]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
GeƤndert:
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 #
3 # IPCop CGIs
4 #
5 # This code is distributed under the terms of the GPL
6 #
7 # $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $
8 #
9
10 use strict;
11
12 # enable only the following on debugging purpose
13 #use warnings;
14 #use CGI::Carp 'fatalsToBrowser';
15
16 use IO::Socket;
17
18 require '/var/ipfire/general-functions.pl';
19 require "${General::swroot}/lang.pl";
20 require "${General::swroot}/header.pl";
21
22 my %proxysettings=();
23 my %netsettings=();
24 my %filtersettings=();
25 my %updaccsettings=();
26 my %stdproxysettings=();
27 my %mainsettings=();
28 my $urlfilter_addon=0;
29 my $updacclrtr_addon=0;
30
31 my %checked=();
32 my %selected=();
33
34 my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
35 my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
36 my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
37 my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
38
39 my @useragent=();
40 my @useragentlist=();
41
42 my $hintcolour='#FFFFCC';
43 my $ncsa_buttontext='';
44 my $language='';
45 my $i=0;
46 my $n=0;
47 my $id=0;
48 my $line='';
49 my $user='';
50 my @userlist=();
51 my @grouplist=();
52 my @temp=();
53 my @templist=();
54
55 my $cachemem=0;
56 my $proxy1='';
57 my $proxy2='';
58 my $replybodymaxsize=0;
59 my $browser_regexp='';
60 my $needhup = 0;
61 my $errormessage='';
62
63 my $acldir = "${General::swroot}/proxy/advanced/acls";
64 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
65 my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
66 my $raddir = "${General::swroot}/proxy/advanced/radius";
67 my $identdir = "${General::swroot}/proxy/advanced/ident";
68 my $credir = "${General::swroot}/proxy/advanced/cre";
69
70 my $userdb = "$ncsadir/passwd";
71 my $stdgrp = "$ncsadir/standard.grp";
72 my $extgrp = "$ncsadir/extended.grp";
73 my $disgrp = "$ncsadir/disabled.grp";
74
75 my $browserdb = "${General::swroot}/proxy/advanced/useragents";
76 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
77 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
78
79 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
80 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
81 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
82
83 my $identhosts = "$identdir/hosts";
84
85 my $libexecdir = "/usr/lib/squid";
86
87 my $acl_src_subnets = "$acldir/src_subnets.acl";
88 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
89 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
90 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
91 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
92 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
93 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
94 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
95 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
96 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
97 my $acl_include = "$acldir/include.acl";
98
99 unless (-d "$acldir") { mkdir("$acldir"); }
100 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
101 unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
102 unless (-d "$raddir") { mkdir("$raddir"); }
103 unless (-d "$identdir") { mkdir("$identdir"); }
104 unless (-d "$credir") { mkdir("$credir"); }
105
106 unless (-e $cre_groups) { system("touch $cre_groups"); }
107 unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
108
109 unless (-e $userdb) { system("touch $userdb"); }
110 unless (-e $stdgrp) { system("touch $stdgrp"); }
111 unless (-e $extgrp) { system("touch $extgrp"); }
112 unless (-e $disgrp) { system("touch $disgrp"); }
113
114 unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
115 unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
116 unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
117 unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
118 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
119 unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
120 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
121 unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
122 unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
123 unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
124 unless (-e $acl_include) { system("touch $acl_include"); }
125
126 unless (-e $browserdb) { system("touch $browserdb"); }
127 unless (-e $mimetypes) { system("touch $mimetypes"); }
128
129 open FILE, $browserdb;
130 @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
131 close(FILE);
132
133 my %filtersettings=();
134 $filtersettings{'CHILDREN'} = '5';
135 if (-e "${General::swroot}/urlfilter/settings") {
136 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
137 }
138
139 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
140 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
141
142 if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; }
143 if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; }
144
145 if ($urlfilter_addon) {
146 $filtersettings{'CHILDREN'} = '5';
147 if (-e "${General::swroot}/urlfilter/settings") {
148 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
149 }
150 }
151
152 if ($updacclrtr_addon) {
153 $updaccsettings{'ACCELERATORS'} = '10';
154 if (-e "${General::swroot}/updacclrtr/settings") {
155 &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings);
156 }
157 }
158
159 &Header::showhttpheaders();
160
161 $proxysettings{'ENABLE_FILTER'} = 'off';
162 $proxysettings{'ACTION'} = '';
163 $proxysettings{'VALID'} = '';
164
165 $proxysettings{'ENABLE'} = 'off';
166 $proxysettings{'ENABLE_BLUE'} = 'off';
167 $proxysettings{'TRANSPARENT'} = 'off';
168 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
169 $proxysettings{'PROXY_PORT'} = '800';
170 $proxysettings{'VISIBLE_HOSTNAME'} = '';
171 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
172 $proxysettings{'ERR_LANGUAGE'} = 'English';
173 $proxysettings{'FORWARD_VIA'} = 'off';
174 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
175 $proxysettings{'FORWARD_USERNAME'} = 'off';
176 $proxysettings{'UPSTREAM_PROXY'} = '';
177 $proxysettings{'UPSTREAM_USER'} = '';
178 $proxysettings{'UPSTREAM_PASSWORD'} = '';
179 $proxysettings{'LOGGING'} = 'off';
180 $proxysettings{'LOGQUERY'} = 'off';
181 $proxysettings{'LOGUSERAGENT'} = 'off';
182 $proxysettings{'CACHE_MEM'} = '2';
183 $proxysettings{'CACHE_SIZE'} = '50';
184 $proxysettings{'MAX_SIZE'} = '4096';
185 $proxysettings{'MIN_SIZE'} = '0';
186 $proxysettings{'MEM_POLICY'} = 'LRU';
187 $proxysettings{'CACHE_POLICY'} = 'LRU';
188 $proxysettings{'L1_DIRS'} = '16';
189 $proxysettings{'OFFLINE_MODE'} = 'off';
190 $proxysettings{'CLASSROOM_EXT'} = 'off';
191 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
192 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
193 $proxysettings{'TIME_FROM_HOUR'} = '00';
194 $proxysettings{'TIME_FROM_MINUTE'} = '00';
195 $proxysettings{'TIME_TO_HOUR'} = '24';
196 $proxysettings{'TIME_TO_MINUTE'} = '00';
197 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
198 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
199 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
200 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
201 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
202 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
203 $proxysettings{'THROTTLE_BINARY'} = 'off';
204 $proxysettings{'THROTTLE_DSKIMG'} = 'off';
205 $proxysettings{'THROTTLE_MMEDIA'} = 'off';
206 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
207 $proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
208 $proxysettings{'FAKE_USERAGENT'} = '';
209 $proxysettings{'FAKE_REFERER'} = '';
210 $proxysettings{'AUTH_METHOD'} = 'none';
211 $proxysettings{'AUTH_REALM'} = '';
212 $proxysettings{'AUTH_MAX_USERIP'} = '';
213 $proxysettings{'AUTH_CACHE_TTL'} = '60';
214 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
215 $proxysettings{'AUTH_CHILDREN'} = '5';
216 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
217 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
218 $proxysettings{'NCSA_USERNAME'} = '';
219 $proxysettings{'NCSA_GROUP'} = '';
220 $proxysettings{'NCSA_PASS'} = '';
221 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
222 $proxysettings{'LDAP_BASEDN'} = '';
223 $proxysettings{'LDAP_TYPE'} = 'ADS';
224 $proxysettings{'LDAP_SERVER'} = '';
225 $proxysettings{'LDAP_PORT'} = '389';
226 $proxysettings{'LDAP_BINDDN_USER'} = '';
227 $proxysettings{'LDAP_BINDDN_PASS'} = '';
228 $proxysettings{'LDAP_GROUP'} = '';
229 $proxysettings{'NTLM_DOMAIN'} = '';
230 $proxysettings{'NTLM_PDC'} = '';
231 $proxysettings{'NTLM_BDC'} = '';
232 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
233 $proxysettings{'NTLM_USER_ACL'} = 'positive';
234 $proxysettings{'RADIUS_SERVER'} = '';
235 $proxysettings{'RADIUS_PORT'} = '1645';
236 $proxysettings{'RADIUS_IDENTIFIER'} = '';
237 $proxysettings{'RADIUS_SECRET'} = '';
238 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
239 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
240 $proxysettings{'IDENT_REQUIRED'} = 'off';
241 $proxysettings{'IDENT_TIMEOUT'} = '10';
242 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
243 $proxysettings{'IDENT_USER_ACL'} = 'positive';
244
245 if ($urlfilter_addon) {
246 $proxysettings{'ENABLE_FILTER'} = 'off';
247 }
248
249 if ($updacclrtr_addon) {
250 $proxysettings{'ENABLE_UPDACCEL'} = 'off';
251 }
252
253 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
254
255 &Header::getcgihash(\%proxysettings);
256
257 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
258 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
259 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
260 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
261
262 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
263 {
264 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
265 }
266
267 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
268 {
269 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
270 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
271 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
272 }
273 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
274 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
275 }
276 if ($proxysettings{'NCSA_USERNAME'} eq '') {
277 $errormessage = $Lang::tr{'advproxy errmsg no username'};
278 }
279 if (!$errormessage) {
280 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
281 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
282 }
283 $proxysettings{'NCSA_USERNAME'} = '';
284 $proxysettings{'NCSA_GROUP'} = '';
285 $proxysettings{'NCSA_PASS'} = '';
286 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
287 }
288
289 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
290 {
291 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
292 &deluser($proxysettings{'ID'});
293 }
294
295 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
296 {
297 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
298 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
299 @temp = split(/:/,$proxysettings{'ID'});
300 $proxysettings{'NCSA_USERNAME'} = $temp[0];
301 $proxysettings{'NCSA_GROUP'} = $temp[1];
302 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
303 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
304 }
305
306 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
307 {
308 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
309 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
310 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
311 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
312 $errormessage = $Lang::tr{'invalid input'};
313 goto ERROR;
314 }
315 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
316 ($proxysettings{'CACHE_SIZE'} < 10))
317 {
318 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
319 goto ERROR;
320 }
321 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
322 ($proxysettings{'CACHE_MEM'} < 1))
323 {
324 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
325 goto ERROR;
326 }
327 my @free = `/usr/bin/free`;
328 $free[1] =~ m/(\d+)/;
329 $cachemem = int $1 / 2048;
330 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
331 $proxysettings{'CACHE_MEM'} = $cachemem;
332 }
333 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
334 {
335 $errormessage = $Lang::tr{'invalid maximum object size'};
336 goto ERROR;
337 }
338 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
339 {
340 $errormessage = $Lang::tr{'invalid minimum object size'};
341 goto ERROR;
342 }
343 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
344 {
345 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
346 goto ERROR;
347 }
348 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
349 {
350 print FILE <<END
351 redirect_program /usr/bin/squidGuard
352 redirect_children $filtersettings{'CHILDREN'}
353
354 END
355 ;
356 }
357 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
358 {
359 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
360 goto ERROR;
361 }
362 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
363 {
364 $errormessage = $Lang::tr{'invalid maximum incoming size'};
365 goto ERROR;
366 }
367 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
368 {
369 $browser_regexp = '';
370 foreach (@useragentlist)
371 {
372 chomp;
373 @useragent = split(/,/);
374 if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
375 }
376 chop($browser_regexp);
377 if (!$browser_regexp)
378 {
379 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
380 goto ERROR;
381 }
382 }
383 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
384 {
385 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
386 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
387 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
388 {
389 if ($netsettings{'BLUE_DEV'})
390 {
391 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
392 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
393 {
394 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
395 goto ERROR;
396 }
397 } else {
398 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
399 {
400 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
401 goto ERROR;
402 }
403 }
404 }
405 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
406 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
407 {
408 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
409 goto ERROR;
410 }
411 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
412 {
413 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
414 goto ERROR;
415 }
416 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
417 {
418 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
419 goto ERROR;
420 }
421 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
422 {
423 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
424 goto ERROR;
425 }
426 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
427 {
428 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
429 goto ERROR;
430 }
431 }
432 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
433 {
434 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
435 {
436 $errormessage = $Lang::tr{'advproxy errmsg password length'};
437 goto ERROR;
438 }
439 }
440 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
441 {
442 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
443 {
444 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
445 goto ERROR;
446 }
447 }
448 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
449 {
450 if ($proxysettings{'LDAP_BASEDN'} eq '')
451 {
452 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
453 goto ERROR;
454 }
455 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
456 {
457 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
458 goto ERROR;
459 }
460 if (!&General::validport($proxysettings{'LDAP_PORT'}))
461 {
462 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
463 goto ERROR;
464 }
465 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
466 {
467 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
468 {
469 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
470 goto ERROR;
471 }
472 }
473 }
474 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
475 {
476 if ($proxysettings{'NTLM_DOMAIN'} eq '')
477 {
478 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
479 goto ERROR;
480 }
481 if ($proxysettings{'NTLM_PDC'} eq '')
482 {
483 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
484 goto ERROR;
485 }
486 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
487 {
488 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
489 goto ERROR;
490 }
491 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
494 goto ERROR;
495 }
496 }
497 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
498 {
499 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
500 {
501 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
502 goto ERROR;
503 }
504 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
505 {
506 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
507 goto ERROR;
508 }
509 if ($proxysettings{'RADIUS_SECRET'} eq '')
510 {
511 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
512 goto ERROR;
513 }
514 }
515
516 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
517 $proxy1 = 'YES';
518 $proxy2 = 'YES';
519 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
520 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
521 if (($proxy1 ne $proxy2))
522 {
523 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
524 goto ERROR;
525 }
526
527 ERROR:
528 &check_acls;
529
530 if ($errormessage) {
531 $proxysettings{'VALID'} = 'no'; }
532 else {
533 $proxysettings{'VALID'} = 'yes'; }
534
535 if ($proxysettings{'VALID'} eq 'yes')
536 {
537 &write_acls;
538
539 delete $proxysettings{'SRC_SUBNETS'};
540 delete $proxysettings{'SRC_BANNED_IP'};
541 delete $proxysettings{'SRC_BANNED_MAC'};
542 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
543 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
544 delete $proxysettings{'DST_NOCACHE'};
545 delete $proxysettings{'DST_NOAUTH'};
546 delete $proxysettings{'MIME_TYPES'};
547 delete $proxysettings{'NTLM_ALLOW_USERS'};
548 delete $proxysettings{'NTLM_DENY_USERS'};
549 delete $proxysettings{'RADIUS_ALLOW_USERS'};
550 delete $proxysettings{'RADIUS_DENY_USERS'};
551 delete $proxysettings{'IDENT_HOSTS'};
552 delete $proxysettings{'IDENT_ALLOW_USERS'};
553 delete $proxysettings{'IDENT_DENY_USERS'};
554
555 delete $proxysettings{'CRE_GROUPS'};
556 delete $proxysettings{'CRE_SVHOSTS'};
557
558 delete $proxysettings{'NCSA_USERNAME'};
559 delete $proxysettings{'NCSA_GROUP'};
560 delete $proxysettings{'NCSA_PASS'};
561 delete $proxysettings{'NCSA_PASS_CONFIRM'};
562
563 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
564 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
565 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
566 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
567 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
568 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
569 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
570
571 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
572 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
573
574 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
575
576 if ($urlfilter_addon)
577 {
578 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
579 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
580 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
581 }
582
583 if ($updacclrtr_addon)
584 {
585 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
586 $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'};
587 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
588 }
589
590 &writeconfig;
591 &writepacfile;
592
593 unlink "${General::swroot}/proxy/enable";
594 unlink "${General::swroot}/proxy/transparent";
595 unlink "${General::swroot}/proxy/enable_blue";
596 unlink "${General::swroot}/proxy/transparent_blue";
597
598 if ($proxysettings{'ENABLE'} eq 'on') {
599 system ('/bin/touch', "${General::swroot}/proxy/enable"); }
600 if ($proxysettings{'TRANSPARENT'} eq 'on') {
601 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }
602 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
603 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }
604 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
605 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
606
607 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
608 }
609 }
610
611 if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})
612 {
613 system('/usr/local/bin/restartsquid','-f');
614 }
615
616 if (!$errormessage)
617 {
618 if (-e "${General::swroot}/proxy/advanced/settings") {
619 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
620 } elsif (-e "${General::swroot}/proxy/settings") {
621 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
622 }
623 &read_acls;
624 }
625
626 $checked{'ENABLE'}{'off'} = '';
627 $checked{'ENABLE'}{'on'} = '';
628 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
629
630 $checked{'TRANSPARENT'}{'off'} = '';
631 $checked{'TRANSPARENT'}{'on'} = '';
632 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
633
634 $checked{'ENABLE_BLUE'}{'off'} = '';
635 $checked{'ENABLE_BLUE'}{'on'} = '';
636 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
637
638 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
639 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
640 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
641
642 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
643 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
644 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
645 $checked{'FORWARD_USERNAME'}{'off'} = '';
646 $checked{'FORWARD_USERNAME'}{'on'} = '';
647 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
648 $checked{'FORWARD_VIA'}{'off'} = '';
649 $checked{'FORWARD_VIA'}{'on'} = '';
650 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
651
652 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
653 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
654 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
655 $checked{'OFFLINE_MODE'}{'off'} = '';
656 $checked{'OFFLINE_MODE'}{'on'} = '';
657 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
658
659 $checked{'LOGGING'}{'off'} = '';
660 $checked{'LOGGING'}{'on'} = '';
661 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
662 $checked{'LOGQUERY'}{'off'} = '';
663 $checked{'LOGQUERY'}{'on'} = '';
664 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
665 $checked{'LOGUSERAGENT'}{'off'} = '';
666 $checked{'LOGUSERAGENT'}{'on'} = '';
667 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
668
669 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
670
671 $checked{'CLASSROOM_EXT'}{'off'} = '';
672 $checked{'CLASSROOM_EXT'}{'on'} = '';
673 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
674
675 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
676 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
677 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
678 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
679 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
680
681 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
682 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
683 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
684 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
685 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
686 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
687 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
688
689 $checked{'TIME_MON'}{'off'} = '';
690 $checked{'TIME_MON'}{'on'} = '';
691 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
692 $checked{'TIME_TUE'}{'off'} = '';
693 $checked{'TIME_TUE'}{'on'} = '';
694 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
695 $checked{'TIME_WED'}{'off'} = '';
696 $checked{'TIME_WED'}{'on'} = '';
697 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
698 $checked{'TIME_THU'}{'off'} = '';
699 $checked{'TIME_THU'}{'on'} = '';
700 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
701 $checked{'TIME_FRI'}{'off'} = '';
702 $checked{'TIME_FRI'}{'on'} = '';
703 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
704 $checked{'TIME_SAT'}{'off'} = '';
705 $checked{'TIME_SAT'}{'on'} = '';
706 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
707 $checked{'TIME_SUN'}{'off'} = '';
708 $checked{'TIME_SUN'}{'on'} = '';
709 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
710
711 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
712 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
713 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
714 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
715
716 $checked{'THROTTLE_BINARY'}{'off'} = '';
717 $checked{'THROTTLE_BINARY'}{'on'} = '';
718 $checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
719 $checked{'THROTTLE_DSKIMG'}{'off'} = '';
720 $checked{'THROTTLE_DSKIMG'}{'on'} = '';
721 $checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
722 $checked{'THROTTLE_MMEDIA'}{'off'} = '';
723 $checked{'THROTTLE_MMEDIA'}{'on'} = '';
724 $checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
725
726 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
727 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
728 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
729
730 $checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
731 $checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
732 $checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
733
734 foreach (@useragentlist) {
735 @useragent = split(/,/);
736 $checked{'UA_'.@useragent[0]}{'off'} = '';
737 $checked{'UA_'.@useragent[0]}{'on'} = '';
738 $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
739 }
740
741 $checked{'AUTH_METHOD'}{'none'} = '';
742 $checked{'AUTH_METHOD'}{'ncsa'} = '';
743 $checked{'AUTH_METHOD'}{'ident'} = '';
744 $checked{'AUTH_METHOD'}{'ldap'} = '';
745 $checked{'AUTH_METHOD'}{'ntlm'} = '';
746 $checked{'AUTH_METHOD'}{'radius'} = '';
747 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
748
749 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
750
751 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
752 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
753 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
754
755 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
756 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
757 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
758
759 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
760
761 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
762
763 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
764
765 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
766 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
767 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
768
769 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
770 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
771 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
772
773 $checked{'NTLM_USER_ACL'}{'positive'} = '';
774 $checked{'NTLM_USER_ACL'}{'negative'} = '';
775 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
776
777 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
778 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
779 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
780
781 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
782 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
783 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
784
785 $checked{'IDENT_REQUIRED'}{'off'} = '';
786 $checked{'IDENT_REQUIRED'}{'on'} = '';
787 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
788
789 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
790 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
791 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
792
793 $checked{'IDENT_USER_ACL'}{'positive'} = '';
794 $checked{'IDENT_USER_ACL'}{'negative'} = '';
795 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
796
797 if ($urlfilter_addon) {
798 $checked{'ENABLE_FILTER'}{'off'} = '';
799 $checked{'ENABLE_FILTER'}{'on'} = '';
800 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
801 }
802
803 if ($updacclrtr_addon) {
804 $checked{'ENABLE_UPDACCEL'}{'off'} = '';
805 $checked{'ENABLE_UPDACCEL'}{'on'} = '';
806 $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'";
807 }
808
809 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
810
811 &Header::openbigbox('100%', 'left', '', $errormessage);
812
813 if ($errormessage) {
814 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
815 print "<font class='base'>$errormessage&nbsp;</font>\n";
816 &Header::closebox();
817 }
818
819 # ===================================================================
820 # Main settings
821 # ===================================================================
822
823 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
824
825 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
826
827 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
828
829 print <<END
830 <table width='100%'>
831 <tr>
832 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
833 </tr>
834 <tr>
835 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
836 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
837 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:</td>
838 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
839 </tr>
840 <tr>
841 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
842 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
843 <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
844 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
845 </tr>
846 <tr>
847 END
848 ;
849 if ($netsettings{'BLUE_DEV'}) {
850 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
851 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
852 } else {
853 print "<td colspan='2'>&nbsp;</td>";
854 }
855 print <<END
856 <td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
857 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
858 </tr>
859 <tr>
860 END
861 ;
862 if ($netsettings{'BLUE_DEV'}) {
863 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
864 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
865 } else {
866 print "<td colspan='2'>&nbsp;</td>";
867 }
868 print <<END
869 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
870 <td class='base'>
871 <select name='ERR_LANGUAGE'>
872 END
873 ;
874 foreach (</usr/lib/squid/errors/*>) {
875 if (-d) {
876 $language = substr($_,rindex($_,"/")+1);
877 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
878 }
879 }
880 print <<END
881 </select>
882 </td>
883 </tr>
884 <tr>
885 <td colspan='4'><hr /><b>$Lang::tr{'urlfilter url filter'}</b></td>
886 </tr>
887 <tr>
888 <td width='25%' class='base'>$Lang::tr{'urlfilter enabled'}</td>
889 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
890 <td colspan='2'>&nbsp;</td>
891 </tr>
892 </table>
893 <hr size='1'>
894 <table width='100%'>
895 <tr>
896 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
897 </tr>
898 <tr>
899 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}</font>:</td>
900 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
901 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
902 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
903 </tr>
904 <tr>
905 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}</font>:</td>
906 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
907 <td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
908 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
909 </tr>
910 <tr>
911 <td class='base'>$Lang::tr{'advproxy username forwarding'}</font>:</td>
912 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
913 <td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
914 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
915 </tr>
916 </table>
917 <hr size='1'>
918 <table width='100%'>
919 <tr>
920 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
921 </tr>
922 <tr>
923 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
924 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
925 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
926 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
927 </tr>
928 <tr>
929 <td>&nbsp;</td>
930 <td>&nbsp;</td>
931 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
932 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
933 </tr>
934 </table>
935 <hr size='1'>
936 <table width='100%'>
937 <tr>
938 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
939 </tr>
940 <tr>
941 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
942 </tr>
943 <tr>
944 <td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
945 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
946 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:</td>
947 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
948 </tr>
949 <tr>
950 <td class='base'>$Lang::tr{'advproxy min size'}:</td>
951 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
952 <td class='base'>$Lang::tr{'advproxy max size'}:</td>
953 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
954 </tr>
955 <tr>
956 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
957 <td class='base'><select name='L1_DIRS'>
958 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
959 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
960 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
961 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
962 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
963 </select></td>
964 <td colspan='2' rowspan= '5' valign='top' class='base'>
965 <table cellpadding='0' cellspacing='0'>
966 <tr>
967 <!-- intentionally left empty -->
968 </tr>
969 <tr>
970 <td>$Lang::tr{'advproxy no cache sites'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
971 </tr>
972 <tr>
973 <!-- intentionally left empty -->
974 </tr>
975 <tr>
976 <!-- intentionally left empty -->
977 </tr>
978 <tr>
979 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
980 END
981 ;
982
983 print $proxysettings{'DST_NOCACHE'};
984
985 print <<END
986 </textarea></td>
987 </tr>
988 </table>
989 </td>
990 </tr>
991 <tr>
992 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
993 <td class='base'><select name='MEM_POLICY'>
994 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
995 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
996 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
997 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
998 </select></td>
999 </tr>
1000 <tr>
1001 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1002 <td class='base'><select name='CACHE_POLICY'>
1003 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1004 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1005 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1006 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1007 </select></td>
1008 </tr>
1009 <tr>
1010 <td colspan='2'>&nbsp;</td>
1011 </tr>
1012 <tr>
1013 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1014 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1015 </tr>
1016 </table>
1017 <hr size='1'>
1018 <table width='100%'>
1019 <tr>
1020 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1021 </tr>
1022 <tr>
1023 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1024 </tr>
1025 <tr>
1026 <td colspan='2' class='base'>$Lang::tr{'advproxy allowed subnets'}:</td>
1027 <td colspan='2'>&nbsp;</td>
1028 </tr>
1029 <tr>
1030 <td colspan='2'><textarea name='SRC_SUBNETS' cols='32' rows='6' wrap='off'>
1031 END
1032 ;
1033
1034 if (!$proxysettings{'SRC_SUBNETS'}) {
1035 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1036 if ($netsettings{'BLUE_DEV'}) {
1037 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1038 }
1039 } else {
1040 print $proxysettings{'SRC_SUBNETS'};
1041 }
1042
1043 print <<END
1044 </textarea></td>
1045 <td colspan='2'>&nbsp;</td>
1046 </tr>
1047 </table>
1048 <table width='100%'>
1049 <tr>
1050 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1051 </tr>
1052 <tr>
1053 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1054 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1055 </tr>
1056 <tr>
1057 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='6' wrap='off'>
1058 END
1059 ;
1060
1061 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1062
1063 print <<END
1064 </textarea></td>
1065 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='6' wrap='off'>
1066 END
1067 ;
1068
1069 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1070
1071 print <<END
1072 </textarea></td>
1073 </tr>
1074 </table>
1075 <table width='100%'>
1076 <tr>
1077 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1078 </tr>
1079 <tr>
1080 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1081 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1082 </tr>
1083 <tr>
1084 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='6' wrap='off'>
1085 END
1086 ;
1087
1088 print $proxysettings{'SRC_BANNED_IP'};
1089
1090 print <<END
1091 </textarea></td>
1092 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='6' wrap='off'>
1093 END
1094 ;
1095
1096 print $proxysettings{'SRC_BANNED_MAC'};
1097
1098 print <<END
1099 </textarea></td>
1100 </tr>
1101 </table>
1102
1103 <hr size='1'>
1104
1105 END
1106 ;
1107 # -------------------------------------------------------------------
1108 # CRE GUI - optional
1109 # -------------------------------------------------------------------
1110
1111 if (-e $cre_enabled) { print <<END
1112 <table width='100%'>
1113
1114 <tr>
1115 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b></td>
1116 </tr>
1117 <tr>
1118 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1119 </tr>
1120 <tr>
1121 <td class='base'>$Lang::tr{'advproxy enabled'}:</td>
1122 <td><input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1123 <td class='base'>$Lang::tr{'advproxy supervisor password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1124 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1125 </tr>
1126 <tr>
1127 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1128 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1129 </tr>
1130 <tr>
1131 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1132 END
1133 ;
1134
1135 print $proxysettings{'CRE_GROUPS'};
1136
1137 print <<END
1138 </textarea></td>
1139 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1140 END
1141 ;
1142 print $proxysettings{'CRE_SVHOSTS'};
1143
1144 print <<END
1145 </textarea></td>
1146 </tr>
1147
1148 </table>
1149
1150 <hr size='1'>
1151 END
1152 ;
1153 } else {
1154 print <<END
1155 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1156 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1157 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1158 END
1159 ;
1160 }
1161 # -------------------------------------------------------------------
1162
1163 print <<END
1164
1165 <table width='100%'>
1166 <tr>
1167 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1168 </tr>
1169 <table width='100%'>
1170 <tr>
1171 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1172 <td width='1%'>&nbsp;</td>
1173 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1174 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1175 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1176 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1177 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1178 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1179 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1180 <td width='1%'>&nbsp;&nbsp;</td>
1181 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1182 <td width='1%'>&nbsp;</td>
1183 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1184 <td>&nbsp;</td>
1185 </tr>
1186 <tr>
1187 <td class='base'>
1188 <select name='TIME_ACCESS_MODE'>
1189 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1190 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1191 </select>
1192 </td>
1193 <td>&nbsp;</td>
1194 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1195 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1196 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1197 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1198 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1199 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1200 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1201 <td>&nbsp;</td>
1202 <td class='base'>
1203 <select name='TIME_FROM_HOUR'>
1204 END
1205 ;
1206 for ($i=0;$i<=24;$i++) {
1207 $_ = sprintf("%02s",$i);
1208 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1209 }
1210 print <<END
1211 </select>
1212 </td>
1213 <td>:</td>
1214 <td class='base'>
1215 <select name='TIME_FROM_MINUTE'>
1216 END
1217 ;
1218 for ($i=0;$i<=45;$i+=15) {
1219 $_ = sprintf("%02s",$i);
1220 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1221 }
1222 print <<END
1223 </select>
1224 <td> - </td>
1225 </td>
1226 <td class='base'>
1227 <select name='TIME_TO_HOUR'>
1228 END
1229 ;
1230 for ($i=0;$i<=24;$i++) {
1231 $_ = sprintf("%02s",$i);
1232 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1233 }
1234 print <<END
1235 </select>
1236 </td>
1237 <td>:</td>
1238 <td class='base'>
1239 <select name='TIME_TO_MINUTE'>
1240 END
1241 ;
1242 for ($i=0;$i<=45;$i+=15) {
1243 $_ = sprintf("%02s",$i);
1244 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1245 }
1246 print <<END
1247 </select>
1248 </td>
1249 </tr>
1250 </table>
1251 <hr size='1'>
1252 <table width='100%'>
1253 <tr>
1254 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1255 </tr>
1256 <tr>
1257 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:</td>
1258 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1259 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:</td>
1260 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1261 </tr>
1262 </table>
1263 <hr size='1'>
1264 <table width='100%'>
1265 <tr>
1266 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1267 </tr>
1268 <tr>
1269 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1270 <td width='20%' class='base'>
1271 <select name='THROTTLING_GREEN_TOTAL'>
1272 END
1273 ;
1274
1275 foreach (@throttle_limits) {
1276 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
1277 }
1278
1279 print <<END
1280 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1281 </select>
1282 </td>
1283 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1284 <td width='30%' class='base'>
1285 <select name='THROTTLING_GREEN_HOST'>
1286 END
1287 ;
1288
1289 foreach (@throttle_limits) {
1290 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
1291 }
1292
1293 print <<END
1294 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1295 </select>
1296 </td>
1297 </tr>
1298 END
1299 ;
1300
1301 if ($netsettings{'BLUE_DEV'}) {
1302 print <<END
1303 <tr>
1304 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1305 <td class='base'>
1306 <select name='THROTTLING_BLUE_TOTAL'>
1307 END
1308 ;
1309
1310 foreach (@throttle_limits) {
1311 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
1312 }
1313
1314 print <<END
1315 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1316 </select>
1317 </td>
1318 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1319 <td class='base'>
1320 <select name='THROTTLING_BLUE_HOST'>
1321 END
1322 ;
1323
1324 foreach (@throttle_limits) {
1325 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
1326 }
1327
1328 print <<END
1329 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1330 </select>
1331 </td>
1332 </tr>
1333 END
1334 ;
1335 }
1336
1337 print <<END
1338 </table>
1339 <table width='100%'>
1340 <tr>
1341 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1342 </tr>
1343 <tr>
1344 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1345 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1346 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1347 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1348 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1349 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1350 <td width='15%'>&nbsp;</td>
1351 <td width='10%'>&nbsp;</td>
1352 </tr>
1353 </table>
1354 <hr size='1'>
1355 <table width='100%'>
1356 <tr>
1357 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b></td>
1358 </tr>
1359 <tr>
1360 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1361 <td width='20%'><input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1362 </tr>
1363 <tr>
1364 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1365 <td>&nbsp;</td>
1366 <td>&nbsp;</td>
1367 </tr>
1368 <tr>
1369 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1370 END
1371 ;
1372
1373 print $proxysettings{'MIME_TYPES'};
1374
1375 print <<END
1376 </textarea></td>
1377 <td>&nbsp;</td>
1378 <td>&nbsp;</td>
1379 </tr>
1380 </table>
1381 <hr size='1'>
1382 <table width='100%'>
1383 <tr>
1384 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b></td>
1385 </tr>
1386 <tr>
1387 <td width='25%' class='base'>$Lang::tr{'advproxy UA enable filter'}:</td>
1388 <td width='20%'><input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1389 <td>&nbsp;</td>
1390 <td>&nbsp;</td>
1391 </tr>
1392 <tr>
1393 <td colspan='4'><i>
1394 END
1395 ;
1396 if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1397 print <<END
1398 </i></td>
1399 </tr>
1400 </table>
1401 <table width='100%'>
1402 END
1403 ;
1404
1405 for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1406 for ($i=0; $i<=3; $i++) {
1407 if ($i eq 0) { print "<tr>\n"; }
1408 if (($n+$i) < @useragentlist) {
1409 @useragent = split(/,/,@useragentlist[$n+$i]);
1410 print "<td width='15%'>@useragent[1]:<\/td>\n";
1411 print "<td width='10%'><input type='checkbox' name='UA_@useragent[0]' $checked{'UA_'.@useragent[0]}{'on'} /></td>\n";
1412 }
1413 if ($i eq 3) { print "<\/tr>\n"; }
1414 }
1415 }
1416
1417 print <<END
1418 </table>
1419 <hr size='1'>
1420 <table width='100%'>
1421 <tr>
1422 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1423 </tr>
1424 <tr>
1425 <td class='base'>$Lang::tr{'advproxy fake useragent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1426 </tr>
1427 <tr>
1428 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
1429 </tr>
1430 <tr>
1431 <td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1432 </tr>
1433 <tr>
1434 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
1435 </tr>
1436 </table>
1437 <hr size='1'>
1438 END
1439 ;
1440
1441 if (($updacclrtr_addon) && (!($urlfilter_addon))) {
1442 print <<END
1443 <table width='100%'>
1444 <tr>
1445 <td colspan='4'><b>$Lang::tr{'advproxy update accelerator'}</b></td>
1446 </tr>
1447 <tr>
1448 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1449 <td><input type='checkbox' name='ENABLE_UPDACCEL' $checked{'ENABLE_UPDACCEL'}{'on'} /></td>
1450 <td>&nbsp;</td>
1451 <td>&nbsp;</td>
1452 </tr>
1453 </table>
1454 <hr size='1'>
1455 END
1456 ; }
1457
1458 print <<END
1459 <table width='100%'>
1460 <tr>
1461 <td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1462 </tr>
1463 <tr>
1464 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1465 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1466 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1467 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1468 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1469 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1470 </tr>
1471 </table>
1472 END
1473 ;
1474
1475 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1476 <hr size='1'>
1477 <table width='100%'>
1478 <tr>
1479 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1480 </tr>
1481 <tr>
1482 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1483 </tr>
1484 <tr>
1485 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1486 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1487 <td colspan='2' rowspan= '6' valign='top' class='base'>
1488 <table cellpadding='0' cellspacing='0'>
1489 <tr>
1490 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1491 </tr>
1492 <tr>
1493 <!-- intentionally left empty -->
1494 </tr>
1495 <tr>
1496 <!-- intentionally left empty -->
1497 </tr>
1498 <tr>
1499 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1500 </tr>
1501 <tr>
1502 <!-- intentionally left empty -->
1503 </tr>
1504 <tr>
1505 <!-- intentionally left empty -->
1506 </tr>
1507 <tr>
1508 <td>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1509 </tr>
1510 <tr>
1511 <!-- intentionally left empty -->
1512 </tr>
1513 <tr>
1514 <!-- intentionally left empty -->
1515 </tr>
1516 <tr>
1517 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1518 END
1519 ;
1520
1521 print $proxysettings{'DST_NOAUTH'};
1522
1523 print <<END
1524 </textarea></td>
1525 </tr>
1526 </table>
1527 </td>
1528 </tr>
1529 <tr>
1530 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1531 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1532 </tr>
1533 <tr>
1534 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1535 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1536 </tr>
1537 <tr>
1538 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1539 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1540 </tr>
1541 <tr>
1542 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1543 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1544 </tr>
1545 <tr>
1546 <td colspan='2'>&nbsp;</td>
1547 </tr>
1548 </table>
1549 END
1550 ;
1551 }
1552
1553 # ===================================================================
1554 # NCSA auth settings
1555 # ===================================================================
1556
1557 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1558 print <<END
1559 <hr size='1'>
1560 <table width='100%'>
1561 <tr>
1562 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1563 </tr>
1564 <tr>
1565 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1566 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1567 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1568 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1569 </tr>
1570 <tr>
1571 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1572 <td>&nbsp;</td>
1573 <td>&nbsp;</td>
1574 </tr>
1575 </table>
1576 END
1577 ; }
1578
1579 # ===================================================================
1580 # IDENTD auth settings
1581 # ===================================================================
1582
1583 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1584 print <<END
1585 <hr size ='1'>
1586 <table width='100%'>
1587 <tr>
1588 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1589 </tr>
1590 <tr>
1591 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1592 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1593 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1594 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1595 </tr>
1596 <tr>
1597 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1598 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1599 <td>&nbsp;</td>
1600 <td>&nbsp;</td>
1601 </tr>
1602 <tr>
1603 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1604 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1605 </tr>
1606 <tr>
1607 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1608 END
1609 ;
1610 if (!$proxysettings{'IDENT_HOSTS'}) {
1611 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1612 if ($netsettings{'BLUE_DEV'}) {
1613 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1614 }
1615 } else {
1616 print $proxysettings{'IDENT_HOSTS'};
1617 }
1618
1619 print <<END
1620 </textarea></td>
1621 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1622 END
1623 ;
1624
1625 print $proxysettings{'DST_NOAUTH'};
1626
1627 print <<END
1628 </textarea></td>
1629 </tr>
1630 </table>
1631 <hr size ='1'>
1632 <table width='100%'>
1633 <tr>
1634 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1635 </tr>
1636 <tr>
1637 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1638 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1639 <td width='25%'>&nbsp;</td>
1640 <td width='30%'>&nbsp;</td>
1641 </tr>
1642 <tr>
1643 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1644 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1645 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1646 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1647 </tr>
1648 <tr>
1649 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1650 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1651 </tr>
1652 <tr>
1653 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1654 END
1655 ; }
1656
1657 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1658
1659 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1660 </textarea></td>
1661 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1662 END
1663 ; }
1664
1665 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1666
1667 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1668 </textarea></td>
1669 </tr>
1670 </table>
1671 END
1672 ; }
1673
1674 # ===================================================================
1675 # NTLM auth settings
1676 # ===================================================================
1677
1678 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1679 print <<END
1680 <hr size='1'>
1681 <table width='100%'>
1682 <tr>
1683 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1684 </tr>
1685 <tr>
1686 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1687 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1688 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1689 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1690 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1691 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1692 </tr>
1693 </table>
1694 <hr size ='1'>
1695 <table width='100%'>
1696 <tr>
1697 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1698 </tr>
1699 <tr>
1700 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1701 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1702 <td>&nbsp;</td>
1703 </tr>
1704 </table>
1705 <hr size ='1'>
1706 <table width='100%'>
1707 <tr>
1708 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1709 </tr>
1710 <tr>
1711 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1712 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1713 <td width='25%'>&nbsp;</td>
1714 <td width='30%'>&nbsp;</td>
1715 </tr>
1716 <tr>
1717 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1718 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1719 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1720 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1721 </tr>
1722 <tr>
1723 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1724 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1725 </tr>
1726 <tr>
1727 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1728 END
1729 ; }
1730
1731 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1732
1733 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1734 </textarea></td>
1735 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1736 END
1737 ; }
1738
1739 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1740
1741 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1742 </textarea></td>
1743 </tr>
1744 </table>
1745 END
1746 ; }
1747
1748 # ===================================================================
1749 # LDAP auth settings
1750 # ===================================================================
1751
1752 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1753 print <<END
1754 <hr size='1'>
1755 <table width='100%'>
1756 <tr>
1757 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1758 </tr>
1759 <tr>
1760 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1761 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1762 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1763 <td class='base'><select name='LDAP_TYPE'>
1764 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1765 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1766 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1767 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1768 </select></td>
1769 </tr>
1770 <tr>
1771 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1772 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1773 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1774 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1775 </tr>
1776 </table>
1777 <hr size ='1'>
1778 <table width='100%'>
1779 <tr>
1780 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1781 </tr>
1782 <tr>
1783 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1784 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1785 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1786 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1787 </tr>
1788 </table>
1789 <hr size ='1'>
1790 <table width='100%'>
1791 <tr>
1792 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1793 </tr>
1794 <tr>
1795 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1796 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1797 <td>&nbsp;</td>
1798 <td>&nbsp;</td>
1799 </tr>
1800 </table>
1801 END
1802 ; }
1803
1804 # ===================================================================
1805 # RADIUS auth settings
1806 # ===================================================================
1807
1808 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1809 print <<END
1810 <hr size='1'>
1811 <table width='100%'>
1812 <tr>
1813 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1814 </tr>
1815 <tr>
1816 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1817 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1818 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1819 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1820 </tr>
1821 <tr>
1822 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1823 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1824 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1825 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1826 </tr>
1827 </table>
1828 <hr size ='1'>
1829 <table width='100%'>
1830 <tr>
1831 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1832 </tr>
1833 <tr>
1834 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1835 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1836 <td width='25%'>&nbsp;</td>
1837 <td width='30%'>&nbsp;</td>
1838 </tr>
1839 <tr>
1840 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1841 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1842 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1843 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1844 </tr>
1845 <tr>
1846 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1847 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1848 </tr>
1849 <tr>
1850 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1851 END
1852 ; }
1853
1854 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
1855
1856 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1857 </textarea></td>
1858 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
1859 END
1860 ; }
1861
1862 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
1863
1864 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1865 </textarea></td>
1866 </tr>
1867 </table>
1868 END
1869 ; }
1870
1871 # ===================================================================
1872
1873 }
1874
1875 print "<table>\n";
1876
1877 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
1878 print <<END
1879 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1880 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1881 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1882 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1883 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
1884 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1885 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
1886 END
1887 ; }
1888
1889 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1890 print <<END
1891 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1892 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1893 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1894 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1895 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1896 END
1897 ; }
1898
1899 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
1900 print <<END
1901 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
1902 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
1903 END
1904 ; }
1905
1906 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
1907 print <<END
1908 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
1909 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
1910 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
1911 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
1912 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
1913 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
1914 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
1915 END
1916 ; }
1917
1918 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
1919 print <<END
1920 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
1921 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
1922 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
1923 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
1924 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
1925 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
1926 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
1927 END
1928 ; }
1929
1930 if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
1931 print <<END
1932 <td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
1933 <td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
1934 <td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
1935 <td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
1936 <td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
1937 <td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
1938 <td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
1939 <td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
1940 END
1941 ; }
1942
1943 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
1944 print <<END
1945 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
1946 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
1947 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
1948 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
1949 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
1950 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
1951 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
1952 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
1953 END
1954 ; }
1955
1956 print "</table>\n";
1957
1958 print <<END
1959 <hr size='1'>
1960 END
1961 ;
1962
1963 print <<END
1964 <table width='100%'>
1965 <tr>
1966 <td>&nbsp;</td>
1967 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
1968 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
1969 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>
1970 <td>&nbsp;</td>
1971 </tr>
1972
1973 </table>
1974 <br />
1975 <table width='100%'>
1976 <tr>
1977 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;
1978 <font class='base'>$Lang::tr{'this field may be blank'}</font>
1979 </td>
1980 <td align='right'>
1981 &nbsp;
1982 </td>
1983 </tr>
1984 </table>
1985 </form>
1986 END
1987 ;
1988
1989 &Header::closebox();
1990
1991 } else {
1992
1993 # ===================================================================
1994 # NCSA user management
1995 # ===================================================================
1996
1997 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
1998 print <<END
1999 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2000 <table width='100%'>
2001 <tr>
2002 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2003 </tr>
2004 <tr>
2005 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2006 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2007 END
2008 ;
2009 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
2010 print <<END
2011 /></td>
2012 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2013 <td class='base'>
2014 <select name='NCSA_GROUP'>
2015 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2016 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2017 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2018 </select>
2019 </td>
2020
2021 </tr>
2022 <tr>
2023 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2024 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2025 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2026 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2027 </tr>
2028 </table>
2029 <br>
2030 <table>
2031 <tr>
2032 <td>&nbsp;</td>
2033 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2034 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2035 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2036 END
2037 ;
2038 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2039 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2040 }
2041
2042 print <<END
2043 <td>&nbsp;</td>
2044 <td>&nbsp;</td>
2045 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2046 </tr>
2047 </table>
2048 </form>
2049 <hr size='1'>
2050 <table width='100%'>
2051 <tr>
2052 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2053 </tr>
2054 </table>
2055 <table width='100%' align='center'>
2056 END
2057 ;
2058
2059 if (-e $extgrp)
2060 {
2061 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2062 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2063 }
2064 if (-e $stdgrp)
2065 {
2066 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2067 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2068 }
2069 if (-e $disgrp)
2070 {
2071 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2072 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2073 }
2074
2075 @userlist = sort(@userlist);
2076
2077 # If the password file contains entries, print entries and action icons
2078
2079 if (! -z "$userdb") {
2080 print <<END
2081 <tr>
2082 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2083 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2084 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2085 </tr>
2086 END
2087 ;
2088 $id = 0;
2089 foreach $line (@userlist)
2090 {
2091 $id++;
2092 chomp($line);
2093 @temp = split(/:/,$line);
2094 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2095 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2096 elsif ($id % 2) {
2097 print "<tr bgcolor='$Header::table1colour'>\n"; }
2098 else {
2099 print "<tr bgcolor='$Header::table2colour'>\n"; }
2100
2101 print <<END
2102 <td align='center'>$temp[0]</td>
2103 <td align='center'>
2104 END
2105 ;
2106 if ($temp[1] eq 'standard') {
2107 print $Lang::tr{'advproxy NCSA grp standard'};
2108 } elsif ($temp[1] eq 'extended') {
2109 print $Lang::tr{'advproxy NCSA grp extended'};
2110 } elsif ($temp[1] eq 'disabled') {
2111 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2112 print <<END
2113 </td>
2114 <td width='8%' align='center'>
2115 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2116 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2117 <input type='hidden' name='ID' value='$line' />
2118 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2119 </form>
2120 </td>
2121
2122 <td width='8%' align='center'>
2123 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2124 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2125 <input type='hidden' name='ID' value='$temp[0]' />
2126 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2127 </form>
2128 </td>
2129 </tr>
2130 END
2131 ;
2132 }
2133
2134 print <<END
2135 </table>
2136 <br>
2137 <table witdh='100%'>
2138 <tr>
2139 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2140 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2141 <td class='base'>$Lang::tr{'edit'}</td>
2142 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2143 <td class='base'>$Lang::tr{'remove'}</td>
2144 </tr>
2145 END
2146 ;
2147 } else {
2148 print <<END
2149 <tr>
2150 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2151 </tr>
2152 END
2153 ;
2154 }
2155
2156 print <<END
2157 </table>
2158 END
2159 ;
2160
2161 &Header::closebox();
2162
2163 }
2164
2165 # ===================================================================
2166
2167 &Header::closebigbox();
2168
2169 &Header::closepage();
2170
2171 # -------------------------------------------------------------------
2172
2173 sub read_acls
2174 {
2175 if (-e "$acl_src_subnets") {
2176 open(FILE,"$acl_src_subnets");
2177 delete $proxysettings{'SRC_SUBNETS'};
2178 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2179 close(FILE);
2180 }
2181 if (-e "$acl_src_banned_ip") {
2182 open(FILE,"$acl_src_banned_ip");
2183 delete $proxysettings{'SRC_BANNED_IP'};
2184 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2185 close(FILE);
2186 }
2187 if (-e "$acl_src_banned_mac") {
2188 open(FILE,"$acl_src_banned_mac");
2189 delete $proxysettings{'SRC_BANNED_MAC'};
2190 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2191 close(FILE);
2192 }
2193 if (-e "$acl_src_unrestricted_ip") {
2194 open(FILE,"$acl_src_unrestricted_ip");
2195 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2196 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2197 close(FILE);
2198 }
2199 if (-e "$acl_src_unrestricted_mac") {
2200 open(FILE,"$acl_src_unrestricted_mac");
2201 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2202 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2203 close(FILE);
2204 }
2205 if (-e "$acl_dst_nocache") {
2206 open(FILE,"$acl_dst_nocache");
2207 delete $proxysettings{'DST_NOCACHE'};
2208 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2209 close(FILE);
2210 }
2211 if (-e "$acl_dst_noauth") {
2212 open(FILE,"$acl_dst_noauth");
2213 delete $proxysettings{'DST_NOAUTH'};
2214 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2215 close(FILE);
2216 }
2217 if (-e "$mimetypes") {
2218 open(FILE,"$mimetypes");
2219 delete $proxysettings{'MIME_TYPES'};
2220 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2221 close(FILE);
2222 }
2223 if (-e "$ntlmdir/msntauth.allowusers") {
2224 open(FILE,"$ntlmdir/msntauth.allowusers");
2225 delete $proxysettings{'NTLM_ALLOW_USERS'};
2226 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2227 close(FILE);
2228 }
2229 if (-e "$ntlmdir/msntauth.denyusers") {
2230 open(FILE,"$ntlmdir/msntauth.denyusers");
2231 delete $proxysettings{'NTLM_DENY_USERS'};
2232 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2233 close(FILE);
2234 }
2235 if (-e "$raddir/radauth.allowusers") {
2236 open(FILE,"$raddir/radauth.allowusers");
2237 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2238 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2239 close(FILE);
2240 }
2241 if (-e "$raddir/radauth.denyusers") {
2242 open(FILE,"$raddir/radauth.denyusers");
2243 delete $proxysettings{'RADIUS_DENY_USERS'};
2244 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2245 close(FILE);
2246 }
2247 if (-e "$identdir/identauth.allowusers") {
2248 open(FILE,"$identdir/identauth.allowusers");
2249 delete $proxysettings{'IDENT_ALLOW_USERS'};
2250 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2251 close(FILE);
2252 }
2253 if (-e "$identdir/identauth.denyusers") {
2254 open(FILE,"$identdir/identauth.denyusers");
2255 delete $proxysettings{'IDENT_DENY_USERS'};
2256 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2257 close(FILE);
2258 }
2259 if (-e "$identhosts") {
2260 open(FILE,"$identhosts");
2261 delete $proxysettings{'IDENT_HOSTS'};
2262 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2263 close(FILE);
2264 }
2265 if (-e "$cre_groups") {
2266 open(FILE,"$cre_groups");
2267 delete $proxysettings{'CRE_GROUPS'};
2268 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2269 close(FILE);
2270 }
2271 if (-e "$cre_svhosts") {
2272 open(FILE,"$cre_svhosts");
2273 delete $proxysettings{'CRE_SVHOSTS'};
2274 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2275 close(FILE);
2276 }
2277 }
2278
2279 # -------------------------------------------------------------------
2280
2281 sub check_acls
2282 {
2283 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2284 undef $proxysettings{'SRC_SUBNETS'};
2285 foreach (@temp)
2286 {
2287 s/^\s+//g; s/\s+$//g;
2288 if ($_)
2289 {
2290 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2291 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2292 }
2293 }
2294
2295 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2296 undef $proxysettings{'SRC_BANNED_IP'};
2297 foreach (@temp)
2298 {
2299 s/^\s+//g; s/\s+$//g;
2300 if ($_)
2301 {
2302 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2303 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2304 }
2305 }
2306
2307 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2308 undef $proxysettings{'SRC_BANNED_MAC'};
2309 foreach (@temp)
2310 {
2311 s/^\s+//g; s/\s+$//g; s/-/:/g;
2312 if ($_)
2313 {
2314 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2315 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2316 }
2317 }
2318
2319 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2320 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2321 foreach (@temp)
2322 {
2323 s/^\s+//g; s/\s+$//g;
2324 if ($_)
2325 {
2326 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2327 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2328 }
2329 }
2330
2331 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2332 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2333 foreach (@temp)
2334 {
2335 s/^\s+//g; s/\s+$//g; s/-/:/g;
2336 if ($_)
2337 {
2338 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2339 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2340 }
2341 }
2342
2343 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2344 {
2345 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2346 undef $proxysettings{'NTLM_ALLOW_USERS'};
2347 foreach (@temp)
2348 {
2349 s/^\s+//g; s/\s+$//g;
2350 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2351 }
2352 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2353 }
2354
2355 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2356 {
2357 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2358 undef $proxysettings{'NTLM_DENY_USERS'};
2359 foreach (@temp)
2360 {
2361 s/^\s+//g; s/\s+$//g;
2362 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2363 }
2364 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2365 }
2366
2367 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2368 {
2369 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2370 undef $proxysettings{'IDENT_ALLOW_USERS'};
2371 foreach (@temp)
2372 {
2373 s/^\s+//g; s/\s+$//g;
2374 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2375 }
2376 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2377 }
2378
2379 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2380 {
2381 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2382 undef $proxysettings{'IDENT_DENY_USERS'};
2383 foreach (@temp)
2384 {
2385 s/^\s+//g; s/\s+$//g;
2386 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2387 }
2388 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2389 }
2390
2391 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2392 {
2393 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2394 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2395 foreach (@temp)
2396 {
2397 s/^\s+//g; s/\s+$//g;
2398 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2399 }
2400 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2401 }
2402
2403 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2404 {
2405 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2406 undef $proxysettings{'RADIUS_DENY_USERS'};
2407 foreach (@temp)
2408 {
2409 s/^\s+//g; s/\s+$//g;
2410 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2411 }
2412 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2413 }
2414
2415 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2416 undef $proxysettings{'IDENT_HOSTS'};
2417 foreach (@temp)
2418 {
2419 s/^\s+//g; s/\s+$//g;
2420 if ($_)
2421 {
2422 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2423 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2424 }
2425 }
2426
2427 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2428 undef $proxysettings{'CRE_SVHOSTS'};
2429 foreach (@temp)
2430 {
2431 s/^\s+//g; s/\s+$//g;
2432 if ($_)
2433 {
2434 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2435 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2436 }
2437 }
2438 }
2439
2440
2441 # -------------------------------------------------------------------
2442
2443 sub write_acls
2444 {
2445 open(FILE, ">$acl_src_subnets");
2446 flock(FILE, 2);
2447 print FILE $proxysettings{'SRC_SUBNETS'};
2448 close(FILE);
2449
2450 open(FILE, ">$acl_src_banned_ip");
2451 flock(FILE, 2);
2452 print FILE $proxysettings{'SRC_BANNED_IP'};
2453 close(FILE);
2454
2455 open(FILE, ">$acl_src_banned_mac");
2456 flock(FILE, 2);
2457 print FILE $proxysettings{'SRC_BANNED_MAC'};
2458 close(FILE);
2459
2460 open(FILE, ">$acl_src_unrestricted_ip");
2461 flock(FILE, 2);
2462 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2463 close(FILE);
2464
2465 open(FILE, ">$acl_src_unrestricted_mac");
2466 flock(FILE, 2);
2467 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2468 close(FILE);
2469
2470 open(FILE, ">$acl_dst_nocache");
2471 flock(FILE, 2);
2472 print FILE $proxysettings{'DST_NOCACHE'};
2473 close(FILE);
2474
2475 open(FILE, ">$acl_dst_noauth");
2476 flock(FILE, 2);
2477 print FILE $proxysettings{'DST_NOAUTH'};
2478 close(FILE);
2479
2480 open(FILE, ">$acl_dst_throttle");
2481 flock(FILE, 2);
2482 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2483 {
2484 @temp = split(/\|/,$throttle_binary);
2485 foreach (@temp) { print FILE "\\.$_\$\n"; }
2486 }
2487 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2488 {
2489 @temp = split(/\|/,$throttle_dskimg);
2490 foreach (@temp) { print FILE "\\.$_\$\n"; }
2491 }
2492 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2493 {
2494 @temp = split(/\|/,$throttle_mmedia);
2495 foreach (@temp) { print FILE "\\.$_\$\n"; }
2496 }
2497 if (-s $throttled_urls)
2498 {
2499 open(URLFILE, $throttled_urls);
2500 @temp = <URLFILE>;
2501 close(URLFILE);
2502 foreach (@temp) { print FILE; }
2503 }
2504 close(FILE);
2505
2506 open(FILE, ">$mimetypes");
2507 flock(FILE, 2);
2508 print FILE $proxysettings{'MIME_TYPES'};
2509 close(FILE);
2510
2511 open(FILE, ">$ntlmdir/msntauth.allowusers");
2512 flock(FILE, 2);
2513 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2514 close(FILE);
2515
2516 open(FILE, ">$ntlmdir/msntauth.denyusers");
2517 flock(FILE, 2);
2518 print FILE $proxysettings{'NTLM_DENY_USERS'};
2519 close(FILE);
2520
2521 open(FILE, ">$raddir/radauth.allowusers");
2522 flock(FILE, 2);
2523 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2524 close(FILE);
2525
2526 open(FILE, ">$raddir/radauth.denyusers");
2527 flock(FILE, 2);
2528 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2529 close(FILE);
2530
2531 open(FILE, ">$identdir/identauth.allowusers");
2532 flock(FILE, 2);
2533 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2534 close(FILE);
2535
2536 open(FILE, ">$identdir/identauth.denyusers");
2537 flock(FILE, 2);
2538 print FILE $proxysettings{'IDENT_DENY_USERS'};
2539 close(FILE);
2540
2541 open(FILE, ">$identhosts");
2542 flock(FILE, 2);
2543 print FILE $proxysettings{'IDENT_HOSTS'};
2544 close(FILE);
2545
2546 open(FILE, ">$cre_groups");
2547 flock(FILE, 2);
2548 print FILE $proxysettings{'CRE_GROUPS'};
2549 close(FILE);
2550
2551 open(FILE, ">$cre_svhosts");
2552 flock(FILE, 2);
2553 print FILE $proxysettings{'CRE_SVHOSTS'};
2554 close(FILE);
2555 }
2556
2557 # -------------------------------------------------------------------
2558
2559 sub writepacfile
2560 {
2561 open(FILE, ">/home/httpd/html/proxy.pac");
2562 flock(FILE, 2);
2563 print FILE "function FindProxyForURL(url, host)\n";
2564 print FILE "{\n";
2565 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2566 {
2567 print FILE <<END
2568 if (
2569 (isPlainHostName(host)) ||
2570 (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
2571 (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
2572 (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
2573 (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
2574 (isInNet(host, "192.168.0.0", "255.255.0.0"))
2575 )
2576 return "DIRECT";
2577
2578 else
2579
2580 END
2581 ;
2582 if ($proxysettings{'ENABLE'} eq 'on')
2583 {
2584 print FILE <<END
2585 if (
2586 (isInNet(myIpAddress(), "$netsettings{'GREEN_NETADDRESS'}", "$netsettings{'GREEN_NETMASK'}"))
2587 )
2588 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2589 END
2590 ;
2591 }
2592 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2593 {
2594 print FILE "\n else\n\n";
2595 }
2596 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2597 {
2598 print FILE <<END
2599 if (
2600 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2601 )
2602 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2603 END
2604 ;
2605 }
2606 }
2607 print FILE "}\n";
2608 close(FILE);
2609 }
2610
2611 # -------------------------------------------------------------------
2612
2613 sub writeconfig
2614 {
2615 my $authrealm;
2616 my $delaypools;
2617
2618 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2619 $proxysettings{'THROTTLING_GREEN_HOST'} +
2620 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2621 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2622 {
2623 $delaypools = 1; } else { $delaypools = 0;
2624 }
2625
2626 if ($proxysettings{'AUTH_REALM'} eq '')
2627 {
2628 $authrealm = "IPFire Advanced Proxy Server";
2629 } else {
2630 $authrealm = $proxysettings{'AUTH_REALM'};
2631 }
2632
2633 $_ = $proxysettings{'UPSTREAM_PROXY'};
2634 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
2635
2636 if ($remoteport eq '') { $remoteport = 80; }
2637
2638 open(FILE, ">${General::swroot}/proxy/squid.conf");
2639 flock(FILE, 2);
2640 print FILE <<END
2641 shutdown_lifetime 5 seconds
2642 icp_port 0
2643
2644 http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}
2645 END
2646 ;
2647 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2648 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
2649 }
2650
2651 print FILE <<END
2652
2653 acl QUERY urlpath_regex cgi-bin \\?
2654 no_cache deny QUERY
2655 END
2656 ;
2657 if (!-z $acl_dst_nocache) {
2658 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
2659 print FILE "no_cache deny no_cache_domains\n";
2660 }
2661
2662 print FILE <<END
2663
2664 cache_effective_user squid
2665 cache_effective_group squid
2666
2667 pid_filename /var/run/squid.pid
2668
2669 cache_mem $proxysettings{'CACHE_MEM'} MB
2670 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
2671
2672 error_directory /usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}
2673
2674 END
2675 ;
2676
2677 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
2678
2679 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
2680 {
2681 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
2682 {
2683 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
2684 }
2685 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
2686 {
2687 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
2688 }
2689 print FILE "\n";
2690 }
2691
2692 if ($proxysettings{'LOGGING'} eq 'on')
2693 {
2694 print FILE <<END
2695 cache_access_log /var/log/squid/access.log
2696 cache_log /var/log/squid/cache.log
2697 cache_store_log none
2698 END
2699 ;
2700 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
2701 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
2702 } else {
2703 print FILE <<END
2704 cache_access_log /dev/null
2705 cache_log /dev/null
2706 cache_store_log none
2707 END
2708 ;}
2709 print FILE <<END
2710
2711 log_mime_hdrs off
2712 END
2713 ;
2714
2715 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
2716 {
2717 print FILE "forwarded_for on\n\n";
2718 } else {
2719 print FILE "forwarded_for off\n\n";
2720 }
2721
2722 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
2723 {
2724 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2725 {
2726 print FILE "auth_param basic program $libexecdir/ncsa_auth $userdb\n";
2727 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2728 print FILE "auth_param basic realm $authrealm\n";
2729 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2730 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2731 }
2732
2733 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
2734 {
2735 print FILE "auth_param basic program $libexecdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
2736 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
2737 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
2738 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
2739 {
2740 if ($proxysettings{'LDAP_GROUP'} eq '')
2741 {
2742 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
2743 } else {
2744 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2745 }
2746 print FILE " -u sAMAccountName -P";
2747 }
2748 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
2749 {
2750 if ($proxysettings{'LDAP_GROUP'} eq '')
2751 {
2752 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
2753 } else {
2754 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
2755 }
2756 print FILE " -u cn -P";
2757 }
2758 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
2759 {
2760 if ($proxysettings{'LDAP_GROUP'} eq '')
2761 {
2762 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
2763 } else {
2764 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2765 }
2766 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
2767 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
2768 print FILE " -u uid -P";
2769 }
2770 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
2771 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2772 print FILE "auth_param basic realm $authrealm\n";
2773 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2774 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2775 }
2776
2777 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
2778 {
2779 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
2780 {
2781 print FILE "auth_param ntlm program $libexecdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
2782 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
2783 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
2784 print FILE "auth_param ntlm max_challenge_reuses 0\n";
2785 print FILE "auth_param ntlm max_challenge_lifetime 2 minutes\n";
2786 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2787 } else {
2788 print FILE "auth_param basic program $libexecdir/msnt_auth\n";
2789 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2790 print FILE "auth_param basic realm $authrealm\n";
2791 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2792 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2793
2794 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
2795 flock(MSNTCONF,2);
2796 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
2797 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
2798 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
2799 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
2800 {
2801 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
2802 {
2803 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
2804 } else {
2805 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
2806 }
2807 }
2808 close(MSNTCONF);
2809 }
2810 }
2811
2812 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
2813 {
2814 print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
2815 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
2816 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
2817 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2818 print FILE "auth_param basic realm $authrealm\n";
2819 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2820 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2821 }
2822
2823 print FILE "\n";
2824 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
2825 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
2826 {
2827 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2828 {
2829 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
2830 }
2831 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2832 {
2833 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
2834 }
2835 }
2836 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
2837 {
2838 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2839 {
2840 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
2841 }
2842 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2843 {
2844 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
2845 }
2846 }
2847 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2848 {
2849 print FILE "\n";
2850 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
2851 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
2852 }
2853 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
2854 print FILE "\n";
2855
2856 if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; }
2857 }
2858
2859 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2860 {
2861 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
2862 {
2863 print FILE "acl for_inetusers ident REQUIRED\n";
2864 }
2865 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
2866 {
2867 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2868 {
2869 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
2870 }
2871 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2872 {
2873 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
2874 }
2875 }
2876 }
2877
2878 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
2879
2880 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
2881
2882 print FILE "acl within_timeframe time ";
2883 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
2884 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
2885 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
2886 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
2887 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
2888 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
2889 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
2890 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
2891 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
2892 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
2893 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
2894
2895 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
2896 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
2897 }
2898
2899 print FILE <<END
2900 acl all src 0.0.0.0/0.0.0.0
2901 acl localhost src 127.0.0.1/255.255.255.255
2902 acl SSL_ports port 443 563
2903 acl Safe_ports port 80 # http
2904 acl Safe_ports port 21 # ftp
2905 acl Safe_ports port 443 563 # https, snews
2906 acl Safe_ports port 70 # gopher
2907 acl Safe_ports port 210 # wais
2908 acl Safe_ports port 1025-65535 # unregistered ports
2909 acl Safe_ports port 280 # http-mgmt
2910 acl Safe_ports port 488 # gss-http
2911 acl Safe_ports port 591 # filemaker
2912 acl Safe_ports port 777 # multiling http
2913 acl Safe_ports port 800 # Squids port (for icons)
2914
2915 acl IPCop_http port 81
2916 acl IPCop_https port 445
2917 acl IPCop_ips dst $netsettings{'GREEN_ADDRESS'}
2918 acl IPCop_networks src "$acl_src_subnets"
2919 acl IPCop_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
2920 END
2921 ;
2922 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
2923 if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips src \"$acl_src_banned_ip\"\n"; }
2924 if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac arp \"$acl_src_banned_mac\"\n"; }
2925 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
2926 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
2927 print FILE <<END
2928 acl CONNECT method CONNECT
2929 END
2930 ;
2931
2932 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
2933 print FILE <<END
2934
2935 #Classroom extensions
2936 acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
2937 acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
2938 END
2939 ;
2940 print FILE "deny_info ";
2941 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2942 print FILE "ERR_ACCESS_DISABLED";
2943 } else { print FILE "ERR_ACCESS_DENIED"; }
2944 print FILE " IPCop_no_access_ips\n";
2945 print FILE "deny_info ";
2946 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2947 print FILE "ERR_ACCESS_DISABLED";
2948 } else { print FILE "ERR_ACCESS_DENIED"; }
2949 print FILE " IPCop_no_access_mac\n";
2950
2951 print FILE <<END
2952 http_access deny IPCop_no_access_ips
2953 http_access deny IPCop_no_access_mac
2954 END
2955 ;
2956 }
2957
2958 #Insert acl file and replace __VAR__ with correct values
2959 my $blue_net = ''; #BLUE empty by default
2960 my $blue_ip = '';
2961 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2962 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
2963 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
2964 }
2965 if (!-z $acl_include)
2966 {
2967 open (ACL, "$acl_include");
2968 print FILE "\n#Start of custom includes\n";
2969 while (<ACL>) {
2970 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
2971 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
2972 $_ =~ s/__BLUE_IP__/$blue_ip/;
2973 $_ =~ s/__BLUE_NET__/$blue_net/;
2974 print FILE $_;
2975 }
2976 print FILE "#End of custom includes\n";
2977 close (ACL);
2978 }
2979 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
2980 print FILE <<END
2981
2982 #Access to squid:
2983 #local machine, no restriction
2984 http_access allow localhost
2985
2986 #GUI admin if local machine connects
2987 http_access allow IPCop_ips IPCop_networks IPCop_http
2988 http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
2989
2990 #Deny not web services
2991 http_access deny !Safe_ports
2992 http_access deny CONNECT !SSL_ports
2993
2994 END
2995 ;
2996
2997 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2998 {
2999 print FILE "#Set ident ACLs\n";
3000 if (!-z $identhosts)
3001 {
3002 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3003 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3004 print FILE "ident_lookup_access deny all\n";
3005 } else {
3006 print FILE "ident_lookup_access allow all\n";
3007 }
3008 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3009 }
3010
3011 if ($delaypools) {
3012 print FILE "#Set download throttling\n";
3013
3014 if ($netsettings{'BLUE_DEV'})
3015 {
3016 print FILE "delay_pools 2\n";
3017 } else {
3018 print FILE "delay_pools 1\n";
3019 }
3020
3021 print FILE "delay_class 1 3\n";
3022 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3023
3024 print FILE "delay_parameters 1 ";
3025 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3026 {
3027 print FILE "-1/-1";
3028 } else {
3029 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3030 print FILE "/";
3031 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3032 }
3033
3034 print FILE " -1/-1 ";
3035 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3036 {
3037 print FILE "-1/-1";
3038 } else {
3039 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3040 print FILE "/";
3041 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3042 }
3043 print FILE "\n";
3044
3045 if ($netsettings{'BLUE_DEV'})
3046 {
3047 print FILE "delay_parameters 2 ";
3048 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3049 {
3050 print FILE "-1/-1";
3051 } else {
3052 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3053 print FILE "/";
3054 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3055 }
3056 print FILE " -1/-1 ";
3057 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3058 {
3059 print FILE "-1/-1";
3060 } else {
3061 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3062 print FILE "/";
3063 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3064 }
3065 print FILE "\n";
3066 }
3067
3068 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
3069 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
3070 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3071
3072 if ($netsettings{'BLUE_DEV'})
3073 {
3074 print FILE "delay_access 1 allow IPCop_green_network";
3075 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3076 print FILE "\n";
3077 print FILE "delay_access 1 deny all\n";
3078 } else {
3079 print FILE "delay_access 1 allow all";
3080 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3081 print FILE "\n";
3082 }
3083
3084 if ($netsettings{'BLUE_DEV'})
3085 {
3086 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
3087 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
3088 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3089 print FILE "delay_access 2 allow IPCop_blue_network";
3090 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3091 print FILE "\n";
3092 print FILE "delay_access 2 deny all\n";
3093 }
3094
3095 print FILE "delay_initial_bucket_level 100%\n";
3096 print FILE "\n";
3097 }
3098 print FILE <<END
3099 #Set custom configured ACLs
3100 END
3101 ;
3102 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPCop_banned_ips\n"; }
3103 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPCop_banned_mac\n"; }
3104
3105 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3106 {
3107 if (!-z $acl_src_unrestricted_ip)
3108 {
3109 print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
3110 }
3111 if (!-z $acl_src_unrestricted_mac)
3112 {
3113 print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
3114 }
3115 print FILE "http_access allow IPCop_networks";
3116 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3117 print FILE " !within_timeframe";
3118 } else {
3119 print FILE " within_timeframe"; }
3120 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3121 print FILE " to_domains_without_auth\n";
3122 }
3123
3124 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3125 {
3126 print FILE "http_access deny !for_inetusers";
3127 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3128 print FILE "\n";
3129 }
3130
3131 if (
3132 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3133 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3134 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3135 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3136 (!-z "$identdir/identauth.denyusers")
3137 )
3138 {
3139 print FILE "http_access deny for_acl_users";
3140 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3141 print FILE "\n";
3142 }
3143
3144 if (!-z $acl_src_unrestricted_ip)
3145 {
3146 print FILE "http_access allow IPCop_unrestricted_ips";
3147 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3148 {
3149 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3150 {
3151 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3152 }
3153 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3154 {
3155 print FILE " for_inetusers";
3156 }
3157 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3158 {
3159 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3160 {
3161 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3162 {
3163 print FILE " for_acl_users";
3164 }
3165 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3166 {
3167 print FILE " !for_acl_users";
3168 }
3169 } else { print FILE " for_inetusers"; }
3170 }
3171 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3172 {
3173 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3174 {
3175 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3176 {
3177 print FILE " for_acl_users";
3178 }
3179 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3180 {
3181 print FILE " !for_acl_users";
3182 }
3183 } else { print FILE " for_inetusers"; }
3184 }
3185 }
3186 print FILE "\n";
3187 }
3188
3189 if (!-z $acl_src_unrestricted_mac)
3190 {
3191 print FILE "http_access allow IPCop_unrestricted_mac";
3192 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3193 {
3194 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3195 {
3196 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3197 }
3198 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3199 {
3200 print FILE " for_inetusers";
3201 }
3202 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3203 {
3204 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3205 {
3206 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3207 {
3208 print FILE " for_acl_users";
3209 }
3210 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3211 {
3212 print FILE " !for_acl_users";
3213 }
3214 } else { print FILE " for_inetusers"; }
3215 }
3216 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3217 {
3218 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3219 {
3220 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3221 {
3222 print FILE " for_acl_users";
3223 }
3224 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3225 {
3226 print FILE " !for_acl_users";
3227 }
3228 } else { print FILE " for_inetusers"; }
3229 }
3230 }
3231 print FILE "\n";
3232 }
3233
3234 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3235 {
3236 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3237 if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
3238 }
3239
3240 if (
3241 (
3242 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3243 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3244 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3245 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3246 (!-z "$ntlmdir/msntauth.denyusers")
3247 )
3248 ||
3249 (
3250 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3251 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3252 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3253 (!-z "$raddir/radauth.denyusers")
3254 )
3255 ||
3256 (
3257 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3258 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3259 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3260 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3261 (!-z "$identdir/identauth.denyusers")
3262 )
3263 )
3264 {
3265 print FILE "http_access deny for_acl_users";
3266 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3267 print FILE "\n";
3268 }
3269
3270 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3271 {
3272 print FILE "http_access allow";
3273 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3274 print FILE " !within_timeframe";
3275 } else {
3276 print FILE " within_timeframe"; }
3277 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3278 print FILE " !on_ident_aware_hosts\n";
3279 }
3280
3281 print FILE "http_access allow IPCop_networks";
3282 if (
3283 (
3284 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3285 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3286 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3287 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3288 (!-z "$ntlmdir/msntauth.allowusers")
3289 )
3290 ||
3291 (
3292 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3293 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3294 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3295 (!-z "$raddir/radauth.allowusers")
3296 )
3297 ||
3298 (
3299 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3300 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3301 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3302 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3303 (!-z "$identdir/identauth.allowusers")
3304 )
3305 )
3306 {
3307 print FILE " for_acl_users";
3308 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3309 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3310 print FILE " for_inetusers";
3311 }
3312 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3313 {
3314 print FILE " !concurrent";
3315 }
3316 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3317 print FILE " !within_timeframe";
3318 } else {
3319 print FILE " within_timeframe"; }
3320 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3321 print FILE "\n";
3322
3323 print FILE "http_access deny all\n\n";
3324
3325 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3326 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3327 {
3328 print FILE "#Strip HTTP Header\n";
3329
3330 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3331 {
3332 print FILE "header_access X-Forwarded-For deny all\n";
3333 }
3334 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3335 {
3336 print FILE "header_access Via deny all\n";
3337 }
3338 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3339 {
3340 print FILE "header_access User-Agent deny all\n";
3341 }
3342 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3343 {
3344 print FILE "header_access Referer deny all\n";
3345 }
3346
3347 print FILE "\n";
3348
3349 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3350 {
3351 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3352 {
3353 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3354 }
3355 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3356 {
3357 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3358 }
3359 print FILE "\n";
3360 }
3361 }
3362
3363 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3364 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
3365 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
3366 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3367 {
3368 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3369 }
3370 print FILE "http_reply_access deny blocked_mimetypes\n";
3371 print FILE "http_reply_access allow all\n\n";
3372 }
3373
3374 print FILE <<END
3375 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3376 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3377
3378 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3379 END
3380 ;
3381 $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
3382 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3383 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
3384 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
3385 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3386 {
3387 if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
3388 }
3389 }
3390 print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
3391
3392 print FILE "visible_hostname";
3393 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3394 {
3395 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3396 } else {
3397 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3398 }
3399
3400 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
3401
3402 # Write the parent proxy info, if needed.
3403 if ($remotehost ne '')
3404 {
3405 # Enter authentication for the parent cache (format is login=user:password)
3406 if ($proxy1 eq 'YES') {
3407 print FILE <<END
3408 cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query
3409
3410 END
3411 ;
3412 } else {
3413 # Not using authentication with the parent cache
3414 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3415 if ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3416 print FILE "\n";
3417 }
3418 print FILE "never_direct allow all\n\n";
3419 }
3420 if ($urlfilter_addon) {
3421 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
3422 {
3423 print FILE <<END
3424 redirect_program /usr/bin/squidGuard
3425 redirect_children $filtersettings{'CHILDREN'}
3426
3427 END
3428 ;
3429 }
3430 }
3431 if ($updacclrtr_addon) {
3432 if ($proxysettings{'ENABLE_UPDACCEL'} eq 'on')
3433 {
3434 print FILE <<END
3435 redirect_program /usr/local/bin/updacclrtr
3436 redirect_children $updaccsettings{'ACCELERATORS'}
3437
3438 END
3439 ;
3440 }
3441 }
3442 if (($proxysettings{'TRANSPARENT'} eq 'on') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))
3443 {
3444 print FILE <<END
3445 httpd_accel_host virtual
3446 httpd_accel_port 80
3447 httpd_accel_with_proxy on
3448 httpd_accel_uses_host_header on
3449 END
3450 ;
3451 }
3452 close FILE;
3453 }
3454
3455 # -------------------------------------------------------------------
3456
3457 sub adduser
3458 {
3459 my ($str_user, $str_pass, $str_group) = @_;
3460 my @groupmembers=();
3461
3462 if ($str_pass eq 'lEaVeAlOnE')
3463 {
3464 open(FILE, "$userdb");
3465 @groupmembers = <FILE>;
3466 close(FILE);
3467 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3468 &deluser($str_user);
3469 open(FILE, ">>$userdb");
3470 flock FILE,2;
3471 print FILE "$str_user$str_pass";
3472 close(FILE);
3473 } else {
3474 &deluser($str_user);
3475 system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
3476 }
3477
3478 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3479 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3480 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3481 flock FILE, 2;
3482 print FILE "$str_user\n";
3483 close(FILE);
3484
3485 return;
3486 }
3487
3488 # -------------------------------------------------------------------
3489
3490 sub deluser
3491 {
3492 my ($str_user) = @_;
3493 my $groupfile='';
3494 my @groupmembers=();
3495 my @templist=();
3496
3497 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3498 {
3499 undef @templist;
3500 open(FILE, "$groupfile");
3501 @groupmembers = <FILE>;
3502 close(FILE);
3503 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3504 open(FILE, ">$groupfile");
3505 flock FILE, 2;
3506 print FILE @templist;
3507 close(FILE);
3508 }
3509
3510 undef @templist;
3511 open(FILE, "$userdb");
3512 @groupmembers = <FILE>;
3513 close(FILE);
3514 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3515 open(FILE, ">$userdb");
3516 flock FILE, 2;
3517 print FILE @templist;
3518 close(FILE);
3519
3520 return;
3521 }
3522
3523 # -------------------------------------------------------------------
IPFire 2.x development tree