]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
HinzugefĆ¼gt:
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
CommitLineData
ac1cfefa
MT		 1#!/usr/bin/perl
2#
ed38f89d 3# IPCop CGIs
ac1cfefa
MT		 4#
5# This code is distributed under the terms of the GPL
6#
ed38f89d 7# $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $
ac1cfefa
MT		 8#
9
10use strict;
11
12# enable only the following on debugging purpose
13#use warnings;
14#use CGI::Carp 'fatalsToBrowser';
15
ed38f89d
MT		 16use IO::Socket;
17
18require '/var/ipfire/general-functions.pl';
ac1cfefa
MT		 19require "${General::swroot}/lang.pl";
20require "${General::swroot}/header.pl";
21
22my %proxysettings=();
23my %netsettings=();
ed38f89d
MT		 24my %filtersettings=();
25my %updaccsettings=();
26my %stdproxysettings=();
ac1cfefa 27my %mainsettings=();
ed38f89d
MT		 28my $urlfilter_addon=0;
29my $updacclrtr_addon=0;
30
31my %checked=();
32my %selected=();
33
34my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
35my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
36my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
37my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
38
39my @useragent=();
40my @useragentlist=();
41
42my $hintcolour='#FFFFCC';
43my $ncsa_buttontext='';
44my $language='';
45my $i=0;
46my $n=0;
47my $id=0;
48my $line='';
49my $user='';
50my @userlist=();
51my @grouplist=();
52my @temp=();
53my @templist=();
54
55my $cachemem=0;
56my $proxy1='';
57my $proxy2='';
58my $replybodymaxsize=0;
59my $browser_regexp='';
60my $needhup = 0;
61my $errormessage='';
62
63my $acldir = "${General::swroot}/proxy/advanced/acls";
64my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
65my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
66my $raddir = "${General::swroot}/proxy/advanced/radius";
67my $identdir = "${General::swroot}/proxy/advanced/ident";
68my $credir = "${General::swroot}/proxy/advanced/cre";
69
70my $userdb = "$ncsadir/passwd";
71my $stdgrp = "$ncsadir/standard.grp";
72my $extgrp = "$ncsadir/extended.grp";
73my $disgrp = "$ncsadir/disabled.grp";
74
75my $browserdb = "${General::swroot}/proxy/advanced/useragents";
76my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
77my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
78
79my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
80my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
81my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
82
83my $identhosts = "$identdir/hosts";
84
85my $libexecdir = "/usr/lib/squid";
86
87my $acl_src_subnets = "$acldir/src_subnets.acl";
88my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
89my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
90my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
91my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
92my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
93my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
94my $acl_dst_nocache = "$acldir/dst_nocache.acl";
95my $acl_dst_noauth = "$acldir/dst_noauth.acl";
96my $acl_dst_throttle = "$acldir/dst_throttle.acl";
97my $acl_include = "$acldir/include.acl";
98
99unless (-d "$acldir") { mkdir("$acldir"); }
100unless (-d "$ncsadir") { mkdir("$ncsadir"); }
101unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
102unless (-d "$raddir") { mkdir("$raddir"); }
103unless (-d "$identdir") { mkdir("$identdir"); }
104unless (-d "$credir") { mkdir("$credir"); }
105
106unless (-e $cre_groups) { system("touch $cre_groups"); }
107unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
108
109unless (-e $userdb) { system("touch $userdb"); }
110unless (-e $stdgrp) { system("touch $stdgrp"); }
111unless (-e $extgrp) { system("touch $extgrp"); }
112unless (-e $disgrp) { system("touch $disgrp"); }
113
114unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
115unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
116unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
117unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
118unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
119unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
120unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
121unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
122unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
123unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
124unless (-e $acl_include) { system("touch $acl_include"); }
125
126unless (-e $browserdb) { system("touch $browserdb"); }
127unless (-e $mimetypes) { system("touch $mimetypes"); }
128
129open FILE, $browserdb;
130@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
131close(FILE);
ac1cfefa 132
10e4f239
MT		 133my %filtersettings=();
134$filtersettings{'CHILDREN'} = '5';
135if (-e "${General::swroot}/urlfilter/settings") {
136 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
137}
138
ac1cfefa
MT		 139&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
140&General::readhash("${General::swroot}/main/settings", \%mainsettings);
141
ed38f89d
MT		 142if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; }
143if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; }
144
145if ($urlfilter_addon) {
146 $filtersettings{'CHILDREN'} = '5';
147 if (-e "${General::swroot}/urlfilter/settings") {
148 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
149 }
150}
151
152if ($updacclrtr_addon) {
153 $updaccsettings{'ACCELERATORS'} = '10';
154 if (-e "${General::swroot}/updacclrtr/settings") {
155 &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings);
156 }
157}
158
ac1cfefa
MT		 159&Header::showhttpheaders();
160
10e4f239 161$proxysettings{'ENABLE_FILTER'} = 'off';
ac1cfefa
MT		 162$proxysettings{'ACTION'} = '';
163$proxysettings{'VALID'} = '';
164
ac1cfefa
MT		 165$proxysettings{'ENABLE'} = 'off';
166$proxysettings{'ENABLE_BLUE'} = 'off';
ac1cfefa
MT		 167$proxysettings{'TRANSPARENT'} = 'off';
168$proxysettings{'TRANSPARENT_BLUE'} = 'off';
ed38f89d
MT		 169$proxysettings{'PROXY_PORT'} = '800';
170$proxysettings{'VISIBLE_HOSTNAME'} = '';
171$proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
172$proxysettings{'ERR_LANGUAGE'} = 'English';
173$proxysettings{'FORWARD_VIA'} = 'off';
174$proxysettings{'FORWARD_IPADDRESS'} = 'off';
175$proxysettings{'FORWARD_USERNAME'} = 'off';
176$proxysettings{'UPSTREAM_PROXY'} = '';
177$proxysettings{'UPSTREAM_USER'} = '';
178$proxysettings{'UPSTREAM_PASSWORD'} = '';
179$proxysettings{'LOGGING'} = 'off';
180$proxysettings{'LOGQUERY'} = 'off';
181$proxysettings{'LOGUSERAGENT'} = 'off';
182$proxysettings{'CACHE_MEM'} = '2';
183$proxysettings{'CACHE_SIZE'} = '50';
ac1cfefa
MT		 184$proxysettings{'MAX_SIZE'} = '4096';
185$proxysettings{'MIN_SIZE'} = '0';
ed38f89d
MT		 186$proxysettings{'MEM_POLICY'} = 'LRU';
187$proxysettings{'CACHE_POLICY'} = 'LRU';
188$proxysettings{'L1_DIRS'} = '16';
189$proxysettings{'OFFLINE_MODE'} = 'off';
190$proxysettings{'CLASSROOM_EXT'} = 'off';
191$proxysettings{'SUPERVISOR_PASSWORD'} = '';
192$proxysettings{'TIME_ACCESS_MODE'} = 'allow';
193$proxysettings{'TIME_FROM_HOUR'} = '00';
194$proxysettings{'TIME_FROM_MINUTE'} = '00';
195$proxysettings{'TIME_TO_HOUR'} = '24';
196$proxysettings{'TIME_TO_MINUTE'} = '00';
ac1cfefa
MT		 197$proxysettings{'MAX_OUTGOING_SIZE'} = '0';
198$proxysettings{'MAX_INCOMING_SIZE'} = '0';
ed38f89d
MT		 199$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
200$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
201$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
202$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
203$proxysettings{'THROTTLE_BINARY'} = 'off';
204$proxysettings{'THROTTLE_DSKIMG'} = 'off';
205$proxysettings{'THROTTLE_MMEDIA'} = 'off';
206$proxysettings{'ENABLE_MIME_FILTER'} = 'off';
207$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
208$proxysettings{'FAKE_USERAGENT'} = '';
209$proxysettings{'FAKE_REFERER'} = '';
210$proxysettings{'AUTH_METHOD'} = 'none';
211$proxysettings{'AUTH_REALM'} = '';
212$proxysettings{'AUTH_MAX_USERIP'} = '';
213$proxysettings{'AUTH_CACHE_TTL'} = '60';
214$proxysettings{'AUTH_IPCACHE_TTL'} = '0';
215$proxysettings{'AUTH_CHILDREN'} = '5';
216$proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
217$proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
218$proxysettings{'NCSA_USERNAME'} = '';
219$proxysettings{'NCSA_GROUP'} = '';
220$proxysettings{'NCSA_PASS'} = '';
221$proxysettings{'NCSA_PASS_CONFIRM'} = '';
222$proxysettings{'LDAP_BASEDN'} = '';
223$proxysettings{'LDAP_TYPE'} = 'ADS';
224$proxysettings{'LDAP_SERVER'} = '';
225$proxysettings{'LDAP_PORT'} = '389';
226$proxysettings{'LDAP_BINDDN_USER'} = '';
227$proxysettings{'LDAP_BINDDN_PASS'} = '';
228$proxysettings{'LDAP_GROUP'} = '';
229$proxysettings{'NTLM_DOMAIN'} = '';
230$proxysettings{'NTLM_PDC'} = '';
231$proxysettings{'NTLM_BDC'} = '';
232$proxysettings{'NTLM_ENABLE_ACL'} = 'off';
233$proxysettings{'NTLM_USER_ACL'} = 'positive';
234$proxysettings{'RADIUS_SERVER'} = '';
235$proxysettings{'RADIUS_PORT'} = '1645';
236$proxysettings{'RADIUS_IDENTIFIER'} = '';
237$proxysettings{'RADIUS_SECRET'} = '';
238$proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
239$proxysettings{'RADIUS_USER_ACL'} = 'positive';
240$proxysettings{'IDENT_REQUIRED'} = 'off';
241$proxysettings{'IDENT_TIMEOUT'} = '10';
242$proxysettings{'IDENT_ENABLE_ACL'} = 'off';
243$proxysettings{'IDENT_USER_ACL'} = 'positive';
244
245if ($urlfilter_addon) {
246 $proxysettings{'ENABLE_FILTER'} = 'off';
247}
248
249if ($updacclrtr_addon) {
250 $proxysettings{'ENABLE_UPDACCEL'} = 'off';
251}
252
253$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
ac1cfefa
MT		 254
255&Header::getcgihash(\%proxysettings);
256
ed38f89d
MT		 257if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
258if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
259if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
260if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
ac1cfefa 261
ed38f89d 262if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
ac1cfefa 263{
ed38f89d
MT		 264 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
265}
266
267if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
268{
269 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
270 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
271 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
272 }
273 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
274 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
275 }
276 if ($proxysettings{'NCSA_USERNAME'} eq '') {
277 $errormessage = $Lang::tr{'advproxy errmsg no username'};
278 }
279 if (!$errormessage) {
280 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
281 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
282 }
283 $proxysettings{'NCSA_USERNAME'} = '';
284 $proxysettings{'NCSA_GROUP'} = '';
285 $proxysettings{'NCSA_PASS'} = '';
286 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
287}
ac1cfefa 288
ed38f89d
MT		 289if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
290{
291 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
292 &deluser($proxysettings{'ID'});
293}
294
295if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
296{
297 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
298 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
299 @temp = split(/:/,$proxysettings{'ID'});
300 $proxysettings{'NCSA_USERNAME'} = $temp[0];
301 $proxysettings{'NCSA_GROUP'} = $temp[1];
302 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
303 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
304}
305
306if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
307{
ac1cfefa
MT		 308 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
309 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
310 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
311 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
312 $errormessage = $Lang::tr{'invalid input'};
313 goto ERROR;
314 }
315 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
316 ($proxysettings{'CACHE_SIZE'} < 10))
317 {
ed38f89d
MT		 318 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
319 goto ERROR;
320 }
321 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
322 ($proxysettings{'CACHE_MEM'} < 1))
323 {
324 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
ac1cfefa
MT		 325 goto ERROR;
326 }
ed38f89d
MT		 327 my @free = `/usr/bin/free`;
328 $free[1] =~ m/(\d+)/;
329 $cachemem = int $1 / 2048;
330 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
331 $proxysettings{'CACHE_MEM'} = $cachemem;
332 }
ac1cfefa
MT		 333 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
334 {
335 $errormessage = $Lang::tr{'invalid maximum object size'};
336 goto ERROR;
337 }
338 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
339 {
340 $errormessage = $Lang::tr{'invalid minimum object size'};
341 goto ERROR;
342 }
343 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
344 {
345 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
346 goto ERROR;
347 }
10e4f239
MT		 348 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
349 {
350 print FILE <<END
351redirect_program /usr/bin/squidGuard
352redirect_children $filtersettings{'CHILDREN'}
353
354END
355 ;
356 }
ed38f89d
MT		 357 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
358 {
359 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
360 goto ERROR;
361 }
ac1cfefa
MT		 362 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
363 {
364 $errormessage = $Lang::tr{'invalid maximum incoming size'};
365 goto ERROR;
366 }
ed38f89d 367 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
ac1cfefa 368 {
ed38f89d
MT		 369 $browser_regexp = '';
370 foreach (@useragentlist)
371 {
372 chomp;
373 @useragent = split(/,/);
374 if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
375 }
376 chop($browser_regexp);
377 if (!$browser_regexp)
378 {
379 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
380 goto ERROR;
381 }
382 }
383 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
384 {
385 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
386 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
387 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
388 {
389 if ($netsettings{'BLUE_DEV'})
390 {
391 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
392 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
393 {
394 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
395 goto ERROR;
396 }
397 } else {
398 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
399 {
400 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
401 goto ERROR;
402 }
403 }
404 }
405 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
406 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
407 {
408 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
409 goto ERROR;
410 }
411 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
412 {
413 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
414 goto ERROR;
415 }
416 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
417 {
418 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
419 goto ERROR;
420 }
421 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
422 {
423 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
424 goto ERROR;
425 }
426 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
427 {
428 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
429 goto ERROR;
430 }
431 }
432 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
433 {
434 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
435 {
436 $errormessage = $Lang::tr{'advproxy errmsg password length'};
437 goto ERROR;
438 }
439 }
440 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
441 {
442 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
443 {
444 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
445 goto ERROR;
446 }
447 }
448 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
449 {
450 if ($proxysettings{'LDAP_BASEDN'} eq '')
451 {
452 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
453 goto ERROR;
454 }
455 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
456 {
457 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
458 goto ERROR;
459 }
460 if (!&General::validport($proxysettings{'LDAP_PORT'}))
461 {
462 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
463 goto ERROR;
464 }
465 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
466 {
467 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
468 {
469 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
470 goto ERROR;
471 }
472 }
473 }
474 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
475 {
476 if ($proxysettings{'NTLM_DOMAIN'} eq '')
477 {
478 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
479 goto ERROR;
480 }
481 if ($proxysettings{'NTLM_PDC'} eq '')
482 {
483 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
484 goto ERROR;
485 }
486 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
487 {
488 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
489 goto ERROR;
490 }
491 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
494 goto ERROR;
495 }
496 }
497 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
498 {
499 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
500 {
501 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
502 goto ERROR;
503 }
504 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
505 {
506 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
507 goto ERROR;
508 }
509 if ($proxysettings{'RADIUS_SECRET'} eq '')
510 {
511 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
512 goto ERROR;
513 }
ac1cfefa
MT		 514 }
515
516 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
ed38f89d
MT		 517 $proxy1 = 'YES';
518 $proxy2 = 'YES';
ac1cfefa
MT		 519 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
520 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
521 if (($proxy1 ne $proxy2))
522 {
ed38f89d 523 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
ac1cfefa
MT		 524 goto ERROR;
525 }
526
ed38f89d
MT		 527ERROR:
528 &check_acls;
ac1cfefa 529
ed38f89d
MT		 530 if ($errormessage) {
531 $proxysettings{'VALID'} = 'no'; }
532 else {
533 $proxysettings{'VALID'} = 'yes'; }
ac1cfefa 534
ed38f89d 535 if ($proxysettings{'VALID'} eq 'yes')
ac1cfefa 536 {
ed38f89d 537 &write_acls;
ac1cfefa 538
ed38f89d
MT		 539 delete $proxysettings{'SRC_SUBNETS'};
540 delete $proxysettings{'SRC_BANNED_IP'};
541 delete $proxysettings{'SRC_BANNED_MAC'};
542 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
543 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
544 delete $proxysettings{'DST_NOCACHE'};
545 delete $proxysettings{'DST_NOAUTH'};
546 delete $proxysettings{'MIME_TYPES'};
547 delete $proxysettings{'NTLM_ALLOW_USERS'};
548 delete $proxysettings{'NTLM_DENY_USERS'};
549 delete $proxysettings{'RADIUS_ALLOW_USERS'};
550 delete $proxysettings{'RADIUS_DENY_USERS'};
551 delete $proxysettings{'IDENT_HOSTS'};
552 delete $proxysettings{'IDENT_ALLOW_USERS'};
553 delete $proxysettings{'IDENT_DENY_USERS'};
ac1cfefa 554
ed38f89d
MT		 555 delete $proxysettings{'CRE_GROUPS'};
556 delete $proxysettings{'CRE_SVHOSTS'};
ac1cfefa 557
ed38f89d
MT		 558 delete $proxysettings{'NCSA_USERNAME'};
559 delete $proxysettings{'NCSA_GROUP'};
560 delete $proxysettings{'NCSA_PASS'};
561 delete $proxysettings{'NCSA_PASS_CONFIRM'};
ac1cfefa 562
ed38f89d
MT		 563 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
564 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
565 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
566 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
567 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
568 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
569 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
ac1cfefa 570
ed38f89d
MT		 571 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
572 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
ac1cfefa 573
ed38f89d 574 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
ac1cfefa 575
ed38f89d
MT		 576 if ($urlfilter_addon)
577 {
578 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
579 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
580 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
581 }
ac1cfefa 582
ed38f89d
MT		 583 if ($updacclrtr_addon)
584 {
585 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
586 $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'};
587 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
ac1cfefa 588 }
ac1cfefa 589
ed38f89d
MT		 590 &writeconfig;
591 &writepacfile;
592
593 unlink "${General::swroot}/proxy/enable";
594 unlink "${General::swroot}/proxy/transparent";
595 unlink "${General::swroot}/proxy/enable_blue";
596 unlink "${General::swroot}/proxy/transparent_blue";
ac1cfefa 597
ac1cfefa
MT		 598 if ($proxysettings{'ENABLE'} eq 'on') {
599 system ('/bin/touch', "${General::swroot}/proxy/enable"); }
600 if ($proxysettings{'TRANSPARENT'} eq 'on') {
601 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }
602 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
603 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }
604 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
605 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
ed38f89d
MT		 606
607 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
ac1cfefa
MT		 608 }
609}
610
611if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})
612{
ac1cfefa
MT		 613 system('/usr/local/bin/restartsquid','-f');
614}
615
ed38f89d
MT		 616if (!$errormessage)
617{
618 if (-e "${General::swroot}/proxy/advanced/settings") {
619 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
620 } elsif (-e "${General::swroot}/proxy/settings") {
621 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
622 }
623 &read_acls;
624}
ac1cfefa
MT		 625
626$checked{'ENABLE'}{'off'} = '';
627$checked{'ENABLE'}{'on'} = '';
628$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
629
630$checked{'TRANSPARENT'}{'off'} = '';
631$checked{'TRANSPARENT'}{'on'} = '';
632$checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
633
634$checked{'ENABLE_BLUE'}{'off'} = '';
635$checked{'ENABLE_BLUE'}{'on'} = '';
636$checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
637
638$checked{'TRANSPARENT_BLUE'}{'off'} = '';
639$checked{'TRANSPARENT_BLUE'}{'on'} = '';
640$checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
641
ed38f89d
MT		 642$checked{'FORWARD_IPADDRESS'}{'off'} = '';
643$checked{'FORWARD_IPADDRESS'}{'on'} = '';
644$checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
645$checked{'FORWARD_USERNAME'}{'off'} = '';
646$checked{'FORWARD_USERNAME'}{'on'} = '';
647$checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
648$checked{'FORWARD_VIA'}{'off'} = '';
649$checked{'FORWARD_VIA'}{'on'} = '';
650$checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
651
652$selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
653$selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
654$selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
655$checked{'OFFLINE_MODE'}{'off'} = '';
656$checked{'OFFLINE_MODE'}{'on'} = '';
657$checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
658
ac1cfefa
MT		 659$checked{'LOGGING'}{'off'} = '';
660$checked{'LOGGING'}{'on'} = '';
661$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
ed38f89d
MT		 662$checked{'LOGQUERY'}{'off'} = '';
663$checked{'LOGQUERY'}{'on'} = '';
664$checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
665$checked{'LOGUSERAGENT'}{'off'} = '';
666$checked{'LOGUSERAGENT'}{'on'} = '';
667$checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
668
669$selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
670
671$checked{'CLASSROOM_EXT'}{'off'} = '';
672$checked{'CLASSROOM_EXT'}{'on'} = '';
673$checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
674
675$selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
676$selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
677$selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
678$selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
679$selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
680
681$proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
682$proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
683$proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
684$proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
685$proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
686$proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
687$proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
688
689$checked{'TIME_MON'}{'off'} = '';
690$checked{'TIME_MON'}{'on'} = '';
691$checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
692$checked{'TIME_TUE'}{'off'} = '';
693$checked{'TIME_TUE'}{'on'} = '';
694$checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
695$checked{'TIME_WED'}{'off'} = '';
696$checked{'TIME_WED'}{'on'} = '';
697$checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
698$checked{'TIME_THU'}{'off'} = '';
699$checked{'TIME_THU'}{'on'} = '';
700$checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
701$checked{'TIME_FRI'}{'off'} = '';
702$checked{'TIME_FRI'}{'on'} = '';
703$checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
704$checked{'TIME_SAT'}{'off'} = '';
705$checked{'TIME_SAT'}{'on'} = '';
706$checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
707$checked{'TIME_SUN'}{'off'} = '';
708$checked{'TIME_SUN'}{'on'} = '';
709$checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
710
711$selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
712$selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
713$selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
714$selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
715
716$checked{'THROTTLE_BINARY'}{'off'} = '';
717$checked{'THROTTLE_BINARY'}{'on'} = '';
718$checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
719$checked{'THROTTLE_DSKIMG'}{'off'} = '';
720$checked{'THROTTLE_DSKIMG'}{'on'} = '';
721$checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
722$checked{'THROTTLE_MMEDIA'}{'off'} = '';
723$checked{'THROTTLE_MMEDIA'}{'on'} = '';
724$checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
725
726$checked{'ENABLE_MIME_FILTER'}{'off'} = '';
727$checked{'ENABLE_MIME_FILTER'}{'on'} = '';
728$checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
729
730$checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
731$checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
732$checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
733
10e4f239
MT		 734$checked{'ENABLE_FILTER'}{'off'} = '';
735$checked{'ENABLE_FILTER'}{'on'} = '';
736$checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
737
ed38f89d
MT		 738foreach (@useragentlist) {
739 @useragent = split(/,/);
740 $checked{'UA_'.@useragent[0]}{'off'} = '';
741 $checked{'UA_'.@useragent[0]}{'on'} = '';
742 $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
743}
744
745$checked{'AUTH_METHOD'}{'none'} = '';
746$checked{'AUTH_METHOD'}{'ncsa'} = '';
747$checked{'AUTH_METHOD'}{'ident'} = '';
748$checked{'AUTH_METHOD'}{'ldap'} = '';
749$checked{'AUTH_METHOD'}{'ntlm'} = '';
750$checked{'AUTH_METHOD'}{'radius'} = '';
751$checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
ac1cfefa 752
ed38f89d
MT		 753$proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
754
755$checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
756$checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
757$checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
758
759$checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
760$checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
761$checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
762
763$selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
764
765$selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
766
767$proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
768
769$checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
770$checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
771$checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
772
773$checked{'NTLM_ENABLE_ACL'}{'off'} = '';
774$checked{'NTLM_ENABLE_ACL'}{'on'} = '';
775$checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
776
777$checked{'NTLM_USER_ACL'}{'positive'} = '';
778$checked{'NTLM_USER_ACL'}{'negative'} = '';
779$checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
780
781$checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
782$checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
783$checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
784
785$checked{'RADIUS_USER_ACL'}{'positive'} = '';
786$checked{'RADIUS_USER_ACL'}{'negative'} = '';
787$checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
788
789$checked{'IDENT_REQUIRED'}{'off'} = '';
790$checked{'IDENT_REQUIRED'}{'on'} = '';
791$checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
792
793$checked{'IDENT_ENABLE_ACL'}{'off'} = '';
794$checked{'IDENT_ENABLE_ACL'}{'on'} = '';
795$checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
796
797$checked{'IDENT_USER_ACL'}{'positive'} = '';
798$checked{'IDENT_USER_ACL'}{'negative'} = '';
799$checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
800
801if ($urlfilter_addon) {
802 $checked{'ENABLE_FILTER'}{'off'} = '';
803 $checked{'ENABLE_FILTER'}{'on'} = '';
804 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
805}
806
807if ($updacclrtr_addon) {
808 $checked{'ENABLE_UPDACCEL'}{'off'} = '';
809 $checked{'ENABLE_UPDACCEL'}{'on'} = '';
810 $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'";
811}
812
813&Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
ac1cfefa
MT		 814
815&Header::openbigbox('100%', 'left', '', $errormessage);
816
817if ($errormessage) {
818 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
819 print "<font class='base'>$errormessage&nbsp;</font>\n";
820 &Header::closebox();
821}
822
ed38f89d
MT		 823# ===================================================================
824# Main settings
825# ===================================================================
826
827unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
828
ac1cfefa
MT		 829print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
830
ed38f89d
MT		 831&Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
832
ac1cfefa
MT		 833print <<END
834<table width='100%'>
835<tr>
ed38f89d
MT		 836 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
837</tr>
838<tr>
839 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
840 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
841 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:</td>
842 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
ac1cfefa
MT		 843</tr>
844<tr>
ed38f89d 845 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
ac1cfefa 846 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
ed38f89d
MT		 847 <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
848 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
ac1cfefa
MT		 849</tr>
850<tr>
851END
852;
853if ($netsettings{'BLUE_DEV'}) {
ed38f89d 854 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT		 855 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
856} else {
857 print "<td colspan='2'>&nbsp;</td>";
858}
859print <<END
ed38f89d
MT		 860 <td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
861 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
ac1cfefa
MT		 862</tr>
863<tr>
864END
865;
866if ($netsettings{'BLUE_DEV'}) {
ed38f89d 867 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT		 868 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
869} else {
870 print "<td colspan='2'>&nbsp;</td>";
871}
872print <<END
ed38f89d
MT		 873 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
874 <td class='base'>
875 <select name='ERR_LANGUAGE'>
876END
877;
878 foreach (</usr/lib/squid/errors/*>) {
879 if (-d) {
880 $language = substr($_,rindex($_,"/")+1);
881 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
882 }
883 }
884print <<END
885 </select>
886 </td>
887</tr>
10e4f239
MT		 888<tr>
889 <td colspan='4'><hr /><b>$Lang::tr{'urlfilter url filter'}</b></td>
890</tr>
891<tr>
892 <td width='25%' class='base'>$Lang::tr{'urlfilter enabled'}</td>
893 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
894 <td colspan='2'>&nbsp;</td>
895</tr>
ed38f89d
MT		 896</table>
897<hr size='1'>
898<table width='100%'>
899<tr>
900 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
901</tr>
902<tr>
903 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}</font>:</td>
904 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
905 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
906 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
907</tr>
908<tr>
909 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}</font>:</td>
910 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
911 <td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
912 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
ac1cfefa 913</tr>
ac1cfefa 914<tr>
ed38f89d
MT		 915 <td class='base'>$Lang::tr{'advproxy username forwarding'}</font>:</td>
916 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
917 <td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
918 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
919</tr>
920</table>
921<hr size='1'>
922<table width='100%'>
923<tr>
924 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
925</tr>
926<tr>
927 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
928 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
929 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
930 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
931</tr>
932<tr>
933 <td>&nbsp;</td>
934 <td>&nbsp;</td>
935 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
936 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
937</tr>
938</table>
939<hr size='1'>
940<table width='100%'>
941<tr>
942 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
943</tr>
944<tr>
945 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
ac1cfefa
MT		 946</tr>
947<tr>
ed38f89d
MT		 948 <td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
949 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
950 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:</td>
ac1cfefa
MT		 951 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
952</tr>
953<tr>
ed38f89d 954 <td class='base'>$Lang::tr{'advproxy min size'}:</td>
ac1cfefa 955 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
ed38f89d 956 <td class='base'>$Lang::tr{'advproxy max size'}:</td>
ac1cfefa
MT		 957 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
958</tr>
959<tr>
ed38f89d
MT		 960 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
961 <td class='base'><select name='L1_DIRS'>
962 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
963 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
964 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
965 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
966 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
967 </select></td>
968 <td colspan='2' rowspan= '5' valign='top' class='base'>
969 <table cellpadding='0' cellspacing='0'>
970 <tr>
971 <!-- intentionally left empty -->
972 </tr>
973 <tr>
974 <td>$Lang::tr{'advproxy no cache sites'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
975 </tr>
976 <tr>
977 <!-- intentionally left empty -->
978 </tr>
979 <tr>
980 <!-- intentionally left empty -->
981 </tr>
982 <tr>
983 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
984END
985;
986
987print $proxysettings{'DST_NOCACHE'};
988
989print <<END
990</textarea></td>
991 </tr>
992 </table>
993 </td>
994</tr>
995<tr>
996 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
997 <td class='base'><select name='MEM_POLICY'>
998 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
999 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1000 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
1001 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
1002 </select></td>
1003</tr>
1004<tr>
1005 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1006 <td class='base'><select name='CACHE_POLICY'>
1007 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1008 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1009 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1010 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1011 </select></td>
1012</tr>
1013<tr>
1014 <td colspan='2'>&nbsp;</td>
1015</tr>
1016<tr>
1017 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1018 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1019</tr>
1020</table>
1021<hr size='1'>
1022<table width='100%'>
1023<tr>
1024 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1025</tr>
1026<tr>
1027 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1028</tr>
1029<tr>
1030 <td colspan='2' class='base'>$Lang::tr{'advproxy allowed subnets'}:</td>
1031 <td colspan='2'>&nbsp;</td>
1032</tr>
1033<tr>
1034 <td colspan='2'><textarea name='SRC_SUBNETS' cols='32' rows='6' wrap='off'>
1035END
1036;
1037
1038if (!$proxysettings{'SRC_SUBNETS'}) {
1039 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1040 if ($netsettings{'BLUE_DEV'}) {
1041 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1042 }
1043} else {
1044 print $proxysettings{'SRC_SUBNETS'};
1045}
1046
1047print <<END
1048</textarea></td>
1049 <td colspan='2'>&nbsp;</td>
1050</tr>
1051</table>
1052<table width='100%'>
1053<tr>
1054 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1055</tr>
1056<tr>
1057 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1058 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1059</tr>
1060<tr>
1061 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='6' wrap='off'>
1062END
1063;
1064
1065 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1066
1067print <<END
1068</textarea></td>
1069 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='6' wrap='off'>
1070END
1071;
1072
1073print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1074
1075print <<END
1076</textarea></td>
1077</tr>
1078</table>
1079<table width='100%'>
1080<tr>
1081 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1082</tr>
1083<tr>
1084 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1085 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1086</tr>
1087<tr>
1088 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='6' wrap='off'>
1089END
1090;
1091
1092 print $proxysettings{'SRC_BANNED_IP'};
1093
1094print <<END
1095</textarea></td>
1096 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='6' wrap='off'>
1097END
1098;
1099
1100print $proxysettings{'SRC_BANNED_MAC'};
1101
1102print <<END
1103</textarea></td>
1104</tr>
1105</table>
1106
1107<hr size='1'>
1108
1109END
1110;
1111# -------------------------------------------------------------------
1112# CRE GUI - optional
1113# -------------------------------------------------------------------
1114
1115if (-e $cre_enabled) { print <<END
1116<table width='100%'>
1117
1118<tr>
1119 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b></td>
1120</tr>
1121<tr>
1122 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1123</tr>
1124<tr>
1125 <td class='base'>$Lang::tr{'advproxy enabled'}:</td>
1126 <td><input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1127 <td class='base'>$Lang::tr{'advproxy supervisor password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1128 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1129</tr>
1130<tr>
1131 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1132 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1133</tr>
1134<tr>
1135 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1136END
1137;
1138
1139 print $proxysettings{'CRE_GROUPS'};
1140
1141print <<END
1142</textarea></td>
1143 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1144END
1145;
1146 print $proxysettings{'CRE_SVHOSTS'};
1147
1148print <<END
1149</textarea></td>
1150</tr>
1151
1152</table>
1153
1154<hr size='1'>
1155END
1156;
1157} else {
1158 print <<END
1159 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1160 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1161 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1162END
1163;
1164}
1165# -------------------------------------------------------------------
1166
1167print <<END
1168
1169<table width='100%'>
1170<tr>
1171 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1172</tr>
1173<table width='100%'>
1174<tr>
1175 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1176 <td width='1%'>&nbsp;</td>
1177 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1178 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1179 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1180 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1181 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1182 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1183 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1184 <td width='1%'>&nbsp;&nbsp;</td>
1185 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1186 <td width='1%'>&nbsp;</td>
1187 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1188 <td>&nbsp;</td>
1189</tr>
1190<tr>
1191 <td class='base'>
1192 <select name='TIME_ACCESS_MODE'>
1193 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1194 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1195 </select>
1196 </td>
1197 <td>&nbsp;</td>
1198 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1199 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1200 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1201 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1202 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1203 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1204 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1205 <td>&nbsp;</td>
1206 <td class='base'>
1207 <select name='TIME_FROM_HOUR'>
1208END
1209;
1210for ($i=0;$i<=24;$i++) {
1211 $_ = sprintf("%02s",$i);
1212 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1213}
1214print <<END
1215 </select>
1216 </td>
1217 <td>:</td>
1218 <td class='base'>
1219 <select name='TIME_FROM_MINUTE'>
1220END
1221;
1222for ($i=0;$i<=45;$i+=15) {
1223 $_ = sprintf("%02s",$i);
1224 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1225}
1226print <<END
1227 </select>
1228 <td> - </td>
1229 </td>
1230 <td class='base'>
1231 <select name='TIME_TO_HOUR'>
1232END
1233;
1234for ($i=0;$i<=24;$i++) {
1235 $_ = sprintf("%02s",$i);
1236 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1237}
1238print <<END
1239 </select>
1240 </td>
1241 <td>:</td>
1242 <td class='base'>
1243 <select name='TIME_TO_MINUTE'>
1244END
1245;
1246for ($i=0;$i<=45;$i+=15) {
1247 $_ = sprintf("%02s",$i);
1248 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1249}
1250print <<END
1251 </select>
1252 </td>
1253</tr>
1254</table>
1255<hr size='1'>
1256<table width='100%'>
1257<tr>
1258 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
ac1cfefa
MT		 1259</tr>
1260<tr>
ed38f89d
MT		 1261 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:</td>
1262 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1263 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:</td>
1264 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
ac1cfefa
MT		 1265</tr>
1266</table>
ed38f89d 1267<hr size='1'>
ac1cfefa 1268<table width='100%'>
ac1cfefa 1269<tr>
ed38f89d
MT		 1270 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1271</tr>
1272<tr>
1273 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1274 <td width='20%' class='base'>
1275 <select name='THROTTLING_GREEN_TOTAL'>
1276END
1277;
1278
1279foreach (@throttle_limits) {
1280 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
1281}
1282
1283print <<END
1284 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1285 </select>
1286 </td>
1287 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1288 <td width='30%' class='base'>
1289 <select name='THROTTLING_GREEN_HOST'>
1290END
1291;
1292
1293foreach (@throttle_limits) {
1294 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
1295}
1296
1297print <<END
1298 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1299 </select>
1300 </td>
1301</tr>
1302END
1303;
1304
1305if ($netsettings{'BLUE_DEV'}) {
1306 print <<END
1307<tr>
1308 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1309 <td class='base'>
1310 <select name='THROTTLING_BLUE_TOTAL'>
1311END
1312;
1313
1314foreach (@throttle_limits) {
1315 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
1316}
1317
1318print <<END
1319 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1320 </select>
1321 </td>
1322 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1323 <td class='base'>
1324 <select name='THROTTLING_BLUE_HOST'>
1325END
1326;
1327
1328foreach (@throttle_limits) {
1329 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
1330}
1331
1332print <<END
1333 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1334 </select>
ac1cfefa 1335 </td>
ac1cfefa 1336</tr>
ed38f89d
MT		 1337END
1338;
1339}
ac1cfefa 1340
ed38f89d
MT		 1341print <<END
1342</table>
1343<table width='100%'>
1344<tr>
1345 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1346</tr>
1347<tr>
1348 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1349 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1350 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1351 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1352 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1353 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1354 <td width='15%'>&nbsp;</td>
1355 <td width='10%'>&nbsp;</td>
1356</tr>
ac1cfefa 1357</table>
ed38f89d
MT		 1358<hr size='1'>
1359<table width='100%'>
1360<tr>
1361 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b></td>
1362</tr>
1363<tr>
1364 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1365 <td width='20%'><input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1366</tr>
1367<tr>
1368 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1369 <td>&nbsp;</td>
1370 <td>&nbsp;</td>
1371</tr>
1372<tr>
1373 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
ac1cfefa
MT		 1374END
1375;
ac1cfefa 1376
ed38f89d 1377print $proxysettings{'MIME_TYPES'};
ac1cfefa 1378
ed38f89d
MT		 1379print <<END
1380</textarea></td>
1381 <td>&nbsp;</td>
1382 <td>&nbsp;</td>
1383</tr>
1384</table>
1385<hr size='1'>
1386<table width='100%'>
1387<tr>
1388 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b></td>
1389</tr>
1390<tr>
1391 <td width='25%' class='base'>$Lang::tr{'advproxy UA enable filter'}:</td>
1392 <td width='20%'><input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1393 <td>&nbsp;</td>
1394 <td>&nbsp;</td>
1395</tr>
1396<tr>
1397 <td colspan='4'><i>
1398END
1399;
1400if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1401print <<END
1402</i></td>
1403</tr>
1404</table>
1405<table width='100%'>
1406END
1407;
ac1cfefa 1408
ed38f89d
MT		 1409for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1410 for ($i=0; $i<=3; $i++) {
1411 if ($i eq 0) { print "<tr>\n"; }
1412 if (($n+$i) < @useragentlist) {
1413 @useragent = split(/,/,@useragentlist[$n+$i]);
1414 print "<td width='15%'>@useragent[1]:<\/td>\n";
1415 print "<td width='10%'><input type='checkbox' name='UA_@useragent[0]' $checked{'UA_'.@useragent[0]}{'on'} /></td>\n";
1416 }
1417 if ($i eq 3) { print "<\/tr>\n"; }
1418 }
1419}
1420
1421print <<END
1422</table>
1423<hr size='1'>
1424<table width='100%'>
1425<tr>
1426 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1427</tr>
1428<tr>
1429 <td class='base'>$Lang::tr{'advproxy fake useragent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1430</tr>
1431<tr>
1432 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
1433</tr>
1434<tr>
1435 <td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1436</tr>
1437<tr>
1438 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
1439</tr>
1440</table>
1441<hr size='1'>
1442END
1443;
1444
1445if ($urlfilter_addon) {
1446 print <<END
1447<table width='100%'>
1448<tr>
1449 <td colspan='4'><b>$Lang::tr{'advproxy url filter'}</b></td>
1450</tr>
1451<tr>
1452 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1453 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
1454 <td>&nbsp;</td>
1455 <td>&nbsp;</td>
1456</tr>
1457</table>
1458<hr size='1'>
1459END
1460; }
1461
1462if (($updacclrtr_addon) && (!($urlfilter_addon))) {
1463 print <<END
1464<table width='100%'>
1465<tr>
1466 <td colspan='4'><b>$Lang::tr{'advproxy update accelerator'}</b></td>
1467</tr>
1468<tr>
1469 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1470 <td><input type='checkbox' name='ENABLE_UPDACCEL' $checked{'ENABLE_UPDACCEL'}{'on'} /></td>
1471 <td>&nbsp;</td>
1472 <td>&nbsp;</td>
1473</tr>
1474</table>
1475<hr size='1'>
1476END
1477; }
1478
1479print <<END
1480<table width='100%'>
1481<tr>
1482 <td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1483</tr>
1484<tr>
1485 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1486 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1487 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1488 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1489 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1490 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1491</tr>
1492</table>
1493END
1494;
1495
1496if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1497<hr size='1'>
1498<table width='100%'>
1499<tr>
1500 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1501</tr>
1502<tr>
1503 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1504</tr>
1505<tr>
1506 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1507 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1508 <td colspan='2' rowspan= '6' valign='top' class='base'>
1509 <table cellpadding='0' cellspacing='0'>
1510 <tr>
1511 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1512 </tr>
1513 <tr>
1514 <!-- intentionally left empty -->
1515 </tr>
1516 <tr>
1517 <!-- intentionally left empty -->
1518 </tr>
1519 <tr>
1520 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1521 </tr>
1522 <tr>
1523 <!-- intentionally left empty -->
1524 </tr>
1525 <tr>
1526 <!-- intentionally left empty -->
1527 </tr>
1528 <tr>
1529 <td>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1530 </tr>
1531 <tr>
1532 <!-- intentionally left empty -->
1533 </tr>
1534 <tr>
1535 <!-- intentionally left empty -->
1536 </tr>
1537 <tr>
1538 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1539END
1540;
1541
1542print $proxysettings{'DST_NOAUTH'};
1543
1544print <<END
1545</textarea></td>
1546 </tr>
1547 </table>
1548 </td>
1549</tr>
1550<tr>
1551 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1552 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1553</tr>
1554<tr>
1555 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1556 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1557</tr>
1558<tr>
1559 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1560 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1561</tr>
1562<tr>
1563 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1564 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1565</tr>
1566<tr>
1567 <td colspan='2'>&nbsp;</td>
1568</tr>
1569</table>
1570END
1571;
1572}
1573
1574# ===================================================================
1575# NCSA auth settings
1576# ===================================================================
1577
1578if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1579print <<END
1580<hr size='1'>
1581<table width='100%'>
1582<tr>
1583 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1584</tr>
1585<tr>
1586 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1587 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1588 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1589 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1590</tr>
1591<tr>
1592 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1593 <td>&nbsp;</td>
1594 <td>&nbsp;</td>
1595</tr>
1596</table>
1597END
1598; }
1599
1600# ===================================================================
1601# IDENTD auth settings
1602# ===================================================================
1603
1604if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1605print <<END
1606<hr size ='1'>
1607<table width='100%'>
1608<tr>
1609 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1610</tr>
1611<tr>
1612 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1613 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1614 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1615 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1616</tr>
1617<tr>
1618 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1619 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1620 <td>&nbsp;</td>
1621 <td>&nbsp;</td>
1622</tr>
1623<tr>
1624 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1625 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1626</tr>
1627<tr>
1628 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1629END
1630;
1631if (!$proxysettings{'IDENT_HOSTS'}) {
1632 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1633 if ($netsettings{'BLUE_DEV'}) {
1634 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1635 }
1636} else {
1637 print $proxysettings{'IDENT_HOSTS'};
1638}
1639
1640print <<END
1641</textarea></td>
1642 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1643END
1644;
1645
1646print $proxysettings{'DST_NOAUTH'};
1647
1648print <<END
1649</textarea></td>
1650</tr>
1651</table>
1652<hr size ='1'>
1653<table width='100%'>
1654<tr>
1655 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1656</tr>
1657<tr>
1658 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1659 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1660 <td width='25%'>&nbsp;</td>
1661 <td width='30%'>&nbsp;</td>
1662</tr>
1663<tr>
1664 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1665 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1666 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1667 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1668</tr>
1669<tr>
1670 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1671 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1672</tr>
1673<tr>
1674 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1675END
1676; }
1677
1678if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1679
1680if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1681</textarea></td>
1682 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1683END
1684; }
1685
1686if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1687
1688if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1689</textarea></td>
1690</tr>
1691</table>
1692END
1693; }
1694
1695# ===================================================================
1696# NTLM auth settings
1697# ===================================================================
1698
1699if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1700print <<END
1701<hr size='1'>
1702<table width='100%'>
1703<tr>
1704 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1705</tr>
1706<tr>
1707 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1708 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1709 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1710 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1711 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1712 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1713</tr>
1714</table>
1715<hr size ='1'>
1716<table width='100%'>
1717<tr>
1718 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1719</tr>
1720<tr>
1721 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1722 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1723 <td>&nbsp;</td>
1724</tr>
1725</table>
1726<hr size ='1'>
1727<table width='100%'>
1728<tr>
1729 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1730</tr>
1731<tr>
1732 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1733 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1734 <td width='25%'>&nbsp;</td>
1735 <td width='30%'>&nbsp;</td>
1736</tr>
1737<tr>
1738 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1739 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1740 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1741 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1742</tr>
1743<tr>
1744 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1745 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1746</tr>
1747<tr>
1748 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1749END
1750; }
1751
1752if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1753
1754if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1755</textarea></td>
1756 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1757END
1758; }
1759
1760if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1761
1762if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1763</textarea></td>
1764</tr>
1765</table>
1766END
1767; }
1768
1769# ===================================================================
1770# LDAP auth settings
1771# ===================================================================
1772
1773if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1774print <<END
1775<hr size='1'>
1776<table width='100%'>
1777<tr>
1778 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1779</tr>
1780<tr>
1781 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1782 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1783 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1784 <td class='base'><select name='LDAP_TYPE'>
1785 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1786 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1787 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1788 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1789 </select></td>
1790</tr>
1791<tr>
1792 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1793 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1794 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1795 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1796</tr>
1797</table>
1798<hr size ='1'>
1799<table width='100%'>
1800<tr>
1801 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1802</tr>
1803<tr>
1804 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1805 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1806 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1807 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1808</tr>
1809</table>
1810<hr size ='1'>
1811<table width='100%'>
1812<tr>
1813 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1814</tr>
1815<tr>
1816 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1817 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1818 <td>&nbsp;</td>
1819 <td>&nbsp;</td>
1820</tr>
1821</table>
1822END
1823; }
1824
1825# ===================================================================
1826# RADIUS auth settings
1827# ===================================================================
1828
1829if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1830print <<END
1831<hr size='1'>
1832<table width='100%'>
1833<tr>
1834 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1835</tr>
1836<tr>
1837 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1838 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1839 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1840 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1841</tr>
1842<tr>
1843 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1844 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1845 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1846 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1847</tr>
1848</table>
1849<hr size ='1'>
1850<table width='100%'>
1851<tr>
1852 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1853</tr>
1854<tr>
1855 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1856 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1857 <td width='25%'>&nbsp;</td>
1858 <td width='30%'>&nbsp;</td>
1859</tr>
1860<tr>
1861 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1862 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1863 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1864 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1865</tr>
1866<tr>
1867 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1868 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1869</tr>
1870<tr>
1871 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1872END
1873; }
1874
1875if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
1876
1877if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1878</textarea></td>
1879 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
1880END
1881; }
1882
1883if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
1884
1885if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1886</textarea></td>
1887</tr>
1888</table>
1889END
1890; }
1891
1892# ===================================================================
1893
1894}
1895
1896print "<table>\n";
1897
1898if ($proxysettings{'AUTH_METHOD'} eq 'none') {
1899print <<END
1900<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1901<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1902<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1903<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1904<td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
1905<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1906<td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
1907END
1908; }
1909
1910if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1911print <<END
1912<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1913<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1914<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1915<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1916<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1917END
1918; }
1919
1920if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
1921print <<END
1922<td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
1923<td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
1924END
1925; }
1926
1927if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
1928print <<END
1929<td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
1930<td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
1931<td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
1932<td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
1933<td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
1934<td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
1935<td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
1936END
1937; }
1938
1939if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
1940print <<END
1941<td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
1942<td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
1943<td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
1944<td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
1945<td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
1946<td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
1947<td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
1948END
1949; }
1950
1951if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
1952print <<END
1953<td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
1954<td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
1955<td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
1956<td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
1957<td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
1958<td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
1959<td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
1960<td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
1961END
1962; }
1963
1964if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
1965print <<END
1966<td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
1967<td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
1968<td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
1969<td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
1970<td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
1971<td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
1972<td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
1973<td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
1974END
1975; }
1976
1977print "</table>\n";
1978
1979print <<END
1980<hr size='1'>
1981END
1982;
1983
1984print <<END
1985<table width='100%'>
1986<tr>
1987 <td>&nbsp;</td>
1988 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
1989 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
1990 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>
1991 <td>&nbsp;</td>
1992</tr>
1993
1994</table>
1995<br />
1996<table width='100%'>
1997<tr>
1998 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;
1999 <font class='base'>$Lang::tr{'this field may be blank'}</font>
2000 </td>
2001 <td align='right'>
60cbd6e7 2002 &nbsp;
ed38f89d
MT		 2003 </td>
2004</tr>
2005</table>
2006</form>
2007END
2008;
2009
2010&Header::closebox();
2011
2012} else {
2013
2014# ===================================================================
2015# NCSA user management
2016# ===================================================================
2017
2018&Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2019print <<END
2020<form method='post' action='$ENV{'SCRIPT_NAME'}'>
2021<table width='100%'>
2022<tr>
2023 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2024</tr>
2025<tr>
2026 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2027 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2028END
2029;
2030 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
2031 print <<END
2032 /></td>
2033 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2034 <td class='base'>
2035 <select name='NCSA_GROUP'>
2036 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2037 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2038 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2039 </select>
2040 </td>
2041
2042</tr>
2043<tr>
2044 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2045 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2046 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2047 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2048</tr>
2049</table>
2050<br>
2051<table>
2052<tr>
2053 <td>&nbsp;</td>
2054 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2055 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2056 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2057END
2058;
2059 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2060 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2061 }
2062
2063print <<END
2064 <td>&nbsp;</td>
2065 <td>&nbsp;</td>
2066 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2067</tr>
2068</table>
2069</form>
2070<hr size='1'>
2071<table width='100%'>
2072<tr>
2073 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2074</tr>
2075</table>
2076<table width='100%' align='center'>
2077END
2078;
2079
2080if (-e $extgrp)
2081{
2082 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2083 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2084}
2085if (-e $stdgrp)
2086{
2087 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2088 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2089}
2090if (-e $disgrp)
2091{
2092 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2093 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2094}
2095
2096@userlist = sort(@userlist);
2097
2098# If the password file contains entries, print entries and action icons
2099
2100if (! -z "$userdb") {
2101 print <<END
2102 <tr>
2103 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2104 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2105 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2106 </tr>
2107END
2108;
2109 $id = 0;
2110 foreach $line (@userlist)
2111 {
2112 $id++;
2113 chomp($line);
2114 @temp = split(/:/,$line);
2115 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2116 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2117 elsif ($id % 2) {
2118 print "<tr bgcolor='$Header::table1colour'>\n"; }
2119 else {
2120 print "<tr bgcolor='$Header::table2colour'>\n"; }
2121
2122 print <<END
2123 <td align='center'>$temp[0]</td>
2124 <td align='center'>
2125END
2126;
2127 if ($temp[1] eq 'standard') {
2128 print $Lang::tr{'advproxy NCSA grp standard'};
2129 } elsif ($temp[1] eq 'extended') {
2130 print $Lang::tr{'advproxy NCSA grp extended'};
2131 } elsif ($temp[1] eq 'disabled') {
2132 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2133 print <<END
2134 </td>
2135 <td width='8%' align='center'>
2136 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2137 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2138 <input type='hidden' name='ID' value='$line' />
2139 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2140 </form>
2141 </td>
2142
2143 <td width='8%' align='center'>
2144 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2145 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2146 <input type='hidden' name='ID' value='$temp[0]' />
2147 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2148 </form>
2149 </td>
2150 </tr>
2151END
2152;
2153 }
2154
2155print <<END
2156</table>
2157<br>
2158<table witdh='100%'>
2159<tr>
2160 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2161 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2162 <td class='base'>$Lang::tr{'edit'}</td>
2163 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2164 <td class='base'>$Lang::tr{'remove'}</td>
2165</tr>
2166END
2167;
2168} else {
2169 print <<END
2170 <tr>
2171 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2172 </tr>
2173END
2174;
2175}
2176
2177print <<END
2178</table>
2179END
2180;
2181
2182&Header::closebox();
2183
2184}
2185
2186# ===================================================================
2187
2188&Header::closebigbox();
2189
2190&Header::closepage();
2191
2192# -------------------------------------------------------------------
2193
2194sub read_acls
2195{
2196 if (-e "$acl_src_subnets") {
2197 open(FILE,"$acl_src_subnets");
2198 delete $proxysettings{'SRC_SUBNETS'};
2199 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2200 close(FILE);
2201 }
2202 if (-e "$acl_src_banned_ip") {
2203 open(FILE,"$acl_src_banned_ip");
2204 delete $proxysettings{'SRC_BANNED_IP'};
2205 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2206 close(FILE);
2207 }
2208 if (-e "$acl_src_banned_mac") {
2209 open(FILE,"$acl_src_banned_mac");
2210 delete $proxysettings{'SRC_BANNED_MAC'};
2211 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2212 close(FILE);
2213 }
2214 if (-e "$acl_src_unrestricted_ip") {
2215 open(FILE,"$acl_src_unrestricted_ip");
2216 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2217 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2218 close(FILE);
2219 }
2220 if (-e "$acl_src_unrestricted_mac") {
2221 open(FILE,"$acl_src_unrestricted_mac");
2222 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2223 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2224 close(FILE);
2225 }
2226 if (-e "$acl_dst_nocache") {
2227 open(FILE,"$acl_dst_nocache");
2228 delete $proxysettings{'DST_NOCACHE'};
2229 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2230 close(FILE);
2231 }
2232 if (-e "$acl_dst_noauth") {
2233 open(FILE,"$acl_dst_noauth");
2234 delete $proxysettings{'DST_NOAUTH'};
2235 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2236 close(FILE);
2237 }
2238 if (-e "$mimetypes") {
2239 open(FILE,"$mimetypes");
2240 delete $proxysettings{'MIME_TYPES'};
2241 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2242 close(FILE);
2243 }
2244 if (-e "$ntlmdir/msntauth.allowusers") {
2245 open(FILE,"$ntlmdir/msntauth.allowusers");
2246 delete $proxysettings{'NTLM_ALLOW_USERS'};
2247 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2248 close(FILE);
2249 }
2250 if (-e "$ntlmdir/msntauth.denyusers") {
2251 open(FILE,"$ntlmdir/msntauth.denyusers");
2252 delete $proxysettings{'NTLM_DENY_USERS'};
2253 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2254 close(FILE);
2255 }
2256 if (-e "$raddir/radauth.allowusers") {
2257 open(FILE,"$raddir/radauth.allowusers");
2258 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2259 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2260 close(FILE);
2261 }
2262 if (-e "$raddir/radauth.denyusers") {
2263 open(FILE,"$raddir/radauth.denyusers");
2264 delete $proxysettings{'RADIUS_DENY_USERS'};
2265 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2266 close(FILE);
2267 }
2268 if (-e "$identdir/identauth.allowusers") {
2269 open(FILE,"$identdir/identauth.allowusers");
2270 delete $proxysettings{'IDENT_ALLOW_USERS'};
2271 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2272 close(FILE);
2273 }
2274 if (-e "$identdir/identauth.denyusers") {
2275 open(FILE,"$identdir/identauth.denyusers");
2276 delete $proxysettings{'IDENT_DENY_USERS'};
2277 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2278 close(FILE);
2279 }
2280 if (-e "$identhosts") {
2281 open(FILE,"$identhosts");
2282 delete $proxysettings{'IDENT_HOSTS'};
2283 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2284 close(FILE);
2285 }
2286 if (-e "$cre_groups") {
2287 open(FILE,"$cre_groups");
2288 delete $proxysettings{'CRE_GROUPS'};
2289 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2290 close(FILE);
2291 }
2292 if (-e "$cre_svhosts") {
2293 open(FILE,"$cre_svhosts");
2294 delete $proxysettings{'CRE_SVHOSTS'};
2295 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2296 close(FILE);
2297 }
2298}
2299
2300# -------------------------------------------------------------------
2301
2302sub check_acls
2303{
2304 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2305 undef $proxysettings{'SRC_SUBNETS'};
2306 foreach (@temp)
2307 {
2308 s/^\s+//g; s/\s+$//g;
2309 if ($_)
2310 {
2311 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2312 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2313 }
2314 }
2315
2316 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2317 undef $proxysettings{'SRC_BANNED_IP'};
2318 foreach (@temp)
2319 {
2320 s/^\s+//g; s/\s+$//g;
2321 if ($_)
2322 {
2323 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2324 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2325 }
2326 }
2327
2328 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2329 undef $proxysettings{'SRC_BANNED_MAC'};
2330 foreach (@temp)
2331 {
2332 s/^\s+//g; s/\s+$//g; s/-/:/g;
2333 if ($_)
2334 {
2335 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2336 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2337 }
2338 }
2339
2340 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2341 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2342 foreach (@temp)
2343 {
2344 s/^\s+//g; s/\s+$//g;
2345 if ($_)
2346 {
2347 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2348 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2349 }
2350 }
2351
2352 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2353 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2354 foreach (@temp)
2355 {
2356 s/^\s+//g; s/\s+$//g; s/-/:/g;
2357 if ($_)
2358 {
2359 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2360 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2361 }
2362 }
2363
2364 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2365 {
2366 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2367 undef $proxysettings{'NTLM_ALLOW_USERS'};
2368 foreach (@temp)
2369 {
2370 s/^\s+//g; s/\s+$//g;
2371 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2372 }
2373 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2374 }
2375
2376 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2377 {
2378 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2379 undef $proxysettings{'NTLM_DENY_USERS'};
2380 foreach (@temp)
2381 {
2382 s/^\s+//g; s/\s+$//g;
2383 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2384 }
2385 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2386 }
2387
2388 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2389 {
2390 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2391 undef $proxysettings{'IDENT_ALLOW_USERS'};
2392 foreach (@temp)
2393 {
2394 s/^\s+//g; s/\s+$//g;
2395 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2396 }
2397 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2398 }
2399
2400 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2401 {
2402 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2403 undef $proxysettings{'IDENT_DENY_USERS'};
2404 foreach (@temp)
2405 {
2406 s/^\s+//g; s/\s+$//g;
2407 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2408 }
2409 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2410 }
2411
2412 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2413 {
2414 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2415 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2416 foreach (@temp)
2417 {
2418 s/^\s+//g; s/\s+$//g;
2419 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2420 }
2421 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2422 }
2423
2424 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2425 {
2426 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2427 undef $proxysettings{'RADIUS_DENY_USERS'};
2428 foreach (@temp)
2429 {
2430 s/^\s+//g; s/\s+$//g;
2431 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2432 }
2433 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2434 }
2435
2436 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2437 undef $proxysettings{'IDENT_HOSTS'};
2438 foreach (@temp)
2439 {
2440 s/^\s+//g; s/\s+$//g;
2441 if ($_)
2442 {
2443 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2444 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2445 }
2446 }
2447
2448 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2449 undef $proxysettings{'CRE_SVHOSTS'};
2450 foreach (@temp)
2451 {
2452 s/^\s+//g; s/\s+$//g;
2453 if ($_)
2454 {
2455 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2456 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2457 }
2458 }
2459}
2460
2461
2462# -------------------------------------------------------------------
2463
2464sub write_acls
2465{
2466 open(FILE, ">$acl_src_subnets");
2467 flock(FILE, 2);
2468 print FILE $proxysettings{'SRC_SUBNETS'};
2469 close(FILE);
2470
2471 open(FILE, ">$acl_src_banned_ip");
2472 flock(FILE, 2);
2473 print FILE $proxysettings{'SRC_BANNED_IP'};
2474 close(FILE);
2475
2476 open(FILE, ">$acl_src_banned_mac");
2477 flock(FILE, 2);
2478 print FILE $proxysettings{'SRC_BANNED_MAC'};
2479 close(FILE);
2480
2481 open(FILE, ">$acl_src_unrestricted_ip");
2482 flock(FILE, 2);
2483 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2484 close(FILE);
2485
2486 open(FILE, ">$acl_src_unrestricted_mac");
2487 flock(FILE, 2);
2488 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2489 close(FILE);
2490
2491 open(FILE, ">$acl_dst_nocache");
2492 flock(FILE, 2);
2493 print FILE $proxysettings{'DST_NOCACHE'};
2494 close(FILE);
2495
2496 open(FILE, ">$acl_dst_noauth");
2497 flock(FILE, 2);
2498 print FILE $proxysettings{'DST_NOAUTH'};
2499 close(FILE);
2500
2501 open(FILE, ">$acl_dst_throttle");
2502 flock(FILE, 2);
2503 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2504 {
2505 @temp = split(/\|/,$throttle_binary);
2506 foreach (@temp) { print FILE "\\.$_\$\n"; }
2507 }
2508 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2509 {
2510 @temp = split(/\|/,$throttle_dskimg);
2511 foreach (@temp) { print FILE "\\.$_\$\n"; }
2512 }
2513 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2514 {
2515 @temp = split(/\|/,$throttle_mmedia);
2516 foreach (@temp) { print FILE "\\.$_\$\n"; }
2517 }
2518 if (-s $throttled_urls)
2519 {
2520 open(URLFILE, $throttled_urls);
2521 @temp = <URLFILE>;
2522 close(URLFILE);
2523 foreach (@temp) { print FILE; }
2524 }
2525 close(FILE);
2526
2527 open(FILE, ">$mimetypes");
2528 flock(FILE, 2);
2529 print FILE $proxysettings{'MIME_TYPES'};
2530 close(FILE);
2531
2532 open(FILE, ">$ntlmdir/msntauth.allowusers");
2533 flock(FILE, 2);
2534 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2535 close(FILE);
2536
2537 open(FILE, ">$ntlmdir/msntauth.denyusers");
2538 flock(FILE, 2);
2539 print FILE $proxysettings{'NTLM_DENY_USERS'};
2540 close(FILE);
2541
2542 open(FILE, ">$raddir/radauth.allowusers");
2543 flock(FILE, 2);
2544 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2545 close(FILE);
2546
2547 open(FILE, ">$raddir/radauth.denyusers");
2548 flock(FILE, 2);
2549 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2550 close(FILE);
2551
2552 open(FILE, ">$identdir/identauth.allowusers");
2553 flock(FILE, 2);
2554 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2555 close(FILE);
2556
2557 open(FILE, ">$identdir/identauth.denyusers");
2558 flock(FILE, 2);
2559 print FILE $proxysettings{'IDENT_DENY_USERS'};
2560 close(FILE);
2561
2562 open(FILE, ">$identhosts");
2563 flock(FILE, 2);
2564 print FILE $proxysettings{'IDENT_HOSTS'};
2565 close(FILE);
2566
2567 open(FILE, ">$cre_groups");
2568 flock(FILE, 2);
2569 print FILE $proxysettings{'CRE_GROUPS'};
2570 close(FILE);
2571
2572 open(FILE, ">$cre_svhosts");
2573 flock(FILE, 2);
2574 print FILE $proxysettings{'CRE_SVHOSTS'};
2575 close(FILE);
2576}
2577
2578# -------------------------------------------------------------------
2579
2580sub writepacfile
2581{
2582 open(FILE, ">/home/httpd/html/proxy.pac");
2583 flock(FILE, 2);
2584 print FILE "function FindProxyForURL(url, host)\n";
2585 print FILE "{\n";
2586 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2587 {
2588 print FILE <<END
2589if (
2590 (isPlainHostName(host)) ||
2591 (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
2592 (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
2593 (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
2594 (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
2595 (isInNet(host, "192.168.0.0", "255.255.0.0"))
2596 )
2597 return "DIRECT";
2598
2599 else
2600
2601END
2602;
2603 if ($proxysettings{'ENABLE'} eq 'on')
2604 {
2605 print FILE <<END
2606if (
2607 (isInNet(myIpAddress(), "$netsettings{'GREEN_NETADDRESS'}", "$netsettings{'GREEN_NETMASK'}"))
2608 )
2609 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2610END
2611;
2612 }
2613 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2614 {
2615 print FILE "\n else\n\n";
2616 }
2617 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2618 {
2619 print FILE <<END
2620if (
2621 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2622 )
2623 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2624END
2625;
2626 }
2627 }
2628 print FILE "}\n";
2629 close(FILE);
2630}
2631
2632# -------------------------------------------------------------------
2633
2634sub writeconfig
2635{
2636 my $authrealm;
2637 my $delaypools;
2638
2639 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2640 $proxysettings{'THROTTLING_GREEN_HOST'} +
2641 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2642 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2643 {
2644 $delaypools = 1; } else { $delaypools = 0;
2645 }
2646
2647 if ($proxysettings{'AUTH_REALM'} eq '')
2648 {
2649 $authrealm = "IPFire Advanced Proxy Server";
2650 } else {
2651 $authrealm = $proxysettings{'AUTH_REALM'};
2652 }
2653
2654 $_ = $proxysettings{'UPSTREAM_PROXY'};
2655 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
2656
2657 if ($remoteport eq '') { $remoteport = 80; }
2658
2659 open(FILE, ">${General::swroot}/proxy/squid.conf");
2660 flock(FILE, 2);
2661 print FILE <<END
2662shutdown_lifetime 5 seconds
2663icp_port 0
2664
2665http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}
2666END
2667 ;
2668 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2669 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
2670 }
2671
2672 print FILE <<END
2673
2674acl QUERY urlpath_regex cgi-bin \\?
2675no_cache deny QUERY
2676END
2677 ;
2678 if (!-z $acl_dst_nocache) {
2679 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
2680 print FILE "no_cache deny no_cache_domains\n";
2681 }
2682
2683 print FILE <<END
2684
2685cache_effective_user squid
2686cache_effective_group squid
2687
2688pid_filename /var/run/squid.pid
2689
2690cache_mem $proxysettings{'CACHE_MEM'} MB
2691cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
2692
2693error_directory /usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}
2694
2695END
2696 ;
2697
2698 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
2699
2700 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
2701 {
2702 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
2703 {
2704 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
2705 }
2706 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
2707 {
2708 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
2709 }
2710 print FILE "\n";
2711 }
2712
2713 if ($proxysettings{'LOGGING'} eq 'on')
2714 {
2715 print FILE <<END
2716cache_access_log /var/log/squid/access.log
2717cache_log /var/log/squid/cache.log
2718cache_store_log none
2719END
2720 ;
2721 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
2722 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
2723 } else {
2724 print FILE <<END
2725cache_access_log /dev/null
2726cache_log /dev/null
2727cache_store_log none
2728END
2729 ;}
2730 print FILE <<END
2731
2732log_mime_hdrs off
2733END
2734 ;
2735
2736 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
2737 {
2738 print FILE "forwarded_for on\n\n";
2739 } else {
2740 print FILE "forwarded_for off\n\n";
2741 }
2742
2743 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
2744 {
2745 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2746 {
2747 print FILE "auth_param basic program $libexecdir/ncsa_auth $userdb\n";
2748 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2749 print FILE "auth_param basic realm $authrealm\n";
2750 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2751 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2752 }
2753
2754 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
2755 {
2756 print FILE "auth_param basic program $libexecdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
2757 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
2758 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
2759 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
2760 {
2761 if ($proxysettings{'LDAP_GROUP'} eq '')
2762 {
2763 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
2764 } else {
2765 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2766 }
2767 print FILE " -u sAMAccountName -P";
2768 }
2769 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
2770 {
2771 if ($proxysettings{'LDAP_GROUP'} eq '')
2772 {
2773 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
2774 } else {
2775 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
2776 }
2777 print FILE " -u cn -P";
2778 }
2779 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
2780 {
2781 if ($proxysettings{'LDAP_GROUP'} eq '')
2782 {
2783 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
2784 } else {
2785 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2786 }
2787 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
2788 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
2789 print FILE " -u uid -P";
2790 }
2791 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
2792 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2793 print FILE "auth_param basic realm $authrealm\n";
2794 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2795 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2796 }
2797
2798 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
2799 {
2800 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
2801 {
2802 print FILE "auth_param ntlm program $libexecdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
2803 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
2804 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
2805 print FILE "auth_param ntlm max_challenge_reuses 0\n";
2806 print FILE "auth_param ntlm max_challenge_lifetime 2 minutes\n";
2807 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2808 } else {
2809 print FILE "auth_param basic program $libexecdir/msnt_auth\n";
2810 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2811 print FILE "auth_param basic realm $authrealm\n";
2812 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2813 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2814
2815 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
2816 flock(MSNTCONF,2);
2817 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
2818 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
2819 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
2820 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
2821 {
2822 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
2823 {
2824 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
2825 } else {
2826 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
2827 }
2828 }
2829 close(MSNTCONF);
2830 }
2831 }
2832
2833 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
2834 {
2835 print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
2836 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
2837 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
2838 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2839 print FILE "auth_param basic realm $authrealm\n";
2840 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2841 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2842 }
2843
2844 print FILE "\n";
2845 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
2846 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
2847 {
2848 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2849 {
2850 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
2851 }
2852 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2853 {
2854 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
2855 }
2856 }
2857 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
2858 {
2859 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2860 {
2861 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
2862 }
2863 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2864 {
2865 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
2866 }
2867 }
2868 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2869 {
2870 print FILE "\n";
2871 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
2872 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
2873 }
2874 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
2875 print FILE "\n";
2876
2877 if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; }
2878 }
2879
2880 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2881 {
2882 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
2883 {
2884 print FILE "acl for_inetusers ident REQUIRED\n";
2885 }
2886 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
2887 {
2888 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2889 {
2890 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
2891 }
2892 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2893 {
2894 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
2895 }
2896 }
2897 }
2898
2899 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
2900
2901 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
2902
2903 print FILE "acl within_timeframe time ";
2904 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
2905 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
2906 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
2907 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
2908 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
2909 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
2910 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
2911 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
2912 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
2913 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
2914 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
2915
2916 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
2917 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
2918 }
2919
2920 print FILE <<END
2921acl all src 0.0.0.0/0.0.0.0
2922acl localhost src 127.0.0.1/255.255.255.255
2923acl SSL_ports port 443 563
2924acl Safe_ports port 80 # http
2925acl Safe_ports port 21 # ftp
2926acl Safe_ports port 443 563 # https, snews
2927acl Safe_ports port 70 # gopher
2928acl Safe_ports port 210 # wais
2929acl Safe_ports port 1025-65535 # unregistered ports
2930acl Safe_ports port 280 # http-mgmt
2931acl Safe_ports port 488 # gss-http
2932acl Safe_ports port 591 # filemaker
2933acl Safe_ports port 777 # multiling http
2934acl Safe_ports port 800 # Squids port (for icons)
2935
2936acl IPCop_http port 81
2937acl IPCop_https port 445
2938acl IPCop_ips dst $netsettings{'GREEN_ADDRESS'}
2939acl IPCop_networks src "$acl_src_subnets"
2940acl IPCop_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
2941END
2942 ;
2943 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
2944 if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips src \"$acl_src_banned_ip\"\n"; }
2945 if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac arp \"$acl_src_banned_mac\"\n"; }
2946 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
2947 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
2948 print FILE <<END
2949acl CONNECT method CONNECT
2950END
2951 ;
2952
2953 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
2954 print FILE <<END
2955
2956#Classroom extensions
2957acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
2958acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
2959END
2960 ;
2961 print FILE "deny_info ";
2962 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2963 print FILE "ERR_ACCESS_DISABLED";
2964 } else { print FILE "ERR_ACCESS_DENIED"; }
2965 print FILE " IPCop_no_access_ips\n";
2966 print FILE "deny_info ";
2967 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2968 print FILE "ERR_ACCESS_DISABLED";
2969 } else { print FILE "ERR_ACCESS_DENIED"; }
2970 print FILE " IPCop_no_access_mac\n";
2971
2972 print FILE <<END
2973http_access deny IPCop_no_access_ips
2974http_access deny IPCop_no_access_mac
2975END
2976 ;
2977 }
2978
2979 #Insert acl file and replace __VAR__ with correct values
2980 my $blue_net = ''; #BLUE empty by default
2981 my $blue_ip = '';
2982 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2983 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
2984 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
2985 }
2986 if (!-z $acl_include)
2987 {
2988 open (ACL, "$acl_include");
2989 print FILE "\n#Start of custom includes\n";
2990 while (<ACL>) {
2991 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
2992 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
2993 $_ =~ s/__BLUE_IP__/$blue_ip/;
2994 $_ =~ s/__BLUE_NET__/$blue_net/;
2995 print FILE $_;
2996 }
2997 print FILE "#End of custom includes\n";
2998 close (ACL);
2999 }
3000 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
3001 print FILE <<END
3002
3003#Access to squid:
3004#local machine, no restriction
3005http_access allow localhost
3006
3007#GUI admin if local machine connects
3008http_access allow IPCop_ips IPCop_networks IPCop_http
3009http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
3010
3011#Deny not web services
3012http_access deny !Safe_ports
3013http_access deny CONNECT !SSL_ports
3014
3015END
3016 ;
3017
3018if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3019{
3020print FILE "#Set ident ACLs\n";
3021if (!-z $identhosts)
3022 {
3023 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3024 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3025 print FILE "ident_lookup_access deny all\n";
3026 } else {
3027 print FILE "ident_lookup_access allow all\n";
3028 }
3029 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3030}
3031
3032if ($delaypools) {
3033 print FILE "#Set download throttling\n";
3034
3035 if ($netsettings{'BLUE_DEV'})
3036 {
3037 print FILE "delay_pools 2\n";
3038 } else {
3039 print FILE "delay_pools 1\n";
3040 }
3041
3042 print FILE "delay_class 1 3\n";
3043 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3044
3045 print FILE "delay_parameters 1 ";
3046 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3047 {
3048 print FILE "-1/-1";
3049 } else {
3050 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3051 print FILE "/";
3052 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3053 }
3054
3055 print FILE " -1/-1 ";
3056 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3057 {
3058 print FILE "-1/-1";
3059 } else {
3060 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3061 print FILE "/";
3062 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3063 }
3064 print FILE "\n";
3065
3066 if ($netsettings{'BLUE_DEV'})
3067 {
3068 print FILE "delay_parameters 2 ";
3069 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3070 {
3071 print FILE "-1/-1";
3072 } else {
3073 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3074 print FILE "/";
3075 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3076 }
3077 print FILE " -1/-1 ";
3078 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3079 {
3080 print FILE "-1/-1";
3081 } else {
3082 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3083 print FILE "/";
3084 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3085 }
3086 print FILE "\n";
3087 }
3088
3089 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
3090 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
3091 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3092
3093 if ($netsettings{'BLUE_DEV'})
3094 {
3095 print FILE "delay_access 1 allow IPCop_green_network";
3096 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3097 print FILE "\n";
3098 print FILE "delay_access 1 deny all\n";
3099 } else {
3100 print FILE "delay_access 1 allow all";
3101 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3102 print FILE "\n";
3103 }
3104
3105 if ($netsettings{'BLUE_DEV'})
3106 {
3107 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
3108 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
3109 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3110 print FILE "delay_access 2 allow IPCop_blue_network";
3111 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3112 print FILE "\n";
3113 print FILE "delay_access 2 deny all\n";
3114 }
3115
3116 print FILE "delay_initial_bucket_level 100%\n";
3117 print FILE "\n";
3118}
3119 print FILE <<END
3120#Set custom configured ACLs
3121END
3122 ;
3123 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPCop_banned_ips\n"; }
3124 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPCop_banned_mac\n"; }
3125
3126 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3127 {
3128 if (!-z $acl_src_unrestricted_ip)
3129 {
3130 print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
3131 }
3132 if (!-z $acl_src_unrestricted_mac)
3133 {
3134 print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
3135 }
3136 print FILE "http_access allow IPCop_networks";
3137 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3138 print FILE " !within_timeframe";
3139 } else {
3140 print FILE " within_timeframe"; }
3141 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3142 print FILE " to_domains_without_auth\n";
3143 }
3144
3145 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3146 {
3147 print FILE "http_access deny !for_inetusers";
3148 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3149 print FILE "\n";
3150 }
3151
3152 if (
3153 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3154 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3155 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3156 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3157 (!-z "$identdir/identauth.denyusers")
3158 )
3159 {
3160 print FILE "http_access deny for_acl_users";
3161 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3162 print FILE "\n";
3163 }
3164
3165 if (!-z $acl_src_unrestricted_ip)
3166 {
3167 print FILE "http_access allow IPCop_unrestricted_ips";
3168 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3169 {
3170 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3171 {
3172 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3173 }
3174 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3175 {
3176 print FILE " for_inetusers";
3177 }
3178 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3179 {
3180 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3181 {
3182 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3183 {
3184 print FILE " for_acl_users";
3185 }
3186 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3187 {
3188 print FILE " !for_acl_users";
3189 }
3190 } else { print FILE " for_inetusers"; }
3191 }
3192 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3193 {
3194 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3195 {
3196 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3197 {
3198 print FILE " for_acl_users";
3199 }
3200 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3201 {
3202 print FILE " !for_acl_users";
3203 }
3204 } else { print FILE " for_inetusers"; }
3205 }
3206 }
3207 print FILE "\n";
3208 }
3209
3210 if (!-z $acl_src_unrestricted_mac)
3211 {
3212 print FILE "http_access allow IPCop_unrestricted_mac";
3213 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3214 {
3215 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3216 {
3217 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3218 }
3219 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3220 {
3221 print FILE " for_inetusers";
3222 }
3223 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3224 {
3225 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3226 {
3227 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3228 {
3229 print FILE " for_acl_users";
3230 }
3231 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3232 {
3233 print FILE " !for_acl_users";
3234 }
3235 } else { print FILE " for_inetusers"; }
3236 }
3237 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3238 {
3239 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3240 {
3241 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3242 {
3243 print FILE " for_acl_users";
3244 }
3245 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3246 {
3247 print FILE " !for_acl_users";
3248 }
3249 } else { print FILE " for_inetusers"; }
3250 }
3251 }
3252 print FILE "\n";
3253 }
3254
3255 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3256 {
3257 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3258 if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
3259 }
3260
3261 if (
3262 (
3263 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3264 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3265 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3266 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3267 (!-z "$ntlmdir/msntauth.denyusers")
3268 )
3269 ||
3270 (
3271 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3272 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3273 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3274 (!-z "$raddir/radauth.denyusers")
3275 )
3276 ||
3277 (
3278 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3279 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3280 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3281 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3282 (!-z "$identdir/identauth.denyusers")
3283 )
3284 )
3285 {
3286 print FILE "http_access deny for_acl_users";
3287 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3288 print FILE "\n";
3289 }
3290
3291 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3292 {
3293 print FILE "http_access allow";
3294 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3295 print FILE " !within_timeframe";
3296 } else {
3297 print FILE " within_timeframe"; }
3298 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3299 print FILE " !on_ident_aware_hosts\n";
3300 }
3301
3302 print FILE "http_access allow IPCop_networks";
3303 if (
3304 (
3305 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3306 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3307 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3308 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3309 (!-z "$ntlmdir/msntauth.allowusers")
3310 )
3311 ||
3312 (
3313 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3314 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3315 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3316 (!-z "$raddir/radauth.allowusers")
3317 )
3318 ||
3319 (
3320 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3321 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3322 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3323 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3324 (!-z "$identdir/identauth.allowusers")
3325 )
3326 )
3327 {
3328 print FILE " for_acl_users";
3329 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3330 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3331 print FILE " for_inetusers";
3332 }
3333 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3334 {
3335 print FILE " !concurrent";
3336 }
3337 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3338 print FILE " !within_timeframe";
3339 } else {
3340 print FILE " within_timeframe"; }
3341 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3342 print FILE "\n";
3343
3344 print FILE "http_access deny all\n\n";
3345
3346 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3347 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3348 {
3349 print FILE "#Strip HTTP Header\n";
3350
3351 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3352 {
3353 print FILE "header_access X-Forwarded-For deny all\n";
3354 }
3355 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3356 {
3357 print FILE "header_access Via deny all\n";
3358 }
3359 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3360 {
3361 print FILE "header_access User-Agent deny all\n";
3362 }
3363 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3364 {
3365 print FILE "header_access Referer deny all\n";
3366 }
3367
3368 print FILE "\n";
3369
3370 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3371 {
3372 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3373 {
3374 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3375 }
3376 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3377 {
3378 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3379 }
3380 print FILE "\n";
3381 }
3382 }
3383
3384 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3385 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
3386 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
3387 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3388 {
3389 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3390 }
3391 print FILE "http_reply_access deny blocked_mimetypes\n";
3392 print FILE "http_reply_access allow all\n\n";
3393 }
3394
3395 print FILE <<END
3396maximum_object_size $proxysettings{'MAX_SIZE'} KB
3397minimum_object_size $proxysettings{'MIN_SIZE'} KB
3398
3399request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3400END
3401 ;
3402 $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
3403 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3404 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
3405 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
3406 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3407 {
3408 if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
3409 }
3410 }
3411 print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
3412
3413 print FILE "visible_hostname";
3414 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3415 {
3416 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3417 } else {
3418 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3419 }
3420
3421 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
3422
3423 # Write the parent proxy info, if needed.
3424 if ($remotehost ne '')
3425 {
3426 # Enter authentication for the parent cache (format is login=user:password)
3427 if ($proxy1 eq 'YES') {
3428 print FILE <<END
3429cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query
3430
3431END
3432 ;
3433 } else {
3434 # Not using authentication with the parent cache
3435 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3436 if ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3437 print FILE "\n";
3438 }
3439 print FILE "never_direct allow all\n\n";
3440 }
3441 if ($urlfilter_addon) {
3442 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
3443 {
3444 print FILE <<END
10e4f239 3445redirect_program /usr/bin/squidGuard
ed38f89d
MT		 3446redirect_children $filtersettings{'CHILDREN'}
3447
3448END
3449 ;
3450 }
3451 }
3452 if ($updacclrtr_addon) {
3453 if ($proxysettings{'ENABLE_UPDACCEL'} eq 'on')
3454 {
3455 print FILE <<END
3456redirect_program /usr/local/bin/updacclrtr
3457redirect_children $updaccsettings{'ACCELERATORS'}
3458
3459END
3460 ;
3461 }
3462 }
3463 if (($proxysettings{'TRANSPARENT'} eq 'on') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))
3464 {
3465 print FILE <<END
3466httpd_accel_host virtual
3467httpd_accel_port 80
3468httpd_accel_with_proxy on
3469httpd_accel_uses_host_header on
3470END
3471 ;
3472 }
3473 close FILE;
3474}
3475
3476# -------------------------------------------------------------------
3477
3478sub adduser
3479{
3480 my ($str_user, $str_pass, $str_group) = @_;
3481 my @groupmembers=();
3482
3483 if ($str_pass eq 'lEaVeAlOnE')
3484 {
3485 open(FILE, "$userdb");
3486 @groupmembers = <FILE>;
3487 close(FILE);
3488 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3489 &deluser($str_user);
3490 open(FILE, ">>$userdb");
3491 flock FILE,2;
3492 print FILE "$str_user$str_pass";
3493 close(FILE);
3494 } else {
3495 &deluser($str_user);
3496 system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
3497 }
3498
3499 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3500 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3501 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3502 flock FILE, 2;
3503 print FILE "$str_user\n";
3504 close(FILE);
3505
3506 return;
3507}
3508
3509# -------------------------------------------------------------------
3510
3511sub deluser
3512{
3513 my ($str_user) = @_;
3514 my $groupfile='';
3515 my @groupmembers=();
3516 my @templist=();
3517
3518 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3519 {
3520 undef @templist;
3521 open(FILE, "$groupfile");
3522 @groupmembers = <FILE>;
3523 close(FILE);
3524 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3525 open(FILE, ">$groupfile");
3526 flock FILE, 2;
3527 print FILE @templist;
3528 close(FILE);
3529 }
3530
3531 undef @templist;
3532 open(FILE, "$userdb");
3533 @groupmembers = <FILE>;
3534 close(FILE);
3535 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3536 open(FILE, ">$userdb");
3537 flock FILE, 2;
3538 print FILE @templist;
3539 close(FILE);
3540
3541 return;
3542}
ac1cfefa 3543
ed38f89d 3544# -------------------------------------------------------------------
IPFire 2.x development tree