]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
HinzugefĆ¼gt:
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
CommitLineData
ac1cfefa
MT		 1#!/usr/bin/perl
2#
ed38f89d 3# IPCop CGIs
ac1cfefa
MT		 4#
5# This code is distributed under the terms of the GPL
6#
ed38f89d 7# $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $
ac1cfefa
MT		 8#
9
10use strict;
11
12# enable only the following on debugging purpose
13#use warnings;
14#use CGI::Carp 'fatalsToBrowser';
15
ed38f89d
MT		 16use IO::Socket;
17
18require '/var/ipfire/general-functions.pl';
ac1cfefa
MT		 19require "${General::swroot}/lang.pl";
20require "${General::swroot}/header.pl";
21
ed38f89d
MT		 22my $advproxyversion = `cat ${General::swroot}/proxy/advanced/version`;
23my $sysupdflagfile = "${General::swroot}/proxy/advanced/.up2date";
24
ac1cfefa
MT		 25my %proxysettings=();
26my %netsettings=();
ed38f89d
MT		 27my %filtersettings=();
28my %updaccsettings=();
29my %stdproxysettings=();
ac1cfefa 30my %mainsettings=();
ed38f89d
MT		 31my $urlfilter_addon=0;
32my $updacclrtr_addon=0;
33
34my %checked=();
35my %selected=();
36
37my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
38my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
39my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
40my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
41
42my @useragent=();
43my @useragentlist=();
44
45my $hintcolour='#FFFFCC';
46my $ncsa_buttontext='';
47my $language='';
48my $i=0;
49my $n=0;
50my $id=0;
51my $line='';
52my $user='';
53my @userlist=();
54my @grouplist=();
55my @temp=();
56my @templist=();
57
58my $cachemem=0;
59my $proxy1='';
60my $proxy2='';
61my $replybodymaxsize=0;
62my $browser_regexp='';
63my $needhup = 0;
64my $errormessage='';
65
66my $acldir = "${General::swroot}/proxy/advanced/acls";
67my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
68my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
69my $raddir = "${General::swroot}/proxy/advanced/radius";
70my $identdir = "${General::swroot}/proxy/advanced/ident";
71my $credir = "${General::swroot}/proxy/advanced/cre";
72
73my $userdb = "$ncsadir/passwd";
74my $stdgrp = "$ncsadir/standard.grp";
75my $extgrp = "$ncsadir/extended.grp";
76my $disgrp = "$ncsadir/disabled.grp";
77
78my $browserdb = "${General::swroot}/proxy/advanced/useragents";
79my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
80my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
81
82my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
83my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
84my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
85
86my $identhosts = "$identdir/hosts";
87
88my $libexecdir = "/usr/lib/squid";
89
90my $acl_src_subnets = "$acldir/src_subnets.acl";
91my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
92my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
93my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
94my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
95my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
96my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
97my $acl_dst_nocache = "$acldir/dst_nocache.acl";
98my $acl_dst_noauth = "$acldir/dst_noauth.acl";
99my $acl_dst_throttle = "$acldir/dst_throttle.acl";
100my $acl_include = "$acldir/include.acl";
101
102unless (-d "$acldir") { mkdir("$acldir"); }
103unless (-d "$ncsadir") { mkdir("$ncsadir"); }
104unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
105unless (-d "$raddir") { mkdir("$raddir"); }
106unless (-d "$identdir") { mkdir("$identdir"); }
107unless (-d "$credir") { mkdir("$credir"); }
108
109unless (-e $cre_groups) { system("touch $cre_groups"); }
110unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
111
112unless (-e $userdb) { system("touch $userdb"); }
113unless (-e $stdgrp) { system("touch $stdgrp"); }
114unless (-e $extgrp) { system("touch $extgrp"); }
115unless (-e $disgrp) { system("touch $disgrp"); }
116
117unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
118unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
119unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
120unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
121unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
122unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
123unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
124unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
125unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
126unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
127unless (-e $acl_include) { system("touch $acl_include"); }
128
129unless (-e $browserdb) { system("touch $browserdb"); }
130unless (-e $mimetypes) { system("touch $mimetypes"); }
131
132open FILE, $browserdb;
133@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
134close(FILE);
ac1cfefa
MT		 135
136&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
137&General::readhash("${General::swroot}/main/settings", \%mainsettings);
138
ed38f89d
MT		 139if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; }
140if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; }
141
142if ($urlfilter_addon) {
143 $filtersettings{'CHILDREN'} = '5';
144 if (-e "${General::swroot}/urlfilter/settings") {
145 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
146 }
147}
148
149if ($updacclrtr_addon) {
150 $updaccsettings{'ACCELERATORS'} = '10';
151 if (-e "${General::swroot}/updacclrtr/settings") {
152 &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings);
153 }
154}
155
ac1cfefa
MT		 156&Header::showhttpheaders();
157
158$proxysettings{'ACTION'} = '';
159$proxysettings{'VALID'} = '';
160
ac1cfefa
MT		 161$proxysettings{'ENABLE'} = 'off';
162$proxysettings{'ENABLE_BLUE'} = 'off';
ac1cfefa
MT		 163$proxysettings{'TRANSPARENT'} = 'off';
164$proxysettings{'TRANSPARENT_BLUE'} = 'off';
ed38f89d
MT		 165$proxysettings{'PROXY_PORT'} = '800';
166$proxysettings{'VISIBLE_HOSTNAME'} = '';
167$proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
168$proxysettings{'ERR_LANGUAGE'} = 'English';
169$proxysettings{'FORWARD_VIA'} = 'off';
170$proxysettings{'FORWARD_IPADDRESS'} = 'off';
171$proxysettings{'FORWARD_USERNAME'} = 'off';
172$proxysettings{'UPSTREAM_PROXY'} = '';
173$proxysettings{'UPSTREAM_USER'} = '';
174$proxysettings{'UPSTREAM_PASSWORD'} = '';
175$proxysettings{'LOGGING'} = 'off';
176$proxysettings{'LOGQUERY'} = 'off';
177$proxysettings{'LOGUSERAGENT'} = 'off';
178$proxysettings{'CACHE_MEM'} = '2';
179$proxysettings{'CACHE_SIZE'} = '50';
ac1cfefa
MT		 180$proxysettings{'MAX_SIZE'} = '4096';
181$proxysettings{'MIN_SIZE'} = '0';
ed38f89d
MT		 182$proxysettings{'MEM_POLICY'} = 'LRU';
183$proxysettings{'CACHE_POLICY'} = 'LRU';
184$proxysettings{'L1_DIRS'} = '16';
185$proxysettings{'OFFLINE_MODE'} = 'off';
186$proxysettings{'CLASSROOM_EXT'} = 'off';
187$proxysettings{'SUPERVISOR_PASSWORD'} = '';
188$proxysettings{'TIME_ACCESS_MODE'} = 'allow';
189$proxysettings{'TIME_FROM_HOUR'} = '00';
190$proxysettings{'TIME_FROM_MINUTE'} = '00';
191$proxysettings{'TIME_TO_HOUR'} = '24';
192$proxysettings{'TIME_TO_MINUTE'} = '00';
ac1cfefa
MT		 193$proxysettings{'MAX_OUTGOING_SIZE'} = '0';
194$proxysettings{'MAX_INCOMING_SIZE'} = '0';
ed38f89d
MT		 195$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
196$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
197$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
198$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
199$proxysettings{'THROTTLE_BINARY'} = 'off';
200$proxysettings{'THROTTLE_DSKIMG'} = 'off';
201$proxysettings{'THROTTLE_MMEDIA'} = 'off';
202$proxysettings{'ENABLE_MIME_FILTER'} = 'off';
203$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
204$proxysettings{'FAKE_USERAGENT'} = '';
205$proxysettings{'FAKE_REFERER'} = '';
206$proxysettings{'AUTH_METHOD'} = 'none';
207$proxysettings{'AUTH_REALM'} = '';
208$proxysettings{'AUTH_MAX_USERIP'} = '';
209$proxysettings{'AUTH_CACHE_TTL'} = '60';
210$proxysettings{'AUTH_IPCACHE_TTL'} = '0';
211$proxysettings{'AUTH_CHILDREN'} = '5';
212$proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
213$proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
214$proxysettings{'NCSA_USERNAME'} = '';
215$proxysettings{'NCSA_GROUP'} = '';
216$proxysettings{'NCSA_PASS'} = '';
217$proxysettings{'NCSA_PASS_CONFIRM'} = '';
218$proxysettings{'LDAP_BASEDN'} = '';
219$proxysettings{'LDAP_TYPE'} = 'ADS';
220$proxysettings{'LDAP_SERVER'} = '';
221$proxysettings{'LDAP_PORT'} = '389';
222$proxysettings{'LDAP_BINDDN_USER'} = '';
223$proxysettings{'LDAP_BINDDN_PASS'} = '';
224$proxysettings{'LDAP_GROUP'} = '';
225$proxysettings{'NTLM_DOMAIN'} = '';
226$proxysettings{'NTLM_PDC'} = '';
227$proxysettings{'NTLM_BDC'} = '';
228$proxysettings{'NTLM_ENABLE_ACL'} = 'off';
229$proxysettings{'NTLM_USER_ACL'} = 'positive';
230$proxysettings{'RADIUS_SERVER'} = '';
231$proxysettings{'RADIUS_PORT'} = '1645';
232$proxysettings{'RADIUS_IDENTIFIER'} = '';
233$proxysettings{'RADIUS_SECRET'} = '';
234$proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
235$proxysettings{'RADIUS_USER_ACL'} = 'positive';
236$proxysettings{'IDENT_REQUIRED'} = 'off';
237$proxysettings{'IDENT_TIMEOUT'} = '10';
238$proxysettings{'IDENT_ENABLE_ACL'} = 'off';
239$proxysettings{'IDENT_USER_ACL'} = 'positive';
240
241if ($urlfilter_addon) {
242 $proxysettings{'ENABLE_FILTER'} = 'off';
243}
244
245if ($updacclrtr_addon) {
246 $proxysettings{'ENABLE_UPDACCEL'} = 'off';
247}
248
249$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
ac1cfefa
MT		 250
251&Header::getcgihash(\%proxysettings);
252
ed38f89d
MT		 253if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
254if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
255if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
256if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
ac1cfefa 257
ed38f89d 258if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
ac1cfefa 259{
ed38f89d
MT		 260 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
261}
262
263if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
264{
265 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
266 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
267 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
268 }
269 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
270 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
271 }
272 if ($proxysettings{'NCSA_USERNAME'} eq '') {
273 $errormessage = $Lang::tr{'advproxy errmsg no username'};
274 }
275 if (!$errormessage) {
276 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
277 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
278 }
279 $proxysettings{'NCSA_USERNAME'} = '';
280 $proxysettings{'NCSA_GROUP'} = '';
281 $proxysettings{'NCSA_PASS'} = '';
282 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
283}
ac1cfefa 284
ed38f89d
MT		 285if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
286{
287 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
288 &deluser($proxysettings{'ID'});
289}
290
291if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
292{
293 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
294 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
295 @temp = split(/:/,$proxysettings{'ID'});
296 $proxysettings{'NCSA_USERNAME'} = $temp[0];
297 $proxysettings{'NCSA_GROUP'} = $temp[1];
298 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
299 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
300}
301
302if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
303{
ac1cfefa
MT		 304 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
305 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
306 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
307 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
308 $errormessage = $Lang::tr{'invalid input'};
309 goto ERROR;
310 }
311 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
312 ($proxysettings{'CACHE_SIZE'} < 10))
313 {
ed38f89d
MT		 314 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
315 goto ERROR;
316 }
317 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
318 ($proxysettings{'CACHE_MEM'} < 1))
319 {
320 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
ac1cfefa
MT		 321 goto ERROR;
322 }
ed38f89d
MT		 323 my @free = `/usr/bin/free`;
324 $free[1] =~ m/(\d+)/;
325 $cachemem = int $1 / 2048;
326 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
327 $proxysettings{'CACHE_MEM'} = $cachemem;
328 }
ac1cfefa
MT		 329 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
330 {
331 $errormessage = $Lang::tr{'invalid maximum object size'};
332 goto ERROR;
333 }
334 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
335 {
336 $errormessage = $Lang::tr{'invalid minimum object size'};
337 goto ERROR;
338 }
339 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
340 {
341 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
342 goto ERROR;
343 }
ed38f89d
MT		 344 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
345 {
346 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
347 goto ERROR;
348 }
ac1cfefa
MT		 349 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
350 {
351 $errormessage = $Lang::tr{'invalid maximum incoming size'};
352 goto ERROR;
353 }
ed38f89d 354 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
ac1cfefa 355 {
ed38f89d
MT		 356 $browser_regexp = '';
357 foreach (@useragentlist)
358 {
359 chomp;
360 @useragent = split(/,/);
361 if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
362 }
363 chop($browser_regexp);
364 if (!$browser_regexp)
365 {
366 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
367 goto ERROR;
368 }
369 }
370 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
371 {
372 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
373 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
374 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
375 {
376 if ($netsettings{'BLUE_DEV'})
377 {
378 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
379 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
380 {
381 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
382 goto ERROR;
383 }
384 } else {
385 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
386 {
387 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
388 goto ERROR;
389 }
390 }
391 }
392 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
393 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
394 {
395 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
396 goto ERROR;
397 }
398 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
399 {
400 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
401 goto ERROR;
402 }
403 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
404 {
405 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
406 goto ERROR;
407 }
408 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
409 {
410 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
411 goto ERROR;
412 }
413 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
414 {
415 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
416 goto ERROR;
417 }
418 }
419 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
420 {
421 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
422 {
423 $errormessage = $Lang::tr{'advproxy errmsg password length'};
424 goto ERROR;
425 }
426 }
427 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
428 {
429 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
430 {
431 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
432 goto ERROR;
433 }
434 }
435 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
436 {
437 if ($proxysettings{'LDAP_BASEDN'} eq '')
438 {
439 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
440 goto ERROR;
441 }
442 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
443 {
444 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
445 goto ERROR;
446 }
447 if (!&General::validport($proxysettings{'LDAP_PORT'}))
448 {
449 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
450 goto ERROR;
451 }
452 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
453 {
454 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
455 {
456 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
457 goto ERROR;
458 }
459 }
460 }
461 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
462 {
463 if ($proxysettings{'NTLM_DOMAIN'} eq '')
464 {
465 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
466 goto ERROR;
467 }
468 if ($proxysettings{'NTLM_PDC'} eq '')
469 {
470 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
471 goto ERROR;
472 }
473 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
474 {
475 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
476 goto ERROR;
477 }
478 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
479 {
480 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
481 goto ERROR;
482 }
483 }
484 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
485 {
486 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
487 {
488 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
489 goto ERROR;
490 }
491 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
494 goto ERROR;
495 }
496 if ($proxysettings{'RADIUS_SECRET'} eq '')
497 {
498 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
499 goto ERROR;
500 }
ac1cfefa
MT		 501 }
502
503 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
ed38f89d
MT		 504 $proxy1 = 'YES';
505 $proxy2 = 'YES';
ac1cfefa
MT		 506 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
507 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
508 if (($proxy1 ne $proxy2))
509 {
ed38f89d 510 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
ac1cfefa
MT		 511 goto ERROR;
512 }
513
ed38f89d
MT		 514ERROR:
515 &check_acls;
ac1cfefa 516
ed38f89d
MT		 517 if ($errormessage) {
518 $proxysettings{'VALID'} = 'no'; }
519 else {
520 $proxysettings{'VALID'} = 'yes'; }
ac1cfefa 521
ed38f89d 522 if ($proxysettings{'VALID'} eq 'yes')
ac1cfefa 523 {
ed38f89d 524 &write_acls;
ac1cfefa 525
ed38f89d
MT		 526 delete $proxysettings{'SRC_SUBNETS'};
527 delete $proxysettings{'SRC_BANNED_IP'};
528 delete $proxysettings{'SRC_BANNED_MAC'};
529 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
530 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
531 delete $proxysettings{'DST_NOCACHE'};
532 delete $proxysettings{'DST_NOAUTH'};
533 delete $proxysettings{'MIME_TYPES'};
534 delete $proxysettings{'NTLM_ALLOW_USERS'};
535 delete $proxysettings{'NTLM_DENY_USERS'};
536 delete $proxysettings{'RADIUS_ALLOW_USERS'};
537 delete $proxysettings{'RADIUS_DENY_USERS'};
538 delete $proxysettings{'IDENT_HOSTS'};
539 delete $proxysettings{'IDENT_ALLOW_USERS'};
540 delete $proxysettings{'IDENT_DENY_USERS'};
ac1cfefa 541
ed38f89d
MT		 542 delete $proxysettings{'CRE_GROUPS'};
543 delete $proxysettings{'CRE_SVHOSTS'};
ac1cfefa 544
ed38f89d
MT		 545 delete $proxysettings{'NCSA_USERNAME'};
546 delete $proxysettings{'NCSA_GROUP'};
547 delete $proxysettings{'NCSA_PASS'};
548 delete $proxysettings{'NCSA_PASS_CONFIRM'};
ac1cfefa 549
ed38f89d
MT		 550 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
551 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
552 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
553 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
554 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
555 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
556 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
ac1cfefa 557
ed38f89d
MT		 558 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
559 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
ac1cfefa 560
ed38f89d 561 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
ac1cfefa 562
ed38f89d
MT		 563 if ($urlfilter_addon)
564 {
565 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
566 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
567 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
568 }
ac1cfefa 569
ed38f89d
MT		 570 if ($updacclrtr_addon)
571 {
572 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
573 $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'};
574 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
ac1cfefa 575 }
ac1cfefa 576
ed38f89d
MT		 577 &writeconfig;
578 &writepacfile;
579
580 unlink "${General::swroot}/proxy/enable";
581 unlink "${General::swroot}/proxy/transparent";
582 unlink "${General::swroot}/proxy/enable_blue";
583 unlink "${General::swroot}/proxy/transparent_blue";
ac1cfefa 584
ac1cfefa
MT		 585 if ($proxysettings{'ENABLE'} eq 'on') {
586 system ('/bin/touch', "${General::swroot}/proxy/enable"); }
587 if ($proxysettings{'TRANSPARENT'} eq 'on') {
588 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }
589 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
590 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }
591 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
592 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
ed38f89d
MT		 593
594 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
ac1cfefa
MT		 595 }
596}
597
598if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})
599{
ac1cfefa
MT		 600 system('/usr/local/bin/restartsquid','-f');
601}
602
ed38f89d
MT		 603if (!$errormessage)
604{
605 if (-e "${General::swroot}/proxy/advanced/settings") {
606 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
607 } elsif (-e "${General::swroot}/proxy/settings") {
608 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
609 }
610 &read_acls;
611}
ac1cfefa
MT		 612
613$checked{'ENABLE'}{'off'} = '';
614$checked{'ENABLE'}{'on'} = '';
615$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
616
617$checked{'TRANSPARENT'}{'off'} = '';
618$checked{'TRANSPARENT'}{'on'} = '';
619$checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
620
621$checked{'ENABLE_BLUE'}{'off'} = '';
622$checked{'ENABLE_BLUE'}{'on'} = '';
623$checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
624
625$checked{'TRANSPARENT_BLUE'}{'off'} = '';
626$checked{'TRANSPARENT_BLUE'}{'on'} = '';
627$checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
628
ed38f89d
MT		 629$checked{'FORWARD_IPADDRESS'}{'off'} = '';
630$checked{'FORWARD_IPADDRESS'}{'on'} = '';
631$checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
632$checked{'FORWARD_USERNAME'}{'off'} = '';
633$checked{'FORWARD_USERNAME'}{'on'} = '';
634$checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
635$checked{'FORWARD_VIA'}{'off'} = '';
636$checked{'FORWARD_VIA'}{'on'} = '';
637$checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
638
639$selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
640$selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
641$selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
642$checked{'OFFLINE_MODE'}{'off'} = '';
643$checked{'OFFLINE_MODE'}{'on'} = '';
644$checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
645
ac1cfefa
MT		 646$checked{'LOGGING'}{'off'} = '';
647$checked{'LOGGING'}{'on'} = '';
648$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
ed38f89d
MT		 649$checked{'LOGQUERY'}{'off'} = '';
650$checked{'LOGQUERY'}{'on'} = '';
651$checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
652$checked{'LOGUSERAGENT'}{'off'} = '';
653$checked{'LOGUSERAGENT'}{'on'} = '';
654$checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
655
656$selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
657
658$checked{'CLASSROOM_EXT'}{'off'} = '';
659$checked{'CLASSROOM_EXT'}{'on'} = '';
660$checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
661
662$selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
663$selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
664$selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
665$selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
666$selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
667
668$proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
669$proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
670$proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
671$proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
672$proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
673$proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
674$proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
675
676$checked{'TIME_MON'}{'off'} = '';
677$checked{'TIME_MON'}{'on'} = '';
678$checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
679$checked{'TIME_TUE'}{'off'} = '';
680$checked{'TIME_TUE'}{'on'} = '';
681$checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
682$checked{'TIME_WED'}{'off'} = '';
683$checked{'TIME_WED'}{'on'} = '';
684$checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
685$checked{'TIME_THU'}{'off'} = '';
686$checked{'TIME_THU'}{'on'} = '';
687$checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
688$checked{'TIME_FRI'}{'off'} = '';
689$checked{'TIME_FRI'}{'on'} = '';
690$checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
691$checked{'TIME_SAT'}{'off'} = '';
692$checked{'TIME_SAT'}{'on'} = '';
693$checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
694$checked{'TIME_SUN'}{'off'} = '';
695$checked{'TIME_SUN'}{'on'} = '';
696$checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
697
698$selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
699$selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
700$selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
701$selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
702
703$checked{'THROTTLE_BINARY'}{'off'} = '';
704$checked{'THROTTLE_BINARY'}{'on'} = '';
705$checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
706$checked{'THROTTLE_DSKIMG'}{'off'} = '';
707$checked{'THROTTLE_DSKIMG'}{'on'} = '';
708$checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
709$checked{'THROTTLE_MMEDIA'}{'off'} = '';
710$checked{'THROTTLE_MMEDIA'}{'on'} = '';
711$checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
712
713$checked{'ENABLE_MIME_FILTER'}{'off'} = '';
714$checked{'ENABLE_MIME_FILTER'}{'on'} = '';
715$checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
716
717$checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
718$checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
719$checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
720
721foreach (@useragentlist) {
722 @useragent = split(/,/);
723 $checked{'UA_'.@useragent[0]}{'off'} = '';
724 $checked{'UA_'.@useragent[0]}{'on'} = '';
725 $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
726}
727
728$checked{'AUTH_METHOD'}{'none'} = '';
729$checked{'AUTH_METHOD'}{'ncsa'} = '';
730$checked{'AUTH_METHOD'}{'ident'} = '';
731$checked{'AUTH_METHOD'}{'ldap'} = '';
732$checked{'AUTH_METHOD'}{'ntlm'} = '';
733$checked{'AUTH_METHOD'}{'radius'} = '';
734$checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
ac1cfefa 735
ed38f89d
MT		 736$proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
737
738$checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
739$checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
740$checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
741
742$checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
743$checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
744$checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
745
746$selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
747
748$selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
749
750$proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
751
752$checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
753$checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
754$checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
755
756$checked{'NTLM_ENABLE_ACL'}{'off'} = '';
757$checked{'NTLM_ENABLE_ACL'}{'on'} = '';
758$checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
759
760$checked{'NTLM_USER_ACL'}{'positive'} = '';
761$checked{'NTLM_USER_ACL'}{'negative'} = '';
762$checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
763
764$checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
765$checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
766$checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
767
768$checked{'RADIUS_USER_ACL'}{'positive'} = '';
769$checked{'RADIUS_USER_ACL'}{'negative'} = '';
770$checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
771
772$checked{'IDENT_REQUIRED'}{'off'} = '';
773$checked{'IDENT_REQUIRED'}{'on'} = '';
774$checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
775
776$checked{'IDENT_ENABLE_ACL'}{'off'} = '';
777$checked{'IDENT_ENABLE_ACL'}{'on'} = '';
778$checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
779
780$checked{'IDENT_USER_ACL'}{'positive'} = '';
781$checked{'IDENT_USER_ACL'}{'negative'} = '';
782$checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
783
784if ($urlfilter_addon) {
785 $checked{'ENABLE_FILTER'}{'off'} = '';
786 $checked{'ENABLE_FILTER'}{'on'} = '';
787 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
788}
789
790if ($updacclrtr_addon) {
791 $checked{'ENABLE_UPDACCEL'}{'off'} = '';
792 $checked{'ENABLE_UPDACCEL'}{'on'} = '';
793 $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'";
794}
795
796&Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
ac1cfefa
MT		 797
798&Header::openbigbox('100%', 'left', '', $errormessage);
799
800if ($errormessage) {
801 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
802 print "<font class='base'>$errormessage&nbsp;</font>\n";
803 &Header::closebox();
804}
805
ed38f89d
MT		 806if (($advproxyversion lt $latest) && (-e $sysupdflagfile)) { unlink($sysupdflagfile); }
807
808if (!-e $sysupdflagfile) {
809 &Header::openbox('100%', 'left', $Lang::tr{'advproxy update notification'});
810 print "<table width='100%' cellpadding='5'>\n";
811 print "<tr>\n";
812 print "<td bgcolor='$hintcolour' class='base'>$Lang::tr{'advproxy update information'}</td>";
813 print "</tr>\n";
814 print "</table>\n";
815 &Header::closebox();
816}
817
818# ===================================================================
819# Main settings
820# ===================================================================
821
822unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
823
ac1cfefa
MT		 824print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
825
ed38f89d
MT		 826&Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
827
ac1cfefa
MT		 828print <<END
829<table width='100%'>
830<tr>
ed38f89d
MT		 831 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
832</tr>
833<tr>
834 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
835 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
836 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:</td>
837 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
ac1cfefa
MT		 838</tr>
839<tr>
ed38f89d 840 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
ac1cfefa 841 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
ed38f89d
MT		 842 <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
843 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
ac1cfefa
MT		 844</tr>
845<tr>
846END
847;
848if ($netsettings{'BLUE_DEV'}) {
ed38f89d 849 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT		 850 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
851} else {
852 print "<td colspan='2'>&nbsp;</td>";
853}
854print <<END
ed38f89d
MT		 855 <td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
856 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
ac1cfefa
MT		 857</tr>
858<tr>
859END
860;
861if ($netsettings{'BLUE_DEV'}) {
ed38f89d 862 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
ac1cfefa
MT		 863 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
864} else {
865 print "<td colspan='2'>&nbsp;</td>";
866}
867print <<END
ed38f89d
MT		 868 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
869 <td class='base'>
870 <select name='ERR_LANGUAGE'>
871END
872;
873 foreach (</usr/lib/squid/errors/*>) {
874 if (-d) {
875 $language = substr($_,rindex($_,"/")+1);
876 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
877 }
878 }
879print <<END
880 </select>
881 </td>
882</tr>
883</table>
884<hr size='1'>
885<table width='100%'>
886<tr>
887 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
888</tr>
889<tr>
890 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}</font>:</td>
891 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
892 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
893 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
894</tr>
895<tr>
896 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}</font>:</td>
897 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
898 <td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
899 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
ac1cfefa 900</tr>
ac1cfefa 901<tr>
ed38f89d
MT		 902 <td class='base'>$Lang::tr{'advproxy username forwarding'}</font>:</td>
903 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
904 <td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
905 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
906</tr>
907</table>
908<hr size='1'>
909<table width='100%'>
910<tr>
911 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
912</tr>
913<tr>
914 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
915 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
916 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
917 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
918</tr>
919<tr>
920 <td>&nbsp;</td>
921 <td>&nbsp;</td>
922 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
923 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
924</tr>
925</table>
926<hr size='1'>
927<table width='100%'>
928<tr>
929 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
930</tr>
931<tr>
932 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
ac1cfefa
MT		 933</tr>
934<tr>
ed38f89d
MT		 935 <td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
936 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
937 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:</td>
ac1cfefa
MT		 938 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
939</tr>
940<tr>
ed38f89d 941 <td class='base'>$Lang::tr{'advproxy min size'}:</td>
ac1cfefa 942 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
ed38f89d 943 <td class='base'>$Lang::tr{'advproxy max size'}:</td>
ac1cfefa
MT		 944 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
945</tr>
946<tr>
ed38f89d
MT		 947 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
948 <td class='base'><select name='L1_DIRS'>
949 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
950 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
951 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
952 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
953 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
954 </select></td>
955 <td colspan='2' rowspan= '5' valign='top' class='base'>
956 <table cellpadding='0' cellspacing='0'>
957 <tr>
958 <!-- intentionally left empty -->
959 </tr>
960 <tr>
961 <td>$Lang::tr{'advproxy no cache sites'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
962 </tr>
963 <tr>
964 <!-- intentionally left empty -->
965 </tr>
966 <tr>
967 <!-- intentionally left empty -->
968 </tr>
969 <tr>
970 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
971END
972;
973
974print $proxysettings{'DST_NOCACHE'};
975
976print <<END
977</textarea></td>
978 </tr>
979 </table>
980 </td>
981</tr>
982<tr>
983 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
984 <td class='base'><select name='MEM_POLICY'>
985 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
986 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
987 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
988 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
989 </select></td>
990</tr>
991<tr>
992 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
993 <td class='base'><select name='CACHE_POLICY'>
994 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
995 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
996 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
997 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
998 </select></td>
999</tr>
1000<tr>
1001 <td colspan='2'>&nbsp;</td>
1002</tr>
1003<tr>
1004 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1005 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1006</tr>
1007</table>
1008<hr size='1'>
1009<table width='100%'>
1010<tr>
1011 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1012</tr>
1013<tr>
1014 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1015</tr>
1016<tr>
1017 <td colspan='2' class='base'>$Lang::tr{'advproxy allowed subnets'}:</td>
1018 <td colspan='2'>&nbsp;</td>
1019</tr>
1020<tr>
1021 <td colspan='2'><textarea name='SRC_SUBNETS' cols='32' rows='6' wrap='off'>
1022END
1023;
1024
1025if (!$proxysettings{'SRC_SUBNETS'}) {
1026 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1027 if ($netsettings{'BLUE_DEV'}) {
1028 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1029 }
1030} else {
1031 print $proxysettings{'SRC_SUBNETS'};
1032}
1033
1034print <<END
1035</textarea></td>
1036 <td colspan='2'>&nbsp;</td>
1037</tr>
1038</table>
1039<table width='100%'>
1040<tr>
1041 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1042</tr>
1043<tr>
1044 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1045 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1046</tr>
1047<tr>
1048 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='6' wrap='off'>
1049END
1050;
1051
1052 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1053
1054print <<END
1055</textarea></td>
1056 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='6' wrap='off'>
1057END
1058;
1059
1060print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1061
1062print <<END
1063</textarea></td>
1064</tr>
1065</table>
1066<table width='100%'>
1067<tr>
1068 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1069</tr>
1070<tr>
1071 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1072 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1073</tr>
1074<tr>
1075 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='6' wrap='off'>
1076END
1077;
1078
1079 print $proxysettings{'SRC_BANNED_IP'};
1080
1081print <<END
1082</textarea></td>
1083 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='6' wrap='off'>
1084END
1085;
1086
1087print $proxysettings{'SRC_BANNED_MAC'};
1088
1089print <<END
1090</textarea></td>
1091</tr>
1092</table>
1093
1094<hr size='1'>
1095
1096END
1097;
1098# -------------------------------------------------------------------
1099# CRE GUI - optional
1100# -------------------------------------------------------------------
1101
1102if (-e $cre_enabled) { print <<END
1103<table width='100%'>
1104
1105<tr>
1106 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b></td>
1107</tr>
1108<tr>
1109 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1110</tr>
1111<tr>
1112 <td class='base'>$Lang::tr{'advproxy enabled'}:</td>
1113 <td><input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1114 <td class='base'>$Lang::tr{'advproxy supervisor password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1115 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1116</tr>
1117<tr>
1118 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1119 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1120</tr>
1121<tr>
1122 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1123END
1124;
1125
1126 print $proxysettings{'CRE_GROUPS'};
1127
1128print <<END
1129</textarea></td>
1130 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1131END
1132;
1133 print $proxysettings{'CRE_SVHOSTS'};
1134
1135print <<END
1136</textarea></td>
1137</tr>
1138
1139</table>
1140
1141<hr size='1'>
1142END
1143;
1144} else {
1145 print <<END
1146 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1147 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1148 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1149END
1150;
1151}
1152# -------------------------------------------------------------------
1153
1154print <<END
1155
1156<table width='100%'>
1157<tr>
1158 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1159</tr>
1160<table width='100%'>
1161<tr>
1162 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1163 <td width='1%'>&nbsp;</td>
1164 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1165 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1166 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1167 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1168 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1169 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1170 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1171 <td width='1%'>&nbsp;&nbsp;</td>
1172 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1173 <td width='1%'>&nbsp;</td>
1174 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1175 <td>&nbsp;</td>
1176</tr>
1177<tr>
1178 <td class='base'>
1179 <select name='TIME_ACCESS_MODE'>
1180 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1181 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1182 </select>
1183 </td>
1184 <td>&nbsp;</td>
1185 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1186 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1187 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1188 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1189 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1190 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1191 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1192 <td>&nbsp;</td>
1193 <td class='base'>
1194 <select name='TIME_FROM_HOUR'>
1195END
1196;
1197for ($i=0;$i<=24;$i++) {
1198 $_ = sprintf("%02s",$i);
1199 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1200}
1201print <<END
1202 </select>
1203 </td>
1204 <td>:</td>
1205 <td class='base'>
1206 <select name='TIME_FROM_MINUTE'>
1207END
1208;
1209for ($i=0;$i<=45;$i+=15) {
1210 $_ = sprintf("%02s",$i);
1211 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1212}
1213print <<END
1214 </select>
1215 <td> - </td>
1216 </td>
1217 <td class='base'>
1218 <select name='TIME_TO_HOUR'>
1219END
1220;
1221for ($i=0;$i<=24;$i++) {
1222 $_ = sprintf("%02s",$i);
1223 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1224}
1225print <<END
1226 </select>
1227 </td>
1228 <td>:</td>
1229 <td class='base'>
1230 <select name='TIME_TO_MINUTE'>
1231END
1232;
1233for ($i=0;$i<=45;$i+=15) {
1234 $_ = sprintf("%02s",$i);
1235 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1236}
1237print <<END
1238 </select>
1239 </td>
1240</tr>
1241</table>
1242<hr size='1'>
1243<table width='100%'>
1244<tr>
1245 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
ac1cfefa
MT		 1246</tr>
1247<tr>
ed38f89d
MT		 1248 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:</td>
1249 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1250 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:</td>
1251 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
ac1cfefa
MT		 1252</tr>
1253</table>
ed38f89d 1254<hr size='1'>
ac1cfefa 1255<table width='100%'>
ac1cfefa 1256<tr>
ed38f89d
MT		 1257 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1258</tr>
1259<tr>
1260 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1261 <td width='20%' class='base'>
1262 <select name='THROTTLING_GREEN_TOTAL'>
1263END
1264;
1265
1266foreach (@throttle_limits) {
1267 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
1268}
1269
1270print <<END
1271 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1272 </select>
1273 </td>
1274 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1275 <td width='30%' class='base'>
1276 <select name='THROTTLING_GREEN_HOST'>
1277END
1278;
1279
1280foreach (@throttle_limits) {
1281 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
1282}
1283
1284print <<END
1285 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1286 </select>
1287 </td>
1288</tr>
1289END
1290;
1291
1292if ($netsettings{'BLUE_DEV'}) {
1293 print <<END
1294<tr>
1295 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1296 <td class='base'>
1297 <select name='THROTTLING_BLUE_TOTAL'>
1298END
1299;
1300
1301foreach (@throttle_limits) {
1302 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
1303}
1304
1305print <<END
1306 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1307 </select>
1308 </td>
1309 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1310 <td class='base'>
1311 <select name='THROTTLING_BLUE_HOST'>
1312END
1313;
1314
1315foreach (@throttle_limits) {
1316 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
1317}
1318
1319print <<END
1320 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1321 </select>
ac1cfefa 1322 </td>
ac1cfefa 1323</tr>
ed38f89d
MT		 1324END
1325;
1326}
ac1cfefa 1327
ed38f89d
MT		 1328print <<END
1329</table>
1330<table width='100%'>
1331<tr>
1332 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1333</tr>
1334<tr>
1335 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1336 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1337 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1338 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1339 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1340 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1341 <td width='15%'>&nbsp;</td>
1342 <td width='10%'>&nbsp;</td>
1343</tr>
ac1cfefa 1344</table>
ed38f89d
MT		 1345<hr size='1'>
1346<table width='100%'>
1347<tr>
1348 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b></td>
1349</tr>
1350<tr>
1351 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1352 <td width='20%'><input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1353</tr>
1354<tr>
1355 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1356 <td>&nbsp;</td>
1357 <td>&nbsp;</td>
1358</tr>
1359<tr>
1360 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
ac1cfefa
MT		 1361END
1362;
ac1cfefa 1363
ed38f89d 1364print $proxysettings{'MIME_TYPES'};
ac1cfefa 1365
ed38f89d
MT		 1366print <<END
1367</textarea></td>
1368 <td>&nbsp;</td>
1369 <td>&nbsp;</td>
1370</tr>
1371</table>
1372<hr size='1'>
1373<table width='100%'>
1374<tr>
1375 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b></td>
1376</tr>
1377<tr>
1378 <td width='25%' class='base'>$Lang::tr{'advproxy UA enable filter'}:</td>
1379 <td width='20%'><input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1380 <td>&nbsp;</td>
1381 <td>&nbsp;</td>
1382</tr>
1383<tr>
1384 <td colspan='4'><i>
1385END
1386;
1387if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1388print <<END
1389</i></td>
1390</tr>
1391</table>
1392<table width='100%'>
1393END
1394;
ac1cfefa 1395
ed38f89d
MT		 1396for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1397 for ($i=0; $i<=3; $i++) {
1398 if ($i eq 0) { print "<tr>\n"; }
1399 if (($n+$i) < @useragentlist) {
1400 @useragent = split(/,/,@useragentlist[$n+$i]);
1401 print "<td width='15%'>@useragent[1]:<\/td>\n";
1402 print "<td width='10%'><input type='checkbox' name='UA_@useragent[0]' $checked{'UA_'.@useragent[0]}{'on'} /></td>\n";
1403 }
1404 if ($i eq 3) { print "<\/tr>\n"; }
1405 }
1406}
1407
1408print <<END
1409</table>
1410<hr size='1'>
1411<table width='100%'>
1412<tr>
1413 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1414</tr>
1415<tr>
1416 <td class='base'>$Lang::tr{'advproxy fake useragent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1417</tr>
1418<tr>
1419 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
1420</tr>
1421<tr>
1422 <td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1423</tr>
1424<tr>
1425 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
1426</tr>
1427</table>
1428<hr size='1'>
1429END
1430;
1431
1432if ($urlfilter_addon) {
1433 print <<END
1434<table width='100%'>
1435<tr>
1436 <td colspan='4'><b>$Lang::tr{'advproxy url filter'}</b></td>
1437</tr>
1438<tr>
1439 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1440 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
1441 <td>&nbsp;</td>
1442 <td>&nbsp;</td>
1443</tr>
1444</table>
1445<hr size='1'>
1446END
1447; }
1448
1449if (($updacclrtr_addon) && (!($urlfilter_addon))) {
1450 print <<END
1451<table width='100%'>
1452<tr>
1453 <td colspan='4'><b>$Lang::tr{'advproxy update accelerator'}</b></td>
1454</tr>
1455<tr>
1456 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1457 <td><input type='checkbox' name='ENABLE_UPDACCEL' $checked{'ENABLE_UPDACCEL'}{'on'} /></td>
1458 <td>&nbsp;</td>
1459 <td>&nbsp;</td>
1460</tr>
1461</table>
1462<hr size='1'>
1463END
1464; }
1465
1466print <<END
1467<table width='100%'>
1468<tr>
1469 <td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1470</tr>
1471<tr>
1472 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1473 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1474 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1475 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1476 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1477 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1478</tr>
1479</table>
1480END
1481;
1482
1483if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1484<hr size='1'>
1485<table width='100%'>
1486<tr>
1487 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1488</tr>
1489<tr>
1490 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1491</tr>
1492<tr>
1493 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1494 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1495 <td colspan='2' rowspan= '6' valign='top' class='base'>
1496 <table cellpadding='0' cellspacing='0'>
1497 <tr>
1498 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1499 </tr>
1500 <tr>
1501 <!-- intentionally left empty -->
1502 </tr>
1503 <tr>
1504 <!-- intentionally left empty -->
1505 </tr>
1506 <tr>
1507 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1508 </tr>
1509 <tr>
1510 <!-- intentionally left empty -->
1511 </tr>
1512 <tr>
1513 <!-- intentionally left empty -->
1514 </tr>
1515 <tr>
1516 <td>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1517 </tr>
1518 <tr>
1519 <!-- intentionally left empty -->
1520 </tr>
1521 <tr>
1522 <!-- intentionally left empty -->
1523 </tr>
1524 <tr>
1525 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1526END
1527;
1528
1529print $proxysettings{'DST_NOAUTH'};
1530
1531print <<END
1532</textarea></td>
1533 </tr>
1534 </table>
1535 </td>
1536</tr>
1537<tr>
1538 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1539 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1540</tr>
1541<tr>
1542 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1543 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1544</tr>
1545<tr>
1546 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1547 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1548</tr>
1549<tr>
1550 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1551 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1552</tr>
1553<tr>
1554 <td colspan='2'>&nbsp;</td>
1555</tr>
1556</table>
1557END
1558;
1559}
1560
1561# ===================================================================
1562# NCSA auth settings
1563# ===================================================================
1564
1565if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1566print <<END
1567<hr size='1'>
1568<table width='100%'>
1569<tr>
1570 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1571</tr>
1572<tr>
1573 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1574 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1575 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1576 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1577</tr>
1578<tr>
1579 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1580 <td>&nbsp;</td>
1581 <td>&nbsp;</td>
1582</tr>
1583</table>
1584END
1585; }
1586
1587# ===================================================================
1588# IDENTD auth settings
1589# ===================================================================
1590
1591if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1592print <<END
1593<hr size ='1'>
1594<table width='100%'>
1595<tr>
1596 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1597</tr>
1598<tr>
1599 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1600 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1601 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1602 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1603</tr>
1604<tr>
1605 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1606 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1607 <td>&nbsp;</td>
1608 <td>&nbsp;</td>
1609</tr>
1610<tr>
1611 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1612 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1613</tr>
1614<tr>
1615 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1616END
1617;
1618if (!$proxysettings{'IDENT_HOSTS'}) {
1619 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1620 if ($netsettings{'BLUE_DEV'}) {
1621 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1622 }
1623} else {
1624 print $proxysettings{'IDENT_HOSTS'};
1625}
1626
1627print <<END
1628</textarea></td>
1629 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1630END
1631;
1632
1633print $proxysettings{'DST_NOAUTH'};
1634
1635print <<END
1636</textarea></td>
1637</tr>
1638</table>
1639<hr size ='1'>
1640<table width='100%'>
1641<tr>
1642 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1643</tr>
1644<tr>
1645 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1646 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1647 <td width='25%'>&nbsp;</td>
1648 <td width='30%'>&nbsp;</td>
1649</tr>
1650<tr>
1651 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1652 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1653 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1654 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1655</tr>
1656<tr>
1657 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1658 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1659</tr>
1660<tr>
1661 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1662END
1663; }
1664
1665if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1666
1667if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1668</textarea></td>
1669 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1670END
1671; }
1672
1673if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1674
1675if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1676</textarea></td>
1677</tr>
1678</table>
1679END
1680; }
1681
1682# ===================================================================
1683# NTLM auth settings
1684# ===================================================================
1685
1686if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1687print <<END
1688<hr size='1'>
1689<table width='100%'>
1690<tr>
1691 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1692</tr>
1693<tr>
1694 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1695 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1696 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1697 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1698 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1699 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1700</tr>
1701</table>
1702<hr size ='1'>
1703<table width='100%'>
1704<tr>
1705 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1706</tr>
1707<tr>
1708 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1709 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1710 <td>&nbsp;</td>
1711</tr>
1712</table>
1713<hr size ='1'>
1714<table width='100%'>
1715<tr>
1716 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1717</tr>
1718<tr>
1719 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1720 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1721 <td width='25%'>&nbsp;</td>
1722 <td width='30%'>&nbsp;</td>
1723</tr>
1724<tr>
1725 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1726 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1727 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1728 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1729</tr>
1730<tr>
1731 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1732 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1733</tr>
1734<tr>
1735 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1736END
1737; }
1738
1739if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1740
1741if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1742</textarea></td>
1743 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1744END
1745; }
1746
1747if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1748
1749if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1750</textarea></td>
1751</tr>
1752</table>
1753END
1754; }
1755
1756# ===================================================================
1757# LDAP auth settings
1758# ===================================================================
1759
1760if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1761print <<END
1762<hr size='1'>
1763<table width='100%'>
1764<tr>
1765 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1766</tr>
1767<tr>
1768 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1769 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1770 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1771 <td class='base'><select name='LDAP_TYPE'>
1772 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1773 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1774 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1775 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1776 </select></td>
1777</tr>
1778<tr>
1779 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1780 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1781 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1782 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1783</tr>
1784</table>
1785<hr size ='1'>
1786<table width='100%'>
1787<tr>
1788 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1789</tr>
1790<tr>
1791 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1792 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1793 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1794 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1795</tr>
1796</table>
1797<hr size ='1'>
1798<table width='100%'>
1799<tr>
1800 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1801</tr>
1802<tr>
1803 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1804 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1805 <td>&nbsp;</td>
1806 <td>&nbsp;</td>
1807</tr>
1808</table>
1809END
1810; }
1811
1812# ===================================================================
1813# RADIUS auth settings
1814# ===================================================================
1815
1816if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1817print <<END
1818<hr size='1'>
1819<table width='100%'>
1820<tr>
1821 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1822</tr>
1823<tr>
1824 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1825 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1826 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1827 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1828</tr>
1829<tr>
1830 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1831 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1832 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1833 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1834</tr>
1835</table>
1836<hr size ='1'>
1837<table width='100%'>
1838<tr>
1839 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1840</tr>
1841<tr>
1842 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1843 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1844 <td width='25%'>&nbsp;</td>
1845 <td width='30%'>&nbsp;</td>
1846</tr>
1847<tr>
1848 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1849 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1850 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1851 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1852</tr>
1853<tr>
1854 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1855 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1856</tr>
1857<tr>
1858 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1859END
1860; }
1861
1862if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
1863
1864if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1865</textarea></td>
1866 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
1867END
1868; }
1869
1870if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
1871
1872if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1873</textarea></td>
1874</tr>
1875</table>
1876END
1877; }
1878
1879# ===================================================================
1880
1881}
1882
1883print "<table>\n";
1884
1885if ($proxysettings{'AUTH_METHOD'} eq 'none') {
1886print <<END
1887<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1888<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1889<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1890<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1891<td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
1892<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1893<td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
1894END
1895; }
1896
1897if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1898print <<END
1899<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1900<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1901<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1902<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1903<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1904END
1905; }
1906
1907if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
1908print <<END
1909<td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
1910<td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
1911END
1912; }
1913
1914if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
1915print <<END
1916<td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
1917<td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
1918<td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
1919<td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
1920<td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
1921<td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
1922<td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
1923END
1924; }
1925
1926if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
1927print <<END
1928<td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
1929<td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
1930<td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
1931<td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
1932<td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
1933<td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
1934<td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
1935END
1936; }
1937
1938if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
1939print <<END
1940<td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
1941<td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
1942<td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
1943<td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
1944<td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
1945<td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
1946<td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
1947<td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
1948END
1949; }
1950
1951if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
1952print <<END
1953<td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
1954<td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
1955<td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
1956<td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
1957<td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
1958<td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
1959<td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
1960<td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
1961END
1962; }
1963
1964print "</table>\n";
1965
1966print <<END
1967<hr size='1'>
1968END
1969;
1970
1971print <<END
1972<table width='100%'>
1973<tr>
1974 <td>&nbsp;</td>
1975 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
1976 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
1977 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>
1978 <td>&nbsp;</td>
1979</tr>
1980
1981</table>
1982<br />
1983<table width='100%'>
1984<tr>
1985 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;
1986 <font class='base'>$Lang::tr{'this field may be blank'}</font>
1987 </td>
1988 <td align='right'>
1989 <sup><small><a href='http://www.advproxy.net' target='_blank'>Advanced Proxy $advproxyversion</a></small></sup>
1990 </td>
1991</tr>
1992</table>
1993</form>
1994END
1995;
1996
1997&Header::closebox();
1998
1999} else {
2000
2001# ===================================================================
2002# NCSA user management
2003# ===================================================================
2004
2005&Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2006print <<END
2007<form method='post' action='$ENV{'SCRIPT_NAME'}'>
2008<table width='100%'>
2009<tr>
2010 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2011</tr>
2012<tr>
2013 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2014 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2015END
2016;
2017 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
2018 print <<END
2019 /></td>
2020 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2021 <td class='base'>
2022 <select name='NCSA_GROUP'>
2023 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2024 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2025 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2026 </select>
2027 </td>
2028
2029</tr>
2030<tr>
2031 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2032 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2033 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2034 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2035</tr>
2036</table>
2037<br>
2038<table>
2039<tr>
2040 <td>&nbsp;</td>
2041 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2042 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2043 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2044END
2045;
2046 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2047 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2048 }
2049
2050print <<END
2051 <td>&nbsp;</td>
2052 <td>&nbsp;</td>
2053 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2054</tr>
2055</table>
2056</form>
2057<hr size='1'>
2058<table width='100%'>
2059<tr>
2060 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2061</tr>
2062</table>
2063<table width='100%' align='center'>
2064END
2065;
2066
2067if (-e $extgrp)
2068{
2069 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2070 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2071}
2072if (-e $stdgrp)
2073{
2074 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2075 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2076}
2077if (-e $disgrp)
2078{
2079 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2080 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2081}
2082
2083@userlist = sort(@userlist);
2084
2085# If the password file contains entries, print entries and action icons
2086
2087if (! -z "$userdb") {
2088 print <<END
2089 <tr>
2090 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2091 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2092 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2093 </tr>
2094END
2095;
2096 $id = 0;
2097 foreach $line (@userlist)
2098 {
2099 $id++;
2100 chomp($line);
2101 @temp = split(/:/,$line);
2102 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2103 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2104 elsif ($id % 2) {
2105 print "<tr bgcolor='$Header::table1colour'>\n"; }
2106 else {
2107 print "<tr bgcolor='$Header::table2colour'>\n"; }
2108
2109 print <<END
2110 <td align='center'>$temp[0]</td>
2111 <td align='center'>
2112END
2113;
2114 if ($temp[1] eq 'standard') {
2115 print $Lang::tr{'advproxy NCSA grp standard'};
2116 } elsif ($temp[1] eq 'extended') {
2117 print $Lang::tr{'advproxy NCSA grp extended'};
2118 } elsif ($temp[1] eq 'disabled') {
2119 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2120 print <<END
2121 </td>
2122 <td width='8%' align='center'>
2123 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2124 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2125 <input type='hidden' name='ID' value='$line' />
2126 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2127 </form>
2128 </td>
2129
2130 <td width='8%' align='center'>
2131 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2132 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2133 <input type='hidden' name='ID' value='$temp[0]' />
2134 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2135 </form>
2136 </td>
2137 </tr>
2138END
2139;
2140 }
2141
2142print <<END
2143</table>
2144<br>
2145<table witdh='100%'>
2146<tr>
2147 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2148 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2149 <td class='base'>$Lang::tr{'edit'}</td>
2150 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2151 <td class='base'>$Lang::tr{'remove'}</td>
2152</tr>
2153END
2154;
2155} else {
2156 print <<END
2157 <tr>
2158 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2159 </tr>
2160END
2161;
2162}
2163
2164print <<END
2165</table>
2166END
2167;
2168
2169&Header::closebox();
2170
2171}
2172
2173# ===================================================================
2174
2175&Header::closebigbox();
2176
2177&Header::closepage();
2178
2179# -------------------------------------------------------------------
2180
2181sub read_acls
2182{
2183 if (-e "$acl_src_subnets") {
2184 open(FILE,"$acl_src_subnets");
2185 delete $proxysettings{'SRC_SUBNETS'};
2186 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2187 close(FILE);
2188 }
2189 if (-e "$acl_src_banned_ip") {
2190 open(FILE,"$acl_src_banned_ip");
2191 delete $proxysettings{'SRC_BANNED_IP'};
2192 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2193 close(FILE);
2194 }
2195 if (-e "$acl_src_banned_mac") {
2196 open(FILE,"$acl_src_banned_mac");
2197 delete $proxysettings{'SRC_BANNED_MAC'};
2198 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2199 close(FILE);
2200 }
2201 if (-e "$acl_src_unrestricted_ip") {
2202 open(FILE,"$acl_src_unrestricted_ip");
2203 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2204 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2205 close(FILE);
2206 }
2207 if (-e "$acl_src_unrestricted_mac") {
2208 open(FILE,"$acl_src_unrestricted_mac");
2209 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2210 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2211 close(FILE);
2212 }
2213 if (-e "$acl_dst_nocache") {
2214 open(FILE,"$acl_dst_nocache");
2215 delete $proxysettings{'DST_NOCACHE'};
2216 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2217 close(FILE);
2218 }
2219 if (-e "$acl_dst_noauth") {
2220 open(FILE,"$acl_dst_noauth");
2221 delete $proxysettings{'DST_NOAUTH'};
2222 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2223 close(FILE);
2224 }
2225 if (-e "$mimetypes") {
2226 open(FILE,"$mimetypes");
2227 delete $proxysettings{'MIME_TYPES'};
2228 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2229 close(FILE);
2230 }
2231 if (-e "$ntlmdir/msntauth.allowusers") {
2232 open(FILE,"$ntlmdir/msntauth.allowusers");
2233 delete $proxysettings{'NTLM_ALLOW_USERS'};
2234 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2235 close(FILE);
2236 }
2237 if (-e "$ntlmdir/msntauth.denyusers") {
2238 open(FILE,"$ntlmdir/msntauth.denyusers");
2239 delete $proxysettings{'NTLM_DENY_USERS'};
2240 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2241 close(FILE);
2242 }
2243 if (-e "$raddir/radauth.allowusers") {
2244 open(FILE,"$raddir/radauth.allowusers");
2245 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2246 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2247 close(FILE);
2248 }
2249 if (-e "$raddir/radauth.denyusers") {
2250 open(FILE,"$raddir/radauth.denyusers");
2251 delete $proxysettings{'RADIUS_DENY_USERS'};
2252 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2253 close(FILE);
2254 }
2255 if (-e "$identdir/identauth.allowusers") {
2256 open(FILE,"$identdir/identauth.allowusers");
2257 delete $proxysettings{'IDENT_ALLOW_USERS'};
2258 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2259 close(FILE);
2260 }
2261 if (-e "$identdir/identauth.denyusers") {
2262 open(FILE,"$identdir/identauth.denyusers");
2263 delete $proxysettings{'IDENT_DENY_USERS'};
2264 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2265 close(FILE);
2266 }
2267 if (-e "$identhosts") {
2268 open(FILE,"$identhosts");
2269 delete $proxysettings{'IDENT_HOSTS'};
2270 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2271 close(FILE);
2272 }
2273 if (-e "$cre_groups") {
2274 open(FILE,"$cre_groups");
2275 delete $proxysettings{'CRE_GROUPS'};
2276 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2277 close(FILE);
2278 }
2279 if (-e "$cre_svhosts") {
2280 open(FILE,"$cre_svhosts");
2281 delete $proxysettings{'CRE_SVHOSTS'};
2282 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2283 close(FILE);
2284 }
2285}
2286
2287# -------------------------------------------------------------------
2288
2289sub check_acls
2290{
2291 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2292 undef $proxysettings{'SRC_SUBNETS'};
2293 foreach (@temp)
2294 {
2295 s/^\s+//g; s/\s+$//g;
2296 if ($_)
2297 {
2298 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2299 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2300 }
2301 }
2302
2303 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2304 undef $proxysettings{'SRC_BANNED_IP'};
2305 foreach (@temp)
2306 {
2307 s/^\s+//g; s/\s+$//g;
2308 if ($_)
2309 {
2310 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2311 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2312 }
2313 }
2314
2315 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2316 undef $proxysettings{'SRC_BANNED_MAC'};
2317 foreach (@temp)
2318 {
2319 s/^\s+//g; s/\s+$//g; s/-/:/g;
2320 if ($_)
2321 {
2322 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2323 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2324 }
2325 }
2326
2327 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2328 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2329 foreach (@temp)
2330 {
2331 s/^\s+//g; s/\s+$//g;
2332 if ($_)
2333 {
2334 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2335 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2336 }
2337 }
2338
2339 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2340 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2341 foreach (@temp)
2342 {
2343 s/^\s+//g; s/\s+$//g; s/-/:/g;
2344 if ($_)
2345 {
2346 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2347 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2348 }
2349 }
2350
2351 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2352 {
2353 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2354 undef $proxysettings{'NTLM_ALLOW_USERS'};
2355 foreach (@temp)
2356 {
2357 s/^\s+//g; s/\s+$//g;
2358 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2359 }
2360 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2361 }
2362
2363 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2364 {
2365 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2366 undef $proxysettings{'NTLM_DENY_USERS'};
2367 foreach (@temp)
2368 {
2369 s/^\s+//g; s/\s+$//g;
2370 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2371 }
2372 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2373 }
2374
2375 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2376 {
2377 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2378 undef $proxysettings{'IDENT_ALLOW_USERS'};
2379 foreach (@temp)
2380 {
2381 s/^\s+//g; s/\s+$//g;
2382 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2383 }
2384 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2385 }
2386
2387 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2388 {
2389 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2390 undef $proxysettings{'IDENT_DENY_USERS'};
2391 foreach (@temp)
2392 {
2393 s/^\s+//g; s/\s+$//g;
2394 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2395 }
2396 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2397 }
2398
2399 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2400 {
2401 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2402 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2403 foreach (@temp)
2404 {
2405 s/^\s+//g; s/\s+$//g;
2406 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2407 }
2408 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2409 }
2410
2411 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2412 {
2413 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2414 undef $proxysettings{'RADIUS_DENY_USERS'};
2415 foreach (@temp)
2416 {
2417 s/^\s+//g; s/\s+$//g;
2418 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2419 }
2420 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2421 }
2422
2423 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2424 undef $proxysettings{'IDENT_HOSTS'};
2425 foreach (@temp)
2426 {
2427 s/^\s+//g; s/\s+$//g;
2428 if ($_)
2429 {
2430 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2431 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2432 }
2433 }
2434
2435 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2436 undef $proxysettings{'CRE_SVHOSTS'};
2437 foreach (@temp)
2438 {
2439 s/^\s+//g; s/\s+$//g;
2440 if ($_)
2441 {
2442 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2443 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2444 }
2445 }
2446}
2447
2448
2449# -------------------------------------------------------------------
2450
2451sub write_acls
2452{
2453 open(FILE, ">$acl_src_subnets");
2454 flock(FILE, 2);
2455 print FILE $proxysettings{'SRC_SUBNETS'};
2456 close(FILE);
2457
2458 open(FILE, ">$acl_src_banned_ip");
2459 flock(FILE, 2);
2460 print FILE $proxysettings{'SRC_BANNED_IP'};
2461 close(FILE);
2462
2463 open(FILE, ">$acl_src_banned_mac");
2464 flock(FILE, 2);
2465 print FILE $proxysettings{'SRC_BANNED_MAC'};
2466 close(FILE);
2467
2468 open(FILE, ">$acl_src_unrestricted_ip");
2469 flock(FILE, 2);
2470 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2471 close(FILE);
2472
2473 open(FILE, ">$acl_src_unrestricted_mac");
2474 flock(FILE, 2);
2475 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2476 close(FILE);
2477
2478 open(FILE, ">$acl_dst_nocache");
2479 flock(FILE, 2);
2480 print FILE $proxysettings{'DST_NOCACHE'};
2481 close(FILE);
2482
2483 open(FILE, ">$acl_dst_noauth");
2484 flock(FILE, 2);
2485 print FILE $proxysettings{'DST_NOAUTH'};
2486 close(FILE);
2487
2488 open(FILE, ">$acl_dst_throttle");
2489 flock(FILE, 2);
2490 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2491 {
2492 @temp = split(/\|/,$throttle_binary);
2493 foreach (@temp) { print FILE "\\.$_\$\n"; }
2494 }
2495 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2496 {
2497 @temp = split(/\|/,$throttle_dskimg);
2498 foreach (@temp) { print FILE "\\.$_\$\n"; }
2499 }
2500 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2501 {
2502 @temp = split(/\|/,$throttle_mmedia);
2503 foreach (@temp) { print FILE "\\.$_\$\n"; }
2504 }
2505 if (-s $throttled_urls)
2506 {
2507 open(URLFILE, $throttled_urls);
2508 @temp = <URLFILE>;
2509 close(URLFILE);
2510 foreach (@temp) { print FILE; }
2511 }
2512 close(FILE);
2513
2514 open(FILE, ">$mimetypes");
2515 flock(FILE, 2);
2516 print FILE $proxysettings{'MIME_TYPES'};
2517 close(FILE);
2518
2519 open(FILE, ">$ntlmdir/msntauth.allowusers");
2520 flock(FILE, 2);
2521 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2522 close(FILE);
2523
2524 open(FILE, ">$ntlmdir/msntauth.denyusers");
2525 flock(FILE, 2);
2526 print FILE $proxysettings{'NTLM_DENY_USERS'};
2527 close(FILE);
2528
2529 open(FILE, ">$raddir/radauth.allowusers");
2530 flock(FILE, 2);
2531 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2532 close(FILE);
2533
2534 open(FILE, ">$raddir/radauth.denyusers");
2535 flock(FILE, 2);
2536 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2537 close(FILE);
2538
2539 open(FILE, ">$identdir/identauth.allowusers");
2540 flock(FILE, 2);
2541 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2542 close(FILE);
2543
2544 open(FILE, ">$identdir/identauth.denyusers");
2545 flock(FILE, 2);
2546 print FILE $proxysettings{'IDENT_DENY_USERS'};
2547 close(FILE);
2548
2549 open(FILE, ">$identhosts");
2550 flock(FILE, 2);
2551 print FILE $proxysettings{'IDENT_HOSTS'};
2552 close(FILE);
2553
2554 open(FILE, ">$cre_groups");
2555 flock(FILE, 2);
2556 print FILE $proxysettings{'CRE_GROUPS'};
2557 close(FILE);
2558
2559 open(FILE, ">$cre_svhosts");
2560 flock(FILE, 2);
2561 print FILE $proxysettings{'CRE_SVHOSTS'};
2562 close(FILE);
2563}
2564
2565# -------------------------------------------------------------------
2566
2567sub writepacfile
2568{
2569 open(FILE, ">/home/httpd/html/proxy.pac");
2570 flock(FILE, 2);
2571 print FILE "function FindProxyForURL(url, host)\n";
2572 print FILE "{\n";
2573 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2574 {
2575 print FILE <<END
2576if (
2577 (isPlainHostName(host)) ||
2578 (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
2579 (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
2580 (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
2581 (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
2582 (isInNet(host, "192.168.0.0", "255.255.0.0"))
2583 )
2584 return "DIRECT";
2585
2586 else
2587
2588END
2589;
2590 if ($proxysettings{'ENABLE'} eq 'on')
2591 {
2592 print FILE <<END
2593if (
2594 (isInNet(myIpAddress(), "$netsettings{'GREEN_NETADDRESS'}", "$netsettings{'GREEN_NETMASK'}"))
2595 )
2596 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2597END
2598;
2599 }
2600 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2601 {
2602 print FILE "\n else\n\n";
2603 }
2604 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2605 {
2606 print FILE <<END
2607if (
2608 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2609 )
2610 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2611END
2612;
2613 }
2614 }
2615 print FILE "}\n";
2616 close(FILE);
2617}
2618
2619# -------------------------------------------------------------------
2620
2621sub writeconfig
2622{
2623 my $authrealm;
2624 my $delaypools;
2625
2626 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2627 $proxysettings{'THROTTLING_GREEN_HOST'} +
2628 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2629 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2630 {
2631 $delaypools = 1; } else { $delaypools = 0;
2632 }
2633
2634 if ($proxysettings{'AUTH_REALM'} eq '')
2635 {
2636 $authrealm = "IPFire Advanced Proxy Server";
2637 } else {
2638 $authrealm = $proxysettings{'AUTH_REALM'};
2639 }
2640
2641 $_ = $proxysettings{'UPSTREAM_PROXY'};
2642 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
2643
2644 if ($remoteport eq '') { $remoteport = 80; }
2645
2646 open(FILE, ">${General::swroot}/proxy/squid.conf");
2647 flock(FILE, 2);
2648 print FILE <<END
2649shutdown_lifetime 5 seconds
2650icp_port 0
2651
2652http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}
2653END
2654 ;
2655 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2656 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
2657 }
2658
2659 print FILE <<END
2660
2661acl QUERY urlpath_regex cgi-bin \\?
2662no_cache deny QUERY
2663END
2664 ;
2665 if (!-z $acl_dst_nocache) {
2666 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
2667 print FILE "no_cache deny no_cache_domains\n";
2668 }
2669
2670 print FILE <<END
2671
2672cache_effective_user squid
2673cache_effective_group squid
2674
2675pid_filename /var/run/squid.pid
2676
2677cache_mem $proxysettings{'CACHE_MEM'} MB
2678cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
2679
2680error_directory /usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}
2681
2682END
2683 ;
2684
2685 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
2686
2687 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
2688 {
2689 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
2690 {
2691 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
2692 }
2693 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
2694 {
2695 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
2696 }
2697 print FILE "\n";
2698 }
2699
2700 if ($proxysettings{'LOGGING'} eq 'on')
2701 {
2702 print FILE <<END
2703cache_access_log /var/log/squid/access.log
2704cache_log /var/log/squid/cache.log
2705cache_store_log none
2706END
2707 ;
2708 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
2709 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
2710 } else {
2711 print FILE <<END
2712cache_access_log /dev/null
2713cache_log /dev/null
2714cache_store_log none
2715END
2716 ;}
2717 print FILE <<END
2718
2719log_mime_hdrs off
2720END
2721 ;
2722
2723 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
2724 {
2725 print FILE "forwarded_for on\n\n";
2726 } else {
2727 print FILE "forwarded_for off\n\n";
2728 }
2729
2730 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
2731 {
2732 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2733 {
2734 print FILE "auth_param basic program $libexecdir/ncsa_auth $userdb\n";
2735 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2736 print FILE "auth_param basic realm $authrealm\n";
2737 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2738 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2739 }
2740
2741 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
2742 {
2743 print FILE "auth_param basic program $libexecdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
2744 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
2745 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
2746 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
2747 {
2748 if ($proxysettings{'LDAP_GROUP'} eq '')
2749 {
2750 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
2751 } else {
2752 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2753 }
2754 print FILE " -u sAMAccountName -P";
2755 }
2756 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
2757 {
2758 if ($proxysettings{'LDAP_GROUP'} eq '')
2759 {
2760 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
2761 } else {
2762 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
2763 }
2764 print FILE " -u cn -P";
2765 }
2766 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
2767 {
2768 if ($proxysettings{'LDAP_GROUP'} eq '')
2769 {
2770 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
2771 } else {
2772 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2773 }
2774 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
2775 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
2776 print FILE " -u uid -P";
2777 }
2778 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
2779 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2780 print FILE "auth_param basic realm $authrealm\n";
2781 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2782 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2783 }
2784
2785 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
2786 {
2787 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
2788 {
2789 print FILE "auth_param ntlm program $libexecdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
2790 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
2791 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
2792 print FILE "auth_param ntlm max_challenge_reuses 0\n";
2793 print FILE "auth_param ntlm max_challenge_lifetime 2 minutes\n";
2794 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2795 } else {
2796 print FILE "auth_param basic program $libexecdir/msnt_auth\n";
2797 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2798 print FILE "auth_param basic realm $authrealm\n";
2799 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2800 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2801
2802 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
2803 flock(MSNTCONF,2);
2804 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
2805 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
2806 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
2807 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
2808 {
2809 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
2810 {
2811 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
2812 } else {
2813 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
2814 }
2815 }
2816 close(MSNTCONF);
2817 }
2818 }
2819
2820 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
2821 {
2822 print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
2823 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
2824 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
2825 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2826 print FILE "auth_param basic realm $authrealm\n";
2827 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2828 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2829 }
2830
2831 print FILE "\n";
2832 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
2833 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
2834 {
2835 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2836 {
2837 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
2838 }
2839 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2840 {
2841 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
2842 }
2843 }
2844 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
2845 {
2846 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2847 {
2848 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
2849 }
2850 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2851 {
2852 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
2853 }
2854 }
2855 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2856 {
2857 print FILE "\n";
2858 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
2859 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
2860 }
2861 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
2862 print FILE "\n";
2863
2864 if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; }
2865 }
2866
2867 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2868 {
2869 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
2870 {
2871 print FILE "acl for_inetusers ident REQUIRED\n";
2872 }
2873 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
2874 {
2875 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2876 {
2877 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
2878 }
2879 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2880 {
2881 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
2882 }
2883 }
2884 }
2885
2886 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
2887
2888 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
2889
2890 print FILE "acl within_timeframe time ";
2891 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
2892 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
2893 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
2894 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
2895 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
2896 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
2897 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
2898 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
2899 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
2900 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
2901 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
2902
2903 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
2904 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
2905 }
2906
2907 print FILE <<END
2908acl all src 0.0.0.0/0.0.0.0
2909acl localhost src 127.0.0.1/255.255.255.255
2910acl SSL_ports port 443 563
2911acl Safe_ports port 80 # http
2912acl Safe_ports port 21 # ftp
2913acl Safe_ports port 443 563 # https, snews
2914acl Safe_ports port 70 # gopher
2915acl Safe_ports port 210 # wais
2916acl Safe_ports port 1025-65535 # unregistered ports
2917acl Safe_ports port 280 # http-mgmt
2918acl Safe_ports port 488 # gss-http
2919acl Safe_ports port 591 # filemaker
2920acl Safe_ports port 777 # multiling http
2921acl Safe_ports port 800 # Squids port (for icons)
2922
2923acl IPCop_http port 81
2924acl IPCop_https port 445
2925acl IPCop_ips dst $netsettings{'GREEN_ADDRESS'}
2926acl IPCop_networks src "$acl_src_subnets"
2927acl IPCop_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
2928END
2929 ;
2930 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
2931 if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips src \"$acl_src_banned_ip\"\n"; }
2932 if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac arp \"$acl_src_banned_mac\"\n"; }
2933 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
2934 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
2935 print FILE <<END
2936acl CONNECT method CONNECT
2937END
2938 ;
2939
2940 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
2941 print FILE <<END
2942
2943#Classroom extensions
2944acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
2945acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
2946END
2947 ;
2948 print FILE "deny_info ";
2949 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2950 print FILE "ERR_ACCESS_DISABLED";
2951 } else { print FILE "ERR_ACCESS_DENIED"; }
2952 print FILE " IPCop_no_access_ips\n";
2953 print FILE "deny_info ";
2954 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2955 print FILE "ERR_ACCESS_DISABLED";
2956 } else { print FILE "ERR_ACCESS_DENIED"; }
2957 print FILE " IPCop_no_access_mac\n";
2958
2959 print FILE <<END
2960http_access deny IPCop_no_access_ips
2961http_access deny IPCop_no_access_mac
2962END
2963 ;
2964 }
2965
2966 #Insert acl file and replace __VAR__ with correct values
2967 my $blue_net = ''; #BLUE empty by default
2968 my $blue_ip = '';
2969 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2970 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
2971 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
2972 }
2973 if (!-z $acl_include)
2974 {
2975 open (ACL, "$acl_include");
2976 print FILE "\n#Start of custom includes\n";
2977 while (<ACL>) {
2978 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
2979 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
2980 $_ =~ s/__BLUE_IP__/$blue_ip/;
2981 $_ =~ s/__BLUE_NET__/$blue_net/;
2982 print FILE $_;
2983 }
2984 print FILE "#End of custom includes\n";
2985 close (ACL);
2986 }
2987 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
2988 print FILE <<END
2989
2990#Access to squid:
2991#local machine, no restriction
2992http_access allow localhost
2993
2994#GUI admin if local machine connects
2995http_access allow IPCop_ips IPCop_networks IPCop_http
2996http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
2997
2998#Deny not web services
2999http_access deny !Safe_ports
3000http_access deny CONNECT !SSL_ports
3001
3002END
3003 ;
3004
3005if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3006{
3007print FILE "#Set ident ACLs\n";
3008if (!-z $identhosts)
3009 {
3010 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3011 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3012 print FILE "ident_lookup_access deny all\n";
3013 } else {
3014 print FILE "ident_lookup_access allow all\n";
3015 }
3016 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3017}
3018
3019if ($delaypools) {
3020 print FILE "#Set download throttling\n";
3021
3022 if ($netsettings{'BLUE_DEV'})
3023 {
3024 print FILE "delay_pools 2\n";
3025 } else {
3026 print FILE "delay_pools 1\n";
3027 }
3028
3029 print FILE "delay_class 1 3\n";
3030 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3031
3032 print FILE "delay_parameters 1 ";
3033 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3034 {
3035 print FILE "-1/-1";
3036 } else {
3037 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3038 print FILE "/";
3039 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3040 }
3041
3042 print FILE " -1/-1 ";
3043 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3044 {
3045 print FILE "-1/-1";
3046 } else {
3047 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3048 print FILE "/";
3049 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3050 }
3051 print FILE "\n";
3052
3053 if ($netsettings{'BLUE_DEV'})
3054 {
3055 print FILE "delay_parameters 2 ";
3056 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3057 {
3058 print FILE "-1/-1";
3059 } else {
3060 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3061 print FILE "/";
3062 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3063 }
3064 print FILE " -1/-1 ";
3065 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3066 {
3067 print FILE "-1/-1";
3068 } else {
3069 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3070 print FILE "/";
3071 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3072 }
3073 print FILE "\n";
3074 }
3075
3076 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
3077 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
3078 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3079
3080 if ($netsettings{'BLUE_DEV'})
3081 {
3082 print FILE "delay_access 1 allow IPCop_green_network";
3083 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3084 print FILE "\n";
3085 print FILE "delay_access 1 deny all\n";
3086 } else {
3087 print FILE "delay_access 1 allow all";
3088 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3089 print FILE "\n";
3090 }
3091
3092 if ($netsettings{'BLUE_DEV'})
3093 {
3094 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
3095 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
3096 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3097 print FILE "delay_access 2 allow IPCop_blue_network";
3098 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3099 print FILE "\n";
3100 print FILE "delay_access 2 deny all\n";
3101 }
3102
3103 print FILE "delay_initial_bucket_level 100%\n";
3104 print FILE "\n";
3105}
3106 print FILE <<END
3107#Set custom configured ACLs
3108END
3109 ;
3110 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPCop_banned_ips\n"; }
3111 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPCop_banned_mac\n"; }
3112
3113 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3114 {
3115 if (!-z $acl_src_unrestricted_ip)
3116 {
3117 print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
3118 }
3119 if (!-z $acl_src_unrestricted_mac)
3120 {
3121 print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
3122 }
3123 print FILE "http_access allow IPCop_networks";
3124 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3125 print FILE " !within_timeframe";
3126 } else {
3127 print FILE " within_timeframe"; }
3128 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3129 print FILE " to_domains_without_auth\n";
3130 }
3131
3132 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3133 {
3134 print FILE "http_access deny !for_inetusers";
3135 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3136 print FILE "\n";
3137 }
3138
3139 if (
3140 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3141 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3142 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3143 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3144 (!-z "$identdir/identauth.denyusers")
3145 )
3146 {
3147 print FILE "http_access deny for_acl_users";
3148 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3149 print FILE "\n";
3150 }
3151
3152 if (!-z $acl_src_unrestricted_ip)
3153 {
3154 print FILE "http_access allow IPCop_unrestricted_ips";
3155 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3156 {
3157 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3158 {
3159 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3160 }
3161 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3162 {
3163 print FILE " for_inetusers";
3164 }
3165 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3166 {
3167 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3168 {
3169 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3170 {
3171 print FILE " for_acl_users";
3172 }
3173 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3174 {
3175 print FILE " !for_acl_users";
3176 }
3177 } else { print FILE " for_inetusers"; }
3178 }
3179 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3180 {
3181 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3182 {
3183 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3184 {
3185 print FILE " for_acl_users";
3186 }
3187 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3188 {
3189 print FILE " !for_acl_users";
3190 }
3191 } else { print FILE " for_inetusers"; }
3192 }
3193 }
3194 print FILE "\n";
3195 }
3196
3197 if (!-z $acl_src_unrestricted_mac)
3198 {
3199 print FILE "http_access allow IPCop_unrestricted_mac";
3200 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3201 {
3202 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3203 {
3204 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3205 }
3206 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3207 {
3208 print FILE " for_inetusers";
3209 }
3210 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3211 {
3212 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3213 {
3214 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3215 {
3216 print FILE " for_acl_users";
3217 }
3218 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3219 {
3220 print FILE " !for_acl_users";
3221 }
3222 } else { print FILE " for_inetusers"; }
3223 }
3224 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3225 {
3226 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3227 {
3228 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3229 {
3230 print FILE " for_acl_users";
3231 }
3232 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3233 {
3234 print FILE " !for_acl_users";
3235 }
3236 } else { print FILE " for_inetusers"; }
3237 }
3238 }
3239 print FILE "\n";
3240 }
3241
3242 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3243 {
3244 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3245 if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
3246 }
3247
3248 if (
3249 (
3250 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3251 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3252 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3253 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3254 (!-z "$ntlmdir/msntauth.denyusers")
3255 )
3256 ||
3257 (
3258 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3259 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3260 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3261 (!-z "$raddir/radauth.denyusers")
3262 )
3263 ||
3264 (
3265 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3266 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3267 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3268 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3269 (!-z "$identdir/identauth.denyusers")
3270 )
3271 )
3272 {
3273 print FILE "http_access deny for_acl_users";
3274 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3275 print FILE "\n";
3276 }
3277
3278 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3279 {
3280 print FILE "http_access allow";
3281 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3282 print FILE " !within_timeframe";
3283 } else {
3284 print FILE " within_timeframe"; }
3285 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3286 print FILE " !on_ident_aware_hosts\n";
3287 }
3288
3289 print FILE "http_access allow IPCop_networks";
3290 if (
3291 (
3292 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3293 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3294 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3295 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3296 (!-z "$ntlmdir/msntauth.allowusers")
3297 )
3298 ||
3299 (
3300 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3301 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3302 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3303 (!-z "$raddir/radauth.allowusers")
3304 )
3305 ||
3306 (
3307 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3308 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3309 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3310 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3311 (!-z "$identdir/identauth.allowusers")
3312 )
3313 )
3314 {
3315 print FILE " for_acl_users";
3316 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3317 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3318 print FILE " for_inetusers";
3319 }
3320 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3321 {
3322 print FILE " !concurrent";
3323 }
3324 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3325 print FILE " !within_timeframe";
3326 } else {
3327 print FILE " within_timeframe"; }
3328 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3329 print FILE "\n";
3330
3331 print FILE "http_access deny all\n\n";
3332
3333 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3334 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3335 {
3336 print FILE "#Strip HTTP Header\n";
3337
3338 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3339 {
3340 print FILE "header_access X-Forwarded-For deny all\n";
3341 }
3342 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3343 {
3344 print FILE "header_access Via deny all\n";
3345 }
3346 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3347 {
3348 print FILE "header_access User-Agent deny all\n";
3349 }
3350 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3351 {
3352 print FILE "header_access Referer deny all\n";
3353 }
3354
3355 print FILE "\n";
3356
3357 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3358 {
3359 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3360 {
3361 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3362 }
3363 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3364 {
3365 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3366 }
3367 print FILE "\n";
3368 }
3369 }
3370
3371 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3372 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
3373 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
3374 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3375 {
3376 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3377 }
3378 print FILE "http_reply_access deny blocked_mimetypes\n";
3379 print FILE "http_reply_access allow all\n\n";
3380 }
3381
3382 print FILE <<END
3383maximum_object_size $proxysettings{'MAX_SIZE'} KB
3384minimum_object_size $proxysettings{'MIN_SIZE'} KB
3385
3386request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3387END
3388 ;
3389 $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
3390 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3391 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
3392 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
3393 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3394 {
3395 if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
3396 }
3397 }
3398 print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
3399
3400 print FILE "visible_hostname";
3401 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3402 {
3403 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3404 } else {
3405 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3406 }
3407
3408 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
3409
3410 # Write the parent proxy info, if needed.
3411 if ($remotehost ne '')
3412 {
3413 # Enter authentication for the parent cache (format is login=user:password)
3414 if ($proxy1 eq 'YES') {
3415 print FILE <<END
3416cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query
3417
3418END
3419 ;
3420 } else {
3421 # Not using authentication with the parent cache
3422 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3423 if ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3424 print FILE "\n";
3425 }
3426 print FILE "never_direct allow all\n\n";
3427 }
3428 if ($urlfilter_addon) {
3429 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
3430 {
3431 print FILE <<END
3432redirect_program /usr/sbin/squidGuard
3433redirect_children $filtersettings{'CHILDREN'}
3434
3435END
3436 ;
3437 }
3438 }
3439 if ($updacclrtr_addon) {
3440 if ($proxysettings{'ENABLE_UPDACCEL'} eq 'on')
3441 {
3442 print FILE <<END
3443redirect_program /usr/local/bin/updacclrtr
3444redirect_children $updaccsettings{'ACCELERATORS'}
3445
3446END
3447 ;
3448 }
3449 }
3450 if (($proxysettings{'TRANSPARENT'} eq 'on') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))
3451 {
3452 print FILE <<END
3453httpd_accel_host virtual
3454httpd_accel_port 80
3455httpd_accel_with_proxy on
3456httpd_accel_uses_host_header on
3457END
3458 ;
3459 }
3460 close FILE;
3461}
3462
3463# -------------------------------------------------------------------
3464
3465sub adduser
3466{
3467 my ($str_user, $str_pass, $str_group) = @_;
3468 my @groupmembers=();
3469
3470 if ($str_pass eq 'lEaVeAlOnE')
3471 {
3472 open(FILE, "$userdb");
3473 @groupmembers = <FILE>;
3474 close(FILE);
3475 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3476 &deluser($str_user);
3477 open(FILE, ">>$userdb");
3478 flock FILE,2;
3479 print FILE "$str_user$str_pass";
3480 close(FILE);
3481 } else {
3482 &deluser($str_user);
3483 system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
3484 }
3485
3486 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3487 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3488 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3489 flock FILE, 2;
3490 print FILE "$str_user\n";
3491 close(FILE);
3492
3493 return;
3494}
3495
3496# -------------------------------------------------------------------
3497
3498sub deluser
3499{
3500 my ($str_user) = @_;
3501 my $groupfile='';
3502 my @groupmembers=();
3503 my @templist=();
3504
3505 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3506 {
3507 undef @templist;
3508 open(FILE, "$groupfile");
3509 @groupmembers = <FILE>;
3510 close(FILE);
3511 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3512 open(FILE, ">$groupfile");
3513 flock FILE, 2;
3514 print FILE @templist;
3515 close(FILE);
3516 }
3517
3518 undef @templist;
3519 open(FILE, "$userdb");
3520 @groupmembers = <FILE>;
3521 close(FILE);
3522 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3523 open(FILE, ">$userdb");
3524 flock FILE, 2;
3525 print FILE @templist;
3526 close(FILE);
3527
3528 return;
3529}
ac1cfefa 3530
ed38f89d 3531# -------------------------------------------------------------------
IPFire 2.x development tree