GeƤndert:
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
CommitLineData
ac1cfefa
MT
1#!/usr/bin/perl
2#
ed38f89d 3# IPCop CGIs
ac1cfefa
MT
4#
5# This code is distributed under the terms of the GPL
6#
ed38f89d 7# $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $
ac1cfefa
MT
8#
9
10use strict;
11
12# enable only the following on debugging purpose
13#use warnings;
14#use CGI::Carp 'fatalsToBrowser';
15
ed38f89d
MT
16use IO::Socket;
17
18require '/var/ipfire/general-functions.pl';
ac1cfefa
MT
19require "${General::swroot}/lang.pl";
20require "${General::swroot}/header.pl";
21
22my %proxysettings=();
23my %netsettings=();
ed38f89d
MT
24my %filtersettings=();
25my %updaccsettings=();
26my %stdproxysettings=();
ac1cfefa 27my %mainsettings=();
ed38f89d
MT
28my $urlfilter_addon=0;
29my $updacclrtr_addon=0;
30
31my %checked=();
32my %selected=();
33
34my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
35my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
36my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
37my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
38
39my @useragent=();
40my @useragentlist=();
41
42my $hintcolour='#FFFFCC';
43my $ncsa_buttontext='';
44my $language='';
45my $i=0;
46my $n=0;
47my $id=0;
48my $line='';
49my $user='';
50my @userlist=();
51my @grouplist=();
52my @temp=();
53my @templist=();
54
55my $cachemem=0;
56my $proxy1='';
57my $proxy2='';
58my $replybodymaxsize=0;
59my $browser_regexp='';
60my $needhup = 0;
61my $errormessage='';
62
63my $acldir = "${General::swroot}/proxy/advanced/acls";
64my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
65my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
66my $raddir = "${General::swroot}/proxy/advanced/radius";
67my $identdir = "${General::swroot}/proxy/advanced/ident";
68my $credir = "${General::swroot}/proxy/advanced/cre";
69
70my $userdb = "$ncsadir/passwd";
71my $stdgrp = "$ncsadir/standard.grp";
72my $extgrp = "$ncsadir/extended.grp";
73my $disgrp = "$ncsadir/disabled.grp";
74
75my $browserdb = "${General::swroot}/proxy/advanced/useragents";
76my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
77my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
78
79my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
80my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
81my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
82
83my $identhosts = "$identdir/hosts";
84
85my $libexecdir = "/usr/lib/squid";
86
87my $acl_src_subnets = "$acldir/src_subnets.acl";
88my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
89my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
90my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
91my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
92my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
93my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
94my $acl_dst_nocache = "$acldir/dst_nocache.acl";
95my $acl_dst_noauth = "$acldir/dst_noauth.acl";
96my $acl_dst_throttle = "$acldir/dst_throttle.acl";
97my $acl_include = "$acldir/include.acl";
98
99unless (-d "$acldir") { mkdir("$acldir"); }
100unless (-d "$ncsadir") { mkdir("$ncsadir"); }
101unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
102unless (-d "$raddir") { mkdir("$raddir"); }
103unless (-d "$identdir") { mkdir("$identdir"); }
104unless (-d "$credir") { mkdir("$credir"); }
105
106unless (-e $cre_groups) { system("touch $cre_groups"); }
107unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
108
109unless (-e $userdb) { system("touch $userdb"); }
110unless (-e $stdgrp) { system("touch $stdgrp"); }
111unless (-e $extgrp) { system("touch $extgrp"); }
112unless (-e $disgrp) { system("touch $disgrp"); }
113
114unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
115unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
116unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
117unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
118unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
119unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
120unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
121unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
122unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
123unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
124unless (-e $acl_include) { system("touch $acl_include"); }
125
126unless (-e $browserdb) { system("touch $browserdb"); }
127unless (-e $mimetypes) { system("touch $mimetypes"); }
128
129open FILE, $browserdb;
130@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
131close(FILE);
ac1cfefa 132
10e4f239
MT
133my %filtersettings=();
134$filtersettings{'CHILDREN'} = '5';
135if (-e "${General::swroot}/urlfilter/settings") {
136 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
137}
138
ac1cfefa
MT
139&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
140&General::readhash("${General::swroot}/main/settings", \%mainsettings);
141
ed38f89d
MT
142if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; }
143if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; }
144
145if ($urlfilter_addon) {
146 $filtersettings{'CHILDREN'} = '5';
147 if (-e "${General::swroot}/urlfilter/settings") {
148 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
149 }
150}
151
152if ($updacclrtr_addon) {
153 $updaccsettings{'ACCELERATORS'} = '10';
154 if (-e "${General::swroot}/updacclrtr/settings") {
155 &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings);
156 }
157}
158
ac1cfefa
MT
159&Header::showhttpheaders();
160
10e4f239 161$proxysettings{'ENABLE_FILTER'} = 'off';
ac1cfefa
MT
162$proxysettings{'ACTION'} = '';
163$proxysettings{'VALID'} = '';
164
ac1cfefa
MT
165$proxysettings{'ENABLE'} = 'off';
166$proxysettings{'ENABLE_BLUE'} = 'off';
ac1cfefa
MT
167$proxysettings{'TRANSPARENT'} = 'off';
168$proxysettings{'TRANSPARENT_BLUE'} = 'off';
ed38f89d
MT
169$proxysettings{'PROXY_PORT'} = '800';
170$proxysettings{'VISIBLE_HOSTNAME'} = '';
171$proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
172$proxysettings{'ERR_LANGUAGE'} = 'English';
173$proxysettings{'FORWARD_VIA'} = 'off';
174$proxysettings{'FORWARD_IPADDRESS'} = 'off';
175$proxysettings{'FORWARD_USERNAME'} = 'off';
176$proxysettings{'UPSTREAM_PROXY'} = '';
177$proxysettings{'UPSTREAM_USER'} = '';
178$proxysettings{'UPSTREAM_PASSWORD'} = '';
179$proxysettings{'LOGGING'} = 'off';
180$proxysettings{'LOGQUERY'} = 'off';
181$proxysettings{'LOGUSERAGENT'} = 'off';
182$proxysettings{'CACHE_MEM'} = '2';
183$proxysettings{'CACHE_SIZE'} = '50';
ac1cfefa
MT
184$proxysettings{'MAX_SIZE'} = '4096';
185$proxysettings{'MIN_SIZE'} = '0';
ed38f89d
MT
186$proxysettings{'MEM_POLICY'} = 'LRU';
187$proxysettings{'CACHE_POLICY'} = 'LRU';
188$proxysettings{'L1_DIRS'} = '16';
189$proxysettings{'OFFLINE_MODE'} = 'off';
190$proxysettings{'CLASSROOM_EXT'} = 'off';
191$proxysettings{'SUPERVISOR_PASSWORD'} = '';
192$proxysettings{'TIME_ACCESS_MODE'} = 'allow';
193$proxysettings{'TIME_FROM_HOUR'} = '00';
194$proxysettings{'TIME_FROM_MINUTE'} = '00';
195$proxysettings{'TIME_TO_HOUR'} = '24';
196$proxysettings{'TIME_TO_MINUTE'} = '00';
ac1cfefa
MT
197$proxysettings{'MAX_OUTGOING_SIZE'} = '0';
198$proxysettings{'MAX_INCOMING_SIZE'} = '0';
ed38f89d
MT
199$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
200$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
201$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
202$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
203$proxysettings{'THROTTLE_BINARY'} = 'off';
204$proxysettings{'THROTTLE_DSKIMG'} = 'off';
205$proxysettings{'THROTTLE_MMEDIA'} = 'off';
206$proxysettings{'ENABLE_MIME_FILTER'} = 'off';
207$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
208$proxysettings{'FAKE_USERAGENT'} = '';
209$proxysettings{'FAKE_REFERER'} = '';
210$proxysettings{'AUTH_METHOD'} = 'none';
211$proxysettings{'AUTH_REALM'} = '';
212$proxysettings{'AUTH_MAX_USERIP'} = '';
213$proxysettings{'AUTH_CACHE_TTL'} = '60';
214$proxysettings{'AUTH_IPCACHE_TTL'} = '0';
215$proxysettings{'AUTH_CHILDREN'} = '5';
216$proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
217$proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
218$proxysettings{'NCSA_USERNAME'} = '';
219$proxysettings{'NCSA_GROUP'} = '';
220$proxysettings{'NCSA_PASS'} = '';
221$proxysettings{'NCSA_PASS_CONFIRM'} = '';
222$proxysettings{'LDAP_BASEDN'} = '';
223$proxysettings{'LDAP_TYPE'} = 'ADS';
224$proxysettings{'LDAP_SERVER'} = '';
225$proxysettings{'LDAP_PORT'} = '389';
226$proxysettings{'LDAP_BINDDN_USER'} = '';
227$proxysettings{'LDAP_BINDDN_PASS'} = '';
228$proxysettings{'LDAP_GROUP'} = '';
229$proxysettings{'NTLM_DOMAIN'} = '';
230$proxysettings{'NTLM_PDC'} = '';
231$proxysettings{'NTLM_BDC'} = '';
232$proxysettings{'NTLM_ENABLE_ACL'} = 'off';
233$proxysettings{'NTLM_USER_ACL'} = 'positive';
234$proxysettings{'RADIUS_SERVER'} = '';
235$proxysettings{'RADIUS_PORT'} = '1645';
236$proxysettings{'RADIUS_IDENTIFIER'} = '';
237$proxysettings{'RADIUS_SECRET'} = '';
238$proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
239$proxysettings{'RADIUS_USER_ACL'} = 'positive';
240$proxysettings{'IDENT_REQUIRED'} = 'off';
241$proxysettings{'IDENT_TIMEOUT'} = '10';
242$proxysettings{'IDENT_ENABLE_ACL'} = 'off';
243$proxysettings{'IDENT_USER_ACL'} = 'positive';
244
245if ($urlfilter_addon) {
246 $proxysettings{'ENABLE_FILTER'} = 'off';
247}
248
249if ($updacclrtr_addon) {
250 $proxysettings{'ENABLE_UPDACCEL'} = 'off';
251}
252
253$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
ac1cfefa
MT
254
255&Header::getcgihash(\%proxysettings);
256
ed38f89d
MT
257if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
258if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
259if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
260if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
ac1cfefa 261
ed38f89d 262if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
ac1cfefa 263{
ed38f89d
MT
264 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
265}
266
267if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
268{
269 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
270 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
271 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
272 }
273 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
274 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
275 }
276 if ($proxysettings{'NCSA_USERNAME'} eq '') {
277 $errormessage = $Lang::tr{'advproxy errmsg no username'};
278 }
279 if (!$errormessage) {
280 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
281 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
282 }
283 $proxysettings{'NCSA_USERNAME'} = '';
284 $proxysettings{'NCSA_GROUP'} = '';
285 $proxysettings{'NCSA_PASS'} = '';
286 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
287}
ac1cfefa 288
ed38f89d
MT
289if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
290{
291 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
292 &deluser($proxysettings{'ID'});
293}
294
295if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
296{
297 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
298 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
299 @temp = split(/:/,$proxysettings{'ID'});
300 $proxysettings{'NCSA_USERNAME'} = $temp[0];
301 $proxysettings{'NCSA_GROUP'} = $temp[1];
302 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
303 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
304}
305
306if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
307{
ac1cfefa
MT
308 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
309 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
310 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
311 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
312 $errormessage = $Lang::tr{'invalid input'};
313 goto ERROR;
314 }
315 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
316 ($proxysettings{'CACHE_SIZE'} < 10))
317 {
ed38f89d
MT
318 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
319 goto ERROR;
320 }
321 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
322 ($proxysettings{'CACHE_MEM'} < 1))
323 {
324 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
ac1cfefa
MT
325 goto ERROR;
326 }
ed38f89d
MT
327 my @free = `/usr/bin/free`;
328 $free[1] =~ m/(\d+)/;
329 $cachemem = int $1 / 2048;
330 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
331 $proxysettings{'CACHE_MEM'} = $cachemem;
332 }
ac1cfefa
MT
333 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
334 {
335 $errormessage = $Lang::tr{'invalid maximum object size'};
336 goto ERROR;
337 }
338 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
339 {
340 $errormessage = $Lang::tr{'invalid minimum object size'};
341 goto ERROR;
342 }
343 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
344 {
345 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
346 goto ERROR;
347 }
10e4f239
MT
348 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
349 {
350 print FILE <<END
351redirect_program /usr/bin/squidGuard
352redirect_children $filtersettings{'CHILDREN'}
353
354END
355 ;
356 }
ed38f89d
MT
357 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
358 {
359 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
360 goto ERROR;
361 }
ac1cfefa
MT
362 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
363 {
364 $errormessage = $Lang::tr{'invalid maximum incoming size'};
365 goto ERROR;
366 }
ed38f89d 367 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
ac1cfefa 368 {
ed38f89d
MT
369 $browser_regexp = '';
370 foreach (@useragentlist)
371 {
372 chomp;
373 @useragent = split(/,/);
374 if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
375 }
376 chop($browser_regexp);
377 if (!$browser_regexp)
378 {
379 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
380 goto ERROR;
381 }
382 }
383 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
384 {
385 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
386 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
387 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
388 {
389 if ($netsettings{'BLUE_DEV'})
390 {
391 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
392 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
393 {
394 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
395 goto ERROR;
396 }
397 } else {
398 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
399 {
400 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
401 goto ERROR;
402 }
403 }
404 }
405 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
406 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
407 {
408 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
409 goto ERROR;
410 }
411 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
412 {
413 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
414 goto ERROR;
415 }
416 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
417 {
418 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
419 goto ERROR;
420 }
421 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
422 {
423 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
424 goto ERROR;
425 }
426 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
427 {
428 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
429 goto ERROR;
430 }
431 }
432 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
433 {
434 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
435 {
436 $errormessage = $Lang::tr{'advproxy errmsg password length'};
437 goto ERROR;
438 }
439 }
440 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
441 {
442 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
443 {
444 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
445 goto ERROR;
446 }
447 }
448 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
449 {
450 if ($proxysettings{'LDAP_BASEDN'} eq '')
451 {
452 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
453 goto ERROR;
454 }
455 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
456 {
457 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
458 goto ERROR;
459 }
460 if (!&General::validport($proxysettings{'LDAP_PORT'}))
461 {
462 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
463 goto ERROR;
464 }
465 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
466 {
467 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
468 {
469 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
470 goto ERROR;
471 }
472 }
473 }
474 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
475 {
476 if ($proxysettings{'NTLM_DOMAIN'} eq '')
477 {
478 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
479 goto ERROR;
480 }
481 if ($proxysettings{'NTLM_PDC'} eq '')
482 {
483 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
484 goto ERROR;
485 }
486 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
487 {
488 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
489 goto ERROR;
490 }
491 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
494 goto ERROR;
495 }
496 }
497 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
498 {
499 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
500 {
501 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
502 goto ERROR;
503 }
504 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
505 {
506 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
507 goto ERROR;
508 }
509 if ($proxysettings{'RADIUS_SECRET'} eq '')
510 {
511 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
512 goto ERROR;
513 }
ac1cfefa
MT
514 }
515
516 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
ed38f89d
MT
517 $proxy1 = 'YES';
518 $proxy2 = 'YES';
ac1cfefa
MT
519 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
520 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
521 if (($proxy1 ne $proxy2))
522 {
ed38f89d 523 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
ac1cfefa
MT
524 goto ERROR;
525 }
526
ed38f89d
MT
527ERROR:
528 &check_acls;
ac1cfefa 529
ed38f89d
MT
530 if ($errormessage) {
531 $proxysettings{'VALID'} = 'no'; }
532 else {
533 $proxysettings{'VALID'} = 'yes'; }
ac1cfefa 534
ed38f89d 535 if ($proxysettings{'VALID'} eq 'yes')
ac1cfefa 536 {
ed38f89d 537 &write_acls;
ac1cfefa 538
ed38f89d
MT
539 delete $proxysettings{'SRC_SUBNETS'};
540 delete $proxysettings{'SRC_BANNED_IP'};
541 delete $proxysettings{'SRC_BANNED_MAC'};
542 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
543 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
544 delete $proxysettings{'DST_NOCACHE'};
545 delete $proxysettings{'DST_NOAUTH'};
546 delete $proxysettings{'MIME_TYPES'};
547 delete $proxysettings{'NTLM_ALLOW_USERS'};
548 delete $proxysettings{'NTLM_DENY_USERS'};
549 delete $proxysettings{'RADIUS_ALLOW_USERS'};
550 delete $proxysettings{'RADIUS_DENY_USERS'};
551 delete $proxysettings{'IDENT_HOSTS'};
552 delete $proxysettings{'IDENT_ALLOW_USERS'};
553 delete $proxysettings{'IDENT_DENY_USERS'};
ac1cfefa 554
ed38f89d
MT
555 delete $proxysettings{'CRE_GROUPS'};
556 delete $proxysettings{'CRE_SVHOSTS'};
ac1cfefa 557
ed38f89d
MT
558 delete $proxysettings{'NCSA_USERNAME'};
559 delete $proxysettings{'NCSA_GROUP'};
560 delete $proxysettings{'NCSA_PASS'};
561 delete $proxysettings{'NCSA_PASS_CONFIRM'};
ac1cfefa 562
ed38f89d
MT
563 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
564 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
565 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
566 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
567 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
568 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
569 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
ac1cfefa 570
ed38f89d
MT
571 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
572 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
ac1cfefa 573
ed38f89d 574 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
ac1cfefa 575
ed38f89d
MT
576 if ($urlfilter_addon)
577 {
578 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
579 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
580 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
581 }
ac1cfefa 582
ed38f89d
MT
583 if ($updacclrtr_addon)
584 {
585 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
586 $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'};
587 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
ac1cfefa 588 }
ac1cfefa 589
ed38f89d
MT
590 &writeconfig;
591 &writepacfile;
592
593 unlink "${General::swroot}/proxy/enable";
594 unlink "${General::swroot}/proxy/transparent";
595 unlink "${General::swroot}/proxy/enable_blue";
596 unlink "${General::swroot}/proxy/transparent_blue";
ac1cfefa 597
ac1cfefa
MT
598 if ($proxysettings{'ENABLE'} eq 'on') {
599 system ('/bin/touch', "${General::swroot}/proxy/enable"); }
600 if ($proxysettings{'TRANSPARENT'} eq 'on') {
601 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }
602 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
603 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }
604 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
605 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
ed38f89d
MT
606
607 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
ac1cfefa
MT
608 }
609}
610
611if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})
612{
ac1cfefa
MT
613 system('/usr/local/bin/restartsquid','-f');
614}
615
ed38f89d
MT
616if (!$errormessage)
617{
618 if (-e "${General::swroot}/proxy/advanced/settings") {
619 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
620 } elsif (-e "${General::swroot}/proxy/settings") {
621 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
622 }
623 &read_acls;
624}
ac1cfefa
MT
625
626$checked{'ENABLE'}{'off'} = '';
627$checked{'ENABLE'}{'on'} = '';
628$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
629
630$checked{'TRANSPARENT'}{'off'} = '';
631$checked{'TRANSPARENT'}{'on'} = '';
632$checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
633
634$checked{'ENABLE_BLUE'}{'off'} = '';
635$checked{'ENABLE_BLUE'}{'on'} = '';
636$checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
637
638$checked{'TRANSPARENT_BLUE'}{'off'} = '';
639$checked{'TRANSPARENT_BLUE'}{'on'} = '';
640$checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
641
ed38f89d
MT
642$checked{'FORWARD_IPADDRESS'}{'off'} = '';
643$checked{'FORWARD_IPADDRESS'}{'on'} = '';
644$checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
645$checked{'FORWARD_USERNAME'}{'off'} = '';
646$checked{'FORWARD_USERNAME'}{'on'} = '';
647$checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
648$checked{'FORWARD_VIA'}{'off'} = '';
649$checked{'FORWARD_VIA'}{'on'} = '';
650$checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
651
652$selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
653$selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
654$selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
655$checked{'OFFLINE_MODE'}{'off'} = '';
656$checked{'OFFLINE_MODE'}{'on'} = '';
657$checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
658
ac1cfefa
MT
659$checked{'LOGGING'}{'off'} = '';
660$checked{'LOGGING'}{'on'} = '';
661$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
ed38f89d
MT
662$checked{'LOGQUERY'}{'off'} = '';
663$checked{'LOGQUERY'}{'on'} = '';
664$checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
665$checked{'LOGUSERAGENT'}{'off'} = '';
666$checked{'LOGUSERAGENT'}{'on'} = '';
667$checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
668
669$selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
670
671$checked{'CLASSROOM_EXT'}{'off'} = '';
672$checked{'CLASSROOM_EXT'}{'on'} = '';
673$checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
674
675$selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
676$selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
677$selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
678$selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
679$selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
680
681$proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
682$proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
683$proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
684$proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
685$proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
686$proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
687$proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
688
689$checked{'TIME_MON'}{'off'} = '';
690$checked{'TIME_MON'}{'on'} = '';
691$checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
692$checked{'TIME_TUE'}{'off'} = '';
693$checked{'TIME_TUE'}{'on'} = '';
694$checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
695$checked{'TIME_WED'}{'off'} = '';
696$checked{'TIME_WED'}{'on'} = '';
697$checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
698$checked{'TIME_THU'}{'off'} = '';
699$checked{'TIME_THU'}{'on'} = '';
700$checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
701$checked{'TIME_FRI'}{'off'} = '';
702$checked{'TIME_FRI'}{'on'} = '';
703$checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
704$checked{'TIME_SAT'}{'off'} = '';
705$checked{'TIME_SAT'}{'on'} = '';
706$checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
707$checked{'TIME_SUN'}{'off'} = '';
708$checked{'TIME_SUN'}{'on'} = '';
709$checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
710
711$selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
712$selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
713$selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
714$selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
715
716$checked{'THROTTLE_BINARY'}{'off'} = '';
717$checked{'THROTTLE_BINARY'}{'on'} = '';
718$checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
719$checked{'THROTTLE_DSKIMG'}{'off'} = '';
720$checked{'THROTTLE_DSKIMG'}{'on'} = '';
721$checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
722$checked{'THROTTLE_MMEDIA'}{'off'} = '';
723$checked{'THROTTLE_MMEDIA'}{'on'} = '';
724$checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
725
726$checked{'ENABLE_MIME_FILTER'}{'off'} = '';
727$checked{'ENABLE_MIME_FILTER'}{'on'} = '';
728$checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
729
730$checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
731$checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
732$checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
733
734foreach (@useragentlist) {
735 @useragent = split(/,/);
736 $checked{'UA_'.@useragent[0]}{'off'} = '';
737 $checked{'UA_'.@useragent[0]}{'on'} = '';
738 $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
739}
740
741$checked{'AUTH_METHOD'}{'none'} = '';
742$checked{'AUTH_METHOD'}{'ncsa'} = '';
743$checked{'AUTH_METHOD'}{'ident'} = '';
744$checked{'AUTH_METHOD'}{'ldap'} = '';
745$checked{'AUTH_METHOD'}{'ntlm'} = '';
746$checked{'AUTH_METHOD'}{'radius'} = '';
747$checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
ac1cfefa 748
ed38f89d
MT
749$proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
750
751$checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
752$checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
753$checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
754
755$checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
756$checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
757$checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
758
759$selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
760
761$selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
762
763$proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
764
765$checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
766$checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
767$checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
768
769$checked{'NTLM_ENABLE_ACL'}{'off'} = '';
770$checked{'NTLM_ENABLE_ACL'}{'on'} = '';
771$checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
772
773$checked{'NTLM_USER_ACL'}{'positive'} = '';
774$checked{'NTLM_USER_ACL'}{'negative'} = '';
775$checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
776
777$checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
778$checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
779$checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
780
781$checked{'RADIUS_USER_ACL'}{'positive'} = '';
782$checked{'RADIUS_USER_ACL'}{'negative'} = '';
783$checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
784
785$checked{'IDENT_REQUIRED'}{'off'} = '';
786$checked{'IDENT_REQUIRED'}{'on'} = '';
787$checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
788
789$checked{'IDENT_ENABLE_ACL'}{'off'} = '';
790$checked{'IDENT_ENABLE_ACL'}{'on'} = '';
791$checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
792
793$checked{'IDENT_USER_ACL'}{'positive'} = '';
794$checked{'IDENT_USER_ACL'}{'negative'} = '';
795$checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
796
797if ($urlfilter_addon) {
798 $checked{'ENABLE_FILTER'}{'off'} = '';
799 $checked{'ENABLE_FILTER'}{'on'} = '';
800 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
801}
802
803if ($updacclrtr_addon) {
804 $checked{'ENABLE_UPDACCEL'}{'off'} = '';
805 $checked{'ENABLE_UPDACCEL'}{'on'} = '';
806 $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'";
807}
808
809&Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
ac1cfefa
MT
810
811&Header::openbigbox('100%', 'left', '', $errormessage);
812
813if ($errormessage) {
814 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
815 print "<font class='base'>$errormessage&nbsp;</font>\n";
816 &Header::closebox();
817}
818
ed38f89d
MT
819# ===================================================================
820# Main settings
821# ===================================================================
822
823unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
824
ac1cfefa
MT
825print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
826
ed38f89d
MT
827&Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
828
ac1cfefa
MT
829print <<END
830<table width='100%'>
831<tr>
ed38f89d
MT
832 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
833</tr>
834<tr>
835 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
836 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
837 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:</td>
838 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
ac1cfefa
MT
839</tr>
840<tr>
ed38f89d 841 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
ac1cfefa 842 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
ed38f89d
MT
843 <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
844 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
ac1cfefa
MT
845</tr>
846<tr>
847END
848;
849if ($netsettings{'BLUE_DEV'}) {
ed38f89d 850 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT
851 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
852} else {
853 print "<td colspan='2'>&nbsp;</td>";
854}
855print <<END
ed38f89d
MT
856 <td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
857 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
ac1cfefa
MT
858</tr>
859<tr>
860END
861;
862if ($netsettings{'BLUE_DEV'}) {
ed38f89d 863 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT
864 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
865} else {
866 print "<td colspan='2'>&nbsp;</td>";
867}
868print <<END
ed38f89d
MT
869 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
870 <td class='base'>
871 <select name='ERR_LANGUAGE'>
872END
873;
874 foreach (</usr/lib/squid/errors/*>) {
875 if (-d) {
876 $language = substr($_,rindex($_,"/")+1);
877 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
878 }
879 }
880print <<END
881 </select>
882 </td>
883</tr>
10e4f239
MT
884<tr>
885 <td colspan='4'><hr /><b>$Lang::tr{'urlfilter url filter'}</b></td>
886</tr>
887<tr>
888 <td width='25%' class='base'>$Lang::tr{'urlfilter enabled'}</td>
889 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
890 <td colspan='2'>&nbsp;</td>
891</tr>
ed38f89d
MT
892</table>
893<hr size='1'>
894<table width='100%'>
895<tr>
896 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
897</tr>
898<tr>
899 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}</font>:</td>
900 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
901 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
902 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
903</tr>
904<tr>
905 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}</font>:</td>
906 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
907 <td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
908 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
ac1cfefa 909</tr>
ac1cfefa 910<tr>
ed38f89d
MT
911 <td class='base'>$Lang::tr{'advproxy username forwarding'}</font>:</td>
912 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
913 <td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
914 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
915</tr>
916</table>
917<hr size='1'>
918<table width='100%'>
919<tr>
920 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
921</tr>
922<tr>
923 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
924 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
925 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
926 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
927</tr>
928<tr>
929 <td>&nbsp;</td>
930 <td>&nbsp;</td>
931 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
932 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
933</tr>
934</table>
935<hr size='1'>
936<table width='100%'>
937<tr>
938 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
939</tr>
940<tr>
941 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
ac1cfefa
MT
942</tr>
943<tr>
ed38f89d
MT
944 <td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
945 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
946 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:</td>
ac1cfefa
MT
947 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
948</tr>
949<tr>
ed38f89d 950 <td class='base'>$Lang::tr{'advproxy min size'}:</td>
ac1cfefa 951 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
ed38f89d 952 <td class='base'>$Lang::tr{'advproxy max size'}:</td>
ac1cfefa
MT
953 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
954</tr>
955<tr>
ed38f89d
MT
956 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
957 <td class='base'><select name='L1_DIRS'>
958 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
959 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
960 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
961 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
962 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
963 </select></td>
964 <td colspan='2' rowspan= '5' valign='top' class='base'>
965 <table cellpadding='0' cellspacing='0'>
966 <tr>
967 <!-- intentionally left empty -->
968 </tr>
969 <tr>
970 <td>$Lang::tr{'advproxy no cache sites'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
971 </tr>
972 <tr>
973 <!-- intentionally left empty -->
974 </tr>
975 <tr>
976 <!-- intentionally left empty -->
977 </tr>
978 <tr>
979 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
980END
981;
982
983print $proxysettings{'DST_NOCACHE'};
984
985print <<END
986</textarea></td>
987 </tr>
988 </table>
989 </td>
990</tr>
991<tr>
992 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
993 <td class='base'><select name='MEM_POLICY'>
994 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
995 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
996 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
997 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
998 </select></td>
999</tr>
1000<tr>
1001 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1002 <td class='base'><select name='CACHE_POLICY'>
1003 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1004 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1005 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1006 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1007 </select></td>
1008</tr>
1009<tr>
1010 <td colspan='2'>&nbsp;</td>
1011</tr>
1012<tr>
1013 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1014 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1015</tr>
1016</table>
1017<hr size='1'>
1018<table width='100%'>
1019<tr>
1020 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1021</tr>
1022<tr>
1023 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1024</tr>
1025<tr>
1026 <td colspan='2' class='base'>$Lang::tr{'advproxy allowed subnets'}:</td>
1027 <td colspan='2'>&nbsp;</td>
1028</tr>
1029<tr>
1030 <td colspan='2'><textarea name='SRC_SUBNETS' cols='32' rows='6' wrap='off'>
1031END
1032;
1033
1034if (!$proxysettings{'SRC_SUBNETS'}) {
1035 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1036 if ($netsettings{'BLUE_DEV'}) {
1037 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1038 }
1039} else {
1040 print $proxysettings{'SRC_SUBNETS'};
1041}
1042
1043print <<END
1044</textarea></td>
1045 <td colspan='2'>&nbsp;</td>
1046</tr>
1047</table>
1048<table width='100%'>
1049<tr>
1050 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1051</tr>
1052<tr>
1053 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1054 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1055</tr>
1056<tr>
1057 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='6' wrap='off'>
1058END
1059;
1060
1061 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1062
1063print <<END
1064</textarea></td>
1065 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='6' wrap='off'>
1066END
1067;
1068
1069print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1070
1071print <<END
1072</textarea></td>
1073</tr>
1074</table>
1075<table width='100%'>
1076<tr>
1077 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1078</tr>
1079<tr>
1080 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1081 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1082</tr>
1083<tr>
1084 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='6' wrap='off'>
1085END
1086;
1087
1088 print $proxysettings{'SRC_BANNED_IP'};
1089
1090print <<END
1091</textarea></td>
1092 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='6' wrap='off'>
1093END
1094;
1095
1096print $proxysettings{'SRC_BANNED_MAC'};
1097
1098print <<END
1099</textarea></td>
1100</tr>
1101</table>
1102
1103<hr size='1'>
1104
1105END
1106;
1107# -------------------------------------------------------------------
1108# CRE GUI - optional
1109# -------------------------------------------------------------------
1110
1111if (-e $cre_enabled) { print <<END
1112<table width='100%'>
1113
1114<tr>
1115 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b></td>
1116</tr>
1117<tr>
1118 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1119</tr>
1120<tr>
1121 <td class='base'>$Lang::tr{'advproxy enabled'}:</td>
1122 <td><input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1123 <td class='base'>$Lang::tr{'advproxy supervisor password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1124 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1125</tr>
1126<tr>
1127 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1128 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1129</tr>
1130<tr>
1131 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1132END
1133;
1134
1135 print $proxysettings{'CRE_GROUPS'};
1136
1137print <<END
1138</textarea></td>
1139 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1140END
1141;
1142 print $proxysettings{'CRE_SVHOSTS'};
1143
1144print <<END
1145</textarea></td>
1146</tr>
1147
1148</table>
1149
1150<hr size='1'>
1151END
1152;
1153} else {
1154 print <<END
1155 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1156 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1157 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1158END
1159;
1160}
1161# -------------------------------------------------------------------
1162
1163print <<END
1164
1165<table width='100%'>
1166<tr>
1167 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1168</tr>
1169<table width='100%'>
1170<tr>
1171 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1172 <td width='1%'>&nbsp;</td>
1173 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1174 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1175 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1176 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1177 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1178 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1179 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1180 <td width='1%'>&nbsp;&nbsp;</td>
1181 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1182 <td width='1%'>&nbsp;</td>
1183 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1184 <td>&nbsp;</td>
1185</tr>
1186<tr>
1187 <td class='base'>
1188 <select name='TIME_ACCESS_MODE'>
1189 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1190 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1191 </select>
1192 </td>
1193 <td>&nbsp;</td>
1194 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1195 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1196 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1197 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1198 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1199 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1200 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1201 <td>&nbsp;</td>
1202 <td class='base'>
1203 <select name='TIME_FROM_HOUR'>
1204END
1205;
1206for ($i=0;$i<=24;$i++) {
1207 $_ = sprintf("%02s",$i);
1208 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1209}
1210print <<END
1211 </select>
1212 </td>
1213 <td>:</td>
1214 <td class='base'>
1215 <select name='TIME_FROM_MINUTE'>
1216END
1217;
1218for ($i=0;$i<=45;$i+=15) {
1219 $_ = sprintf("%02s",$i);
1220 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1221}
1222print <<END
1223 </select>
1224 <td> - </td>
1225 </td>
1226 <td class='base'>
1227 <select name='TIME_TO_HOUR'>
1228END
1229;
1230for ($i=0;$i<=24;$i++) {
1231 $_ = sprintf("%02s",$i);
1232 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1233}
1234print <<END
1235 </select>
1236 </td>
1237 <td>:</td>
1238 <td class='base'>
1239 <select name='TIME_TO_MINUTE'>
1240END
1241;
1242for ($i=0;$i<=45;$i+=15) {
1243 $_ = sprintf("%02s",$i);
1244 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1245}
1246print <<END
1247 </select>
1248 </td>
1249</tr>
1250</table>
1251<hr size='1'>
1252<table width='100%'>
1253<tr>
1254 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
ac1cfefa
MT
1255</tr>
1256<tr>
ed38f89d
MT
1257 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:</td>
1258 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1259 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:</td>
1260 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
ac1cfefa
MT
1261</tr>
1262</table>
ed38f89d 1263<hr size='1'>
ac1cfefa 1264<table width='100%'>
ac1cfefa 1265<tr>
ed38f89d
MT
1266 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1267</tr>
1268<tr>
1269 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1270 <td width='20%' class='base'>
1271 <select name='THROTTLING_GREEN_TOTAL'>
1272END
1273;
1274
1275foreach (@throttle_limits) {
1276 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
1277}
1278
1279print <<END
1280 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1281 </select>
1282 </td>
1283 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1284 <td width='30%' class='base'>
1285 <select name='THROTTLING_GREEN_HOST'>
1286END
1287;
1288
1289foreach (@throttle_limits) {
1290 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
1291}
1292
1293print <<END
1294 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1295 </select>
1296 </td>
1297</tr>
1298END
1299;
1300
1301if ($netsettings{'BLUE_DEV'}) {
1302 print <<END
1303<tr>
1304 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1305 <td class='base'>
1306 <select name='THROTTLING_BLUE_TOTAL'>
1307END
1308;
1309
1310foreach (@throttle_limits) {
1311 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
1312}
1313
1314print <<END
1315 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1316 </select>
1317 </td>
1318 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1319 <td class='base'>
1320 <select name='THROTTLING_BLUE_HOST'>
1321END
1322;
1323
1324foreach (@throttle_limits) {
1325 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
1326}
1327
1328print <<END
1329 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1330 </select>
ac1cfefa 1331 </td>
ac1cfefa 1332</tr>
ed38f89d
MT
1333END
1334;
1335}
ac1cfefa 1336
ed38f89d
MT
1337print <<END
1338</table>
1339<table width='100%'>
1340<tr>
1341 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1342</tr>
1343<tr>
1344 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1345 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1346 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1347 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1348 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1349 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1350 <td width='15%'>&nbsp;</td>
1351 <td width='10%'>&nbsp;</td>
1352</tr>
ac1cfefa 1353</table>
ed38f89d
MT
1354<hr size='1'>
1355<table width='100%'>
1356<tr>
1357 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b></td>
1358</tr>
1359<tr>
1360 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1361 <td width='20%'><input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1362</tr>
1363<tr>
1364 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1365 <td>&nbsp;</td>
1366 <td>&nbsp;</td>
1367</tr>
1368<tr>
1369 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
ac1cfefa
MT
1370END
1371;
ac1cfefa 1372
ed38f89d 1373print $proxysettings{'MIME_TYPES'};
ac1cfefa 1374
ed38f89d
MT
1375print <<END
1376</textarea></td>
1377 <td>&nbsp;</td>
1378 <td>&nbsp;</td>
1379</tr>
1380</table>
1381<hr size='1'>
1382<table width='100%'>
1383<tr>
1384 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b></td>
1385</tr>
1386<tr>
1387 <td width='25%' class='base'>$Lang::tr{'advproxy UA enable filter'}:</td>
1388 <td width='20%'><input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1389 <td>&nbsp;</td>
1390 <td>&nbsp;</td>
1391</tr>
1392<tr>
1393 <td colspan='4'><i>
1394END
1395;
1396if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1397print <<END
1398</i></td>
1399</tr>
1400</table>
1401<table width='100%'>
1402END
1403;
ac1cfefa 1404
ed38f89d
MT
1405for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1406 for ($i=0; $i<=3; $i++) {
1407 if ($i eq 0) { print "<tr>\n"; }
1408 if (($n+$i) < @useragentlist) {
1409 @useragent = split(/,/,@useragentlist[$n+$i]);
1410 print "<td width='15%'>@useragent[1]:<\/td>\n";
1411 print "<td width='10%'><input type='checkbox' name='UA_@useragent[0]' $checked{'UA_'.@useragent[0]}{'on'} /></td>\n";
1412 }
1413 if ($i eq 3) { print "<\/tr>\n"; }
1414 }
1415}
1416
1417print <<END
1418</table>
1419<hr size='1'>
1420<table width='100%'>
1421<tr>
1422 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1423</tr>
1424<tr>
1425 <td class='base'>$Lang::tr{'advproxy fake useragent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1426</tr>
1427<tr>
1428 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
1429</tr>
1430<tr>
1431 <td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1432</tr>
1433<tr>
1434 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
1435</tr>
1436</table>
1437<hr size='1'>
1438END
1439;
1440
ed38f89d
MT
1441if (($updacclrtr_addon) && (!($urlfilter_addon))) {
1442 print <<END
1443<table width='100%'>
1444<tr>
1445 <td colspan='4'><b>$Lang::tr{'advproxy update accelerator'}</b></td>
1446</tr>
1447<tr>
1448 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1449 <td><input type='checkbox' name='ENABLE_UPDACCEL' $checked{'ENABLE_UPDACCEL'}{'on'} /></td>
1450 <td>&nbsp;</td>
1451 <td>&nbsp;</td>
1452</tr>
1453</table>
1454<hr size='1'>
1455END
1456; }
1457
1458print <<END
1459<table width='100%'>
1460<tr>
1461 <td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1462</tr>
1463<tr>
1464 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1465 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1466 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1467 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1468 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1469 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1470</tr>
1471</table>
1472END
1473;
1474
1475if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1476<hr size='1'>
1477<table width='100%'>
1478<tr>
1479 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1480</tr>
1481<tr>
1482 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1483</tr>
1484<tr>
1485 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1486 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1487 <td colspan='2' rowspan= '6' valign='top' class='base'>
1488 <table cellpadding='0' cellspacing='0'>
1489 <tr>
1490 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1491 </tr>
1492 <tr>
1493 <!-- intentionally left empty -->
1494 </tr>
1495 <tr>
1496 <!-- intentionally left empty -->
1497 </tr>
1498 <tr>
1499 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1500 </tr>
1501 <tr>
1502 <!-- intentionally left empty -->
1503 </tr>
1504 <tr>
1505 <!-- intentionally left empty -->
1506 </tr>
1507 <tr>
1508 <td>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1509 </tr>
1510 <tr>
1511 <!-- intentionally left empty -->
1512 </tr>
1513 <tr>
1514 <!-- intentionally left empty -->
1515 </tr>
1516 <tr>
1517 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1518END
1519;
1520
1521print $proxysettings{'DST_NOAUTH'};
1522
1523print <<END
1524</textarea></td>
1525 </tr>
1526 </table>
1527 </td>
1528</tr>
1529<tr>
1530 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1531 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1532</tr>
1533<tr>
1534 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1535 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1536</tr>
1537<tr>
1538 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1539 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1540</tr>
1541<tr>
1542 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1543 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1544</tr>
1545<tr>
1546 <td colspan='2'>&nbsp;</td>
1547</tr>
1548</table>
1549END
1550;
1551}
1552
1553# ===================================================================
1554# NCSA auth settings
1555# ===================================================================
1556
1557if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1558print <<END
1559<hr size='1'>
1560<table width='100%'>
1561<tr>
1562 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1563</tr>
1564<tr>
1565 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1566 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1567 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1568 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1569</tr>
1570<tr>
1571 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1572 <td>&nbsp;</td>
1573 <td>&nbsp;</td>
1574</tr>
1575</table>
1576END
1577; }
1578
1579# ===================================================================
1580# IDENTD auth settings
1581# ===================================================================
1582
1583if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1584print <<END
1585<hr size ='1'>
1586<table width='100%'>
1587<tr>
1588 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1589</tr>
1590<tr>
1591 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1592 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1593 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1594 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1595</tr>
1596<tr>
1597 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1598 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1599 <td>&nbsp;</td>
1600 <td>&nbsp;</td>
1601</tr>
1602<tr>
1603 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1604 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1605</tr>
1606<tr>
1607 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1608END
1609;
1610if (!$proxysettings{'IDENT_HOSTS'}) {
1611 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1612 if ($netsettings{'BLUE_DEV'}) {
1613 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1614 }
1615} else {
1616 print $proxysettings{'IDENT_HOSTS'};
1617}
1618
1619print <<END
1620</textarea></td>
1621 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1622END
1623;
1624
1625print $proxysettings{'DST_NOAUTH'};
1626
1627print <<END
1628</textarea></td>
1629</tr>
1630</table>
1631<hr size ='1'>
1632<table width='100%'>
1633<tr>
1634 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1635</tr>
1636<tr>
1637 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1638 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1639 <td width='25%'>&nbsp;</td>
1640 <td width='30%'>&nbsp;</td>
1641</tr>
1642<tr>
1643 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1644 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1645 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1646 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1647</tr>
1648<tr>
1649 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1650 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1651</tr>
1652<tr>
1653 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1654END
1655; }
1656
1657if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1658
1659if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1660</textarea></td>
1661 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1662END
1663; }
1664
1665if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1666
1667if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1668</textarea></td>
1669</tr>
1670</table>
1671END
1672; }
1673
1674# ===================================================================
1675# NTLM auth settings
1676# ===================================================================
1677
1678if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1679print <<END
1680<hr size='1'>
1681<table width='100%'>
1682<tr>
1683 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1684</tr>
1685<tr>
1686 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1687 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1688 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1689 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1690 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1691 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1692</tr>
1693</table>
1694<hr size ='1'>
1695<table width='100%'>
1696<tr>
1697 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1698</tr>
1699<tr>
1700 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1701 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1702 <td>&nbsp;</td>
1703</tr>
1704</table>
1705<hr size ='1'>
1706<table width='100%'>
1707<tr>
1708 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1709</tr>
1710<tr>
1711 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1712 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1713 <td width='25%'>&nbsp;</td>
1714 <td width='30%'>&nbsp;</td>
1715</tr>
1716<tr>
1717 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1718 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1719 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1720 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1721</tr>
1722<tr>
1723 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1724 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1725</tr>
1726<tr>
1727 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1728END
1729; }
1730
1731if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1732
1733if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1734</textarea></td>
1735 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1736END
1737; }
1738
1739if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1740
1741if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1742</textarea></td>
1743</tr>
1744</table>
1745END
1746; }
1747
1748# ===================================================================
1749# LDAP auth settings
1750# ===================================================================
1751
1752if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1753print <<END
1754<hr size='1'>
1755<table width='100%'>
1756<tr>
1757 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1758</tr>
1759<tr>
1760 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1761 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1762 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1763 <td class='base'><select name='LDAP_TYPE'>
1764 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1765 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1766 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1767 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1768 </select></td>
1769</tr>
1770<tr>
1771 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1772 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1773 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1774 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1775</tr>
1776</table>
1777<hr size ='1'>
1778<table width='100%'>
1779<tr>
1780 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1781</tr>
1782<tr>
1783 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1784 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1785 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1786 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1787</tr>
1788</table>
1789<hr size ='1'>
1790<table width='100%'>
1791<tr>
1792 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1793</tr>
1794<tr>
1795 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1796 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1797 <td>&nbsp;</td>
1798 <td>&nbsp;</td>
1799</tr>
1800</table>
1801END
1802; }
1803
1804# ===================================================================
1805# RADIUS auth settings
1806# ===================================================================
1807
1808if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1809print <<END
1810<hr size='1'>
1811<table width='100%'>
1812<tr>
1813 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1814</tr>
1815<tr>
1816 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1817 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1818 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1819 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1820</tr>
1821<tr>
1822 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1823 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1824 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1825 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1826</tr>
1827</table>
1828<hr size ='1'>
1829<table width='100%'>
1830<tr>
1831 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1832</tr>
1833<tr>
1834 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1835 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1836 <td width='25%'>&nbsp;</td>
1837 <td width='30%'>&nbsp;</td>
1838</tr>
1839<tr>
1840 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1841 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1842 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1843 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1844</tr>
1845<tr>
1846 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1847 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1848</tr>
1849<tr>
1850 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1851END
1852; }
1853
1854if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
1855
1856if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1857</textarea></td>
1858 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
1859END
1860; }
1861
1862if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
1863
1864if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1865</textarea></td>
1866</tr>
1867</table>
1868END
1869; }
1870
1871# ===================================================================
1872
1873}
1874
1875print "<table>\n";
1876
1877if ($proxysettings{'AUTH_METHOD'} eq 'none') {
1878print <<END
1879<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1880<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1881<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1882<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1883<td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
1884<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1885<td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
1886END
1887; }
1888
1889if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1890print <<END
1891<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1892<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1893<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1894<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1895<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1896END
1897; }
1898
1899if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
1900print <<END
1901<td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
1902<td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
1903END
1904; }
1905
1906if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
1907print <<END
1908<td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
1909<td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
1910<td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
1911<td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
1912<td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
1913<td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
1914<td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
1915END
1916; }
1917
1918if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
1919print <<END
1920<td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
1921<td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
1922<td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
1923<td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
1924<td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
1925<td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
1926<td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
1927END
1928; }
1929
1930if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
1931print <<END
1932<td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
1933<td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
1934<td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
1935<td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
1936<td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
1937<td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
1938<td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
1939<td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
1940END
1941; }
1942
1943if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
1944print <<END
1945<td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
1946<td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
1947<td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
1948<td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
1949<td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
1950<td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
1951<td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
1952<td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
1953END
1954; }
1955
1956print "</table>\n";
1957
1958print <<END
1959<hr size='1'>
1960END
1961;
1962
1963print <<END
1964<table width='100%'>
1965<tr>
1966 <td>&nbsp;</td>
1967 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
1968 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
1969 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>
1970 <td>&nbsp;</td>
1971</tr>
1972
1973</table>
1974<br />
1975<table width='100%'>
1976<tr>
1977 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;
1978 <font class='base'>$Lang::tr{'this field may be blank'}</font>
1979 </td>
1980 <td align='right'>
60cbd6e7 1981 &nbsp;
ed38f89d
MT
1982 </td>
1983</tr>
1984</table>
1985</form>
1986END
1987;
1988
1989&Header::closebox();
1990
1991} else {
1992
1993# ===================================================================
1994# NCSA user management
1995# ===================================================================
1996
1997&Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
1998print <<END
1999<form method='post' action='$ENV{'SCRIPT_NAME'}'>
2000<table width='100%'>
2001<tr>
2002 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2003</tr>
2004<tr>
2005 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2006 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2007END
2008;
2009 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
2010 print <<END
2011 /></td>
2012 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2013 <td class='base'>
2014 <select name='NCSA_GROUP'>
2015 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2016 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2017 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2018 </select>
2019 </td>
2020
2021</tr>
2022<tr>
2023 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2024 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2025 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2026 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2027</tr>
2028</table>
2029<br>
2030<table>
2031<tr>
2032 <td>&nbsp;</td>
2033 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2034 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2035 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2036END
2037;
2038 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2039 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2040 }
2041
2042print <<END
2043 <td>&nbsp;</td>
2044 <td>&nbsp;</td>
2045 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2046</tr>
2047</table>
2048</form>
2049<hr size='1'>
2050<table width='100%'>
2051<tr>
2052 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2053</tr>
2054</table>
2055<table width='100%' align='center'>
2056END
2057;
2058
2059if (-e $extgrp)
2060{
2061 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2062 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2063}
2064if (-e $stdgrp)
2065{
2066 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2067 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2068}
2069if (-e $disgrp)
2070{
2071 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2072 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2073}
2074
2075@userlist = sort(@userlist);
2076
2077# If the password file contains entries, print entries and action icons
2078
2079if (! -z "$userdb") {
2080 print <<END
2081 <tr>
2082 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2083 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2084 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2085 </tr>
2086END
2087;
2088 $id = 0;
2089 foreach $line (@userlist)
2090 {
2091 $id++;
2092 chomp($line);
2093 @temp = split(/:/,$line);
2094 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2095 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2096 elsif ($id % 2) {
2097 print "<tr bgcolor='$Header::table1colour'>\n"; }
2098 else {
2099 print "<tr bgcolor='$Header::table2colour'>\n"; }
2100
2101 print <<END
2102 <td align='center'>$temp[0]</td>
2103 <td align='center'>
2104END
2105;
2106 if ($temp[1] eq 'standard') {
2107 print $Lang::tr{'advproxy NCSA grp standard'};
2108 } elsif ($temp[1] eq 'extended') {
2109 print $Lang::tr{'advproxy NCSA grp extended'};
2110 } elsif ($temp[1] eq 'disabled') {
2111 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2112 print <<END
2113 </td>
2114 <td width='8%' align='center'>
2115 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2116 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2117 <input type='hidden' name='ID' value='$line' />
2118 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2119 </form>
2120 </td>
2121
2122 <td width='8%' align='center'>
2123 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2124 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2125 <input type='hidden' name='ID' value='$temp[0]' />
2126 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2127 </form>
2128 </td>
2129 </tr>
2130END
2131;
2132 }
2133
2134print <<END
2135</table>
2136<br>
2137<table witdh='100%'>
2138<tr>
2139 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2140 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2141 <td class='base'>$Lang::tr{'edit'}</td>
2142 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2143 <td class='base'>$Lang::tr{'remove'}</td>
2144</tr>
2145END
2146;
2147} else {
2148 print <<END
2149 <tr>
2150 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2151 </tr>
2152END
2153;
2154}
2155
2156print <<END
2157</table>
2158END
2159;
2160
2161&Header::closebox();
2162
2163}
2164
2165# ===================================================================
2166
2167&Header::closebigbox();
2168
2169&Header::closepage();
2170
2171# -------------------------------------------------------------------
2172
2173sub read_acls
2174{
2175 if (-e "$acl_src_subnets") {
2176 open(FILE,"$acl_src_subnets");
2177 delete $proxysettings{'SRC_SUBNETS'};
2178 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2179 close(FILE);
2180 }
2181 if (-e "$acl_src_banned_ip") {
2182 open(FILE,"$acl_src_banned_ip");
2183 delete $proxysettings{'SRC_BANNED_IP'};
2184 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2185 close(FILE);
2186 }
2187 if (-e "$acl_src_banned_mac") {
2188 open(FILE,"$acl_src_banned_mac");
2189 delete $proxysettings{'SRC_BANNED_MAC'};
2190 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2191 close(FILE);
2192 }
2193 if (-e "$acl_src_unrestricted_ip") {
2194 open(FILE,"$acl_src_unrestricted_ip");
2195 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2196 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2197 close(FILE);
2198 }
2199 if (-e "$acl_src_unrestricted_mac") {
2200 open(FILE,"$acl_src_unrestricted_mac");
2201 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2202 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2203 close(FILE);
2204 }
2205 if (-e "$acl_dst_nocache") {
2206 open(FILE,"$acl_dst_nocache");
2207 delete $proxysettings{'DST_NOCACHE'};
2208 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2209 close(FILE);
2210 }
2211 if (-e "$acl_dst_noauth") {
2212 open(FILE,"$acl_dst_noauth");
2213 delete $proxysettings{'DST_NOAUTH'};
2214 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2215 close(FILE);
2216 }
2217 if (-e "$mimetypes") {
2218 open(FILE,"$mimetypes");
2219 delete $proxysettings{'MIME_TYPES'};
2220 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2221 close(FILE);
2222 }
2223 if (-e "$ntlmdir/msntauth.allowusers") {
2224 open(FILE,"$ntlmdir/msntauth.allowusers");
2225 delete $proxysettings{'NTLM_ALLOW_USERS'};
2226 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2227 close(FILE);
2228 }
2229 if (-e "$ntlmdir/msntauth.denyusers") {
2230 open(FILE,"$ntlmdir/msntauth.denyusers");
2231 delete $proxysettings{'NTLM_DENY_USERS'};
2232 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2233 close(FILE);
2234 }
2235 if (-e "$raddir/radauth.allowusers") {
2236 open(FILE,"$raddir/radauth.allowusers");
2237 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2238 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2239 close(FILE);
2240 }
2241 if (-e "$raddir/radauth.denyusers") {
2242 open(FILE,"$raddir/radauth.denyusers");
2243 delete $proxysettings{'RADIUS_DENY_USERS'};
2244 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2245 close(FILE);
2246 }
2247 if (-e "$identdir/identauth.allowusers") {
2248 open(FILE,"$identdir/identauth.allowusers");
2249 delete $proxysettings{'IDENT_ALLOW_USERS'};
2250 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2251 close(FILE);
2252 }
2253 if (-e "$identdir/identauth.denyusers") {
2254 open(FILE,"$identdir/identauth.denyusers");
2255 delete $proxysettings{'IDENT_DENY_USERS'};
2256 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2257 close(FILE);
2258 }
2259 if (-e "$identhosts") {
2260 open(FILE,"$identhosts");
2261 delete $proxysettings{'IDENT_HOSTS'};
2262 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2263 close(FILE);
2264 }
2265 if (-e "$cre_groups") {
2266 open(FILE,"$cre_groups");
2267 delete $proxysettings{'CRE_GROUPS'};
2268 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2269 close(FILE);
2270 }
2271 if (-e "$cre_svhosts") {
2272 open(FILE,"$cre_svhosts");
2273 delete $proxysettings{'CRE_SVHOSTS'};
2274 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2275 close(FILE);
2276 }
2277}
2278
2279# -------------------------------------------------------------------
2280
2281sub check_acls
2282{
2283 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2284 undef $proxysettings{'SRC_SUBNETS'};
2285 foreach (@temp)
2286 {
2287 s/^\s+//g; s/\s+$//g;
2288 if ($_)
2289 {
2290 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2291 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2292 }
2293 }
2294
2295 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2296 undef $proxysettings{'SRC_BANNED_IP'};
2297 foreach (@temp)
2298 {
2299 s/^\s+//g; s/\s+$//g;
2300 if ($_)
2301 {
2302 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2303 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2304 }
2305 }
2306
2307 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2308 undef $proxysettings{'SRC_BANNED_MAC'};
2309 foreach (@temp)
2310 {
2311 s/^\s+//g; s/\s+$//g; s/-/:/g;
2312 if ($_)
2313 {
2314 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2315 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2316 }
2317 }
2318
2319 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2320 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2321 foreach (@temp)
2322 {
2323 s/^\s+//g; s/\s+$//g;
2324 if ($_)
2325 {
2326 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2327 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2328 }
2329 }
2330
2331 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2332 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2333 foreach (@temp)
2334 {
2335 s/^\s+//g; s/\s+$//g; s/-/:/g;
2336 if ($_)
2337 {
2338 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2339 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2340 }
2341 }
2342
2343 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2344 {
2345 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2346 undef $proxysettings{'NTLM_ALLOW_USERS'};
2347 foreach (@temp)
2348 {
2349 s/^\s+//g; s/\s+$//g;
2350 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2351 }
2352 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2353 }
2354
2355 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2356 {
2357 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2358 undef $proxysettings{'NTLM_DENY_USERS'};
2359 foreach (@temp)
2360 {
2361 s/^\s+//g; s/\s+$//g;
2362 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2363 }
2364 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2365 }
2366
2367 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2368 {
2369 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2370 undef $proxysettings{'IDENT_ALLOW_USERS'};
2371 foreach (@temp)
2372 {
2373 s/^\s+//g; s/\s+$//g;
2374 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2375 }
2376 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2377 }
2378
2379 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2380 {
2381 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2382 undef $proxysettings{'IDENT_DENY_USERS'};
2383 foreach (@temp)
2384 {
2385 s/^\s+//g; s/\s+$//g;
2386 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2387 }
2388 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2389 }
2390
2391 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2392 {
2393 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2394 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2395 foreach (@temp)
2396 {
2397 s/^\s+//g; s/\s+$//g;
2398 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2399 }
2400 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2401 }
2402
2403 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2404 {
2405 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2406 undef $proxysettings{'RADIUS_DENY_USERS'};
2407 foreach (@temp)
2408 {
2409 s/^\s+//g; s/\s+$//g;
2410 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2411 }
2412 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2413 }
2414
2415 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2416 undef $proxysettings{'IDENT_HOSTS'};
2417 foreach (@temp)
2418 {
2419 s/^\s+//g; s/\s+$//g;
2420 if ($_)
2421 {
2422 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2423 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2424 }
2425 }
2426
2427 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2428 undef $proxysettings{'CRE_SVHOSTS'};
2429 foreach (@temp)
2430 {
2431 s/^\s+//g; s/\s+$//g;
2432 if ($_)
2433 {
2434 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2435 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2436 }
2437 }
2438}
2439
2440
2441# -------------------------------------------------------------------
2442
2443sub write_acls
2444{
2445 open(FILE, ">$acl_src_subnets");
2446 flock(FILE, 2);
2447 print FILE $proxysettings{'SRC_SUBNETS'};
2448 close(FILE);
2449
2450 open(FILE, ">$acl_src_banned_ip");
2451 flock(FILE, 2);
2452 print FILE $proxysettings{'SRC_BANNED_IP'};
2453 close(FILE);
2454
2455 open(FILE, ">$acl_src_banned_mac");
2456 flock(FILE, 2);
2457 print FILE $proxysettings{'SRC_BANNED_MAC'};
2458 close(FILE);
2459
2460 open(FILE, ">$acl_src_unrestricted_ip");
2461 flock(FILE, 2);
2462 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2463 close(FILE);
2464
2465 open(FILE, ">$acl_src_unrestricted_mac");
2466 flock(FILE, 2);
2467 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2468 close(FILE);
2469
2470 open(FILE, ">$acl_dst_nocache");
2471 flock(FILE, 2);
2472 print FILE $proxysettings{'DST_NOCACHE'};
2473 close(FILE);
2474
2475 open(FILE, ">$acl_dst_noauth");
2476 flock(FILE, 2);
2477 print FILE $proxysettings{'DST_NOAUTH'};
2478 close(FILE);
2479
2480 open(FILE, ">$acl_dst_throttle");
2481 flock(FILE, 2);
2482 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2483 {
2484 @temp = split(/\|/,$throttle_binary);
2485 foreach (@temp) { print FILE "\\.$_\$\n"; }
2486 }
2487 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2488 {
2489 @temp = split(/\|/,$throttle_dskimg);
2490 foreach (@temp) { print FILE "\\.$_\$\n"; }
2491 }
2492 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2493 {
2494 @temp = split(/\|/,$throttle_mmedia);
2495 foreach (@temp) { print FILE "\\.$_\$\n"; }
2496 }
2497 if (-s $throttled_urls)
2498 {
2499 open(URLFILE, $throttled_urls);
2500 @temp = <URLFILE>;
2501 close(URLFILE);
2502 foreach (@temp) { print FILE; }
2503 }
2504 close(FILE);
2505
2506 open(FILE, ">$mimetypes");
2507 flock(FILE, 2);
2508 print FILE $proxysettings{'MIME_TYPES'};
2509 close(FILE);
2510
2511 open(FILE, ">$ntlmdir/msntauth.allowusers");
2512 flock(FILE, 2);
2513 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2514 close(FILE);
2515
2516 open(FILE, ">$ntlmdir/msntauth.denyusers");
2517 flock(FILE, 2);
2518 print FILE $proxysettings{'NTLM_DENY_USERS'};
2519 close(FILE);
2520
2521 open(FILE, ">$raddir/radauth.allowusers");
2522 flock(FILE, 2);
2523 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2524 close(FILE);
2525
2526 open(FILE, ">$raddir/radauth.denyusers");
2527 flock(FILE, 2);
2528 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2529 close(FILE);
2530
2531 open(FILE, ">$identdir/identauth.allowusers");
2532 flock(FILE, 2);
2533 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2534 close(FILE);
2535
2536 open(FILE, ">$identdir/identauth.denyusers");
2537 flock(FILE, 2);
2538 print FILE $proxysettings{'IDENT_DENY_USERS'};
2539 close(FILE);
2540
2541 open(FILE, ">$identhosts");
2542 flock(FILE, 2);
2543 print FILE $proxysettings{'IDENT_HOSTS'};
2544 close(FILE);
2545
2546 open(FILE, ">$cre_groups");
2547 flock(FILE, 2);
2548 print FILE $proxysettings{'CRE_GROUPS'};
2549 close(FILE);
2550
2551 open(FILE, ">$cre_svhosts");
2552 flock(FILE, 2);
2553 print FILE $proxysettings{'CRE_SVHOSTS'};
2554 close(FILE);
2555}
2556
2557# -------------------------------------------------------------------
2558
2559sub writepacfile
2560{
2561 open(FILE, ">/home/httpd/html/proxy.pac");
2562 flock(FILE, 2);
2563 print FILE "function FindProxyForURL(url, host)\n";
2564 print FILE "{\n";
2565 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2566 {
2567 print FILE <<END
2568if (
2569 (isPlainHostName(host)) ||
2570 (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
2571 (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
2572 (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
2573 (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
2574 (isInNet(host, "192.168.0.0", "255.255.0.0"))
2575 )
2576 return "DIRECT";
2577
2578 else
2579
2580END
2581;
2582 if ($proxysettings{'ENABLE'} eq 'on')
2583 {
2584 print FILE <<END
2585if (
2586 (isInNet(myIpAddress(), "$netsettings{'GREEN_NETADDRESS'}", "$netsettings{'GREEN_NETMASK'}"))
2587 )
2588 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2589END
2590;
2591 }
2592 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2593 {
2594 print FILE "\n else\n\n";
2595 }
2596 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2597 {
2598 print FILE <<END
2599if (
2600 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2601 )
2602 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2603END
2604;
2605 }
2606 }
2607 print FILE "}\n";
2608 close(FILE);
2609}
2610
2611# -------------------------------------------------------------------
2612
2613sub writeconfig
2614{
2615 my $authrealm;
2616 my $delaypools;
2617
2618 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2619 $proxysettings{'THROTTLING_GREEN_HOST'} +
2620 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2621 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2622 {
2623 $delaypools = 1; } else { $delaypools = 0;
2624 }
2625
2626 if ($proxysettings{'AUTH_REALM'} eq '')
2627 {
2628 $authrealm = "IPFire Advanced Proxy Server";
2629 } else {
2630 $authrealm = $proxysettings{'AUTH_REALM'};
2631 }
2632
2633 $_ = $proxysettings{'UPSTREAM_PROXY'};
2634 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
2635
2636 if ($remoteport eq '') { $remoteport = 80; }
2637
2638 open(FILE, ">${General::swroot}/proxy/squid.conf");
2639 flock(FILE, 2);
2640 print FILE <<END
2641shutdown_lifetime 5 seconds
2642icp_port 0
2643
2644http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}
2645END
2646 ;
2647 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2648 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
2649 }
2650
2651 print FILE <<END
2652
2653acl QUERY urlpath_regex cgi-bin \\?
2654no_cache deny QUERY
2655END
2656 ;
2657 if (!-z $acl_dst_nocache) {
2658 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
2659 print FILE "no_cache deny no_cache_domains\n";
2660 }
2661
2662 print FILE <<END
2663
2664cache_effective_user squid
2665cache_effective_group squid
2666
2667pid_filename /var/run/squid.pid
2668
2669cache_mem $proxysettings{'CACHE_MEM'} MB
2670cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
2671
2672error_directory /usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}
2673
2674END
2675 ;
2676
2677 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
2678
2679 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
2680 {
2681 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
2682 {
2683 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
2684 }
2685 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
2686 {
2687 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
2688 }
2689 print FILE "\n";
2690 }
2691
2692 if ($proxysettings{'LOGGING'} eq 'on')
2693 {
2694 print FILE <<END
2695cache_access_log /var/log/squid/access.log
2696cache_log /var/log/squid/cache.log
2697cache_store_log none
2698END
2699 ;
2700 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
2701 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
2702 } else {
2703 print FILE <<END
2704cache_access_log /dev/null
2705cache_log /dev/null
2706cache_store_log none
2707END
2708 ;}
2709 print FILE <<END
2710
2711log_mime_hdrs off
2712END
2713 ;
2714
2715 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
2716 {
2717 print FILE "forwarded_for on\n\n";
2718 } else {
2719 print FILE "forwarded_for off\n\n";
2720 }
2721
2722 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
2723 {
2724 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2725 {
2726 print FILE "auth_param basic program $libexecdir/ncsa_auth $userdb\n";
2727 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2728 print FILE "auth_param basic realm $authrealm\n";
2729 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2730 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2731 }
2732
2733 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
2734 {
2735 print FILE "auth_param basic program $libexecdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
2736 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
2737 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
2738 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
2739 {
2740 if ($proxysettings{'LDAP_GROUP'} eq '')
2741 {
2742 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
2743 } else {
2744 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2745 }
2746 print FILE " -u sAMAccountName -P";
2747 }
2748 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
2749 {
2750 if ($proxysettings{'LDAP_GROUP'} eq '')
2751 {
2752 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
2753 } else {
2754 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
2755 }
2756 print FILE " -u cn -P";
2757 }
2758 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
2759 {
2760 if ($proxysettings{'LDAP_GROUP'} eq '')
2761 {
2762 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
2763 } else {
2764 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2765 }
2766 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
2767 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
2768 print FILE " -u uid -P";
2769 }
2770 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
2771 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2772 print FILE "auth_param basic realm $authrealm\n";
2773 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2774 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2775 }
2776
2777 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
2778 {
2779 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
2780 {
2781 print FILE "auth_param ntlm program $libexecdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
2782 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
2783 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
2784 print FILE "auth_param ntlm max_challenge_reuses 0\n";
2785 print FILE "auth_param ntlm max_challenge_lifetime 2 minutes\n";
2786 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2787 } else {
2788 print FILE "auth_param basic program $libexecdir/msnt_auth\n";
2789 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2790 print FILE "auth_param basic realm $authrealm\n";
2791 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2792 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2793
2794 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
2795 flock(MSNTCONF,2);
2796 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
2797 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
2798 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
2799 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
2800 {
2801 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
2802 {
2803 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
2804 } else {
2805 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
2806 }
2807 }
2808 close(MSNTCONF);
2809 }
2810 }
2811
2812 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
2813 {
2814 print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
2815 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
2816 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
2817 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2818 print FILE "auth_param basic realm $authrealm\n";
2819 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2820 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2821 }
2822
2823 print FILE "\n";
2824 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
2825 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
2826 {
2827 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2828 {
2829 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
2830 }
2831 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2832 {
2833 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
2834 }
2835 }
2836 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
2837 {
2838 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2839 {
2840 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
2841 }
2842 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2843 {
2844 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
2845 }
2846 }
2847 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2848 {
2849 print FILE "\n";
2850 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
2851 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
2852 }
2853 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
2854 print FILE "\n";
2855
2856 if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; }
2857 }
2858
2859 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2860 {
2861 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
2862 {
2863 print FILE "acl for_inetusers ident REQUIRED\n";
2864 }
2865 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
2866 {
2867 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2868 {
2869 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
2870 }
2871 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2872 {
2873 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
2874 }
2875 }
2876 }
2877
2878 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
2879
2880 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
2881
2882 print FILE "acl within_timeframe time ";
2883 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
2884 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
2885 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
2886 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
2887 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
2888 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
2889 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
2890 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
2891 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
2892 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
2893 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
2894
2895 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
2896 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
2897 }
2898
2899 print FILE <<END
2900acl all src 0.0.0.0/0.0.0.0
2901acl localhost src 127.0.0.1/255.255.255.255
2902acl SSL_ports port 443 563
2903acl Safe_ports port 80 # http
2904acl Safe_ports port 21 # ftp
2905acl Safe_ports port 443 563 # https, snews
2906acl Safe_ports port 70 # gopher
2907acl Safe_ports port 210 # wais
2908acl Safe_ports port 1025-65535 # unregistered ports
2909acl Safe_ports port 280 # http-mgmt
2910acl Safe_ports port 488 # gss-http
2911acl Safe_ports port 591 # filemaker
2912acl Safe_ports port 777 # multiling http
2913acl Safe_ports port 800 # Squids port (for icons)
2914
2915acl IPCop_http port 81
2916acl IPCop_https port 445
2917acl IPCop_ips dst $netsettings{'GREEN_ADDRESS'}
2918acl IPCop_networks src "$acl_src_subnets"
2919acl IPCop_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
2920END
2921 ;
2922 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
2923 if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips src \"$acl_src_banned_ip\"\n"; }
2924 if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac arp \"$acl_src_banned_mac\"\n"; }
2925 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
2926 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
2927 print FILE <<END
2928acl CONNECT method CONNECT
2929END
2930 ;
2931
2932 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
2933 print FILE <<END
2934
2935#Classroom extensions
2936acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
2937acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
2938END
2939 ;
2940 print FILE "deny_info ";
2941 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2942 print FILE "ERR_ACCESS_DISABLED";
2943 } else { print FILE "ERR_ACCESS_DENIED"; }
2944 print FILE " IPCop_no_access_ips\n";
2945 print FILE "deny_info ";
2946 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2947 print FILE "ERR_ACCESS_DISABLED";
2948 } else { print FILE "ERR_ACCESS_DENIED"; }
2949 print FILE " IPCop_no_access_mac\n";
2950
2951 print FILE <<END
2952http_access deny IPCop_no_access_ips
2953http_access deny IPCop_no_access_mac
2954END
2955 ;
2956 }
2957
2958 #Insert acl file and replace __VAR__ with correct values
2959 my $blue_net = ''; #BLUE empty by default
2960 my $blue_ip = '';
2961 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2962 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
2963 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
2964 }
2965 if (!-z $acl_include)
2966 {
2967 open (ACL, "$acl_include");
2968 print FILE "\n#Start of custom includes\n";
2969 while (<ACL>) {
2970 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
2971 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
2972 $_ =~ s/__BLUE_IP__/$blue_ip/;
2973 $_ =~ s/__BLUE_NET__/$blue_net/;
2974 print FILE $_;
2975 }
2976 print FILE "#End of custom includes\n";
2977 close (ACL);
2978 }
2979 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
2980 print FILE <<END
2981
2982#Access to squid:
2983#local machine, no restriction
2984http_access allow localhost
2985
2986#GUI admin if local machine connects
2987http_access allow IPCop_ips IPCop_networks IPCop_http
2988http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
2989
2990#Deny not web services
2991http_access deny !Safe_ports
2992http_access deny CONNECT !SSL_ports
2993
2994END
2995 ;
2996
2997if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2998{
2999print FILE "#Set ident ACLs\n";
3000if (!-z $identhosts)
3001 {
3002 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3003 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3004 print FILE "ident_lookup_access deny all\n";
3005 } else {
3006 print FILE "ident_lookup_access allow all\n";
3007 }
3008 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3009}
3010
3011if ($delaypools) {
3012 print FILE "#Set download throttling\n";
3013
3014 if ($netsettings{'BLUE_DEV'})
3015 {
3016 print FILE "delay_pools 2\n";
3017 } else {
3018 print FILE "delay_pools 1\n";
3019 }
3020
3021 print FILE "delay_class 1 3\n";
3022 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3023
3024 print FILE "delay_parameters 1 ";
3025 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3026 {
3027 print FILE "-1/-1";
3028 } else {
3029 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3030 print FILE "/";
3031 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3032 }
3033
3034 print FILE " -1/-1 ";
3035 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3036 {
3037 print FILE "-1/-1";
3038 } else {
3039 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3040 print FILE "/";
3041 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3042 }
3043 print FILE "\n";
3044
3045 if ($netsettings{'BLUE_DEV'})
3046 {
3047 print FILE "delay_parameters 2 ";
3048 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3049 {
3050 print FILE "-1/-1";
3051 } else {
3052 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3053 print FILE "/";
3054 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3055 }
3056 print FILE " -1/-1 ";
3057 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3058 {
3059 print FILE "-1/-1";
3060 } else {
3061 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3062 print FILE "/";
3063 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3064 }
3065 print FILE "\n";
3066 }
3067
3068 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
3069 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
3070 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3071
3072 if ($netsettings{'BLUE_DEV'})
3073 {
3074 print FILE "delay_access 1 allow IPCop_green_network";
3075 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3076 print FILE "\n";
3077 print FILE "delay_access 1 deny all\n";
3078 } else {
3079 print FILE "delay_access 1 allow all";
3080 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3081 print FILE "\n";
3082 }
3083
3084 if ($netsettings{'BLUE_DEV'})
3085 {
3086 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
3087 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
3088 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3089 print FILE "delay_access 2 allow IPCop_blue_network";
3090 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3091 print FILE "\n";
3092 print FILE "delay_access 2 deny all\n";
3093 }
3094
3095 print FILE "delay_initial_bucket_level 100%\n";
3096 print FILE "\n";
3097}
3098 print FILE <<END
3099#Set custom configured ACLs
3100END
3101 ;
3102 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPCop_banned_ips\n"; }
3103 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPCop_banned_mac\n"; }
3104
3105 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3106 {
3107 if (!-z $acl_src_unrestricted_ip)
3108 {
3109 print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
3110 }
3111 if (!-z $acl_src_unrestricted_mac)
3112 {
3113 print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
3114 }
3115 print FILE "http_access allow IPCop_networks";
3116 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3117 print FILE " !within_timeframe";
3118 } else {
3119 print FILE " within_timeframe"; }
3120 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3121 print FILE " to_domains_without_auth\n";
3122 }
3123
3124 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3125 {
3126 print FILE "http_access deny !for_inetusers";
3127 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3128 print FILE "\n";
3129 }
3130
3131 if (
3132 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3133 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3134 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3135 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3136 (!-z "$identdir/identauth.denyusers")
3137 )
3138 {
3139 print FILE "http_access deny for_acl_users";
3140 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3141 print FILE "\n";
3142 }
3143
3144 if (!-z $acl_src_unrestricted_ip)
3145 {
3146 print FILE "http_access allow IPCop_unrestricted_ips";
3147 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3148 {
3149 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3150 {
3151 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3152 }
3153 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3154 {
3155 print FILE " for_inetusers";
3156 }
3157 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3158 {
3159 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3160 {
3161 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3162 {
3163 print FILE " for_acl_users";
3164 }
3165 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3166 {
3167 print FILE " !for_acl_users";
3168 }
3169 } else { print FILE " for_inetusers"; }
3170 }
3171 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3172 {
3173 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3174 {
3175 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3176 {
3177 print FILE " for_acl_users";
3178 }
3179 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3180 {
3181 print FILE " !for_acl_users";
3182 }
3183 } else { print FILE " for_inetusers"; }
3184 }
3185 }
3186 print FILE "\n";
3187 }
3188
3189 if (!-z $acl_src_unrestricted_mac)
3190 {
3191 print FILE "http_access allow IPCop_unrestricted_mac";
3192 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3193 {
3194 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3195 {
3196 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3197 }
3198 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3199 {
3200 print FILE " for_inetusers";
3201 }
3202 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3203 {
3204 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3205 {
3206 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3207 {
3208 print FILE " for_acl_users";
3209 }
3210 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3211 {
3212 print FILE " !for_acl_users";
3213 }
3214 } else { print FILE " for_inetusers"; }
3215 }
3216 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3217 {
3218 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3219 {
3220 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3221 {
3222 print FILE " for_acl_users";
3223 }
3224 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3225 {
3226 print FILE " !for_acl_users";
3227 }
3228 } else { print FILE " for_inetusers"; }
3229 }
3230 }
3231 print FILE "\n";
3232 }
3233
3234 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3235 {
3236 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3237 if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
3238 }
3239
3240 if (
3241 (
3242 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3243 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3244 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3245 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3246 (!-z "$ntlmdir/msntauth.denyusers")
3247 )
3248 ||
3249 (
3250 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3251 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3252 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3253 (!-z "$raddir/radauth.denyusers")
3254 )
3255 ||
3256 (
3257 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3258 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3259 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3260 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3261 (!-z "$identdir/identauth.denyusers")
3262 )
3263 )
3264 {
3265 print FILE "http_access deny for_acl_users";
3266 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3267 print FILE "\n";
3268 }
3269
3270 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3271 {
3272 print FILE "http_access allow";
3273 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3274 print FILE " !within_timeframe";
3275 } else {
3276 print FILE " within_timeframe"; }
3277 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3278 print FILE " !on_ident_aware_hosts\n";
3279 }
3280
3281 print FILE "http_access allow IPCop_networks";
3282 if (
3283 (
3284 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3285 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3286 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3287 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3288 (!-z "$ntlmdir/msntauth.allowusers")
3289 )
3290 ||
3291 (
3292 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3293 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3294 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3295 (!-z "$raddir/radauth.allowusers")
3296 )
3297 ||
3298 (
3299 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3300 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3301 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3302 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3303 (!-z "$identdir/identauth.allowusers")
3304 )
3305 )
3306 {
3307 print FILE " for_acl_users";
3308 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3309 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3310 print FILE " for_inetusers";
3311 }
3312 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3313 {
3314 print FILE " !concurrent";
3315 }
3316 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3317 print FILE " !within_timeframe";
3318 } else {
3319 print FILE " within_timeframe"; }
3320 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3321 print FILE "\n";
3322
3323 print FILE "http_access deny all\n\n";
3324
3325 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3326 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3327 {
3328 print FILE "#Strip HTTP Header\n";
3329
3330 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3331 {
3332 print FILE "header_access X-Forwarded-For deny all\n";
3333 }
3334 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3335 {
3336 print FILE "header_access Via deny all\n";
3337 }
3338 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3339 {
3340 print FILE "header_access User-Agent deny all\n";
3341 }
3342 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3343 {
3344 print FILE "header_access Referer deny all\n";
3345 }
3346
3347 print FILE "\n";
3348
3349 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3350 {
3351 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3352 {
3353 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3354 }
3355 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3356 {
3357 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3358 }
3359 print FILE "\n";
3360 }
3361 }
3362
3363 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3364 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
3365 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
3366 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3367 {
3368 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3369 }
3370 print FILE "http_reply_access deny blocked_mimetypes\n";
3371 print FILE "http_reply_access allow all\n\n";
3372 }
3373
3374 print FILE <<END
3375maximum_object_size $proxysettings{'MAX_SIZE'} KB
3376minimum_object_size $proxysettings{'MIN_SIZE'} KB
3377
3378request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3379END
3380 ;
3381 $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
3382 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3383 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
3384 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
3385 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3386 {
3387 if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
3388 }
3389 }
3390 print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
3391
3392 print FILE "visible_hostname";
3393 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3394 {
3395 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3396 } else {
3397 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3398 }
3399
3400 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
3401
3402 # Write the parent proxy info, if needed.
3403 if ($remotehost ne '')
3404 {
3405 # Enter authentication for the parent cache (format is login=user:password)
3406 if ($proxy1 eq 'YES') {
3407 print FILE <<END
3408cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query
3409
3410END
3411 ;
3412 } else {
3413 # Not using authentication with the parent cache
3414 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3415 if ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3416 print FILE "\n";
3417 }
3418 print FILE "never_direct allow all\n\n";
3419 }
3420 if ($urlfilter_addon) {
3421 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
3422 {
3423 print FILE <<END
10e4f239 3424redirect_program /usr/bin/squidGuard
ed38f89d
MT
3425redirect_children $filtersettings{'CHILDREN'}
3426
3427END
3428 ;
3429 }
3430 }
3431 if ($updacclrtr_addon) {
3432 if ($proxysettings{'ENABLE_UPDACCEL'} eq 'on')
3433 {
3434 print FILE <<END
3435redirect_program /usr/local/bin/updacclrtr
3436redirect_children $updaccsettings{'ACCELERATORS'}
3437
3438END
3439 ;
3440 }
3441 }
3442 if (($proxysettings{'TRANSPARENT'} eq 'on') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))
3443 {
3444 print FILE <<END
3445httpd_accel_host virtual
3446httpd_accel_port 80
3447httpd_accel_with_proxy on
3448httpd_accel_uses_host_header on
3449END
3450 ;
3451 }
3452 close FILE;
3453}
3454
3455# -------------------------------------------------------------------
3456
3457sub adduser
3458{
3459 my ($str_user, $str_pass, $str_group) = @_;
3460 my @groupmembers=();
3461
3462 if ($str_pass eq 'lEaVeAlOnE')
3463 {
3464 open(FILE, "$userdb");
3465 @groupmembers = <FILE>;
3466 close(FILE);
3467 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3468 &deluser($str_user);
3469 open(FILE, ">>$userdb");
3470 flock FILE,2;
3471 print FILE "$str_user$str_pass";
3472 close(FILE);
3473 } else {
3474 &deluser($str_user);
3475 system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
3476 }
3477
3478 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3479 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3480 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3481 flock FILE, 2;
3482 print FILE "$str_user\n";
3483 close(FILE);
3484
3485 return;
3486}
3487
3488# -------------------------------------------------------------------
3489
3490sub deluser
3491{
3492 my ($str_user) = @_;
3493 my $groupfile='';
3494 my @groupmembers=();
3495 my @templist=();
3496
3497 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3498 {
3499 undef @templist;
3500 open(FILE, "$groupfile");
3501 @groupmembers = <FILE>;
3502 close(FILE);
3503 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3504 open(FILE, ">$groupfile");
3505 flock FILE, 2;
3506 print FILE @templist;
3507 close(FILE);
3508 }
3509
3510 undef @templist;
3511 open(FILE, "$userdb");
3512 @groupmembers = <FILE>;
3513 close(FILE);
3514 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3515 open(FILE, ">$userdb");
3516 flock FILE, 2;
3517 print FILE @templist;
3518 close(FILE);
3519
3520 return;
3521}
ac1cfefa 3522
ed38f89d 3523# -------------------------------------------------------------------