proxy: Drop NTLM authentication
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 #                                                                             #
4 # IPFire.org - A linux based firewall                                         #
5 # Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
6 #                                                                             #
7 # This program is free software: you can redistribute it and/or modify        #
8 # it under the terms of the GNU General Public License as published by        #
9 # the Free Software Foundation, either version 3 of the License, or           #
10 # (at your option) any later version.                                         #
11 #                                                                             #
12 # This program is distributed in the hope that it will be useful,             #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
15 # GNU General Public License for more details.                                #
16 #                                                                             #
17 # You should have received a copy of the GNU General Public License           #
18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
19 #                                                                             #
20 ###############################################################################
21 #
22 # (c) 2004-2009 marco.s - http://www.advproxy.net
23 #
24 # This code is distributed under the terms of the GPL
25 #
26 # $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $
27 #
28
29 use strict;
30 use Apache::Htpasswd;
31
32 # enable only the following on debugging purpose
33 #use warnings;
34 #use CGI::Carp 'fatalsToBrowser';
35
36 require '/var/ipfire/general-functions.pl';
37 require "${General::swroot}/lang.pl";
38 require "${General::swroot}/header.pl";
39
40 my @squidversion = `/usr/sbin/squid -v`;
41 my $http_port='81';
42 my $https_port='444';
43
44 my %color = ();
45 my %mainsettings = ();
46 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
47 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
48
49 my %proxysettings=();
50 my %netsettings=();
51 my %filtersettings=();
52 my %xlratorsettings=();
53 my %stdproxysettings=();
54 my %mainsettings=();
55
56 my %checked=();
57 my %selected=();
58
59 my @throttle_limits=(64,128,256,384,512,768,1024,1280,1536,1792,2048,2560,3072,3584,4096,5120,6144,7168,8192,10240,12288,16384,20480);
60 my $throttle_binary="7z|arj|bin|bz2|cab|exe|gz|lzh|rar|sea|tar|tgz|xz|zip";
61 my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi|vmdk";
62 my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|ogg|qt|ra?m|ts|vob";
63
64 my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
65 my $def_ports_ssl="443 # https\n563 # snews\n";
66
67 my @useragent=();
68 my @useragentlist=();
69
70 my $hintcolour='#FFFFCC';
71 my $ncsa_buttontext='';
72 my $language='';
73 my $i=0;
74 my $n=0;
75 my $id=0;
76 my $line='';
77 my $user='';
78 my @userlist=();
79 my @grouplist=();
80 my @temp=();
81 my @templist=();
82
83 my $cachemem=0;
84 my $proxy1='';
85 my $proxy2='';
86 my $browser_regexp='';
87 my $needhup = 0;
88 my $errormessage='';
89
90 my $acldir   = "${General::swroot}/proxy/advanced/acls";
91 my $ncsadir  = "${General::swroot}/proxy/advanced/ncsa";
92 my $raddir   = "${General::swroot}/proxy/advanced/radius";
93 my $identdir = "${General::swroot}/proxy/advanced/ident";
94 my $credir   = "${General::swroot}/proxy/advanced/cre";
95
96 my $userdb = "$ncsadir/passwd";
97 my $stdgrp = "$ncsadir/standard.grp";
98 my $extgrp = "$ncsadir/extended.grp";
99 my $disgrp = "$ncsadir/disabled.grp";
100
101 my $browserdb = "${General::swroot}/proxy/advanced/useragents";
102 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
103 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
104
105 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
106 my $cre_groups  = "${General::swroot}/proxy/advanced/cre/classrooms";
107 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
108
109 my $identhosts = "$identdir/hosts";
110
111 my $authdir  = "/usr/lib/squid/";
112 my $errordir = "/usr/lib/squid/errors";
113
114 my $acl_src_subnets = "$acldir/src_subnets.acl";
115 my $acl_src_banned_ip  = "$acldir/src_banned_ip.acl";
116 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
117 my $acl_src_unrestricted_ip  = "$acldir/src_unrestricted_ip.acl";
118 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
119 my $acl_src_noaccess_ip  = "$acldir/src_noaccess_ip.acl";
120 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
121 my $acl_dst_noauth   = "$acldir/dst_noauth.acl";
122 my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
123 my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
124 my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
125 my $acl_dst_nocache  = "$acldir/dst_nocache.acl";
126 my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
127 my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
128 my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
129 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
130 my $acl_ports_safe = "$acldir/ports_safe.acl";
131 my $acl_ports_ssl  = "$acldir/ports_ssl.acl";
132 my $acl_include = "$acldir/include.acl";
133
134 my $updaccelversion  = 'n/a';
135 my $urlfilterversion = 'n/a';
136
137 unless (-d "$acldir")   { mkdir("$acldir"); }
138 unless (-d "$ncsadir")  { mkdir("$ncsadir"); }
139 unless (-d "$raddir")   { mkdir("$raddir"); }
140 unless (-d "$identdir") { mkdir("$identdir"); }
141 unless (-d "$credir")   { mkdir("$credir"); }
142
143 unless (-e $cre_groups)  { system("touch $cre_groups"); }
144 unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
145
146 unless (-e $userdb) { system("touch $userdb"); }
147 unless (-e $stdgrp) { system("touch $stdgrp"); }
148 unless (-e $extgrp) { system("touch $extgrp"); }
149 unless (-e $disgrp) { system("touch $disgrp"); }
150
151 unless (-e $acl_src_subnets)    { system("touch $acl_src_subnets"); }
152 unless (-e $acl_src_banned_ip)  { system("touch $acl_src_banned_ip"); }
153 unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
154 unless (-e $acl_src_unrestricted_ip)  { system("touch $acl_src_unrestricted_ip"); }
155 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
156 unless (-e $acl_src_noaccess_ip)  { system("touch $acl_src_noaccess_ip"); }
157 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
158 unless (-e $acl_dst_noauth)     { system("touch $acl_dst_noauth"); }
159 unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
160 unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
161 unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
162 unless (-e $acl_dst_nocache)     { system("touch $acl_dst_nocache"); }
163 unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
164 unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
165 unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
166 unless (-e $acl_dst_throttle)  { system("touch $acl_dst_throttle"); }
167 unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
168 unless (-e $acl_ports_ssl)  { system("touch $acl_ports_ssl"); }
169 unless (-e $acl_include) { system("touch $acl_include"); }
170
171 unless (-e $browserdb) { system("touch $browserdb"); }
172 unless (-e $mimetypes) { system("touch $mimetypes"); }
173
174 my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
175
176 open FILE, $browserdb;
177 @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
178 close(FILE);
179
180 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
181 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
182
183 my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
184 my $blue_cidr = "";
185 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
186         $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
187 }
188
189 &Header::showhttpheaders();
190
191 $proxysettings{'ACTION'} = '';
192 $proxysettings{'VALID'} = '';
193
194 $proxysettings{'ENABLE'} = 'off';
195 $proxysettings{'ENABLE_BLUE'} = 'off';
196 $proxysettings{'TRANSPARENT'} = 'off';
197 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
198 $proxysettings{'PROXY_PORT'} = '800';
199 $proxysettings{'TRANSPARENT_PORT'} = '3128';
200 $proxysettings{'VISIBLE_HOSTNAME'} = '';
201 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
202 $proxysettings{'ADMIN_PASSWORD'} = '';
203 $proxysettings{'ERR_LANGUAGE'} = 'German';
204 $proxysettings{'ERR_DESIGN'} = 'ipfire';
205 $proxysettings{'SUPPRESS_VERSION'} = 'off';
206 $proxysettings{'FORWARD_VIA'} = 'off';
207 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
208 $proxysettings{'FORWARD_USERNAME'} = 'off';
209 $proxysettings{'NO_CONNECTION_AUTH'} = 'off';
210 $proxysettings{'UPSTREAM_PROXY'} = '';
211 $proxysettings{'UPSTREAM_USER'} = '';
212 $proxysettings{'UPSTREAM_PASSWORD'} = '';
213 $proxysettings{'LOGGING'} = 'off';
214 $proxysettings{'CACHEMGR'} = 'off';
215 $proxysettings{'LOGQUERY'} = 'off';
216 $proxysettings{'LOGUSERAGENT'} = 'off';
217 $proxysettings{'FILEDESCRIPTORS'} = '16384';
218 $proxysettings{'CACHE_MEM'} = '2';
219 $proxysettings{'CACHE_SIZE'} = '50';
220 $proxysettings{'MAX_SIZE'} = '4096';
221 $proxysettings{'MIN_SIZE'} = '0';
222 $proxysettings{'MEM_POLICY'} = 'LRU';
223 $proxysettings{'CACHE_POLICY'} = 'LRU';
224 $proxysettings{'L1_DIRS'} = '16';
225 $proxysettings{'OFFLINE_MODE'} = 'off';
226 $proxysettings{'CACHE_DIGESTS'} = 'off';
227 $proxysettings{'CLASSROOM_EXT'} = 'off';
228 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
229 $proxysettings{'NO_PROXY_LOCAL'} = 'off';
230 $proxysettings{'NO_PROXY_LOCAL_BLUE'} = 'off';
231 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
232 $proxysettings{'TIME_FROM_HOUR'} = '00';
233 $proxysettings{'TIME_FROM_MINUTE'} = '00';
234 $proxysettings{'TIME_TO_HOUR'} = '24';
235 $proxysettings{'TIME_TO_MINUTE'} = '00';
236 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
237 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
238 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
239 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
240 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
241 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
242 $proxysettings{'THROTTLE_BINARY'} = 'off';
243 $proxysettings{'THROTTLE_DSKIMG'} = 'off';
244 $proxysettings{'THROTTLE_MMEDIA'} = 'off';
245 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
246 $proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
247 $proxysettings{'FAKE_USERAGENT'} = '';
248 $proxysettings{'FAKE_REFERER'} = '';
249 $proxysettings{'AUTH_METHOD'} = 'none';
250 $proxysettings{'AUTH_REALM'} = '';
251 $proxysettings{'AUTH_MAX_USERIP'} = '';
252 $proxysettings{'AUTH_CACHE_TTL'} = '60';
253 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
254 $proxysettings{'AUTH_CHILDREN'} = '5';
255 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
256 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
257 $proxysettings{'NCSA_USERNAME'} = '';
258 $proxysettings{'NCSA_GROUP'} = '';
259 $proxysettings{'NCSA_PASS'} = '';
260 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
261 $proxysettings{'LDAP_BASEDN'} = '';
262 $proxysettings{'LDAP_TYPE'} = 'ADS';
263 $proxysettings{'LDAP_SERVER'} = '';
264 $proxysettings{'LDAP_PORT'} = '389';
265 $proxysettings{'LDAP_BINDDN_USER'} = '';
266 $proxysettings{'LDAP_BINDDN_PASS'} = '';
267 $proxysettings{'LDAP_GROUP'} = '';
268 $proxysettings{'NTLM_AUTH_GROUP'} = '';
269 $proxysettings{'NTLM_AUTH_BASIC'} = 'off';
270 $proxysettings{'NTLM_DOMAIN'} = '';
271 $proxysettings{'NTLM_PDC'} = '';
272 $proxysettings{'NTLM_BDC'} = '';
273 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
274 $proxysettings{'NTLM_USER_ACL'} = 'positive';
275 $proxysettings{'RADIUS_SERVER'} = '';
276 $proxysettings{'RADIUS_PORT'} = '1812';
277 $proxysettings{'RADIUS_IDENTIFIER'} = '';
278 $proxysettings{'RADIUS_SECRET'} = '';
279 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
280 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
281 $proxysettings{'IDENT_REQUIRED'} = 'off';
282 $proxysettings{'IDENT_TIMEOUT'} = '10';
283 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
284 $proxysettings{'IDENT_USER_ACL'} = 'positive';
285 $proxysettings{'ENABLE_FILTER'} = 'off';
286 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
287 $proxysettings{'ENABLE_CLAMAV'} = 'off';
288
289 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
290
291 &Header::getcgihash(\%proxysettings);
292
293 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
294 if ($proxysettings{'THROTTLING_GREEN_HOST'}  eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'}  = 'unlimited';}
295 if ($proxysettings{'THROTTLING_BLUE_TOTAL'}  eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'}  = 'unlimited';}
296 if ($proxysettings{'THROTTLING_BLUE_HOST'}   eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'}   = 'unlimited';}
297
298 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
299 {
300         $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
301 }
302
303 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
304 {
305         $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
306         if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
307                 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
308         }
309         if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
310                 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
311         }
312         if ($proxysettings{'NCSA_USERNAME'} eq '') {
313                 $errormessage = $Lang::tr{'advproxy errmsg no username'};
314         }
315         if (!$errormessage) {
316                 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
317                 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
318         }
319         $proxysettings{'NCSA_USERNAME'} = '';
320         $proxysettings{'NCSA_GROUP'} = '';
321         $proxysettings{'NCSA_PASS'} = '';
322         $proxysettings{'NCSA_PASS_CONFIRM'} = '';
323 }
324
325 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
326 {
327         $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
328         &deluser($proxysettings{'ID'});
329 }
330
331 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
332 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
333 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
334
335 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
336 {
337         $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
338         $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
339         @temp = split(/:/,$proxysettings{'ID'});
340         $proxysettings{'NCSA_USERNAME'} = $temp[0];
341         $proxysettings{'NCSA_GROUP'} = $temp[1];
342         $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
343         $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
344 }
345
346 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
347 {
348         if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
349             $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
350             $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
351             $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
352                 $errormessage = $Lang::tr{'invalid input'};
353                 goto ERROR;
354         }
355         if($proxysettings{'CACHE_MEM'} > $proxysettings{'CACHE_SIZE'} && $proxysettings{'CACHE_SIZE'} > 0){
356                 $errormessage = $Lang::tr{'advproxy errmsg cache'}." ".$proxysettings{'CACHE_MEM'}." > ".$proxysettings{'CACHE_SIZE'};
357                 goto ERROR;
358         }
359
360         if (!(&General::validport($proxysettings{'PROXY_PORT'})))
361         {
362                 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
363                 goto ERROR;
364         }
365         if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
366         {
367                 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
368                 goto ERROR;
369         }
370         if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
371                 $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
372                 goto ERROR;
373         }
374         if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
375         {
376                 my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
377                 if (!(&General::validip($temp[0])))
378                 {
379                         if (!(&General::validdomainname($temp[0])))
380                         {
381                                 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
382                                 goto ERROR;
383                         }
384                 }
385         }
386         if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
387                 ($proxysettings{'CACHE_SIZE'} < 10))
388         {
389                 if (!($proxysettings{'CACHE_SIZE'} eq '0'))
390                 {
391                         $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
392                         goto ERROR;
393                 }
394         }
395         if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
396                 ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576))
397         {
398                 $errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
399                 goto ERROR;
400         }
401         if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/))
402         {
403                 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
404                 goto ERROR;
405         }
406         my @free = `/usr/bin/free`;
407         $free[1] =~ m/(\d+)/;
408         $cachemem = int $1 / 2048;
409         if ($proxysettings{'CACHE_MEM'} > $cachemem) {
410                 $proxysettings{'CACHE_MEM'} = $cachemem;
411         }
412         if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
413         {
414                 $errormessage = $Lang::tr{'invalid maximum object size'};
415                 goto ERROR;
416         }
417         if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
418         {
419                 $errormessage = $Lang::tr{'invalid minimum object size'};
420                 goto ERROR;
421         }
422         if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
423         {
424                 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
425                 goto ERROR;
426         }
427         if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
428         {
429                 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
430                 goto ERROR;
431         }
432         if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
433         {
434                 $errormessage = $Lang::tr{'invalid maximum incoming size'};
435                 goto ERROR;
436         }
437         if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
438         {
439                 $browser_regexp = '';
440                 foreach (@useragentlist)
441                 {
442                         chomp;
443                         @useragent = split(/,/);
444                         if ($proxysettings{'UA_'.$useragent[0]} eq 'on') { $browser_regexp .= "$useragent[2]|"; }
445                 }
446                 chop($browser_regexp);
447                 if (!$browser_regexp)
448                 {
449                         $errormessage = $Lang::tr{'advproxy errmsg no browser'};
450                         goto ERROR;
451                 }
452         }
453         if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
454         {
455                 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
456                         ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
457                         ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
458                 {
459                         if ($netsettings{'BLUE_DEV'})
460                         {
461                                 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
462                                         (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
463                                 {
464                                         $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
465                                         goto ERROR;
466                                 }
467                         } else {
468                                 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
469                                 {
470                                         $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
471                                         goto ERROR;
472                                 }
473                         }
474                 }
475                 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
476                         ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
477                 {
478                         $errormessage = $Lang::tr{'advproxy errmsg max userip'};
479                         goto ERROR;
480                 }
481                 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
482                 {
483                         $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
484                         goto ERROR;
485                 }
486                 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
487                 {
488                         $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
489                         goto ERROR;
490                 }
491                 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
492                 {
493                         $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
494                         goto ERROR;
495                 }
496                 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
497                 {
498                         $errormessage = $Lang::tr{'advproxy errmsg auth children'};
499                         goto ERROR;
500                 }
501         }
502         if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
503         {
504                 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
505                 {
506                         $errormessage = $Lang::tr{'advproxy errmsg password length'};
507                         goto ERROR;
508                 }
509         }
510         if ($proxysettings{'AUTH_METHOD'} eq 'ident')
511         {
512                 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
513                 {
514                         $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
515                         goto ERROR;
516                 }
517         }
518         if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
519         {
520                 if ($proxysettings{'LDAP_BASEDN'} eq '')
521                 {
522                         $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
523                         goto ERROR;
524                 }
525                 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
526                 {
527                         if (!&General::validdomainname($proxysettings{'LDAP_SERVER'}))
528                         {
529                                 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
530                                 goto ERROR;
531                         }
532                 }
533                 if (!&General::validport($proxysettings{'LDAP_PORT'}))
534                 {
535                         $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
536                         goto ERROR;
537                 }
538                 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
539                 {
540                         if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
541                         {
542                                 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
543                                 goto ERROR;
544                         }
545                 }
546         }
547         if ($proxysettings{'AUTH_METHOD'} eq 'radius')
548         {
549                 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
550                 {
551                         $errormessage = $Lang::tr{'advproxy errmsg radius server'};
552                         goto ERROR;
553                 }
554                 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
555                 {
556                         $errormessage = $Lang::tr{'advproxy errmsg radius port'};
557                         goto ERROR;
558                 }
559                 if ($proxysettings{'RADIUS_SECRET'} eq '')
560                 {
561                         $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
562                         goto ERROR;
563                 }
564         }
565
566         # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
567         $proxy1 = 'YES';
568         $proxy2 = 'YES';
569         if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
570         if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
571         if ($proxysettings{'UPSTREAM_USER'} eq 'PASS')  {$proxy1=$proxy2='PASS'; $proxysettings{'UPSTREAM_PASSWORD'} = '';}
572         if (($proxy1 ne $proxy2))
573         {
574                 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
575                 goto ERROR;
576         }
577
578 ERROR:
579         &check_acls;
580
581         if ($errormessage) {
582                 $proxysettings{'VALID'} = 'no'; }
583         else {
584                 $proxysettings{'VALID'} = 'yes'; }
585
586         if ($proxysettings{'VALID'} eq 'yes')
587         {
588                 &write_acls;
589
590                 delete $proxysettings{'SRC_SUBNETS'};
591                 delete $proxysettings{'SRC_BANNED_IP'};
592                 delete $proxysettings{'SRC_BANNED_MAC'};
593                 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
594                 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
595                 delete $proxysettings{'DST_NOCACHE'};
596                 delete $proxysettings{'DST_NOAUTH'};
597                 delete $proxysettings{'PORTS_SAFE'};
598                 delete $proxysettings{'PORTS_SSL'};
599                 delete $proxysettings{'MIME_TYPES'};
600                 delete $proxysettings{'NTLM_ALLOW_USERS'};
601                 delete $proxysettings{'NTLM_DENY_USERS'};
602                 delete $proxysettings{'RADIUS_ALLOW_USERS'};
603                 delete $proxysettings{'RADIUS_DENY_USERS'};
604                 delete $proxysettings{'IDENT_HOSTS'};
605                 delete $proxysettings{'IDENT_ALLOW_USERS'};
606                 delete $proxysettings{'IDENT_DENY_USERS'};
607
608                 delete $proxysettings{'CRE_GROUPS'};
609                 delete $proxysettings{'CRE_SVHOSTS'};
610
611                 delete $proxysettings{'NCSA_USERNAME'};
612                 delete $proxysettings{'NCSA_GROUP'};
613                 delete $proxysettings{'NCSA_PASS'};
614                 delete $proxysettings{'NCSA_PASS_CONFIRM'};
615
616                 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
617                 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
618                 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
619                 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
620                 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
621                 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
622                 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
623
624                 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
625                 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
626
627                 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
628
629                 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
630                 $stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
631                 $stdproxysettings{'UPSTREAM_PROXY'}    = $proxysettings{'UPSTREAM_PROXY'};
632                 $stdproxysettings{'UPSTREAM_USER'}     = $proxysettings{'UPSTREAM_USER'};
633                 $stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
634                 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
635                 $stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
636                 $stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
637                 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
638
639                 &writeconfig;
640                 &writepacfile;
641
642                 if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
643
644                 system ('/usr/local/bin/squidctrl', 'disable');
645                 unlink "${General::swroot}/proxy/enable";
646                 unlink "${General::swroot}/proxy/transparent";
647                 unlink "${General::swroot}/proxy/enable_blue";
648                 unlink "${General::swroot}/proxy/transparent_blue";
649
650                 if ($proxysettings{'ENABLE'} eq 'on') {
651                         system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
652                         system ('/usr/local/bin/squidctrl', 'enable'); }
653                 if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
654                         system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
655                 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
656                         system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
657                         system ('/usr/local/bin/squidctrl', 'enable'); }
658                 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
659                         system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
660
661                 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
662                 if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
663   }
664 }
665
666 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
667 {
668         system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
669 }
670
671 if (!$errormessage)
672 {
673         if (-e "${General::swroot}/proxy/advanced/settings") {
674                 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
675         } elsif (-e "${General::swroot}/proxy/settings") {
676                 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
677         }
678         &read_acls;
679 }
680
681 # ------------------------------------------------------------------
682
683 # Hook to regenerate the configuration files, if cgi got called from command line.
684 if ($ENV{"REMOTE_ADDR"} eq "") {
685         writeconfig();
686         exit(0);
687 }
688
689 # -------------------------------------------------------------------
690
691 $checked{'ENABLE'}{'off'} = '';
692 $checked{'ENABLE'}{'on'} = '';
693 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
694
695 $checked{'TRANSPARENT'}{'off'} = '';
696 $checked{'TRANSPARENT'}{'on'} = '';
697 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
698
699 $checked{'ENABLE_BLUE'}{'off'} = '';
700 $checked{'ENABLE_BLUE'}{'on'} = '';
701 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
702
703 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
704 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
705 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
706
707 $checked{'SUPPRESS_VERSION'}{'off'} = '';
708 $checked{'SUPPRESS_VERSION'}{'on'} = '';
709 $checked{'SUPPRESS_VERSION'}{$proxysettings{'SUPPRESS_VERSION'}} = "checked='checked'";
710
711 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
712 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
713 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
714 $checked{'FORWARD_USERNAME'}{'off'} = '';
715 $checked{'FORWARD_USERNAME'}{'on'} = '';
716 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
717 $checked{'FORWARD_VIA'}{'off'} = '';
718 $checked{'FORWARD_VIA'}{'on'} = '';
719 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
720 $checked{'NO_CONNECTION_AUTH'}{'off'} = '';
721 $checked{'NO_CONNECTION_AUTH'}{'on'} = '';
722 $checked{'NO_CONNECTION_AUTH'}{$proxysettings{'NO_CONNECTION_AUTH'}} = "checked='checked'";
723
724 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
725 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
726 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
727 $checked{'OFFLINE_MODE'}{'off'} = '';
728 $checked{'OFFLINE_MODE'}{'on'} = '';
729 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
730 $checked{'CACHE_DIGESTS'}{'off'} = '';
731 $checked{'CACHE_DIGESTS'}{'on'} = '';
732 $checked{'CACHE_DIGESTS'}{$proxysettings{'CACHE_DIGESTS'}} = "checked='checked'";
733
734 $checked{'LOGGING'}{'off'} = '';
735 $checked{'LOGGING'}{'on'} = '';
736 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
737 $checked{'CACHEMGR'}{'off'} = '';
738 $checked{'CACHEMGR'}{'on'} = '';
739 $checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
740 $checked{'LOGQUERY'}{'off'} = '';
741 $checked{'LOGQUERY'}{'on'} = '';
742 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
743 $checked{'LOGUSERAGENT'}{'off'} = '';
744 $checked{'LOGUSERAGENT'}{'on'} = '';
745 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
746
747 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
748 $selected{'ERR_DESIGN'}{$proxysettings{'ERR_DESIGN'}} = "selected='selected'";
749
750 $checked{'NO_PROXY_LOCAL'}{'off'} = '';
751 $checked{'NO_PROXY_LOCAL'}{'on'} = '';
752 $checked{'NO_PROXY_LOCAL'}{$proxysettings{'NO_PROXY_LOCAL'}} = "checked='checked'";
753 $checked{'NO_PROXY_LOCAL_BLUE'}{'off'} = '';
754 $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} = '';
755 $checked{'NO_PROXY_LOCAL_BLUE'}{$proxysettings{'NO_PROXY_LOCAL_BLUE'}} = "checked='checked'";
756
757 $checked{'CLASSROOM_EXT'}{'off'} = '';
758 $checked{'CLASSROOM_EXT'}{'on'} = '';
759 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
760
761 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
762 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
763 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
764 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
765 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
766
767 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
768 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
769 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
770 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
771 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
772 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
773 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
774
775 $checked{'TIME_MON'}{'off'} = '';
776 $checked{'TIME_MON'}{'on'} = '';
777 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
778 $checked{'TIME_TUE'}{'off'} = '';
779 $checked{'TIME_TUE'}{'on'} = '';
780 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
781 $checked{'TIME_WED'}{'off'} = '';
782 $checked{'TIME_WED'}{'on'} = '';
783 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
784 $checked{'TIME_THU'}{'off'} = '';
785 $checked{'TIME_THU'}{'on'} = '';
786 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
787 $checked{'TIME_FRI'}{'off'} = '';
788 $checked{'TIME_FRI'}{'on'} = '';
789 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
790 $checked{'TIME_SAT'}{'off'} = '';
791 $checked{'TIME_SAT'}{'on'} = '';
792 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
793 $checked{'TIME_SUN'}{'off'} = '';
794 $checked{'TIME_SUN'}{'on'} = '';
795 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
796
797 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
798 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
799 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
800 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
801
802 $checked{'THROTTLE_BINARY'}{'off'} = '';
803 $checked{'THROTTLE_BINARY'}{'on'} = '';
804 $checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
805 $checked{'THROTTLE_DSKIMG'}{'off'} = '';
806 $checked{'THROTTLE_DSKIMG'}{'on'} = '';
807 $checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
808 $checked{'THROTTLE_MMEDIA'}{'off'} = '';
809 $checked{'THROTTLE_MMEDIA'}{'on'} = '';
810 $checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
811
812 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
813 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
814 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
815
816 $checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
817 $checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
818 $checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
819
820 foreach (@useragentlist) {
821         @useragent = split(/,/);
822         $checked{'UA_'.$useragent[0]}{'off'} = '';
823         $checked{'UA_'.$useragent[0]}{'on'} = '';
824         $checked{'UA_'.$useragent[0]}{$proxysettings{'UA_'.$useragent[0]}} = "checked='checked'";
825 }
826
827 $checked{'AUTH_METHOD'}{'none'} = '';
828 $checked{'AUTH_METHOD'}{'ncsa'} = '';
829 $checked{'AUTH_METHOD'}{'ident'} = '';
830 $checked{'AUTH_METHOD'}{'ldap'} = '';
831 $checked{'AUTH_METHOD'}{'ntlm-auth'} = '';
832 $checked{'AUTH_METHOD'}{'radius'} = '';
833 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
834
835 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
836
837 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
838 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
839 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
840
841 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
842 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
843 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
844
845 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
846
847 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
848
849 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
850
851 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
852 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
853 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
854
855 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
856 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
857 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
858
859 $checked{'NTLM_USER_ACL'}{'positive'} = '';
860 $checked{'NTLM_USER_ACL'}{'negative'} = '';
861 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
862
863 $checked{'NTLM_AUTH_BASIC'}{'on'} = '';
864 $checked{'NTLM_AUTH_BASIC'}{'off'} = '';
865 $checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'";
866
867 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
868 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
869 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
870
871 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
872 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
873 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
874
875 $checked{'IDENT_REQUIRED'}{'off'} = '';
876 $checked{'IDENT_REQUIRED'}{'on'} = '';
877 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
878
879 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
880 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
881 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
882
883 $checked{'IDENT_USER_ACL'}{'positive'} = '';
884 $checked{'IDENT_USER_ACL'}{'negative'} = '';
885 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
886
887 $checked{'ENABLE_FILTER'}{'off'} = '';
888 $checked{'ENABLE_FILTER'}{'on'} = '';
889 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
890
891 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
892 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
893 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
894
895 $checked{'ENABLE_CLAMAV'}{'off'} = '';
896 $checked{'ENABLE_CLAMAV'}{'on'} = '';
897 $checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
898
899 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
900
901 &Header::openbigbox('100%', 'left', '', $errormessage);
902
903 if ($errormessage) {
904         &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
905         print "<font class='base'>$errormessage&nbsp;</font>\n";
906         &Header::closebox();
907 }
908
909 if ($squidversion[0] =~ /^Squid\sCache:\sVersion\s/i)
910 {
911         $squidversion[0] =~ s/^Squid\sCache:\sVersion//i;
912         $squidversion[0] =~ s/^\s+//g;
913         $squidversion[0] =~ s/\s+$//g;
914 } else {
915         $squidversion[0] = $Lang::tr{'advproxy unknown'};
916 }
917
918 # ===================================================================
919 #  Main settings
920 # ===================================================================
921
922 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
923
924 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
925
926 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
927
928 print <<END
929 <table width='100%'>
930 <tr>
931         <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
932 </tr>
933 <tr>
934         <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
935         <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
936         <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
937         <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
938 </tr>
939 <tr>
940         <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
941         <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
942         <td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
943         <td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
944 </tr>
945 <tr>
946 END
947 ;
948 if ($netsettings{'BLUE_DEV'}) {
949         print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
950         print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
951 } else {
952         print "<td colspan='2'>&nbsp;</td>";
953 }
954 print <<END
955         <td class='base'>$Lang::tr{'advproxy visible hostname'}:</td>
956         <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
957 </tr>
958 <tr>
959 END
960 ;
961 if ($netsettings{'BLUE_DEV'}) {
962         print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
963         print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
964 } else {
965         print "<td colspan='2'>&nbsp;</td>";
966 }
967 print <<END
968         <td class='base'>$Lang::tr{'advproxy error language'}:</td>
969         <td class='base'>
970         <select name='ERR_LANGUAGE'>
971 END
972 ;
973         foreach (<$errordir/*>) {
974                 if (-d) {
975                         $language = substr($_,rindex($_,"/")+1);
976                         print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
977                 }
978         }
979 print <<END
980         </select>
981         </td>
982 </tr>
983 <tr>
984         <td class='base'>$Lang::tr{'advproxy suppress version'}:</td>
985         <td><input type='checkbox' name='SUPPRESS_VERSION' $checked{'SUPPRESS_VERSION'}{'on'} /></td>
986         <td class='base'>$Lang::tr{'advproxy error design'}:</td>
987         <td class='base'><select name='ERR_DESIGN'>
988                 <option value='ipfire' $selected{'ERR_DESIGN'}{'ipfire'}>IPFire</option>
989                 <option value='squid' $selected{'ERR_DESIGN'}{'squid'}>$Lang::tr{'advproxy standard'}</option>
990         </select></td>
991 </tr>
992 <tr>
993         <td class='base'>$Lang::tr{'advproxy squid version'}:</td>
994         <td class='base'>&nbsp;[<font color='$Header::colourred'> $squidversion[0] </font>]</td>
995         <td>&nbsp;</td>
996         <td>&nbsp;</td>
997 </tr>
998 </table>
999 <hr size='1'>
1000 <table width='100%'>
1001 END
1002 ;
1003 if ( -e "/usr/bin/squidclamav" ) {
1004         print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
1005         if ( ! -e "/var/run/clamav/clamd.pid" ){
1006                 print "<font color='red'>clamav not running</font><br /><br />";
1007                 $proxysettings{'ENABLE_CLAMAV'} = 'off';
1008                 }
1009         else {
1010                 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
1011 }
1012         print "</td>";
1013 } else {
1014         print "<td></td>";
1015 }
1016 print "<td class='base'><a href='/cgi-bin/urlfilter.cgi'><b>".$Lang::tr{'advproxy url filter'}."</a></b><br />";
1017 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_FILTER' ".$checked{'ENABLE_FILTER'}{'on'}." /><br />";
1018 print "</td>";
1019 print "<td class='base'><a href='/cgi-bin/updatexlrator.cgi'><b>".$Lang::tr{'advproxy update accelerator'}."</a></b><br />";
1020 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_UPDXLRATOR' ".$checked{'ENABLE_UPDXLRATOR'}{'on'}." /><br />";
1021 print "</td></tr>";
1022 print <<END
1023 </table>
1024 <hr size='1'>
1025 <table width='100%'>
1026 <tr>
1027         <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
1028 </tr>
1029 <tr>
1030         <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}:</td>
1031         <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
1032         <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}:</td>
1033         <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
1034 </tr>
1035 <tr>
1036         <td class='base'>$Lang::tr{'advproxy client IP forwarding'}:</td>
1037         <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
1038         <td class='base'>$Lang::tr{'advproxy upstream username'}:</td>
1039         <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
1040 </tr>
1041 <tr>
1042         <td class='base'>$Lang::tr{'advproxy username forwarding'}:</td>
1043         <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
1044         <td class='base'>$Lang::tr{'advproxy upstream password'}:</td>
1045         <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
1046 </tr>
1047 <tr>
1048         <td class='base'>$Lang::tr{'advproxy no connection auth'}:</td>
1049         <td><input type='checkbox' name='NO_CONNECTION_AUTH' $checked{'NO_CONNECTION_AUTH'}{'on'} /></td>
1050         <td>&nbsp;</td>
1051         <td>&nbsp;</td>
1052 </tr>
1053 </table>
1054 <hr size='1'>
1055 <table width='100%'>
1056 <tr>
1057         <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
1058 </tr>
1059 <tr>
1060         <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
1061         <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
1062         <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
1063         <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
1064 </tr>
1065 <tr>
1066         <td>&nbsp;</td>
1067         <td>&nbsp;</td>
1068         <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
1069         <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
1070 </tr>
1071 </table>
1072 <hr size='1'>
1073 <table width='100%'>
1074 <tr>
1075         <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
1076 </tr>
1077 <tr>
1078         <td class='base'><a href='/cgi-bin/cachemgr.cgi' target='_blank'>$Lang::tr{'proxy cachemgr'}:</td>
1079         <td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
1080         <td class='base'>$Lang::tr{'advproxy admin mail'}:</td>
1081         <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
1082 </tr>
1083 <tr>
1084         <td class='base'>$Lang::tr{'proxy filedescriptors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1085         <td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
1086         <td class='base'>$Lang::tr{'proxy admin password'}:</td>
1087         <td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
1088 </tr>
1089 <tr>
1090         <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1091 </tr>
1092 <tr>
1093         <td class='base'>$Lang::tr{'advproxy ram cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1094         <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
1095         <td class='base'>$Lang::tr{'advproxy hdd cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1096         <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
1097 </tr>
1098 <tr>
1099         <td class='base'>$Lang::tr{'advproxy min size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1100         <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
1101         <td class='base'>$Lang::tr{'advproxy max size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1102         <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
1103 </tr>
1104 <tr>
1105         <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
1106         <td class='base'><select name='L1_DIRS'>
1107                 <option value='16'  $selected{'L1_DIRS'}{'16'}>16</option>
1108                 <option value='32'  $selected{'L1_DIRS'}{'32'}>32</option>
1109                 <option value='64'  $selected{'L1_DIRS'}{'64'}>64</option>
1110                 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
1111                 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
1112         </select></td>
1113         <td colspan='2' rowspan= '5' valign='top' class='base'>
1114                 <table cellspacing='0' cellpadding='0'>
1115                         <tr>
1116                                 <!-- intentionally left empty -->
1117                         </tr>
1118                         <tr>
1119                         <td>$Lang::tr{'advproxy no cache sites'}:</td>
1120                         </tr>
1121                         <tr>
1122                                 <!-- intentionally left empty -->
1123                         </tr>
1124                         <tr>
1125                                 <!-- intentionally left empty -->
1126                         </tr>
1127                         <tr>
1128                         <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
1129 END
1130 ;
1131
1132 print $proxysettings{'DST_NOCACHE'};
1133
1134 print <<END
1135 </textarea></td>
1136                 </tr>
1137                 </table>
1138         </td>
1139 </tr>
1140 <tr>
1141         <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
1142         <td class='base'><select name='MEM_POLICY'>
1143                 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
1144                 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1145                 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
1146                 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
1147         </select></td>
1148 </tr>
1149 <tr>
1150         <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1151         <td class='base'><select name='CACHE_POLICY'>
1152                 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1153                 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1154                 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1155                 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1156         </select></td>
1157 </tr>
1158 <tr>
1159         <td colspan='2'>&nbsp;</td>
1160 </tr>
1161 <tr>
1162         <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1163         <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1164 </tr>
1165 <tr>
1166         <td class='base'>$Lang::tr{'advproxy cache-digest'}:</td>
1167         <td><input type='checkbox' name='CACHE_DIGESTS' $checked{'CACHE_DIGESTS'}{'on'} /></td>
1168 </tr>
1169 </table>
1170 <hr size='1'>
1171 <table width='100%'>
1172 <tr>
1173         <td colspan='4'><b>$Lang::tr{'advproxy destination ports'}</b></td>
1174 </tr>
1175 <tr>
1176         <td width='25%' align='center'></td> <td width='20%' align='center'></td><td width='25%' align='center'></td><td width='30%' align='center'></td>
1177 </tr>
1178 <tr>
1179         <td colspan='2' class='base'>$Lang::tr{'advproxy standard ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1180         <td colspan='2' class='base'>$Lang::tr{'advproxy ssl ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1181 </tr>
1182 <tr>
1183         <td colspan='2'><textarea name='PORTS_SAFE' cols='32' rows='6' wrap='off'>
1184 END
1185 ;
1186         if (!$proxysettings{'PORTS_SAFE'}) { print $def_ports_safe; } else { print $proxysettings{'PORTS_SAFE'}; }
1187
1188 print <<END
1189 </textarea></td>
1190         <td colspan='2'><textarea name='PORTS_SSL' cols='32' rows='6' wrap='off'>
1191 END
1192 ;
1193         if (!$proxysettings{'PORTS_SSL'}) { print $def_ports_ssl; } else { print $proxysettings{'PORTS_SSL'}; }
1194
1195 print <<END
1196 </textarea></td>
1197 </tr>
1198 </table>
1199 <hr size='1'>
1200 <table width='100%'>
1201 <tr>
1202         <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1203 </tr>
1204 <tr>
1205         <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1206 </tr>
1207 <tr>
1208         <td colspan='4' class='base'>$Lang::tr{'advproxy allowed subnets'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1209 </tr>
1210 <tr>
1211         <td colspan='2' rowspan='4'><textarea name='SRC_SUBNETS' cols='32' rows='3' wrap='off'>
1212 END
1213 ;
1214
1215 if (!$proxysettings{'SRC_SUBNETS'})
1216 {
1217         print "$green_cidr\n";
1218         if ($netsettings{'BLUE_DEV'})
1219         {
1220                 print "$blue_cidr\n";
1221         }
1222 } else { print $proxysettings{'SRC_SUBNETS'}; }
1223
1224 print <<END
1225 </textarea></td>
1226 END
1227 ;
1228
1229 $line = $Lang::tr{'advproxy no internal proxy on green'};
1230 $line =~ s/Green/<font color="$Header::colourgreen">Green<\/font>/i;
1231 print "<td class='base'>$line:</td>\n";
1232 print <<END
1233         <td><input type='checkbox' name='NO_PROXY_LOCAL' $checked{'NO_PROXY_LOCAL'}{'on'} /></td>
1234 </tr>
1235 END
1236 ;
1237 if ($netsettings{'BLUE_DEV'}) {
1238         $line = $Lang::tr{'advproxy no internal proxy on blue'};
1239         $line =~ s/Blue/<font color="$Header::colourblue">Blue<\/font>/i;
1240         print "<tr>\n";
1241         print "<td class='base'>$line:</td>\n";
1242         print <<END
1243         <td><input type='checkbox' name='NO_PROXY_LOCAL_BLUE' $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} /></td>
1244 </tr>
1245 END
1246 ;
1247 }
1248 print <<END
1249 <tr>
1250         <td colspan='2'>&nbsp;</td>
1251 </tr>
1252 <tr>
1253         <td colspan='2'>&nbsp;</td>
1254 </tr>
1255 </table>
1256 <table width='100%'>
1257 <tr>
1258         <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1259 </tr>
1260 <tr>
1261         <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:</td>
1262         <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:</td>
1263 </tr>
1264 <tr>
1265         <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='3' wrap='off'>
1266 END
1267 ;
1268
1269         print $proxysettings{'SRC_UNRESTRICTED_IP'};
1270
1271 print <<END
1272 </textarea></td>
1273         <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='3' wrap='off'>
1274 END
1275 ;
1276
1277 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1278
1279 print <<END
1280 </textarea></td>
1281 </tr>
1282 </table>
1283 <table width='100%'>
1284 <tr>
1285         <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1286 </tr>
1287 <tr>
1288         <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:</td>
1289         <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:</td>
1290 </tr>
1291 <tr>
1292         <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='3' wrap='off'>
1293 END
1294 ;
1295
1296         print $proxysettings{'SRC_BANNED_IP'};
1297
1298 print <<END
1299 </textarea></td>
1300         <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='3' wrap='off'>
1301 END
1302 ;
1303
1304 print $proxysettings{'SRC_BANNED_MAC'};
1305
1306 print <<END
1307 </textarea></td>
1308 </tr>
1309 </table>
1310
1311 <hr size='1'>
1312
1313 END
1314 ;
1315 # -------------------------------------------------------------------
1316 #  CRE GUI - optional
1317 # -------------------------------------------------------------------
1318
1319 if (-e $cre_enabled) { print <<END
1320 <table width='100%'>
1321
1322 <tr>
1323         <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1324 </tr>
1325 <tr>
1326         <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1327 </tr>
1328 <tr>
1329
1330 END
1331 ;
1332 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1333 print <<END
1334         <td class='base'>$Lang::tr{'advproxy supervisor password'}:</td>
1335         <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1336 </tr>
1337 <tr>
1338         <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1339         <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:</td>
1340 END
1341 ;
1342 }
1343 print "</tr>";
1344 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1345 print <<END
1346 <tr>
1347         <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1348 END
1349 ;
1350
1351         print $proxysettings{'CRE_GROUPS'};
1352
1353 print <<END
1354 </textarea></td>
1355         <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1356 END
1357 ;
1358         print $proxysettings{'CRE_SVHOSTS'};
1359
1360 print <<END
1361 </textarea></td>
1362 </tr>
1363 END
1364 ;
1365 }
1366 print "</table><hr size='1'>";
1367
1368 } else {
1369         print <<END
1370         <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1371         <input type='hidden' name='CRE_GROUPS'          value='$proxysettings{'CRE_GROUPS'}' />
1372         <input type='hidden' name='CRE_SVHOSTS'         value='$proxysettings{'CRE_SVHOSTS'}' />
1373 END
1374 ;
1375 }
1376
1377 # -------------------------------------------------------------------
1378
1379 print <<END
1380
1381 <table width='100%'>
1382 <tr>
1383         <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1384 </tr>
1385 <table width='100%'>
1386 <tr>
1387         <td width='2%'>$Lang::tr{'advproxy access'}</td>
1388         <td width='1%'>&nbsp;</td>
1389         <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1390         <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1391         <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1392         <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1393         <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1394         <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1395         <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1396         <td width='1%'>&nbsp;&nbsp;</td>
1397         <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1398         <td width='1%'>&nbsp;</td>
1399         <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1400         <td>&nbsp;</td>
1401 </tr>
1402 <tr>
1403         <td class='base'>
1404         <select name='TIME_ACCESS_MODE'>
1405         <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1406         <option value='deny'  $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1407         </select>
1408         </td>
1409         <td>&nbsp;</td>
1410         <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1411         <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1412         <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1413         <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1414         <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1415         <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1416         <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1417         <td>&nbsp;</td>
1418         <td class='base'>
1419         <select name='TIME_FROM_HOUR'>
1420 END
1421 ;
1422 for ($i=0;$i<=24;$i++) {
1423         $_ = sprintf("%02s",$i);
1424         print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1425 }
1426 print <<END
1427         </select>
1428         </td>
1429         <td>:</td>
1430         <td class='base'>
1431         <select name='TIME_FROM_MINUTE'>
1432 END
1433 ;
1434 for ($i=0;$i<=45;$i+=15) {
1435         $_ = sprintf("%02s",$i);
1436         print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1437 }
1438 print <<END
1439         </select>
1440         <td> - </td>
1441         </td>
1442         <td class='base'>
1443         <select name='TIME_TO_HOUR'>
1444 END
1445 ;
1446 for ($i=0;$i<=24;$i++) {
1447         $_ = sprintf("%02s",$i);
1448         print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1449 }
1450 print <<END
1451         </select>
1452         </td>
1453         <td>:</td>
1454         <td class='base'>
1455         <select name='TIME_TO_MINUTE'>
1456 END
1457 ;
1458 for ($i=0;$i<=45;$i+=15) {
1459         $_ = sprintf("%02s",$i);
1460         print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1461 }
1462 print <<END
1463         </select>
1464         </td>
1465 </tr>
1466 </table>
1467 <hr size='1'>
1468 <table width='100%'>
1469 <tr>
1470         <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1471 </tr>
1472 <tr>
1473         <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1474         <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1475         <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1476         <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1477 </tr>
1478 </table>
1479 <hr size='1'>
1480 <table width='100%'>
1481 <tr>
1482         <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1483 </tr>
1484 <tr>
1485         <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1486         <td width='20%' class='base'>
1487         <select name='THROTTLING_GREEN_TOTAL'>
1488 END
1489 ;
1490
1491 foreach (@throttle_limits) {
1492         print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kbit/s</option>\n";
1493 }
1494
1495 print <<END
1496         <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1497         </select>
1498         </td>
1499         <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1500         <td width='30%' class='base'>
1501         <select name='THROTTLING_GREEN_HOST'>
1502 END
1503 ;
1504
1505 foreach (@throttle_limits) {
1506         print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kbit/s</option>\n";
1507 }
1508
1509 print <<END
1510         <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1511         </select>
1512         </td>
1513 </tr>
1514 END
1515 ;
1516
1517 if ($netsettings{'BLUE_DEV'}) {
1518         print <<END
1519 <tr>
1520         <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1521         <td class='base'>
1522         <select name='THROTTLING_BLUE_TOTAL'>
1523 END
1524 ;
1525
1526 foreach (@throttle_limits) {
1527         print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kbit/s</option>\n";
1528 }
1529
1530 print <<END
1531         <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1532         </select>
1533         </td>
1534         <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1535         <td class='base'>
1536         <select name='THROTTLING_BLUE_HOST'>
1537 END
1538 ;
1539
1540 foreach (@throttle_limits) {
1541         print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kbit/s</option>\n";
1542 }
1543
1544 print <<END
1545         <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1546         </select>
1547         </td>
1548 </tr>
1549 END
1550 ;
1551 }
1552
1553 print <<END
1554 </table>
1555 <table width='100%'>
1556 <tr>
1557         <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1558 </tr>
1559 <tr>
1560         <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1561         <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1562         <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1563         <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1564         <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1565         <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1566         <td width='15%'>&nbsp;</td>
1567         <td width='10%'>&nbsp;</td>
1568 </tr>
1569 </table>
1570 <hr size='1'>
1571 <table width='100%'>
1572 <tr>
1573         <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1574 </tr>
1575 END
1576 ;
1577 if ( $proxysettings{'ENABLE_MIME_FILTER'} eq 'on' ){
1578 print <<END
1579 <tr>
1580         <td  colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:</td>
1581         <td>&nbsp;</td>
1582         <td>&nbsp;</td>
1583 </tr>
1584 <tr>
1585         <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1586 END
1587 ;
1588
1589 print $proxysettings{'MIME_TYPES'};
1590
1591 print <<END
1592 </textarea></td>
1593         <td>&nbsp;</td>
1594         <td>&nbsp;</td>
1595 </tr>
1596 END
1597 ;
1598 }
1599 print <<END
1600 </table>
1601
1602 <hr size='1'>
1603 <table width='100%'>
1604 <tr>
1605         <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b> $Lang::tr{'advproxy UA enable filter'}:<input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1606 </tr>
1607 END
1608 ;
1609 if ( $proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on' ){
1610 print <<END
1611 <tr>
1612         <td colspan='4'><i>
1613 END
1614 ;
1615 if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1616 print <<END
1617 </i></td>
1618 </tr>
1619 </table>
1620 <table width='100%'>
1621 END
1622 ;
1623
1624 for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1625         for ($i=0; $i<=3; $i++) {
1626                 if ($i eq 0) { print "<tr>\n"; }
1627                 if (($n+$i) < @useragentlist) {
1628                         @useragent = split(/,/,@useragentlist[$n+$i]);
1629                         print "<td width='15%'>$useragent[1]:<\/td>\n";
1630                         print "<td width='10%'><input type='checkbox' name='UA_$useragent[0]' $checked{'UA_'.$useragent[0]}{'on'} /></td>\n";
1631                 }
1632                 if ($i eq 3) { print "<\/tr>\n"; }
1633         }
1634 }
1635 }
1636 print <<END
1637 </table>
1638 <hr size='1'>
1639 <table width='100%'>
1640 <tr>
1641         <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1642 </tr>
1643 <tr>
1644         <td class='base'>$Lang::tr{'advproxy fake useragent'}:</td>
1645         <td class='base'>$Lang::tr{'advproxy fake referer'}:</td>
1646 </tr>
1647 <tr>
1648         <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='40%' /></td>
1649         <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='40%' /></td>
1650 </tr>
1651 </table>
1652 <hr size='1'>
1653 END
1654 ;
1655
1656 my $auth_columns = 5;
1657 if ($HAVE_NTLM_AUTH) {
1658         $auth_columns++;
1659 }
1660 my $auth_column_width = 100 / $auth_columns;
1661
1662 print <<END;
1663 <table width='100%'>
1664 <tr>
1665         <td colspan='$auth_columns'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1666 </tr>
1667 <tr>
1668         <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1669         <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1670         <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1671         <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1672 END
1673
1674 if ($HAVE_NTLM_AUTH) {
1675         print <<END;
1676         <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm-auth' $checked{'AUTH_METHOD'}{'ntlm-auth'} />$Lang::tr{'advproxy AUTH method ntlm auth'}</td>
1677 END
1678 }
1679
1680 print <<END
1681         <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1682 </tr>
1683 </table>
1684 END
1685 ;
1686
1687 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1688 <hr size='1'>
1689 <table width='100%'>
1690 <tr>
1691         <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1692 </tr>
1693 <tr>
1694         <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1695 </tr>
1696 <tr>
1697         <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1698         <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1699         <td colspan='2' rowspan= '6' valign='top' class='base'>
1700                 <table cellpadding='0' cellspacing='0'>
1701                         <tr>
1702                         <td class='base'>$Lang::tr{'advproxy AUTH realm'}:</td>
1703                         </tr>
1704                         <tr>
1705                                 <!-- intentionally left empty -->
1706                         </tr>
1707                         <tr>
1708                                 <!-- intentionally left empty -->
1709                         </tr>
1710                         <tr>
1711                         <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1712                         </tr>
1713                         <tr>
1714                                 <!-- intentionally left empty -->
1715                         </tr>
1716                         <tr>
1717                                 <!-- intentionally left empty -->
1718                         </tr>
1719                         <tr>
1720                         <td>$Lang::tr{'advproxy AUTH no auth'}:</td>
1721                         </tr>
1722                         <tr>
1723                                 <!-- intentionally left empty -->
1724                         </tr>
1725                         <tr>
1726                                 <!-- intentionally left empty -->
1727                         </tr>
1728                         <tr>
1729                         <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1730 END
1731 ;
1732
1733 print $proxysettings{'DST_NOAUTH'};
1734
1735 print <<END
1736 </textarea></td>
1737                 </tr>
1738                 </table>
1739         </td>
1740 </tr>
1741 <tr>
1742         <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1743         <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1744 </tr>
1745 <tr>
1746         <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
1747         <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1748 </tr>
1749 <tr>
1750         <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1751         <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1752 </tr>
1753 <tr>
1754         <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1755         <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1756 </tr>
1757 <tr>
1758         <td colspan='2'>&nbsp;</td>
1759 </tr>
1760 </table>
1761 END
1762 ;
1763 }
1764
1765 # ===================================================================
1766 #  NCSA auth settings
1767 # ===================================================================
1768
1769 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1770 print <<END
1771 <hr size='1'>
1772 <table width='100%'>
1773 <tr>
1774         <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1775 </tr>
1776 <tr>
1777         <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1778         <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1779         <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1780         <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1781 </tr>
1782 <tr>
1783         <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1784         <td>&nbsp;</td>
1785         <td>&nbsp;</td>
1786 </tr>
1787 </table>
1788 END
1789 ; }
1790
1791 # ===================================================================
1792 #  IDENTD auth settings
1793 # ===================================================================
1794
1795 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1796 print <<END
1797 <hr size ='1'>
1798 <table width='100%'>
1799 <tr>
1800         <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1801 </tr>
1802 <tr>
1803         <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1804         <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1805         <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1806         <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1807 </tr>
1808 <tr>
1809         <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1810         <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1811         <td>&nbsp;</td>
1812         <td>&nbsp;</td>
1813 </tr>
1814 <tr>
1815         <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1816         <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:</td>
1817 </tr>
1818 <tr>
1819         <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1820 END
1821 ;
1822 if (!$proxysettings{'IDENT_HOSTS'}) {
1823         print "$green_cidr\n";
1824         if ($netsettings{'BLUE_DEV'}) {
1825                 print "$blue_cidr\n";
1826         }
1827 } else {
1828         print $proxysettings{'IDENT_HOSTS'};
1829 }
1830
1831 print <<END
1832 </textarea></td>
1833                         <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1834 END
1835 ;
1836
1837 print $proxysettings{'DST_NOAUTH'};
1838
1839 print <<END
1840 </textarea></td>
1841 </tr>
1842 </table>
1843 <hr size ='1'>
1844 <table width='100%'>
1845 <tr>
1846         <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1847 </tr>
1848 <tr>
1849         <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1850         <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1851         <td width='25%'>&nbsp;</td>
1852         <td width='30%'>&nbsp;</td>
1853 </tr>
1854 <tr>
1855         <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1856         $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1857         <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1858         $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1859 </tr>
1860 <tr>
1861         <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1862         <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1863 </tr>
1864 <tr>
1865         <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1866 END
1867 ; }
1868
1869 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1870
1871 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1872 </textarea></td>
1873         <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1874 END
1875 ; }
1876
1877 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1878
1879 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1880 </textarea></td>
1881 </tr>
1882 </table>
1883 END
1884 ; }
1885
1886 # ===================================================================
1887 #  NTLM-AUTH settings
1888 # ===================================================================
1889
1890 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
1891         print <<END;
1892                 <hr size ='1'>
1893                 <table width='100%'>
1894                         <td width='20%' class='base'>$Lang::tr{'advproxy basic authentication'}:</td>
1895                         <td width='40%'><input type='checkbox' name='NTLM_AUTH_BASIC' $checked{'NTLM_AUTH_BASIC'}{'on'} /></td>
1896                         <td colspan='2'>&nbsp;</td>
1897                 </table>
1898
1899                 <hr size='1' />
1900
1901                 <table width='100%'>
1902                         <tr>
1903                                 <td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
1904                         </tr>
1905                         <tr>
1906                                 <td width='20%' class='base'>$Lang::tr{'advproxy group required'}:</td>
1907                                 <td width='40%'><input type='text' name='NTLM_AUTH_GROUP' value='$proxysettings{'NTLM_AUTH_GROUP'}' size='37' /></td>
1908                                 <td>&nbsp;</td>
1909                                 <td>&nbsp;</td>
1910                         </tr>
1911         </table>
1912 END
1913 }
1914
1915 # ===================================================================
1916 #  LDAP auth settings
1917 # ===================================================================
1918
1919 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1920 print <<END
1921 <hr size='1'>
1922 <table width='100%'>
1923 <tr>
1924         <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1925 </tr>
1926 <tr>
1927         <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1928         <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1929         <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1930         <td class='base'><select name='LDAP_TYPE'>
1931                 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1932                 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1933                 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1934                 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1935         </select></td>
1936 </tr>
1937 <tr>
1938         <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1939         <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1940         <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1941         <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1942 </tr>
1943 </table>
1944 <hr size ='1'>
1945 <table width='100%'>
1946 <tr>
1947         <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1948 </tr>
1949 <tr>
1950         <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1951         <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1952         <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1953         <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1954 </tr>
1955 </table>
1956 <hr size ='1'>
1957 <table width='100%'>
1958 <tr>
1959         <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1960 </tr>
1961 <tr>
1962         <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:</td>
1963         <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1964         <td>&nbsp;</td>
1965         <td>&nbsp;</td>
1966 </tr>
1967 </table>
1968 END
1969 ; }
1970
1971 # ===================================================================
1972 #  RADIUS auth settings
1973 # ===================================================================
1974
1975 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1976 print <<END
1977 <hr size='1'>
1978 <table width='100%'>
1979 <tr>
1980         <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1981 </tr>
1982 <tr>
1983         <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1984         <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1985         <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1986         <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1987 </tr>
1988 <tr>
1989         <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:</td>
1990         <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1991         <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1992         <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1993 </tr>
1994 </table>
1995 <hr size ='1'>
1996 <table width='100%'>
1997 <tr>
1998         <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1999 </tr>
2000 <tr>
2001         <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
2002         <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
2003         <td width='25%'>&nbsp;</td>
2004         <td width='30%'>&nbsp;</td>
2005 </tr>
2006 <tr>
2007         <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
2008         $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
2009         <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
2010         $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
2011 </tr>
2012 <tr>
2013         <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
2014         <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
2015 </tr>
2016 <tr>
2017         <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
2018 END
2019 ; }
2020
2021 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
2022
2023 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2024 </textarea></td>
2025         <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
2026 END
2027 ; }
2028
2029 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
2030
2031 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2032 </textarea></td>
2033 </tr>
2034 </table>
2035 END
2036 ; }
2037
2038 # ===================================================================
2039
2040 }
2041
2042 print "<table>\n";
2043
2044 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
2045 print <<END
2046 <td><input type='hidden' name='AUTH_CHILDREN'        value='$proxysettings{'AUTH_CHILDREN'}'></td>
2047 <td><input type='hidden' name='AUTH_CACHE_TTL'       value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2048 <td><input type='hidden' name='AUTH_MAX_USERIP'      value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2049 <td><input type='hidden' name='AUTH_IPCACHE_TTL'     value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2050 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
2051 <td><input type='hidden' name='AUTH_REALM'           value='$proxysettings{'AUTH_REALM'}'></td>
2052 <td><input type='hidden' name='DST_NOAUTH'           value='$proxysettings{'DST_NOAUTH'}'></td>
2053 END
2054 ; }
2055
2056 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
2057 print <<END
2058 <td><input type='hidden' name='AUTH_CHILDREN'        value='$proxysettings{'AUTH_CHILDREN'}'></td>
2059 <td><input type='hidden' name='AUTH_CACHE_TTL'       value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2060 <td><input type='hidden' name='AUTH_MAX_USERIP'      value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2061 <td><input type='hidden' name='AUTH_IPCACHE_TTL'     value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2062 <td><input type='hidden' name='AUTH_REALM'           value='$proxysettings{'AUTH_REALM'}'></td>
2063 END
2064 ; }
2065
2066 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
2067 print <<END
2068 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2069 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
2070 END
2071 ; }
2072
2073 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
2074 print <<END
2075 <td><input type='hidden' name='IDENT_REQUIRED'    value='$proxysettings{'IDENT_REQUIRED'}'></td>
2076 <td><input type='hidden' name='IDENT_TIMEOUT'     value='$proxysettings{'IDENT_TIMEOUT'}'></td>
2077 <td><input type='hidden' name='IDENT_HOSTS'       value='$proxysettings{'IDENT_HOSTS'}'></td>
2078 <td><input type='hidden' name='IDENT_ENABLE_ACL'  value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
2079 <td><input type='hidden' name='IDENT_USER_ACL'    value='$proxysettings{'IDENT_USER_ACL'}'></td>
2080 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
2081 <td><input type='hidden' name='IDENT_DENY_USERS'  value='$proxysettings{'IDENT_DENY_USERS'}'></td>
2082 END
2083 ; }
2084
2085 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
2086 print <<END
2087 <td><input type='hidden' name='LDAP_BASEDN'      value='$proxysettings{'LDAP_BASEDN'}'></td>
2088 <td><input type='hidden' name='LDAP_TYPE'        value='$proxysettings{'LDAP_TYPE'}'></td>
2089 <td><input type='hidden' name='LDAP_SERVER'      value='$proxysettings{'LDAP_SERVER'}'></td>
2090 <td><input type='hidden' name='LDAP_PORT'        value='$proxysettings{'LDAP_PORT'}'></td>
2091 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
2092 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
2093 <td><input type='hidden' name='LDAP_GROUP'       value='$proxysettings{'LDAP_GROUP'}'></td>
2094 END
2095 ; }
2096
2097 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
2098 print <<END
2099 <td><input type='hidden' name='RADIUS_SERVER'      value='$proxysettings{'RADIUS_SERVER'}'></td>
2100 <td><input type='hidden' name='RADIUS_PORT'        value='$proxysettings{'RADIUS_PORT'}'></td>
2101 <td><input type='hidden' name='RADIUS_IDENTIFIER'  value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
2102 <td><input type='hidden' name='RADIUS_SECRET'      value='$proxysettings{'RADIUS_SECRET'}'></td>
2103 <td><input type='hidden' name='RADIUS_ENABLE_ACL'  value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
2104 <td><input type='hidden' name='RADIUS_USER_ACL'    value='$proxysettings{'RADIUS_USER_ACL'}'></td>
2105 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
2106 <td><input type='hidden' name='RADIUS_DENY_USERS'  value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
2107 END
2108 ; }
2109
2110 print "</table>\n";
2111
2112 print <<END
2113 <hr size='1'>
2114 END
2115 ;
2116
2117 print <<END
2118 <table width='100%'>
2119 <tr>
2120         <td>&nbsp;</td>
2121         <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
2122         <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'proxy reconfigure'}' /></td>
2123         <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
2124         <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy clear cache'}' /></td>
2125         <td>&nbsp;</td>
2126 </tr>
2127
2128 </table>
2129 <br />
2130 <table width='100%'>
2131 <tr>
2132         <td><img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'required field'}</font></td>
2133         <td align='right'>&nbsp;</td>
2134 </tr>
2135 </table>
2136 </form>
2137 END
2138 ;
2139
2140 &Header::closebox();
2141
2142 } else {
2143
2144 # ===================================================================
2145 #  NCSA user management
2146 # ===================================================================
2147
2148 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2149 print <<END
2150 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2151 <table width='100%'>
2152 <tr>
2153         <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2154 </tr>
2155 <tr>
2156         <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2157         <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2158 END
2159 ;
2160         if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly='readonly' "; }
2161         print <<END
2162          /></td>
2163         <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2164         <td class='base'>
2165                 <select name='NCSA_GROUP'>
2166                 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2167                 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2168                 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2169                 </select>
2170         </td>
2171
2172 </tr>
2173 <tr>
2174         <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2175         <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2176         <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2177         <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2178 </tr>
2179 </table>
2180 <br>
2181 <table>
2182 <tr>
2183         <td>&nbsp;</td>
2184         <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2185         <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2186         <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2187 END
2188 ;
2189         if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2190                 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2191         }
2192
2193 print <<END
2194         <td>&nbsp;</td>
2195         <td>&nbsp;</td>
2196         <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2197 </tr>
2198 </table>
2199 </form>
2200 <hr size='1'>
2201 <table width='100%'>
2202 <tr>
2203         <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2204 </tr>
2205 </table>
2206 <table width='100%' align='center'>
2207 END
2208 ;
2209
2210 if (-e $extgrp)
2211 {
2212         open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2213         foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2214 }
2215 if (-e $stdgrp)
2216 {
2217         open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2218         foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2219 }
2220 if (-e $disgrp)
2221 {
2222         open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2223         foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2224 }
2225
2226 @userlist = sort(@userlist);
2227
2228 # If the password file contains entries, print entries and action icons
2229
2230 if ( ! -z "$userdb" ) {
2231         print <<END
2232         <tr>
2233                 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2234                 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2235                 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2236         </tr>
2237 END
2238 ;
2239         $id = 0;
2240         foreach $line (@userlist)
2241         {
2242                 $id++;
2243                 chomp($line);
2244                 @temp = split(/:/,$line);
2245                 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2246                         print "<tr bgcolor='$Header::colouryellow'>\n"; }
2247                 elsif ($id % 2) {
2248                         print "<tr bgcolor='$color{'color20'}'>\n"; }
2249                 else {
2250                         print "<tr bgcolor='$color{'color22'}'>\n"; }
2251
2252                 print <<END
2253                 <td align='center'>$temp[0]</td>
2254                 <td align='center'>
2255 END
2256 ;
2257                 if ($temp[1] eq 'standard') {
2258                         print $Lang::tr{'advproxy NCSA grp standard'};
2259                 } elsif ($temp[1] eq 'extended') {
2260                         print $Lang::tr{'advproxy NCSA grp extended'};
2261                 } elsif ($temp[1] eq 'disabled') {
2262                         print $Lang::tr{'advproxy NCSA grp disabled'}; }
2263                 print <<END
2264                 </td>
2265                 <td width='8%' align='center'>
2266                 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2267                 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2268                 <input type='hidden' name='ID' value='$line' />
2269                 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2270                 </form>
2271                 </td>
2272
2273                 <td width='8%' align='center'>
2274                 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2275                 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2276                 <input type='hidden' name='ID' value='$temp[0]' />
2277                 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2278                 </form>
2279                 </td>
2280         </tr>
2281 END
2282 ;
2283         }
2284
2285 print <<END
2286 </table>
2287 <br>
2288 <table>
2289 <tr>
2290         <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2291         <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2292         <td class='base'>$Lang::tr{'edit'}</td>
2293         <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2294         <td class='base'>$Lang::tr{'remove'}</td>
2295 </tr>
2296 END
2297 ;
2298 } else {
2299         print <<END
2300         <tr>
2301                 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2302         </tr>
2303 END
2304 ;
2305 }
2306
2307 print <<END
2308 </table>
2309 END
2310 ;
2311
2312 &Header::closebox();
2313
2314 }
2315
2316 # ===================================================================
2317
2318 &Header::closebigbox();
2319
2320 &Header::closepage();
2321
2322 # -------------------------------------------------------------------
2323
2324 sub read_acls
2325 {
2326         if (-e "$acl_src_subnets") {
2327                 open(FILE,"$acl_src_subnets");
2328                 delete $proxysettings{'SRC_SUBNETS'};
2329                 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2330                 close(FILE);
2331         }
2332         if (-e "$acl_src_banned_ip") {
2333                 open(FILE,"$acl_src_banned_ip");
2334                 delete $proxysettings{'SRC_BANNED_IP'};
2335                 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2336                 close(FILE);
2337         }
2338         if (-e "$acl_src_banned_mac") {
2339                 open(FILE,"$acl_src_banned_mac");
2340                 delete $proxysettings{'SRC_BANNED_MAC'};
2341                 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2342                 close(FILE);
2343         }
2344         if (-e "$acl_src_unrestricted_ip") {
2345                 open(FILE,"$acl_src_unrestricted_ip");
2346                 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2347                 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2348                 close(FILE);
2349         }
2350         if (-e "$acl_src_unrestricted_mac") {
2351                 open(FILE,"$acl_src_unrestricted_mac");
2352                 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2353                 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2354                 close(FILE);
2355         }
2356         if (-e "$acl_dst_nocache") {
2357                 open(FILE,"$acl_dst_nocache");
2358                 delete $proxysettings{'DST_NOCACHE'};
2359                 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2360                 close(FILE);
2361         }
2362         if (-e "$acl_dst_noauth") {
2363                 open(FILE,"$acl_dst_noauth");
2364                 delete $proxysettings{'DST_NOAUTH'};
2365                 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2366                 close(FILE);
2367         }
2368         if (-e "$acl_ports_safe") {
2369                 open(FILE,"$acl_ports_safe");
2370                 delete $proxysettings{'PORTS_SAFE'};
2371                 while (<FILE>) { $proxysettings{'PORTS_SAFE'} .= $_ };
2372                 close(FILE);
2373         }
2374         if (-e "$acl_ports_ssl") {
2375                 open(FILE,"$acl_ports_ssl");
2376                 delete $proxysettings{'PORTS_SSL'};
2377                 while (<FILE>) { $proxysettings{'PORTS_SSL'} .= $_ };
2378                 close(FILE);
2379         }
2380         if (-e "$mimetypes") {
2381                 open(FILE,"$mimetypes");
2382                 delete $proxysettings{'MIME_TYPES'};
2383                 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2384                 close(FILE);
2385         }
2386         if (-e "$raddir/radauth.allowusers") {
2387                 open(FILE,"$raddir/radauth.allowusers");
2388                 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2389                 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2390                 close(FILE);
2391         }
2392         if (-e "$raddir/radauth.denyusers") {
2393                 open(FILE,"$raddir/radauth.denyusers");
2394                 delete $proxysettings{'RADIUS_DENY_USERS'};
2395                 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2396                 close(FILE);
2397         }
2398         if (-e "$identdir/identauth.allowusers") {
2399                 open(FILE,"$identdir/identauth.allowusers");
2400                 delete $proxysettings{'IDENT_ALLOW_USERS'};
2401                 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2402                 close(FILE);
2403         }
2404         if (-e "$identdir/identauth.denyusers") {
2405                 open(FILE,"$identdir/identauth.denyusers");
2406                 delete $proxysettings{'IDENT_DENY_USERS'};
2407                 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2408                 close(FILE);
2409         }
2410         if (-e "$identhosts") {
2411                 open(FILE,"$identhosts");
2412                 delete $proxysettings{'IDENT_HOSTS'};
2413                 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2414                 close(FILE);
2415         }
2416         if (-e "$cre_groups") {
2417                 open(FILE,"$cre_groups");
2418                 delete $proxysettings{'CRE_GROUPS'};
2419                 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2420                 close(FILE);
2421         }
2422         if (-e "$cre_svhosts") {
2423                 open(FILE,"$cre_svhosts");
2424                 delete $proxysettings{'CRE_SVHOSTS'};
2425                 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2426                 close(FILE);
2427         }
2428 }
2429
2430 # -------------------------------------------------------------------
2431
2432 sub check_acls
2433 {
2434         @temp = split(/\n/,$proxysettings{'PORTS_SAFE'});
2435         undef $proxysettings{'PORTS_SAFE'};
2436         foreach (@temp)
2437         {
2438                 s/^\s+//g; s/\s+$//g;
2439                 if ($_)
2440                 {
2441                         $line = $_;
2442                         if (/^[^#]+\s+#\sSquids\sport/) { s/(^[^#]+)(\s+#\sSquids\sport)/$proxysettings{'PROXY_PORT'}\2/; $line=$_; }
2443                         s/#.*//g; s/\s+//g;
2444                         if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2445                         @templist = split(/-/);
2446                         foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2447                         $proxysettings{'PORTS_SAFE'} .= $line."\n";
2448                 }
2449         }
2450
2451         @temp = split(/\n/,$proxysettings{'PORTS_SSL'});
2452         undef $proxysettings{'PORTS_SSL'};
2453         foreach (@temp)
2454         {
2455                 s/^\s+//g; s/\s+$//g;
2456                 if ($_)
2457                 {
2458                         $line = $_;
2459                         s/#.*//g; s/\s+//g;
2460                         if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2461                         @templist = split(/-/);
2462                         foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2463                         $proxysettings{'PORTS_SSL'} .= $line."\n";
2464                 }
2465         }
2466
2467         @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2468         undef $proxysettings{'DST_NOCACHE'};
2469         foreach (@temp)
2470         {
2471                 s/^\s+//g;
2472                 unless (/^#/) { s/\s+//g; }
2473                 if ($_)
2474                 {
2475                         if (/^\./) { $_ = '*'.$_; }
2476                         $proxysettings{'DST_NOCACHE'} .= $_."\n";
2477                 }
2478         }
2479
2480         @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2481         undef $proxysettings{'SRC_SUBNETS'};
2482         foreach (@temp)
2483         {
2484                 s/^\s+//g; s/\s+$//g;
2485                 if ($_)
2486                 {
2487                         unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2488                         $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2489                 }
2490         }
2491
2492         @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2493         undef $proxysettings{'SRC_BANNED_IP'};
2494         foreach (@temp)
2495         {
2496                 s/^\s+//g; s/\s+$//g;
2497                 if ($_)
2498                 {
2499                         unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2500                         $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2501                 }
2502         }
2503
2504         @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2505         undef $proxysettings{'SRC_BANNED_MAC'};
2506         foreach (@temp)
2507         {
2508                 s/^\s+//g; s/\s+$//g; s/-/:/g;
2509                 if ($_)
2510                 {
2511                         unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2512                         $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2513                 }
2514         }
2515
2516         @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2517         undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2518         foreach (@temp)
2519         {
2520                 s/^\s+//g; s/\s+$//g;
2521                 if ($_)
2522                 {
2523                         unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2524                         $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2525                 }
2526         }
2527
2528         @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2529         undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2530         foreach (@temp)
2531         {
2532                 s/^\s+//g; s/\s+$//g; s/-/:/g;
2533                 if ($_)
2534                 {
2535                         unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2536                         $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2537                 }
2538         }
2539
2540         @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2541         undef $proxysettings{'DST_NOAUTH'};
2542         foreach (@temp)
2543         {
2544                 s/^\s+//g;
2545                 unless (/^#/) { s/\s+//g; }
2546                 if ($_)
2547                 {
2548                         if (/^\./) { $_ = '*'.$_; }
2549                         $proxysettings{'DST_NOAUTH'} .= $_."\n";
2550                 }
2551         }
2552
2553         if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2554         {
2555                 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2556                 undef $proxysettings{'NTLM_ALLOW_USERS'};
2557                 foreach (@temp)
2558                 {
2559                         s/^\s+//g; s/\s+$//g;
2560                         if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2561                 }
2562                 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2563         }
2564
2565         if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2566         {
2567                 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2568                 undef $proxysettings{'NTLM_DENY_USERS'};
2569                 foreach (@temp)
2570                 {
2571                         s/^\s+//g; s/\s+$//g;
2572                         if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2573                 }
2574                 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2575         }
2576
2577         if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2578         {
2579                 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2580                 undef $proxysettings{'IDENT_ALLOW_USERS'};
2581                 foreach (@temp)
2582                 {
2583                         s/^\s+//g; s/\s+$//g;
2584                         if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2585                 }
2586                 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2587         }
2588
2589         if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2590         {
2591                 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2592                 undef $proxysettings{'IDENT_DENY_USERS'};
2593                 foreach (@temp)
2594                 {
2595                         s/^\s+//g; s/\s+$//g;
2596                         if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2597                 }
2598                 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2599         }
2600
2601         if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2602         {
2603                 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2604                 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2605                 foreach (@temp)
2606                 {
2607                         s/^\s+//g; s/\s+$//g;
2608                         if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2609                 }
2610                 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2611         }
2612
2613         if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2614         {
2615                 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2616                 undef $proxysettings{'RADIUS_DENY_USERS'};
2617                 foreach (@temp)
2618                 {
2619                         s/^\s+//g; s/\s+$//g;
2620                         if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2621                 }
2622                 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2623         }
2624
2625         @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2626         undef $proxysettings{'IDENT_HOSTS'};
2627         foreach (@temp)
2628         {
2629                 s/^\s+//g; s/\s+$//g;
2630                 if ($_)
2631                 {
2632                         unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2633                         $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2634                 }
2635         }
2636
2637         @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2638         undef $proxysettings{'CRE_SVHOSTS'};
2639         foreach (@temp)
2640         {
2641                 s/^\s+//g; s/\s+$//g;
2642                 if ($_)
2643                 {
2644                         unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2645                         $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2646                 }
2647         }
2648 }
2649
2650 # -------------------------------------------------------------------
2651
2652 sub write_acls
2653 {
2654         open(FILE, ">$acl_src_subnets");
2655         flock(FILE, 2);
2656         if (!$proxysettings{'SRC_SUBNETS'})
2657         {
2658                 print FILE "$green_cidr\n";
2659                 if ($netsettings{'BLUE_DEV'})
2660                 {
2661                         print FILE "$blue_cidr\n";
2662                 }
2663         } else { print FILE $proxysettings{'SRC_SUBNETS'}; }
2664         close(FILE);
2665
2666         open(FILE, ">$acl_src_banned_ip");
2667         flock(FILE, 2);
2668         print FILE $proxysettings{'SRC_BANNED_IP'};
2669         close(FILE);
2670
2671         open(FILE, ">$acl_src_banned_mac");
2672         flock(FILE, 2);
2673         print FILE $proxysettings{'SRC_BANNED_MAC'};
2674         close(FILE);
2675
2676         open(FILE, ">$acl_src_unrestricted_ip");
2677         flock(FILE, 2);
2678         print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2679         close(FILE);
2680
2681         open(FILE, ">$acl_src_unrestricted_mac");
2682         flock(FILE, 2);
2683         print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2684         close(FILE);
2685
2686         open(FILE, ">$acl_dst_noauth");
2687         flock(FILE, 2);
2688         print FILE $proxysettings{'DST_NOAUTH'};
2689         close(FILE);
2690
2691         open(FILE, ">$acl_dst_noauth_net");
2692         close(FILE);
2693         open(FILE, ">$acl_dst_noauth_dom");
2694         close(FILE);
2695         open(FILE, ">$acl_dst_noauth_url");
2696         close(FILE);
2697
2698         @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2699         foreach(@temp)
2700         {
2701                 unless (/^#/)
2702                 {
2703                         if (/^\*\.\w/)
2704                         {
2705                                 s/^\*//;
2706                                 open(FILE, ">>$acl_dst_noauth_dom");
2707                                 flock(FILE, 2);
2708                                 print FILE "$_\n";
2709                                 close(FILE);
2710                         }
2711                         elsif (&General::validipormask($_))
2712                         {
2713                                 open(FILE, ">>$acl_dst_noauth_net");
2714                                 flock(FILE, 2);
2715                                 print FILE "$_\n";
2716                                 close(FILE);
2717                         }
2718                         elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2719                         {
2720                                 open(FILE, ">>$acl_dst_noauth_net");
2721                                 flock(FILE, 2);
2722                                 print FILE "$_\n";
2723                                 close(FILE);
2724                         }
2725                         else
2726                         {
2727                                 open(FILE, ">>$acl_dst_noauth_url");
2728                                 flock(FILE, 2);
2729                                 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2730                                 close(FILE);
2731                         }
2732                 }
2733         }
2734
2735         open(FILE, ">$acl_dst_nocache");
2736         flock(FILE, 2);
2737         print FILE $proxysettings{'DST_NOCACHE'};
2738         close(FILE);
2739
2740         open(FILE, ">$acl_dst_nocache_net");
2741         close(FILE);
2742         open(FILE, ">$acl_dst_nocache_dom");
2743         close(FILE);
2744         open(FILE, ">$acl_dst_nocache_url");
2745         close(FILE);
2746
2747         @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2748         foreach(@temp)
2749         {
2750                 unless (/^#/)
2751                 {
2752                         if (/^\*\.\w/)
2753                         {
2754                                 s/^\*//;
2755                                 open(FILE, ">>$acl_dst_nocache_dom");
2756                                 flock(FILE, 2);
2757                                 print FILE "$_\n";
2758                                 close(FILE);
2759                         }
2760                         elsif (&General::validipormask($_))
2761                         {
2762                                 open(FILE, ">>$acl_dst_nocache_net");
2763                                 flock(FILE, 2);
2764                                 print FILE "$_\n";
2765                                 close(FILE);
2766                         }
2767                         elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2768                         {
2769                                 open(FILE, ">>$acl_dst_nocache_net");
2770                                 flock(FILE, 2);
2771                                 print FILE "$_\n";
2772                                 close(FILE);
2773                         }
2774                         else
2775                         {
2776                                 open(FILE, ">>$acl_dst_nocache_url");
2777                                 flock(FILE, 2);
2778                                 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2779                                 close(FILE);
2780                         }
2781                 }
2782         }
2783
2784         open(FILE, ">$acl_ports_safe");
2785         flock(FILE, 2);
2786         if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; }
2787         close(FILE);
2788
2789         open(FILE, ">$acl_ports_ssl");
2790         flock(FILE, 2);
2791         if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; }
2792         close(FILE);
2793
2794         open(FILE, ">$acl_dst_throttle");
2795         flock(FILE, 2);
2796         if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2797         {
2798                 @temp = split(/\|/,$throttle_binary);
2799                 foreach (@temp) { print FILE "\\.$_\$\n"; }
2800         }
2801         if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2802         {
2803                 @temp = split(/\|/,$throttle_dskimg);
2804                 foreach (@temp) { print FILE "\\.$_\$\n"; }
2805         }
2806         if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2807         {
2808                 @temp = split(/\|/,$throttle_mmedia);
2809                 foreach (@temp) { print FILE "\\.$_\$\n"; }
2810         }
2811         if (-s $throttled_urls)
2812         {
2813                 open(URLFILE, $throttled_urls);
2814                 @temp = <URLFILE>;
2815                 close(URLFILE);
2816                 foreach (@temp) { print FILE; }
2817         }
2818         close(FILE);
2819
2820         open(FILE, ">$mimetypes");
2821         flock(FILE, 2);
2822         print FILE $proxysettings{'MIME_TYPES'};
2823         close(FILE);
2824
2825         open(FILE, ">$raddir/radauth.allowusers");
2826         flock(FILE, 2);
2827         print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2828         close(FILE);
2829
2830         open(FILE, ">$raddir/radauth.denyusers");
2831         flock(FILE, 2);
2832         print FILE $proxysettings{'RADIUS_DENY_USERS'};
2833         close(FILE);
2834
2835         open(FILE, ">$identdir/identauth.allowusers");
2836         flock(FILE, 2);
2837         print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2838         close(FILE);
2839
2840         open(FILE, ">$identdir/identauth.denyusers");
2841         flock(FILE, 2);
2842         print FILE $proxysettings{'IDENT_DENY_USERS'};
2843         close(FILE);
2844
2845         open(FILE, ">$identhosts");
2846         flock(FILE, 2);
2847         print FILE $proxysettings{'IDENT_HOSTS'};
2848         close(FILE);
2849
2850         open(FILE, ">$cre_groups");
2851         flock(FILE, 2);
2852         print FILE $proxysettings{'CRE_GROUPS'};
2853         close(FILE);
2854
2855         open(FILE, ">$cre_svhosts");
2856         flock(FILE, 2);
2857         print FILE $proxysettings{'CRE_SVHOSTS'};
2858         close(FILE);
2859 }
2860
2861 # -------------------------------------------------------------------
2862
2863 sub writepacfile
2864 {
2865         open(FILE, ">/srv/web/ipfire/html/proxy.pac");
2866         flock(FILE, 2);
2867         print FILE "function FindProxyForURL(url, host)\n";
2868         print FILE "{\n";
2869         if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2870         {
2871                 print FILE <<END
2872 if (
2873      (isPlainHostName(host)) ||
2874      (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
2875 END
2876 ;
2877
2878         if ($netsettings{'GREEN_DEV'}) {
2879                 print FILE "     (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
2880         }
2881
2882         if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
2883                 print FILE "     (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
2884         }
2885
2886         if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
2887                 print FILE "     (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
2888         }
2889
2890         print FILE <<END
2891      (isInNet(host, "169.254.0.0", "255.255.0.0"))
2892    )
2893      return "DIRECT";
2894
2895  else
2896
2897 END
2898 ;
2899                 if ($proxysettings{'ENABLE'} eq 'on')
2900                 {
2901                         print FILE "if (\n";
2902                         print FILE "     (isInNet(myIpAddress(), \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\"))";
2903
2904                         undef @templist;
2905                         if (-e "$acl_src_subnets") {
2906                                 open(SUBNETS,"$acl_src_subnets");
2907                                 @templist = <SUBNETS>;
2908                                 close(SUBNETS);
2909                         }
2910
2911                         foreach (@templist)
2912                         {
2913                                 @temp = split(/\//);
2914                                 if (
2915                                         ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
2916                                         ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
2917                                         )
2918                                 {
2919                                         chomp $temp[1];
2920                                         print FILE " ||\n     (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
2921                                 }
2922                         }
2923
2924                         print FILE "\n";
2925
2926                         print FILE <<END
2927    )
2928      return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2929 END
2930 ;
2931                 }
2932                 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2933                 {
2934                         print FILE "\n else\n\n";
2935                 }
2936                 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2937                 {
2938                         print FILE <<END
2939 if (
2940      (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2941    )
2942      return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2943 END
2944 ;
2945                 }
2946         }
2947         print FILE "}\n";
2948         close(FILE);
2949 }
2950
2951 # -------------------------------------------------------------------
2952
2953 sub writeconfig
2954 {
2955         my $authrealm;
2956         my $delaypools;
2957
2958         if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2959             $proxysettings{'THROTTLING_GREEN_HOST'}  +
2960             $proxysettings{'THROTTLING_BLUE_TOTAL'}  +
2961             $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2962         {
2963                 $delaypools = 1; } else { $delaypools = 0;
2964         }
2965
2966         if ($proxysettings{'AUTH_REALM'} eq '')
2967         {
2968                 $authrealm = "IPFire Advanced Proxy Server";
2969         } else {
2970                 $authrealm = $proxysettings{'AUTH_REALM'};
2971         }
2972
2973         $_ = $proxysettings{'UPSTREAM_PROXY'};
2974         my ($remotehost, $remoteport) = split(/:/,$_);
2975
2976         if ($remoteport eq '') { $remoteport = 80; }
2977
2978         open(FILE, ">${General::swroot}/proxy/squid.conf");
2979         flock(FILE, 2);
2980         print FILE <<END
2981 # Do not modify '${General::swroot}/proxy/squid.conf' directly since any changes
2982 # you make will be overwritten whenever you resave proxy settings using the
2983 # web interface!
2984 #
2985 # Instead, modify the file '$acl_include' and
2986 # then restart the proxy service using the web interface. Changes made to the
2987 # 'include.acl' file will propagate to the 'squid.conf' file at that time.
2988
2989 shutdown_lifetime 5 seconds
2990 icp_port 0
2991
2992 END
2993         ;
2994
2995         # Include file with user defined settings.
2996         if (-e "/etc/squid/squid.conf.pre.local") {
2997                 print FILE "include /etc/squid/squid.conf.pre.local\n\n";
2998         }
2999
3000         print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3001         if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3002         print FILE "\n";
3003
3004         if ($proxysettings{'TRANSPARENT'} eq 'on') {
3005                 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3006                 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3007                 print FILE "\n";
3008         }
3009
3010         if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3011                 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3012                 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3013                 print FILE "\n";
3014
3015                 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
3016                         print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3017                         if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3018                         print FILE "\n";
3019                 }
3020         }
3021
3022         if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0))
3023         {
3024                 print FILE "\n";
3025
3026                 if (!-z $acl_dst_nocache_dom) {
3027                         print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
3028                         print FILE "cache deny no_cache_domains\n";
3029                 }
3030                 if (!-z $acl_dst_nocache_net) {
3031                         print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
3032                         print FILE "cache deny no_cache_ipaddr\n";
3033                 }
3034                 if (!-z $acl_dst_nocache_url) {
3035                         print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
3036                         print FILE "cache deny no_cache_hosts\n";
3037                 }
3038         }
3039
3040         print FILE <<END
3041
3042 cache_effective_user squid
3043 umask 022
3044
3045 pid_filename /var/run/squid.pid
3046
3047 cache_mem $proxysettings{'CACHE_MEM'} MB
3048 END
3049         ;
3050         print FILE "error_directory $errordir/$proxysettings{'ERR_LANGUAGE'}\n\n";
3051
3052         if ($proxysettings{'OFFLINE_MODE'} eq 'on') {  print FILE "offline_mode on\n\n"; }
3053         if ($proxysettings{'CACHE_DIGESTS'} eq 'on') {  print FILE "digest_generation on\n\n"; } else {  print FILE "digest_generation off\n\n"; }
3054
3055         if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
3056         {
3057                 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
3058                 {
3059                         print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
3060                 }
3061                 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
3062                 {
3063                         print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
3064                 }
3065                 print FILE "\n";
3066         }
3067
3068         open (PORTS,"$acl_ports_ssl");
3069         my @ssl_ports = <PORTS>;
3070         close PORTS;
3071
3072         if (@ssl_ports) {
3073                 foreach (@ssl_ports) {
3074                         print FILE "acl SSL_ports port $_";
3075                 }
3076         }
3077
3078         open (PORTS,"$acl_ports_safe");
3079         my @safe_ports = <PORTS>;
3080         close PORTS;
3081
3082         if (@safe_ports) {
3083                 foreach (@safe_ports) {
3084                         print FILE "acl Safe_ports port $_";
3085                 }
3086         }
3087
3088         print FILE <<END
3089
3090 acl IPFire_http  port $http_port
3091 acl IPFire_https port $https_port
3092 acl IPFire_ips              dst $netsettings{'GREEN_ADDRESS'}
3093 acl IPFire_networks         src "$acl_src_subnets"
3094 acl IPFire_servers          dst "$acl_src_subnets"
3095 acl IPFire_green_network    src $green_cidr
3096 acl IPFire_green_servers    dst $green_cidr
3097 END
3098         ;
3099         if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network     src $blue_cidr\n"; }
3100         if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers     dst $blue_cidr\n"; }
3101         if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips       src \"$acl_src_banned_ip\"\n"; }
3102         if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac       arp \"$acl_src_banned_mac\"\n"; }
3103         if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
3104         if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
3105         print FILE <<END
3106 acl CONNECT method CONNECT
3107 END
3108         ;
3109
3110         if ($proxysettings{'CACHE_SIZE'} > 0) {
3111                 print FILE <<END
3112 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3113 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3114
3115 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
3116 END
3117                 ;
3118         } else {
3119                 if ($proxysettings{'CACHE_MEM'} > 0) {
3120                         # always 2% of CACHE_MEM defined as max object size
3121                         print FILE "maximum_object_size_in_memory " . int($proxysettings{'CACHE_MEM'} * 1024 * 0.02) . " KB\n\n";
3122                 } else {
3123                         print FILE "cache deny all\n\n";
3124             }
3125         }
3126
3127         print FILE <<END
3128 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3129 END
3130         ;
3131
3132         if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3133                 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
3134                 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
3135                 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3136                 {
3137                         if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
3138                 }
3139         }
3140
3141         if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
3142         {
3143                 print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
3144         }
3145
3146         if ($proxysettings{'LOGGING'} eq 'on')
3147         {
3148                 print FILE <<END
3149 access_log stdio:/var/log/squid/access.log
3150 cache_log /var/log/squid/cache.log
3151 cache_store_log none
3152 END
3153         ;
3154                 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "access_log stdio:\/var\/log\/squid\/user_agent.log useragent\n"; }
3155                 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
3156         } else {
3157                 print FILE <<END
3158 access_log /dev/null
3159 cache_log /dev/null
3160 cache_store_log none
3161 END
3162         ;}
3163         print FILE <<END
3164
3165 log_mime_hdrs off
3166 END
3167         ;
3168
3169         if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
3170         {
3171                 print FILE "forwarded_for on\n";
3172         } else {
3173                 print FILE "forwarded_for off\n";
3174         }
3175         if ($proxysettings{'FORWARD_VIA'} eq 'on')
3176         {
3177                 print FILE "via on\n";
3178         } else {
3179                 print FILE "via off\n";
3180         }
3181         print FILE "\n";
3182
3183         if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3184         {
3185                 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3186                 {
3187                         print FILE "auth_param basic program $authdir/basic_ncsa_auth $userdb\n";
3188                         print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3189                         print FILE "auth_param basic realm $authrealm\n";
3190                         print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3191                         if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3192                 }
3193
3194                 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
3195                 {
3196                         print FILE "auth_param basic utf8 on\n";
3197                         print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
3198                         if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
3199                         if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
3200                         if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
3201                         {
3202                                 if ($proxysettings{'LDAP_GROUP'} eq '')
3203                                 {
3204                                         print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
3205                                 } else {
3206                                         print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3207                                 }
3208                                 print FILE " -u sAMAccountName -P";
3209                         }
3210                         if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
3211                         {
3212                                 if ($proxysettings{'LDAP_GROUP'} eq '')
3213                                 {
3214                                         print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
3215                                 } else {
3216                                         print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
3217                                 }
3218                                 print FILE " -u cn -P";
3219                         }
3220                         if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
3221                         {
3222                                 if ($proxysettings{'LDAP_GROUP'} eq '')
3223                                 {
3224                                         print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
3225                                 } else {
3226                                         print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3227                                 }
3228                                 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
3229                                 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
3230                                 print FILE " -u uid -P";
3231                         }
3232                         print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
3233                         print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3234                         print FILE "auth_param basic realm $authrealm\n";
3235                         print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3236                         if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3237                 }
3238
3239                 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
3240                 {
3241                         print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp";
3242                         if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3243                                 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3244                                 $ntlm_auth_group =~ s/\\/\+/;
3245
3246                                 print FILE " --require-membership-of=$ntlm_auth_group";
3247                         }
3248                         print FILE "\n";
3249
3250                         print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
3251
3252                         # BASIC authentication
3253                         if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
3254                                 print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic";
3255                                 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3256                                         my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3257                                         $ntlm_auth_group =~ s/\\/\+/;
3258
3259                                         print FILE " --require-membership-of=$ntlm_auth_group";
3260                                 }
3261                                 print FILE "\n";
3262                                 print FILE "auth_param basic children 10\n";
3263                                 print FILE "auth_param basic realm IPFire Web Proxy Server\n";
3264                                 print FILE "auth_param basic credentialsttl 2 hours\n\n";
3265                         }
3266                 }
3267
3268                 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
3269                 {
3270                         print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
3271                         if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
3272                         print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
3273                         print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3274                         print FILE "auth_param basic realm $authrealm\n";
3275                         print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3276                         if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3277                 }
3278
3279                 print FILE "\n";
3280                 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
3281                 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3282                 {
3283                         if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
3284                         {
3285                                 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
3286                         }
3287                         if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
3288                         {
3289                                 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
3290                         }
3291                 }
3292                 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3293                 {
3294                         print FILE "\n";
3295                         if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
3296                         if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
3297                 }
3298                 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
3299                 print FILE "\n";
3300
3301                 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3302                 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3303                 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3304                 print FILE "\n";
3305
3306         }
3307
3308         if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3309         {
3310                 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
3311                 {
3312                         print FILE "acl for_inetusers ident REQUIRED\n";
3313                 }
3314                 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
3315                 {
3316                         if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
3317                         {
3318                                 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
3319                         }
3320                         if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
3321                         {
3322                                 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
3323                         }
3324                 }
3325                 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3326                 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3327                 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3328                 print FILE "\n";
3329         }
3330
3331         if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for