X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=a0aa1acd34e3d8f5981a3de84f7b7bf3feec02fa;hb=57ba1e9023b0f1f3499cc888f66827a81574bb41;hp=38500190993b48545c250a3429acc3719c89f2e5;hpb=d9f2cfa419c9c85dd3df6cbca15e70580587253e;p=people%2Fpmueller%2Fipfire-2.x.git

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 3850019099..a0aa1acd34 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -1,9 +1,8 @@
-
 #!/usr/bin/perl
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2009  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2011  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -83,7 +82,6 @@ my @templist=();
 my $cachemem=0;
 my $proxy1='';
 my $proxy2='';
-my $replybodymaxsize=0;
 my $browser_regexp='';
 my $needhup = 0;
 my $errormessage='';
@@ -181,6 +179,12 @@ close(FILE);
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
 
+my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
+my $blue_cidr = "# Blue not defined";
+if ($netsettings{'BLUE_DEV'}) {
+	$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
+}
+
 &Header::showhttpheaders();
 
 $proxysettings{'ACTION'} = '';
@@ -984,8 +988,13 @@ my $count = `arp -a | wc -l`;
 if ( $count < 1 ){$count = 1;}
 if ( -e "/usr/bin/squidclamav" ) {
 	print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
-	print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
-	print "+ ".int(( $count**(1/3)) * 8);
+	if ( ! -e "/var/run/clamav/clamd.pid" ){
+		print "<font color='red'>clamav not running</font><br /><br />";
+		$proxysettings{'ENABLE_CLAMAV'} = 'off';
+		}
+	else {
+		print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
+		print "+ ".int(( $count**(1/3)) * 8);}
 	print "</td>";
 } else {
 	print "<td></td>";
@@ -1189,10 +1198,10 @@ END
 
 if (!$proxysettings{'SRC_SUBNETS'})
 {
-	print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+	print "$green_cidr\n";
 	if ($netsettings{'BLUE_DEV'})
 	{
-		print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+		print "$blue_cidr\n";
 	}
 } else { print $proxysettings{'SRC_SUBNETS'}; }
 
@@ -1781,9 +1790,9 @@ print <<END
 END
 ;
 if (!$proxysettings{'IDENT_HOSTS'}) {
-	print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+	print "$green_cidr\n";
 	if ($netsettings{'BLUE_DEV'}) {
-		print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+		print "$blue_cidr\n";
 	}
 } else {
 	print $proxysettings{'IDENT_HOSTS'};
@@ -2688,10 +2697,10 @@ sub write_acls
 	flock(FILE, 2);
 	if (!$proxysettings{'SRC_SUBNETS'})
 	{
-		print FILE "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+		print FILE "$green_cidr\n";
 		if ($netsettings{'BLUE_DEV'})
 		{
-			print FILE "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+			print FILE "$blue_cidr\n";
 		}
 	} else { print FILE $proxysettings{'SRC_SUBNETS'}; }
 	close(FILE);
@@ -2915,6 +2924,7 @@ sub writepacfile
 if (
      (isPlainHostName(host)) ||
      (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
+     (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
      (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
      (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
      (isInNet(host, "192.168.0.0", "255.255.0.0")) ||
@@ -3065,19 +3075,12 @@ cache_mem $proxysettings{'CACHE_MEM'} MB
 END
 	;
 
-	if ($proxysettings{'CACHE_SIZE'} eq '0')
+	if ($proxysettings{'CACHE_SIZE'} ne '0')
 	{
-		print FILE "cache_dir null /var/tmp\n\n";
-	} else {
 		print FILE "cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256\n\n";
 	}
 
-	if (($proxysettings{'ERR_DESIGN'} eq 'ipfire' ))
-	{
-		print FILE "error_directory $errordir.ipfire/$proxysettings{'ERR_LANGUAGE'}\n\n";
-	} else {
-		print FILE "error_directory $errordir/$proxysettings{'ERR_LANGUAGE'}\n\n";
-	}
+	print FILE "error_directory $errordir/$proxysettings{'ERR_LANGUAGE'}\n\n";
 
 	if ($proxysettings{'OFFLINE_MODE'} eq 'on') {  print FILE "offline_mode on\n\n"; }
 
@@ -3190,7 +3193,7 @@ END
 		{
 			if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
 			{
-				print FILE "auth_param ntlm program $authdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
+				print FILE "auth_param ntlm program $authdir/ntlm_smb_lm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
 				if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
 				print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
 				if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
@@ -3315,8 +3318,8 @@ END
 	}
 
 	print FILE <<END
-acl all src 0.0.0.0/0.0.0.0
-acl localhost src 127.0.0.1/255.255.255.255
+#acl all src all
+acl localhost src 127.0.0.1/32
 END
 ;
 open (PORTS,"$acl_ports_ssl");
@@ -3340,12 +3343,12 @@ acl IPFire_https port $https_port
 acl IPFire_ips              dst $netsettings{'GREEN_ADDRESS'}
 acl IPFire_networks         src "$acl_src_subnets"
 acl IPFire_servers          dst "$acl_src_subnets"
-acl IPFire_green_network    src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
-acl IPFire_green_servers    dst $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
+acl IPFire_green_network    src $green_cidr
+acl IPFire_green_servers    dst $green_cidr
 END
 	;
-	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network     src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
-	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers     dst $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
+	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network     src $blue_cidr\n"; }
+	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers     dst $blue_cidr\n"; }
 	if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips       src \"$acl_src_banned_ip\"\n"; }
 	if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac       arp \"$acl_src_banned_mac\"\n"; }
 	if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
@@ -3364,8 +3367,7 @@ acl IPFire_no_access_mac arp "$acl_src_noaccess_mac"
 END
 		;
 		print FILE "deny_info ";
-		if ((($proxysettings{'ERR_DESIGN'} eq 'ipfire') && (-e "$errordir.ipfire/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED")) ||
-		    (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED")))
+		if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
 		{
 			print FILE "ERR_ACCESS_DISABLED";
 		} else {
@@ -3373,8 +3375,7 @@ END
 		}
 		print FILE " IPFire_no_access_ips\n";
 		print FILE "deny_info ";
-		if ((($proxysettings{'ERR_DESIGN'} eq 'ipfire') && (-e "$errordir.ipfire/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED")) ||
-		    (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED")))
+		if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
 		{
 			print FILE "ERR_ACCESS_DISABLED";
 		} else {
@@ -3393,7 +3394,7 @@ END
 	my $blue_net = ''; #BLUE empty by default
 	my $blue_ip = '';
 	if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
-		$blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+		$blue_net = "$blue_cidr";
 		$blue_ip  = "$netsettings{'BLUE_ADDRESS'}";
 	}
 	if (!-z $acl_include)
@@ -3402,7 +3403,7 @@ END
 		print FILE "\n#Start of custom includes\n\n";
 		while (<ACL>) {
 			$_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
-			$_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
+			$_ =~ s/__GREEN_NET__/$green_cidr/;
 			$_ =~ s/__BLUE_IP__/$blue_ip/;
 			$_ =~ s/__BLUE_NET__/$blue_net/;
 			$_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
@@ -3807,19 +3808,23 @@ END
 
 		if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
 		{
-			print FILE "header_access X-Forwarded-For deny all\n";
+			print FILE "request_header_access X-Forwarded-For deny all\n";
+			print FILE "reply_header_access X-Forwarded-For deny all\n";
 		}
 		if ($proxysettings{'FORWARD_VIA'} eq 'off')
 		{
-			print FILE "header_access Via deny all\n";
+			print FILE "request_header_access Via deny all\n";
+			print FILE "reply_header_access Via deny all\n";
 		}
 		if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
 		{
-			print FILE "header_access User-Agent deny all\n";
+			print FILE "request_header_access User-Agent deny all\n";
+			print FILE "reply_header_access User-Agent deny all\n";
 		}
 		if (!($proxysettings{'FAKE_REFERER'} eq ''))
 		{
-			print FILE "header_access Referer deny all\n";
+			print FILE "request_header_access Referer deny all\n";
+			print FILE "reply_header_access Referer deny all\n";
 		}
 
 		print FILE "\n";
@@ -3865,16 +3870,19 @@ END
 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
 END
 	;
-	$replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
 	if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
-		if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_ips\n"; }
-		if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_mac\n"; }
+		if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
+		if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
 		if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
 		{
-			if (!-z $extgrp) { print FILE "reply_body_max_size 0 deny for_extended_users\n"; }
+			if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
 		}
 	}
-	print FILE "reply_body_max_size $replybodymaxsize deny all\n\n";
+	
+	if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
+	{
+		print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
+	}
 
 	print FILE "visible_hostname";
 	if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
@@ -3997,4 +4005,4 @@ sub writecachemgr
   return;
 }
 
-# -------------------------------------------------------------------
\ No newline at end of file
+# -------------------------------------------------------------------