { print FILE "acl SSL_ports port $_"; }
+
+if (@ssl_ports) {
+	foreach (@ssl_ports) {
+		print FILE "acl SSL_ports port $_";
+	}
 }
+
 open (PORTS,"$acl_ports_safe");
-@temp = <PORTS>;
+my @safe_ports = <PORTS>;
 close PORTS;
-if (@temp)
-{
-	foreach (@temp) { print FILE "acl Safe_ports port $_"; }
+
+if (@safe_ports) {
+	foreach (@safe_ports) {
+		print FILE "acl Safe_ports port $_";
+	}
 }
+
 	print FILE <<END
 
 acl IPFire_http  port $http_port
@@ -3457,7 +3522,7 @@ END
 	# Check if squidclamav is enabled.
 	if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
 		print FILE "\n#Settings for squidclamav:\n";
-		print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n";
+		print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
 		print FILE "acl purge method PURGE\n";
 		print FILE "http_access deny to_localhost\n";
 		print FILE "http_access allow localhost\n";
@@ -3465,7 +3530,7 @@ END
 		print FILE "http_access deny purge\n";
 		print FILE "url_rewrite_access deny localhost\n";
 	}
-	print FILE <<END
+	print FILE <<END;
 
 #Access to squid:
 #local machine, no restriction
@@ -3476,11 +3541,15 @@ http_access allow         IPFire_ips IPFire_networks IPFire_http
 http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
 
 #Deny not web services
-http_access deny          !Safe_ports
-http_access deny  CONNECT !SSL_ports
-
 END
-	;
+
+if (@safe_ports) {
+	print FILE "http_access deny          !Safe_ports\n";
+}
+
+if (@ssl_ports) {
+	print FILE "http_access deny  CONNECT !SSL_ports\n";
+}
 
 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
 {
@@ -3908,34 +3977,6 @@ END
 		print FILE "http_reply_access allow all\n\n";
 	}
 
-	if ($proxysettings{'CACHE_SIZE'} > 0)
-	{
-		print FILE <<END
-maximum_object_size $proxysettings{'MAX_SIZE'} KB
-minimum_object_size $proxysettings{'MIN_SIZE'} KB
-
-END
-		;
-	} else { print FILE "cache deny all\n\n";	}
-
-	print FILE <<END
-request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
-END
-	;
-	if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
-		if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
-		if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
-		if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
-		{
-			if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
-		}
-	}
-	
-	if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
-	{
-		print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
-	}
-
 	print FILE "visible_hostname";
 	if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
 	{