]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
proxy: Drop NTLM authentication
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21 #
22 # (c) 2004-2009 marco.s - http://www.advproxy.net
23 #
24 # This code is distributed under the terms of the GPL
25 #
26 # $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $
27 #
28
29 use strict;
30 use Apache::Htpasswd;
31
32 # enable only the following on debugging purpose
33 #use warnings;
34 #use CGI::Carp 'fatalsToBrowser';
35
36 require '/var/ipfire/general-functions.pl';
37 require "${General::swroot}/lang.pl";
38 require "${General::swroot}/header.pl";
39
40 my @squidversion = `/usr/sbin/squid -v`;
41 my $http_port='81';
42 my $https_port='444';
43
44 my %color = ();
45 my %mainsettings = ();
46 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
47 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
48
49 my %proxysettings=();
50 my %netsettings=();
51 my %filtersettings=();
52 my %xlratorsettings=();
53 my %stdproxysettings=();
54 my %mainsettings=();
55
56 my %checked=();
57 my %selected=();
58
59 my @throttle_limits=(64,128,256,384,512,768,1024,1280,1536,1792,2048,2560,3072,3584,4096,5120,6144,7168,8192,10240,12288,16384,20480);
60 my $throttle_binary="7z|arj|bin|bz2|cab|exe|gz|lzh|rar|sea|tar|tgz|xz|zip";
61 my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi|vmdk";
62 my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|ogg|qt|ra?m|ts|vob";
63
64 my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
65 my $def_ports_ssl="443 # https\n563 # snews\n";
66
67 my @useragent=();
68 my @useragentlist=();
69
70 my $hintcolour='#FFFFCC';
71 my $ncsa_buttontext='';
72 my $language='';
73 my $i=0;
74 my $n=0;
75 my $id=0;
76 my $line='';
77 my $user='';
78 my @userlist=();
79 my @grouplist=();
80 my @temp=();
81 my @templist=();
82
83 my $cachemem=0;
84 my $proxy1='';
85 my $proxy2='';
86 my $browser_regexp='';
87 my $needhup = 0;
88 my $errormessage='';
89
90 my $acldir = "${General::swroot}/proxy/advanced/acls";
91 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
92 my $raddir = "${General::swroot}/proxy/advanced/radius";
93 my $identdir = "${General::swroot}/proxy/advanced/ident";
94 my $credir = "${General::swroot}/proxy/advanced/cre";
95
96 my $userdb = "$ncsadir/passwd";
97 my $stdgrp = "$ncsadir/standard.grp";
98 my $extgrp = "$ncsadir/extended.grp";
99 my $disgrp = "$ncsadir/disabled.grp";
100
101 my $browserdb = "${General::swroot}/proxy/advanced/useragents";
102 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
103 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
104
105 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
106 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
107 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
108
109 my $identhosts = "$identdir/hosts";
110
111 my $authdir = "/usr/lib/squid/";
112 my $errordir = "/usr/lib/squid/errors";
113
114 my $acl_src_subnets = "$acldir/src_subnets.acl";
115 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
116 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
117 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
118 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
119 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
120 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
121 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
122 my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
123 my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
124 my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
125 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
126 my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
127 my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
128 my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
129 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
130 my $acl_ports_safe = "$acldir/ports_safe.acl";
131 my $acl_ports_ssl = "$acldir/ports_ssl.acl";
132 my $acl_include = "$acldir/include.acl";
133
134 my $updaccelversion = 'n/a';
135 my $urlfilterversion = 'n/a';
136
137 unless (-d "$acldir") { mkdir("$acldir"); }
138 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
139 unless (-d "$raddir") { mkdir("$raddir"); }
140 unless (-d "$identdir") { mkdir("$identdir"); }
141 unless (-d "$credir") { mkdir("$credir"); }
142
143 unless (-e $cre_groups) { system("touch $cre_groups"); }
144 unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
145
146 unless (-e $userdb) { system("touch $userdb"); }
147 unless (-e $stdgrp) { system("touch $stdgrp"); }
148 unless (-e $extgrp) { system("touch $extgrp"); }
149 unless (-e $disgrp) { system("touch $disgrp"); }
150
151 unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
152 unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
153 unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
154 unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
155 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
156 unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
157 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
158 unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
159 unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
160 unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
161 unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
162 unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
163 unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
164 unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
165 unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
166 unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
167 unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
168 unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); }
169 unless (-e $acl_include) { system("touch $acl_include"); }
170
171 unless (-e $browserdb) { system("touch $browserdb"); }
172 unless (-e $mimetypes) { system("touch $mimetypes"); }
173
174 my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
175
176 open FILE, $browserdb;
177 @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
178 close(FILE);
179
180 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
181 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
182
183 my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
184 my $blue_cidr = "";
185 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
186 $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
187 }
188
189 &Header::showhttpheaders();
190
191 $proxysettings{'ACTION'} = '';
192 $proxysettings{'VALID'} = '';
193
194 $proxysettings{'ENABLE'} = 'off';
195 $proxysettings{'ENABLE_BLUE'} = 'off';
196 $proxysettings{'TRANSPARENT'} = 'off';
197 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
198 $proxysettings{'PROXY_PORT'} = '800';
199 $proxysettings{'TRANSPARENT_PORT'} = '3128';
200 $proxysettings{'VISIBLE_HOSTNAME'} = '';
201 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
202 $proxysettings{'ADMIN_PASSWORD'} = '';
203 $proxysettings{'ERR_LANGUAGE'} = 'German';
204 $proxysettings{'ERR_DESIGN'} = 'ipfire';
205 $proxysettings{'SUPPRESS_VERSION'} = 'off';
206 $proxysettings{'FORWARD_VIA'} = 'off';
207 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
208 $proxysettings{'FORWARD_USERNAME'} = 'off';
209 $proxysettings{'NO_CONNECTION_AUTH'} = 'off';
210 $proxysettings{'UPSTREAM_PROXY'} = '';
211 $proxysettings{'UPSTREAM_USER'} = '';
212 $proxysettings{'UPSTREAM_PASSWORD'} = '';
213 $proxysettings{'LOGGING'} = 'off';
214 $proxysettings{'CACHEMGR'} = 'off';
215 $proxysettings{'LOGQUERY'} = 'off';
216 $proxysettings{'LOGUSERAGENT'} = 'off';
217 $proxysettings{'FILEDESCRIPTORS'} = '16384';
218 $proxysettings{'CACHE_MEM'} = '2';
219 $proxysettings{'CACHE_SIZE'} = '50';
220 $proxysettings{'MAX_SIZE'} = '4096';
221 $proxysettings{'MIN_SIZE'} = '0';
222 $proxysettings{'MEM_POLICY'} = 'LRU';
223 $proxysettings{'CACHE_POLICY'} = 'LRU';
224 $proxysettings{'L1_DIRS'} = '16';
225 $proxysettings{'OFFLINE_MODE'} = 'off';
226 $proxysettings{'CACHE_DIGESTS'} = 'off';
227 $proxysettings{'CLASSROOM_EXT'} = 'off';
228 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
229 $proxysettings{'NO_PROXY_LOCAL'} = 'off';
230 $proxysettings{'NO_PROXY_LOCAL_BLUE'} = 'off';
231 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
232 $proxysettings{'TIME_FROM_HOUR'} = '00';
233 $proxysettings{'TIME_FROM_MINUTE'} = '00';
234 $proxysettings{'TIME_TO_HOUR'} = '24';
235 $proxysettings{'TIME_TO_MINUTE'} = '00';
236 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
237 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
238 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
239 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
240 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
241 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
242 $proxysettings{'THROTTLE_BINARY'} = 'off';
243 $proxysettings{'THROTTLE_DSKIMG'} = 'off';
244 $proxysettings{'THROTTLE_MMEDIA'} = 'off';
245 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
246 $proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
247 $proxysettings{'FAKE_USERAGENT'} = '';
248 $proxysettings{'FAKE_REFERER'} = '';
249 $proxysettings{'AUTH_METHOD'} = 'none';
250 $proxysettings{'AUTH_REALM'} = '';
251 $proxysettings{'AUTH_MAX_USERIP'} = '';
252 $proxysettings{'AUTH_CACHE_TTL'} = '60';
253 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
254 $proxysettings{'AUTH_CHILDREN'} = '5';
255 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
256 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
257 $proxysettings{'NCSA_USERNAME'} = '';
258 $proxysettings{'NCSA_GROUP'} = '';
259 $proxysettings{'NCSA_PASS'} = '';
260 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
261 $proxysettings{'LDAP_BASEDN'} = '';
262 $proxysettings{'LDAP_TYPE'} = 'ADS';
263 $proxysettings{'LDAP_SERVER'} = '';
264 $proxysettings{'LDAP_PORT'} = '389';
265 $proxysettings{'LDAP_BINDDN_USER'} = '';
266 $proxysettings{'LDAP_BINDDN_PASS'} = '';
267 $proxysettings{'LDAP_GROUP'} = '';
268 $proxysettings{'NTLM_AUTH_GROUP'} = '';
269 $proxysettings{'NTLM_AUTH_BASIC'} = 'off';
270 $proxysettings{'NTLM_DOMAIN'} = '';
271 $proxysettings{'NTLM_PDC'} = '';
272 $proxysettings{'NTLM_BDC'} = '';
273 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
274 $proxysettings{'NTLM_USER_ACL'} = 'positive';
275 $proxysettings{'RADIUS_SERVER'} = '';
276 $proxysettings{'RADIUS_PORT'} = '1812';
277 $proxysettings{'RADIUS_IDENTIFIER'} = '';
278 $proxysettings{'RADIUS_SECRET'} = '';
279 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
280 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
281 $proxysettings{'IDENT_REQUIRED'} = 'off';
282 $proxysettings{'IDENT_TIMEOUT'} = '10';
283 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
284 $proxysettings{'IDENT_USER_ACL'} = 'positive';
285 $proxysettings{'ENABLE_FILTER'} = 'off';
286 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
287 $proxysettings{'ENABLE_CLAMAV'} = 'off';
288
289 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
290
291 &Header::getcgihash(\%proxysettings);
292
293 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
294 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
295 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
296 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
297
298 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
299 {
300 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
301 }
302
303 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
304 {
305 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
306 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
307 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
308 }
309 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
310 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
311 }
312 if ($proxysettings{'NCSA_USERNAME'} eq '') {
313 $errormessage = $Lang::tr{'advproxy errmsg no username'};
314 }
315 if (!$errormessage) {
316 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
317 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
318 }
319 $proxysettings{'NCSA_USERNAME'} = '';
320 $proxysettings{'NCSA_GROUP'} = '';
321 $proxysettings{'NCSA_PASS'} = '';
322 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
323 }
324
325 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
326 {
327 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
328 &deluser($proxysettings{'ID'});
329 }
330
331 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
332 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
333 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
334
335 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
336 {
337 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
338 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
339 @temp = split(/:/,$proxysettings{'ID'});
340 $proxysettings{'NCSA_USERNAME'} = $temp[0];
341 $proxysettings{'NCSA_GROUP'} = $temp[1];
342 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
343 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
344 }
345
346 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
347 {
348 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
349 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
350 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
351 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
352 $errormessage = $Lang::tr{'invalid input'};
353 goto ERROR;
354 }
355 if($proxysettings{'CACHE_MEM'} > $proxysettings{'CACHE_SIZE'} && $proxysettings{'CACHE_SIZE'} > 0){
356 $errormessage = $Lang::tr{'advproxy errmsg cache'}." ".$proxysettings{'CACHE_MEM'}." > ".$proxysettings{'CACHE_SIZE'};
357 goto ERROR;
358 }
359
360 if (!(&General::validport($proxysettings{'PROXY_PORT'})))
361 {
362 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
363 goto ERROR;
364 }
365 if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
366 {
367 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
368 goto ERROR;
369 }
370 if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
371 $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
372 goto ERROR;
373 }
374 if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
375 {
376 my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
377 if (!(&General::validip($temp[0])))
378 {
379 if (!(&General::validdomainname($temp[0])))
380 {
381 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
382 goto ERROR;
383 }
384 }
385 }
386 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
387 ($proxysettings{'CACHE_SIZE'} < 10))
388 {
389 if (!($proxysettings{'CACHE_SIZE'} eq '0'))
390 {
391 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
392 goto ERROR;
393 }
394 }
395 if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
396 ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576))
397 {
398 $errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
399 goto ERROR;
400 }
401 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/))
402 {
403 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
404 goto ERROR;
405 }
406 my @free = `/usr/bin/free`;
407 $free[1] =~ m/(\d+)/;
408 $cachemem = int $1 / 2048;
409 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
410 $proxysettings{'CACHE_MEM'} = $cachemem;
411 }
412 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
413 {
414 $errormessage = $Lang::tr{'invalid maximum object size'};
415 goto ERROR;
416 }
417 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
418 {
419 $errormessage = $Lang::tr{'invalid minimum object size'};
420 goto ERROR;
421 }
422 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
423 {
424 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
425 goto ERROR;
426 }
427 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
428 {
429 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
430 goto ERROR;
431 }
432 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
433 {
434 $errormessage = $Lang::tr{'invalid maximum incoming size'};
435 goto ERROR;
436 }
437 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
438 {
439 $browser_regexp = '';
440 foreach (@useragentlist)
441 {
442 chomp;
443 @useragent = split(/,/);
444 if ($proxysettings{'UA_'.$useragent[0]} eq 'on') { $browser_regexp .= "$useragent[2]|"; }
445 }
446 chop($browser_regexp);
447 if (!$browser_regexp)
448 {
449 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
450 goto ERROR;
451 }
452 }
453 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
454 {
455 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
456 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
457 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
458 {
459 if ($netsettings{'BLUE_DEV'})
460 {
461 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
462 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
463 {
464 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
465 goto ERROR;
466 }
467 } else {
468 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
469 {
470 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
471 goto ERROR;
472 }
473 }
474 }
475 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
476 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
477 {
478 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
479 goto ERROR;
480 }
481 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
482 {
483 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
484 goto ERROR;
485 }
486 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
487 {
488 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
489 goto ERROR;
490 }
491 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
494 goto ERROR;
495 }
496 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
497 {
498 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
499 goto ERROR;
500 }
501 }
502 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
503 {
504 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
505 {
506 $errormessage = $Lang::tr{'advproxy errmsg password length'};
507 goto ERROR;
508 }
509 }
510 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
511 {
512 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
513 {
514 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
515 goto ERROR;
516 }
517 }
518 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
519 {
520 if ($proxysettings{'LDAP_BASEDN'} eq '')
521 {
522 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
523 goto ERROR;
524 }
525 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
526 {
527 if (!&General::validdomainname($proxysettings{'LDAP_SERVER'}))
528 {
529 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
530 goto ERROR;
531 }
532 }
533 if (!&General::validport($proxysettings{'LDAP_PORT'}))
534 {
535 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
536 goto ERROR;
537 }
538 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
539 {
540 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
541 {
542 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
543 goto ERROR;
544 }
545 }
546 }
547 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
548 {
549 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
550 {
551 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
552 goto ERROR;
553 }
554 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
555 {
556 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
557 goto ERROR;
558 }
559 if ($proxysettings{'RADIUS_SECRET'} eq '')
560 {
561 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
562 goto ERROR;
563 }
564 }
565
566 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
567 $proxy1 = 'YES';
568 $proxy2 = 'YES';
569 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
570 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
571 if ($proxysettings{'UPSTREAM_USER'} eq 'PASS') {$proxy1=$proxy2='PASS'; $proxysettings{'UPSTREAM_PASSWORD'} = '';}
572 if (($proxy1 ne $proxy2))
573 {
574 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
575 goto ERROR;
576 }
577
578 ERROR:
579 &check_acls;
580
581 if ($errormessage) {
582 $proxysettings{'VALID'} = 'no'; }
583 else {
584 $proxysettings{'VALID'} = 'yes'; }
585
586 if ($proxysettings{'VALID'} eq 'yes')
587 {
588 &write_acls;
589
590 delete $proxysettings{'SRC_SUBNETS'};
591 delete $proxysettings{'SRC_BANNED_IP'};
592 delete $proxysettings{'SRC_BANNED_MAC'};
593 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
594 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
595 delete $proxysettings{'DST_NOCACHE'};
596 delete $proxysettings{'DST_NOAUTH'};
597 delete $proxysettings{'PORTS_SAFE'};
598 delete $proxysettings{'PORTS_SSL'};
599 delete $proxysettings{'MIME_TYPES'};
600 delete $proxysettings{'NTLM_ALLOW_USERS'};
601 delete $proxysettings{'NTLM_DENY_USERS'};
602 delete $proxysettings{'RADIUS_ALLOW_USERS'};
603 delete $proxysettings{'RADIUS_DENY_USERS'};
604 delete $proxysettings{'IDENT_HOSTS'};
605 delete $proxysettings{'IDENT_ALLOW_USERS'};
606 delete $proxysettings{'IDENT_DENY_USERS'};
607
608 delete $proxysettings{'CRE_GROUPS'};
609 delete $proxysettings{'CRE_SVHOSTS'};
610
611 delete $proxysettings{'NCSA_USERNAME'};
612 delete $proxysettings{'NCSA_GROUP'};
613 delete $proxysettings{'NCSA_PASS'};
614 delete $proxysettings{'NCSA_PASS_CONFIRM'};
615
616 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
617 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
618 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
619 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
620 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
621 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
622 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
623
624 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
625 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
626
627 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
628
629 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
630 $stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
631 $stdproxysettings{'UPSTREAM_PROXY'} = $proxysettings{'UPSTREAM_PROXY'};
632 $stdproxysettings{'UPSTREAM_USER'} = $proxysettings{'UPSTREAM_USER'};
633 $stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
634 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
635 $stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
636 $stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
637 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
638
639 &writeconfig;
640 &writepacfile;
641
642 if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
643
644 system ('/usr/local/bin/squidctrl', 'disable');
645 unlink "${General::swroot}/proxy/enable";
646 unlink "${General::swroot}/proxy/transparent";
647 unlink "${General::swroot}/proxy/enable_blue";
648 unlink "${General::swroot}/proxy/transparent_blue";
649
650 if ($proxysettings{'ENABLE'} eq 'on') {
651 system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
652 system ('/usr/local/bin/squidctrl', 'enable'); }
653 if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
654 system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
655 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
656 system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
657 system ('/usr/local/bin/squidctrl', 'enable'); }
658 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
659 system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
660
661 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
662 if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
663 }
664 }
665
666 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
667 {
668 system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
669 }
670
671 if (!$errormessage)
672 {
673 if (-e "${General::swroot}/proxy/advanced/settings") {
674 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
675 } elsif (-e "${General::swroot}/proxy/settings") {
676 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
677 }
678 &read_acls;
679 }
680
681 # ------------------------------------------------------------------
682
683 # Hook to regenerate the configuration files, if cgi got called from command line.
684 if ($ENV{"REMOTE_ADDR"} eq "") {
685 writeconfig();
686 exit(0);
687 }
688
689 # -------------------------------------------------------------------
690
691 $checked{'ENABLE'}{'off'} = '';
692 $checked{'ENABLE'}{'on'} = '';
693 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
694
695 $checked{'TRANSPARENT'}{'off'} = '';
696 $checked{'TRANSPARENT'}{'on'} = '';
697 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
698
699 $checked{'ENABLE_BLUE'}{'off'} = '';
700 $checked{'ENABLE_BLUE'}{'on'} = '';
701 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
702
703 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
704 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
705 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
706
707 $checked{'SUPPRESS_VERSION'}{'off'} = '';
708 $checked{'SUPPRESS_VERSION'}{'on'} = '';
709 $checked{'SUPPRESS_VERSION'}{$proxysettings{'SUPPRESS_VERSION'}} = "checked='checked'";
710
711 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
712 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
713 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
714 $checked{'FORWARD_USERNAME'}{'off'} = '';
715 $checked{'FORWARD_USERNAME'}{'on'} = '';
716 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
717 $checked{'FORWARD_VIA'}{'off'} = '';
718 $checked{'FORWARD_VIA'}{'on'} = '';
719 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
720 $checked{'NO_CONNECTION_AUTH'}{'off'} = '';
721 $checked{'NO_CONNECTION_AUTH'}{'on'} = '';
722 $checked{'NO_CONNECTION_AUTH'}{$proxysettings{'NO_CONNECTION_AUTH'}} = "checked='checked'";
723
724 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
725 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
726 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
727 $checked{'OFFLINE_MODE'}{'off'} = '';
728 $checked{'OFFLINE_MODE'}{'on'} = '';
729 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
730 $checked{'CACHE_DIGESTS'}{'off'} = '';
731 $checked{'CACHE_DIGESTS'}{'on'} = '';
732 $checked{'CACHE_DIGESTS'}{$proxysettings{'CACHE_DIGESTS'}} = "checked='checked'";
733
734 $checked{'LOGGING'}{'off'} = '';
735 $checked{'LOGGING'}{'on'} = '';
736 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
737 $checked{'CACHEMGR'}{'off'} = '';
738 $checked{'CACHEMGR'}{'on'} = '';
739 $checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
740 $checked{'LOGQUERY'}{'off'} = '';
741 $checked{'LOGQUERY'}{'on'} = '';
742 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
743 $checked{'LOGUSERAGENT'}{'off'} = '';
744 $checked{'LOGUSERAGENT'}{'on'} = '';
745 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
746
747 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
748 $selected{'ERR_DESIGN'}{$proxysettings{'ERR_DESIGN'}} = "selected='selected'";
749
750 $checked{'NO_PROXY_LOCAL'}{'off'} = '';
751 $checked{'NO_PROXY_LOCAL'}{'on'} = '';
752 $checked{'NO_PROXY_LOCAL'}{$proxysettings{'NO_PROXY_LOCAL'}} = "checked='checked'";
753 $checked{'NO_PROXY_LOCAL_BLUE'}{'off'} = '';
754 $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} = '';
755 $checked{'NO_PROXY_LOCAL_BLUE'}{$proxysettings{'NO_PROXY_LOCAL_BLUE'}} = "checked='checked'";
756
757 $checked{'CLASSROOM_EXT'}{'off'} = '';
758 $checked{'CLASSROOM_EXT'}{'on'} = '';
759 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
760
761 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
762 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
763 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
764 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
765 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
766
767 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
768 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
769 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
770 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
771 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
772 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
773 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
774
775 $checked{'TIME_MON'}{'off'} = '';
776 $checked{'TIME_MON'}{'on'} = '';
777 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
778 $checked{'TIME_TUE'}{'off'} = '';
779 $checked{'TIME_TUE'}{'on'} = '';
780 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
781 $checked{'TIME_WED'}{'off'} = '';
782 $checked{'TIME_WED'}{'on'} = '';
783 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
784 $checked{'TIME_THU'}{'off'} = '';
785 $checked{'TIME_THU'}{'on'} = '';
786 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
787 $checked{'TIME_FRI'}{'off'} = '';
788 $checked{'TIME_FRI'}{'on'} = '';
789 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
790 $checked{'TIME_SAT'}{'off'} = '';
791 $checked{'TIME_SAT'}{'on'} = '';
792 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
793 $checked{'TIME_SUN'}{'off'} = '';
794 $checked{'TIME_SUN'}{'on'} = '';
795 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
796
797 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
798 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
799 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
800 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
801
802 $checked{'THROTTLE_BINARY'}{'off'} = '';
803 $checked{'THROTTLE_BINARY'}{'on'} = '';
804 $checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
805 $checked{'THROTTLE_DSKIMG'}{'off'} = '';
806 $checked{'THROTTLE_DSKIMG'}{'on'} = '';
807 $checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
808 $checked{'THROTTLE_MMEDIA'}{'off'} = '';
809 $checked{'THROTTLE_MMEDIA'}{'on'} = '';
810 $checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
811
812 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
813 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
814 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
815
816 $checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
817 $checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
818 $checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
819
820 foreach (@useragentlist) {
821 @useragent = split(/,/);
822 $checked{'UA_'.$useragent[0]}{'off'} = '';
823 $checked{'UA_'.$useragent[0]}{'on'} = '';
824 $checked{'UA_'.$useragent[0]}{$proxysettings{'UA_'.$useragent[0]}} = "checked='checked'";
825 }
826
827 $checked{'AUTH_METHOD'}{'none'} = '';
828 $checked{'AUTH_METHOD'}{'ncsa'} = '';
829 $checked{'AUTH_METHOD'}{'ident'} = '';
830 $checked{'AUTH_METHOD'}{'ldap'} = '';
831 $checked{'AUTH_METHOD'}{'ntlm-auth'} = '';
832 $checked{'AUTH_METHOD'}{'radius'} = '';
833 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
834
835 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
836
837 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
838 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
839 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
840
841 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
842 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
843 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
844
845 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
846
847 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
848
849 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
850
851 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
852 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
853 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
854
855 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
856 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
857 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
858
859 $checked{'NTLM_USER_ACL'}{'positive'} = '';
860 $checked{'NTLM_USER_ACL'}{'negative'} = '';
861 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
862
863 $checked{'NTLM_AUTH_BASIC'}{'on'} = '';
864 $checked{'NTLM_AUTH_BASIC'}{'off'} = '';
865 $checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'";
866
867 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
868 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
869 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
870
871 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
872 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
873 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
874
875 $checked{'IDENT_REQUIRED'}{'off'} = '';
876 $checked{'IDENT_REQUIRED'}{'on'} = '';
877 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
878
879 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
880 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
881 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
882
883 $checked{'IDENT_USER_ACL'}{'positive'} = '';
884 $checked{'IDENT_USER_ACL'}{'negative'} = '';
885 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
886
887 $checked{'ENABLE_FILTER'}{'off'} = '';
888 $checked{'ENABLE_FILTER'}{'on'} = '';
889 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
890
891 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
892 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
893 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
894
895 $checked{'ENABLE_CLAMAV'}{'off'} = '';
896 $checked{'ENABLE_CLAMAV'}{'on'} = '';
897 $checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
898
899 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
900
901 &Header::openbigbox('100%', 'left', '', $errormessage);
902
903 if ($errormessage) {
904 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
905 print "<font class='base'>$errormessage&nbsp;</font>\n";
906 &Header::closebox();
907 }
908
909 if ($squidversion[0] =~ /^Squid\sCache:\sVersion\s/i)
910 {
911 $squidversion[0] =~ s/^Squid\sCache:\sVersion//i;
912 $squidversion[0] =~ s/^\s+//g;
913 $squidversion[0] =~ s/\s+$//g;
914 } else {
915 $squidversion[0] = $Lang::tr{'advproxy unknown'};
916 }
917
918 # ===================================================================
919 # Main settings
920 # ===================================================================
921
922 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
923
924 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
925
926 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
927
928 print <<END
929 <table width='100%'>
930 <tr>
931 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
932 </tr>
933 <tr>
934 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
935 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
936 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
937 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
938 </tr>
939 <tr>
940 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
941 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
942 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
943 <td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
944 </tr>
945 <tr>
946 END
947 ;
948 if ($netsettings{'BLUE_DEV'}) {
949 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
950 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
951 } else {
952 print "<td colspan='2'>&nbsp;</td>";
953 }
954 print <<END
955 <td class='base'>$Lang::tr{'advproxy visible hostname'}:</td>
956 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
957 </tr>
958 <tr>
959 END
960 ;
961 if ($netsettings{'BLUE_DEV'}) {
962 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
963 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
964 } else {
965 print "<td colspan='2'>&nbsp;</td>";
966 }
967 print <<END
968 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
969 <td class='base'>
970 <select name='ERR_LANGUAGE'>
971 END
972 ;
973 foreach (<$errordir/*>) {
974 if (-d) {
975 $language = substr($_,rindex($_,"/")+1);
976 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
977 }
978 }
979 print <<END
980 </select>
981 </td>
982 </tr>
983 <tr>
984 <td class='base'>$Lang::tr{'advproxy suppress version'}:</td>
985 <td><input type='checkbox' name='SUPPRESS_VERSION' $checked{'SUPPRESS_VERSION'}{'on'} /></td>
986 <td class='base'>$Lang::tr{'advproxy error design'}:</td>
987 <td class='base'><select name='ERR_DESIGN'>
988 <option value='ipfire' $selected{'ERR_DESIGN'}{'ipfire'}>IPFire</option>
989 <option value='squid' $selected{'ERR_DESIGN'}{'squid'}>$Lang::tr{'advproxy standard'}</option>
990 </select></td>
991 </tr>
992 <tr>
993 <td class='base'>$Lang::tr{'advproxy squid version'}:</td>
994 <td class='base'>&nbsp;[<font color='$Header::colourred'> $squidversion[0] </font>]</td>
995 <td>&nbsp;</td>
996 <td>&nbsp;</td>
997 </tr>
998 </table>
999 <hr size='1'>
1000 <table width='100%'>
1001 END
1002 ;
1003 if ( -e "/usr/bin/squidclamav" ) {
1004 print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
1005 if ( ! -e "/var/run/clamav/clamd.pid" ){
1006 print "<font color='red'>clamav not running</font><br /><br />";
1007 $proxysettings{'ENABLE_CLAMAV'} = 'off';
1008 }
1009 else {
1010 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
1011 }
1012 print "</td>";
1013 } else {
1014 print "<td></td>";
1015 }
1016 print "<td class='base'><a href='/cgi-bin/urlfilter.cgi'><b>".$Lang::tr{'advproxy url filter'}."</a></b><br />";
1017 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_FILTER' ".$checked{'ENABLE_FILTER'}{'on'}." /><br />";
1018 print "</td>";
1019 print "<td class='base'><a href='/cgi-bin/updatexlrator.cgi'><b>".$Lang::tr{'advproxy update accelerator'}."</a></b><br />";
1020 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_UPDXLRATOR' ".$checked{'ENABLE_UPDXLRATOR'}{'on'}." /><br />";
1021 print "</td></tr>";
1022 print <<END
1023 </table>
1024 <hr size='1'>
1025 <table width='100%'>
1026 <tr>
1027 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
1028 </tr>
1029 <tr>
1030 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}:</td>
1031 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
1032 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}:</td>
1033 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
1034 </tr>
1035 <tr>
1036 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}:</td>
1037 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
1038 <td class='base'>$Lang::tr{'advproxy upstream username'}:</td>
1039 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
1040 </tr>
1041 <tr>
1042 <td class='base'>$Lang::tr{'advproxy username forwarding'}:</td>
1043 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
1044 <td class='base'>$Lang::tr{'advproxy upstream password'}:</td>
1045 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
1046 </tr>
1047 <tr>
1048 <td class='base'>$Lang::tr{'advproxy no connection auth'}:</td>
1049 <td><input type='checkbox' name='NO_CONNECTION_AUTH' $checked{'NO_CONNECTION_AUTH'}{'on'} /></td>
1050 <td>&nbsp;</td>
1051 <td>&nbsp;</td>
1052 </tr>
1053 </table>
1054 <hr size='1'>
1055 <table width='100%'>
1056 <tr>
1057 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
1058 </tr>
1059 <tr>
1060 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
1061 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
1062 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
1063 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
1064 </tr>
1065 <tr>
1066 <td>&nbsp;</td>
1067 <td>&nbsp;</td>
1068 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
1069 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
1070 </tr>
1071 </table>
1072 <hr size='1'>
1073 <table width='100%'>
1074 <tr>
1075 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
1076 </tr>
1077 <tr>
1078 <td class='base'><a href='/cgi-bin/cachemgr.cgi' target='_blank'>$Lang::tr{'proxy cachemgr'}:</td>
1079 <td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
1080 <td class='base'>$Lang::tr{'advproxy admin mail'}:</td>
1081 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
1082 </tr>
1083 <tr>
1084 <td class='base'>$Lang::tr{'proxy filedescriptors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1085 <td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
1086 <td class='base'>$Lang::tr{'proxy admin password'}:</td>
1087 <td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
1088 </tr>
1089 <tr>
1090 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1091 </tr>
1092 <tr>
1093 <td class='base'>$Lang::tr{'advproxy ram cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1094 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
1095 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1096 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
1097 </tr>
1098 <tr>
1099 <td class='base'>$Lang::tr{'advproxy min size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1100 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
1101 <td class='base'>$Lang::tr{'advproxy max size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1102 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
1103 </tr>
1104 <tr>
1105 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
1106 <td class='base'><select name='L1_DIRS'>
1107 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
1108 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
1109 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
1110 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
1111 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
1112 </select></td>
1113 <td colspan='2' rowspan= '5' valign='top' class='base'>
1114 <table cellspacing='0' cellpadding='0'>
1115 <tr>
1116 <!-- intentionally left empty -->
1117 </tr>
1118 <tr>
1119 <td>$Lang::tr{'advproxy no cache sites'}:</td>
1120 </tr>
1121 <tr>
1122 <!-- intentionally left empty -->
1123 </tr>
1124 <tr>
1125 <!-- intentionally left empty -->
1126 </tr>
1127 <tr>
1128 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
1129 END
1130 ;
1131
1132 print $proxysettings{'DST_NOCACHE'};
1133
1134 print <<END
1135 </textarea></td>
1136 </tr>
1137 </table>
1138 </td>
1139 </tr>
1140 <tr>
1141 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
1142 <td class='base'><select name='MEM_POLICY'>
1143 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
1144 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1145 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
1146 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
1147 </select></td>
1148 </tr>
1149 <tr>
1150 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1151 <td class='base'><select name='CACHE_POLICY'>
1152 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1153 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1154 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1155 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1156 </select></td>
1157 </tr>
1158 <tr>
1159 <td colspan='2'>&nbsp;</td>
1160 </tr>
1161 <tr>
1162 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1163 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1164 </tr>
1165 <tr>
1166 <td class='base'>$Lang::tr{'advproxy cache-digest'}:</td>
1167 <td><input type='checkbox' name='CACHE_DIGESTS' $checked{'CACHE_DIGESTS'}{'on'} /></td>
1168 </tr>
1169 </table>
1170 <hr size='1'>
1171 <table width='100%'>
1172 <tr>
1173 <td colspan='4'><b>$Lang::tr{'advproxy destination ports'}</b></td>
1174 </tr>
1175 <tr>
1176 <td width='25%' align='center'></td> <td width='20%' align='center'></td><td width='25%' align='center'></td><td width='30%' align='center'></td>
1177 </tr>
1178 <tr>
1179 <td colspan='2' class='base'>$Lang::tr{'advproxy standard ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1180 <td colspan='2' class='base'>$Lang::tr{'advproxy ssl ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1181 </tr>
1182 <tr>
1183 <td colspan='2'><textarea name='PORTS_SAFE' cols='32' rows='6' wrap='off'>
1184 END
1185 ;
1186 if (!$proxysettings{'PORTS_SAFE'}) { print $def_ports_safe; } else { print $proxysettings{'PORTS_SAFE'}; }
1187
1188 print <<END
1189 </textarea></td>
1190 <td colspan='2'><textarea name='PORTS_SSL' cols='32' rows='6' wrap='off'>
1191 END
1192 ;
1193 if (!$proxysettings{'PORTS_SSL'}) { print $def_ports_ssl; } else { print $proxysettings{'PORTS_SSL'}; }
1194
1195 print <<END
1196 </textarea></td>
1197 </tr>
1198 </table>
1199 <hr size='1'>
1200 <table width='100%'>
1201 <tr>
1202 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1203 </tr>
1204 <tr>
1205 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1206 </tr>
1207 <tr>
1208 <td colspan='4' class='base'>$Lang::tr{'advproxy allowed subnets'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1209 </tr>
1210 <tr>
1211 <td colspan='2' rowspan='4'><textarea name='SRC_SUBNETS' cols='32' rows='3' wrap='off'>
1212 END
1213 ;
1214
1215 if (!$proxysettings{'SRC_SUBNETS'})
1216 {
1217 print "$green_cidr\n";
1218 if ($netsettings{'BLUE_DEV'})
1219 {
1220 print "$blue_cidr\n";
1221 }
1222 } else { print $proxysettings{'SRC_SUBNETS'}; }
1223
1224 print <<END
1225 </textarea></td>
1226 END
1227 ;
1228
1229 $line = $Lang::tr{'advproxy no internal proxy on green'};
1230 $line =~ s/Green/<font color="$Header::colourgreen">Green<\/font>/i;
1231 print "<td class='base'>$line:</td>\n";
1232 print <<END
1233 <td><input type='checkbox' name='NO_PROXY_LOCAL' $checked{'NO_PROXY_LOCAL'}{'on'} /></td>
1234 </tr>
1235 END
1236 ;
1237 if ($netsettings{'BLUE_DEV'}) {
1238 $line = $Lang::tr{'advproxy no internal proxy on blue'};
1239 $line =~ s/Blue/<font color="$Header::colourblue">Blue<\/font>/i;
1240 print "<tr>\n";
1241 print "<td class='base'>$line:</td>\n";
1242 print <<END
1243 <td><input type='checkbox' name='NO_PROXY_LOCAL_BLUE' $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} /></td>
1244 </tr>
1245 END
1246 ;
1247 }
1248 print <<END
1249 <tr>
1250 <td colspan='2'>&nbsp;</td>
1251 </tr>
1252 <tr>
1253 <td colspan='2'>&nbsp;</td>
1254 </tr>
1255 </table>
1256 <table width='100%'>
1257 <tr>
1258 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1259 </tr>
1260 <tr>
1261 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:</td>
1262 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:</td>
1263 </tr>
1264 <tr>
1265 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='3' wrap='off'>
1266 END
1267 ;
1268
1269 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1270
1271 print <<END
1272 </textarea></td>
1273 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='3' wrap='off'>
1274 END
1275 ;
1276
1277 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1278
1279 print <<END
1280 </textarea></td>
1281 </tr>
1282 </table>
1283 <table width='100%'>
1284 <tr>
1285 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1286 </tr>
1287 <tr>
1288 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:</td>
1289 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:</td>
1290 </tr>
1291 <tr>
1292 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='3' wrap='off'>
1293 END
1294 ;
1295
1296 print $proxysettings{'SRC_BANNED_IP'};
1297
1298 print <<END
1299 </textarea></td>
1300 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='3' wrap='off'>
1301 END
1302 ;
1303
1304 print $proxysettings{'SRC_BANNED_MAC'};
1305
1306 print <<END
1307 </textarea></td>
1308 </tr>
1309 </table>
1310
1311 <hr size='1'>
1312
1313 END
1314 ;
1315 # -------------------------------------------------------------------
1316 # CRE GUI - optional
1317 # -------------------------------------------------------------------
1318
1319 if (-e $cre_enabled) { print <<END
1320 <table width='100%'>
1321
1322 <tr>
1323 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1324 </tr>
1325 <tr>
1326 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1327 </tr>
1328 <tr>
1329
1330 END
1331 ;
1332 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1333 print <<END
1334 <td class='base'>$Lang::tr{'advproxy supervisor password'}:</td>
1335 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1336 </tr>
1337 <tr>
1338 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1339 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:</td>
1340 END
1341 ;
1342 }
1343 print "</tr>";
1344 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1345 print <<END
1346 <tr>
1347 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1348 END
1349 ;
1350
1351 print $proxysettings{'CRE_GROUPS'};
1352
1353 print <<END
1354 </textarea></td>
1355 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1356 END
1357 ;
1358 print $proxysettings{'CRE_SVHOSTS'};
1359
1360 print <<END
1361 </textarea></td>
1362 </tr>
1363 END
1364 ;
1365 }
1366 print "</table><hr size='1'>";
1367
1368 } else {
1369 print <<END
1370 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1371 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1372 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1373 END
1374 ;
1375 }
1376
1377 # -------------------------------------------------------------------
1378
1379 print <<END
1380
1381 <table width='100%'>
1382 <tr>
1383 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1384 </tr>
1385 <table width='100%'>
1386 <tr>
1387 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1388 <td width='1%'>&nbsp;</td>
1389 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1390 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1391 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1392 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1393 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1394 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1395 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1396 <td width='1%'>&nbsp;&nbsp;</td>
1397 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1398 <td width='1%'>&nbsp;</td>
1399 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1400 <td>&nbsp;</td>
1401 </tr>
1402 <tr>
1403 <td class='base'>
1404 <select name='TIME_ACCESS_MODE'>
1405 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1406 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1407 </select>
1408 </td>
1409 <td>&nbsp;</td>
1410 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1411 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1412 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1413 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1414 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1415 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1416 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1417 <td>&nbsp;</td>
1418 <td class='base'>
1419 <select name='TIME_FROM_HOUR'>
1420 END
1421 ;
1422 for ($i=0;$i<=24;$i++) {
1423 $_ = sprintf("%02s",$i);
1424 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1425 }
1426 print <<END
1427 </select>
1428 </td>
1429 <td>:</td>
1430 <td class='base'>
1431 <select name='TIME_FROM_MINUTE'>
1432 END
1433 ;
1434 for ($i=0;$i<=45;$i+=15) {
1435 $_ = sprintf("%02s",$i);
1436 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1437 }
1438 print <<END
1439 </select>
1440 <td> - </td>
1441 </td>
1442 <td class='base'>
1443 <select name='TIME_TO_HOUR'>
1444 END
1445 ;
1446 for ($i=0;$i<=24;$i++) {
1447 $_ = sprintf("%02s",$i);
1448 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1449 }
1450 print <<END
1451 </select>
1452 </td>
1453 <td>:</td>
1454 <td class='base'>
1455 <select name='TIME_TO_MINUTE'>
1456 END
1457 ;
1458 for ($i=0;$i<=45;$i+=15) {
1459 $_ = sprintf("%02s",$i);
1460 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1461 }
1462 print <<END
1463 </select>
1464 </td>
1465 </tr>
1466 </table>
1467 <hr size='1'>
1468 <table width='100%'>
1469 <tr>
1470 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1471 </tr>
1472 <tr>
1473 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1474 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1475 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1476 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1477 </tr>
1478 </table>
1479 <hr size='1'>
1480 <table width='100%'>
1481 <tr>
1482 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1483 </tr>
1484 <tr>
1485 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1486 <td width='20%' class='base'>
1487 <select name='THROTTLING_GREEN_TOTAL'>
1488 END
1489 ;
1490
1491 foreach (@throttle_limits) {
1492 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kbit/s</option>\n";
1493 }
1494
1495 print <<END
1496 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1497 </select>
1498 </td>
1499 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1500 <td width='30%' class='base'>
1501 <select name='THROTTLING_GREEN_HOST'>
1502 END
1503 ;
1504
1505 foreach (@throttle_limits) {
1506 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kbit/s</option>\n";
1507 }
1508
1509 print <<END
1510 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1511 </select>
1512 </td>
1513 </tr>
1514 END
1515 ;
1516
1517 if ($netsettings{'BLUE_DEV'}) {
1518 print <<END
1519 <tr>
1520 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1521 <td class='base'>
1522 <select name='THROTTLING_BLUE_TOTAL'>
1523 END
1524 ;
1525
1526 foreach (@throttle_limits) {
1527 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kbit/s</option>\n";
1528 }
1529
1530 print <<END
1531 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1532 </select>
1533 </td>
1534 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1535 <td class='base'>
1536 <select name='THROTTLING_BLUE_HOST'>
1537 END
1538 ;
1539
1540 foreach (@throttle_limits) {
1541 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kbit/s</option>\n";
1542 }
1543
1544 print <<END
1545 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1546 </select>
1547 </td>
1548 </tr>
1549 END
1550 ;
1551 }
1552
1553 print <<END
1554 </table>
1555 <table width='100%'>
1556 <tr>
1557 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1558 </tr>
1559 <tr>
1560 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1561 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1562 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1563 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1564 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1565 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1566 <td width='15%'>&nbsp;</td>
1567 <td width='10%'>&nbsp;</td>
1568 </tr>
1569 </table>
1570 <hr size='1'>
1571 <table width='100%'>
1572 <tr>
1573 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1574 </tr>
1575 END
1576 ;
1577 if ( $proxysettings{'ENABLE_MIME_FILTER'} eq 'on' ){
1578 print <<END
1579 <tr>
1580 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:</td>
1581 <td>&nbsp;</td>
1582 <td>&nbsp;</td>
1583 </tr>
1584 <tr>
1585 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1586 END
1587 ;
1588
1589 print $proxysettings{'MIME_TYPES'};
1590
1591 print <<END
1592 </textarea></td>
1593 <td>&nbsp;</td>
1594 <td>&nbsp;</td>
1595 </tr>
1596 END
1597 ;
1598 }
1599 print <<END
1600 </table>
1601
1602 <hr size='1'>
1603 <table width='100%'>
1604 <tr>
1605 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b> $Lang::tr{'advproxy UA enable filter'}:<input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1606 </tr>
1607 END
1608 ;
1609 if ( $proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on' ){
1610 print <<END
1611 <tr>
1612 <td colspan='4'><i>
1613 END
1614 ;
1615 if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1616 print <<END
1617 </i></td>
1618 </tr>
1619 </table>
1620 <table width='100%'>
1621 END
1622 ;
1623
1624 for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1625 for ($i=0; $i<=3; $i++) {
1626 if ($i eq 0) { print "<tr>\n"; }
1627 if (($n+$i) < @useragentlist) {
1628 @useragent = split(/,/,@useragentlist[$n+$i]);
1629 print "<td width='15%'>$useragent[1]:<\/td>\n";
1630 print "<td width='10%'><input type='checkbox' name='UA_$useragent[0]' $checked{'UA_'.$useragent[0]}{'on'} /></td>\n";
1631 }
1632 if ($i eq 3) { print "<\/tr>\n"; }
1633 }
1634 }
1635 }
1636 print <<END
1637 </table>
1638 <hr size='1'>
1639 <table width='100%'>
1640 <tr>
1641 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1642 </tr>
1643 <tr>
1644 <td class='base'>$Lang::tr{'advproxy fake useragent'}:</td>
1645 <td class='base'>$Lang::tr{'advproxy fake referer'}:</td>
1646 </tr>
1647 <tr>
1648 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='40%' /></td>
1649 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='40%' /></td>
1650 </tr>
1651 </table>
1652 <hr size='1'>
1653 END
1654 ;
1655
1656 my $auth_columns = 5;
1657 if ($HAVE_NTLM_AUTH) {
1658 $auth_columns++;
1659 }
1660 my $auth_column_width = 100 / $auth_columns;
1661
1662 print <<END;
1663 <table width='100%'>
1664 <tr>
1665 <td colspan='$auth_columns'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1666 </tr>
1667 <tr>
1668 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1669 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1670 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1671 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1672 END
1673
1674 if ($HAVE_NTLM_AUTH) {
1675 print <<END;
1676 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm-auth' $checked{'AUTH_METHOD'}{'ntlm-auth'} />$Lang::tr{'advproxy AUTH method ntlm auth'}</td>
1677 END
1678 }
1679
1680 print <<END
1681 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1682 </tr>
1683 </table>
1684 END
1685 ;
1686
1687 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1688 <hr size='1'>
1689 <table width='100%'>
1690 <tr>
1691 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1692 </tr>
1693 <tr>
1694 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1695 </tr>
1696 <tr>
1697 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1698 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1699 <td colspan='2' rowspan= '6' valign='top' class='base'>
1700 <table cellpadding='0' cellspacing='0'>
1701 <tr>
1702 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:</td>
1703 </tr>
1704 <tr>
1705 <!-- intentionally left empty -->
1706 </tr>
1707 <tr>
1708 <!-- intentionally left empty -->
1709 </tr>
1710 <tr>
1711 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1712 </tr>
1713 <tr>
1714 <!-- intentionally left empty -->
1715 </tr>
1716 <tr>
1717 <!-- intentionally left empty -->
1718 </tr>
1719 <tr>
1720 <td>$Lang::tr{'advproxy AUTH no auth'}:</td>
1721 </tr>
1722 <tr>
1723 <!-- intentionally left empty -->
1724 </tr>
1725 <tr>
1726 <!-- intentionally left empty -->
1727 </tr>
1728 <tr>
1729 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1730 END
1731 ;
1732
1733 print $proxysettings{'DST_NOAUTH'};
1734
1735 print <<END
1736 </textarea></td>
1737 </tr>
1738 </table>
1739 </td>
1740 </tr>
1741 <tr>
1742 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1743 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1744 </tr>
1745 <tr>
1746 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
1747 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1748 </tr>
1749 <tr>
1750 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1751 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1752 </tr>
1753 <tr>
1754 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1755 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1756 </tr>
1757 <tr>
1758 <td colspan='2'>&nbsp;</td>
1759 </tr>
1760 </table>
1761 END
1762 ;
1763 }
1764
1765 # ===================================================================
1766 # NCSA auth settings
1767 # ===================================================================
1768
1769 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1770 print <<END
1771 <hr size='1'>
1772 <table width='100%'>
1773 <tr>
1774 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1775 </tr>
1776 <tr>
1777 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1778 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1779 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1780 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1781 </tr>
1782 <tr>
1783 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1784 <td>&nbsp;</td>
1785 <td>&nbsp;</td>
1786 </tr>
1787 </table>
1788 END
1789 ; }
1790
1791 # ===================================================================
1792 # IDENTD auth settings
1793 # ===================================================================
1794
1795 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1796 print <<END
1797 <hr size ='1'>
1798 <table width='100%'>
1799 <tr>
1800 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1801 </tr>
1802 <tr>
1803 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1804 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1805 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1806 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1807 </tr>
1808 <tr>
1809 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1810 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1811 <td>&nbsp;</td>
1812 <td>&nbsp;</td>
1813 </tr>
1814 <tr>
1815 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1816 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:</td>
1817 </tr>
1818 <tr>
1819 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1820 END
1821 ;
1822 if (!$proxysettings{'IDENT_HOSTS'}) {
1823 print "$green_cidr\n";
1824 if ($netsettings{'BLUE_DEV'}) {
1825 print "$blue_cidr\n";
1826 }
1827 } else {
1828 print $proxysettings{'IDENT_HOSTS'};
1829 }
1830
1831 print <<END
1832 </textarea></td>
1833 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1834 END
1835 ;
1836
1837 print $proxysettings{'DST_NOAUTH'};
1838
1839 print <<END
1840 </textarea></td>
1841 </tr>
1842 </table>
1843 <hr size ='1'>
1844 <table width='100%'>
1845 <tr>
1846 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1847 </tr>
1848 <tr>
1849 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1850 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1851 <td width='25%'>&nbsp;</td>
1852 <td width='30%'>&nbsp;</td>
1853 </tr>
1854 <tr>
1855 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1856 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1857 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1858 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1859 </tr>
1860 <tr>
1861 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1862 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1863 </tr>
1864 <tr>
1865 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1866 END
1867 ; }
1868
1869 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1870
1871 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1872 </textarea></td>
1873 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1874 END
1875 ; }
1876
1877 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1878
1879 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1880 </textarea></td>
1881 </tr>
1882 </table>
1883 END
1884 ; }
1885
1886 # ===================================================================
1887 # NTLM-AUTH settings
1888 # ===================================================================
1889
1890 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
1891 print <<END;
1892 <hr size ='1'>
1893 <table width='100%'>
1894 <td width='20%' class='base'>$Lang::tr{'advproxy basic authentication'}:</td>
1895 <td width='40%'><input type='checkbox' name='NTLM_AUTH_BASIC' $checked{'NTLM_AUTH_BASIC'}{'on'} /></td>
1896 <td colspan='2'>&nbsp;</td>
1897 </table>
1898
1899 <hr size='1' />
1900
1901 <table width='100%'>
1902 <tr>
1903 <td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
1904 </tr>
1905 <tr>
1906 <td width='20%' class='base'>$Lang::tr{'advproxy group required'}:</td>
1907 <td width='40%'><input type='text' name='NTLM_AUTH_GROUP' value='$proxysettings{'NTLM_AUTH_GROUP'}' size='37' /></td>
1908 <td>&nbsp;</td>
1909 <td>&nbsp;</td>
1910 </tr>
1911 </table>
1912 END
1913 }
1914
1915 # ===================================================================
1916 # LDAP auth settings
1917 # ===================================================================
1918
1919 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1920 print <<END
1921 <hr size='1'>
1922 <table width='100%'>
1923 <tr>
1924 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1925 </tr>
1926 <tr>
1927 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1928 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1929 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1930 <td class='base'><select name='LDAP_TYPE'>
1931 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1932 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1933 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1934 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1935 </select></td>
1936 </tr>
1937 <tr>
1938 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1939 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1940 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1941 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1942 </tr>
1943 </table>
1944 <hr size ='1'>
1945 <table width='100%'>
1946 <tr>
1947 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1948 </tr>
1949 <tr>
1950 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1951 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1952 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1953 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1954 </tr>
1955 </table>
1956 <hr size ='1'>
1957 <table width='100%'>
1958 <tr>
1959 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1960 </tr>
1961 <tr>
1962 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:</td>
1963 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1964 <td>&nbsp;</td>
1965 <td>&nbsp;</td>
1966 </tr>
1967 </table>
1968 END
1969 ; }
1970
1971 # ===================================================================
1972 # RADIUS auth settings
1973 # ===================================================================
1974
1975 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1976 print <<END
1977 <hr size='1'>
1978 <table width='100%'>
1979 <tr>
1980 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1981 </tr>
1982 <tr>
1983 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1984 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1985 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1986 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1987 </tr>
1988 <tr>
1989 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:</td>
1990 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1991 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1992 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1993 </tr>
1994 </table>
1995 <hr size ='1'>
1996 <table width='100%'>
1997 <tr>
1998 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1999 </tr>
2000 <tr>
2001 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
2002 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
2003 <td width='25%'>&nbsp;</td>
2004 <td width='30%'>&nbsp;</td>
2005 </tr>
2006 <tr>
2007 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
2008 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
2009 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
2010 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
2011 </tr>
2012 <tr>
2013 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
2014 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
2015 </tr>
2016 <tr>
2017 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
2018 END
2019 ; }
2020
2021 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
2022
2023 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2024 </textarea></td>
2025 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
2026 END
2027 ; }
2028
2029 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
2030
2031 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2032 </textarea></td>
2033 </tr>
2034 </table>
2035 END
2036 ; }
2037
2038 # ===================================================================
2039
2040 }
2041
2042 print "<table>\n";
2043
2044 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
2045 print <<END
2046 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2047 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2048 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2049 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2050 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
2051 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2052 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
2053 END
2054 ; }
2055
2056 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
2057 print <<END
2058 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2059 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2060 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2061 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2062 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2063 END
2064 ; }
2065
2066 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
2067 print <<END
2068 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2069 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
2070 END
2071 ; }
2072
2073 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
2074 print <<END
2075 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
2076 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
2077 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
2078 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
2079 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
2080 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
2081 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
2082 END
2083 ; }
2084
2085 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
2086 print <<END
2087 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
2088 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
2089 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
2090 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
2091 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
2092 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
2093 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
2094 END
2095 ; }
2096
2097 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
2098 print <<END
2099 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
2100 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
2101 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
2102 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
2103 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
2104 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
2105 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
2106 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
2107 END
2108 ; }
2109
2110 print "</table>\n";
2111
2112 print <<END
2113 <hr size='1'>
2114 END
2115 ;
2116
2117 print <<END
2118 <table width='100%'>
2119 <tr>
2120 <td>&nbsp;</td>
2121 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
2122 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'proxy reconfigure'}' /></td>
2123 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
2124 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy clear cache'}' /></td>
2125 <td>&nbsp;</td>
2126 </tr>
2127
2128 </table>
2129 <br />
2130 <table width='100%'>
2131 <tr>
2132 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'required field'}</font></td>
2133 <td align='right'>&nbsp;</td>
2134 </tr>
2135 </table>
2136 </form>
2137 END
2138 ;
2139
2140 &Header::closebox();
2141
2142 } else {
2143
2144 # ===================================================================
2145 # NCSA user management
2146 # ===================================================================
2147
2148 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2149 print <<END
2150 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2151 <table width='100%'>
2152 <tr>
2153 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2154 </tr>
2155 <tr>
2156 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2157 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2158 END
2159 ;
2160 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly='readonly' "; }
2161 print <<END
2162 /></td>
2163 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2164 <td class='base'>
2165 <select name='NCSA_GROUP'>
2166 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2167 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2168 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2169 </select>
2170 </td>
2171
2172 </tr>
2173 <tr>
2174 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2175 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2176 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2177 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2178 </tr>
2179 </table>
2180 <br>
2181 <table>
2182 <tr>
2183 <td>&nbsp;</td>
2184 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2185 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2186 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2187 END
2188 ;
2189 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2190 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2191 }
2192
2193 print <<END
2194 <td>&nbsp;</td>
2195 <td>&nbsp;</td>
2196 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2197 </tr>
2198 </table>
2199 </form>
2200 <hr size='1'>
2201 <table width='100%'>
2202 <tr>
2203 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2204 </tr>
2205 </table>
2206 <table width='100%' align='center'>
2207 END
2208 ;
2209
2210 if (-e $extgrp)
2211 {
2212 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2213 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2214 }
2215 if (-e $stdgrp)
2216 {
2217 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2218 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2219 }
2220 if (-e $disgrp)
2221 {
2222 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2223 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2224 }
2225
2226 @userlist = sort(@userlist);
2227
2228 # If the password file contains entries, print entries and action icons
2229
2230 if ( ! -z "$userdb" ) {
2231 print <<END
2232 <tr>
2233 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2234 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2235 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2236 </tr>
2237 END
2238 ;
2239 $id = 0;
2240 foreach $line (@userlist)
2241 {
2242 $id++;
2243 chomp($line);
2244 @temp = split(/:/,$line);
2245 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2246 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2247 elsif ($id % 2) {
2248 print "<tr bgcolor='$color{'color20'}'>\n"; }
2249 else {
2250 print "<tr bgcolor='$color{'color22'}'>\n"; }
2251
2252 print <<END
2253 <td align='center'>$temp[0]</td>
2254 <td align='center'>
2255 END
2256 ;
2257 if ($temp[1] eq 'standard') {
2258 print $Lang::tr{'advproxy NCSA grp standard'};
2259 } elsif ($temp[1] eq 'extended') {
2260 print $Lang::tr{'advproxy NCSA grp extended'};
2261 } elsif ($temp[1] eq 'disabled') {
2262 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2263 print <<END
2264 </td>
2265 <td width='8%' align='center'>
2266 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2267 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2268 <input type='hidden' name='ID' value='$line' />
2269 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2270 </form>
2271 </td>
2272
2273 <td width='8%' align='center'>
2274 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2275 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2276 <input type='hidden' name='ID' value='$temp[0]' />
2277 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2278 </form>
2279 </td>
2280 </tr>
2281 END
2282 ;
2283 }
2284
2285 print <<END
2286 </table>
2287 <br>
2288 <table>
2289 <tr>
2290 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2291 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2292 <td class='base'>$Lang::tr{'edit'}</td>
2293 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2294 <td class='base'>$Lang::tr{'remove'}</td>
2295 </tr>
2296 END
2297 ;
2298 } else {
2299 print <<END
2300 <tr>
2301 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2302 </tr>
2303 END
2304 ;
2305 }
2306
2307 print <<END
2308 </table>
2309 END
2310 ;
2311
2312 &Header::closebox();
2313
2314 }
2315
2316 # ===================================================================
2317
2318 &Header::closebigbox();
2319
2320 &Header::closepage();
2321
2322 # -------------------------------------------------------------------
2323
2324 sub read_acls
2325 {
2326 if (-e "$acl_src_subnets") {
2327 open(FILE,"$acl_src_subnets");
2328 delete $proxysettings{'SRC_SUBNETS'};
2329 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2330 close(FILE);
2331 }
2332 if (-e "$acl_src_banned_ip") {
2333 open(FILE,"$acl_src_banned_ip");
2334 delete $proxysettings{'SRC_BANNED_IP'};
2335 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2336 close(FILE);
2337 }
2338 if (-e "$acl_src_banned_mac") {
2339 open(FILE,"$acl_src_banned_mac");
2340 delete $proxysettings{'SRC_BANNED_MAC'};
2341 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2342 close(FILE);
2343 }
2344 if (-e "$acl_src_unrestricted_ip") {
2345 open(FILE,"$acl_src_unrestricted_ip");
2346 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2347 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2348 close(FILE);
2349 }
2350 if (-e "$acl_src_unrestricted_mac") {
2351 open(FILE,"$acl_src_unrestricted_mac");
2352 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2353 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2354 close(FILE);
2355 }
2356 if (-e "$acl_dst_nocache") {
2357 open(FILE,"$acl_dst_nocache");
2358 delete $proxysettings{'DST_NOCACHE'};
2359 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2360 close(FILE);
2361 }
2362 if (-e "$acl_dst_noauth") {
2363 open(FILE,"$acl_dst_noauth");
2364 delete $proxysettings{'DST_NOAUTH'};
2365 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2366 close(FILE);
2367 }
2368 if (-e "$acl_ports_safe") {
2369 open(FILE,"$acl_ports_safe");
2370 delete $proxysettings{'PORTS_SAFE'};
2371 while (<FILE>) { $proxysettings{'PORTS_SAFE'} .= $_ };
2372 close(FILE);
2373 }
2374 if (-e "$acl_ports_ssl") {
2375 open(FILE,"$acl_ports_ssl");
2376 delete $proxysettings{'PORTS_SSL'};
2377 while (<FILE>) { $proxysettings{'PORTS_SSL'} .= $_ };
2378 close(FILE);
2379 }
2380 if (-e "$mimetypes") {
2381 open(FILE,"$mimetypes");
2382 delete $proxysettings{'MIME_TYPES'};
2383 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2384 close(FILE);
2385 }
2386 if (-e "$raddir/radauth.allowusers") {
2387 open(FILE,"$raddir/radauth.allowusers");
2388 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2389 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2390 close(FILE);
2391 }
2392 if (-e "$raddir/radauth.denyusers") {
2393 open(FILE,"$raddir/radauth.denyusers");
2394 delete $proxysettings{'RADIUS_DENY_USERS'};
2395 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2396 close(FILE);
2397 }
2398 if (-e "$identdir/identauth.allowusers") {
2399 open(FILE,"$identdir/identauth.allowusers");
2400 delete $proxysettings{'IDENT_ALLOW_USERS'};
2401 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2402 close(FILE);
2403 }
2404 if (-e "$identdir/identauth.denyusers") {
2405 open(FILE,"$identdir/identauth.denyusers");
2406 delete $proxysettings{'IDENT_DENY_USERS'};
2407 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2408 close(FILE);
2409 }
2410 if (-e "$identhosts") {
2411 open(FILE,"$identhosts");
2412 delete $proxysettings{'IDENT_HOSTS'};
2413 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2414 close(FILE);
2415 }
2416 if (-e "$cre_groups") {
2417 open(FILE,"$cre_groups");
2418 delete $proxysettings{'CRE_GROUPS'};
2419 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2420 close(FILE);
2421 }
2422 if (-e "$cre_svhosts") {
2423 open(FILE,"$cre_svhosts");
2424 delete $proxysettings{'CRE_SVHOSTS'};
2425 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2426 close(FILE);
2427 }
2428 }
2429
2430 # -------------------------------------------------------------------
2431
2432 sub check_acls
2433 {
2434 @temp = split(/\n/,$proxysettings{'PORTS_SAFE'});
2435 undef $proxysettings{'PORTS_SAFE'};
2436 foreach (@temp)
2437 {
2438 s/^\s+//g; s/\s+$//g;
2439 if ($_)
2440 {
2441 $line = $_;
2442 if (/^[^#]+\s+#\sSquids\sport/) { s/(^[^#]+)(\s+#\sSquids\sport)/$proxysettings{'PROXY_PORT'}\2/; $line=$_; }
2443 s/#.*//g; s/\s+//g;
2444 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2445 @templist = split(/-/);
2446 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2447 $proxysettings{'PORTS_SAFE'} .= $line."\n";
2448 }
2449 }
2450
2451 @temp = split(/\n/,$proxysettings{'PORTS_SSL'});
2452 undef $proxysettings{'PORTS_SSL'};
2453 foreach (@temp)
2454 {
2455 s/^\s+//g; s/\s+$//g;
2456 if ($_)
2457 {
2458 $line = $_;
2459 s/#.*//g; s/\s+//g;
2460 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2461 @templist = split(/-/);
2462 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2463 $proxysettings{'PORTS_SSL'} .= $line."\n";
2464 }
2465 }
2466
2467 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2468 undef $proxysettings{'DST_NOCACHE'};
2469 foreach (@temp)
2470 {
2471 s/^\s+//g;
2472 unless (/^#/) { s/\s+//g; }
2473 if ($_)
2474 {
2475 if (/^\./) { $_ = '*'.$_; }
2476 $proxysettings{'DST_NOCACHE'} .= $_."\n";
2477 }
2478 }
2479
2480 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2481 undef $proxysettings{'SRC_SUBNETS'};
2482 foreach (@temp)
2483 {
2484 s/^\s+//g; s/\s+$//g;
2485 if ($_)
2486 {
2487 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2488 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2489 }
2490 }
2491
2492 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2493 undef $proxysettings{'SRC_BANNED_IP'};
2494 foreach (@temp)
2495 {
2496 s/^\s+//g; s/\s+$//g;
2497 if ($_)
2498 {
2499 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2500 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2501 }
2502 }
2503
2504 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2505 undef $proxysettings{'SRC_BANNED_MAC'};
2506 foreach (@temp)
2507 {
2508 s/^\s+//g; s/\s+$//g; s/-/:/g;
2509 if ($_)
2510 {
2511 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2512 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2513 }
2514 }
2515
2516 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2517 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2518 foreach (@temp)
2519 {
2520 s/^\s+//g; s/\s+$//g;
2521 if ($_)
2522 {
2523 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2524 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2525 }
2526 }
2527
2528 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2529 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2530 foreach (@temp)
2531 {
2532 s/^\s+//g; s/\s+$//g; s/-/:/g;
2533 if ($_)
2534 {
2535 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2536 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2537 }
2538 }
2539
2540 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2541 undef $proxysettings{'DST_NOAUTH'};
2542 foreach (@temp)
2543 {
2544 s/^\s+//g;
2545 unless (/^#/) { s/\s+//g; }
2546 if ($_)
2547 {
2548 if (/^\./) { $_ = '*'.$_; }
2549 $proxysettings{'DST_NOAUTH'} .= $_."\n";
2550 }
2551 }
2552
2553 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2554 {
2555 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2556 undef $proxysettings{'NTLM_ALLOW_USERS'};
2557 foreach (@temp)
2558 {
2559 s/^\s+//g; s/\s+$//g;
2560 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2561 }
2562 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2563 }
2564
2565 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2566 {
2567 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2568 undef $proxysettings{'NTLM_DENY_USERS'};
2569 foreach (@temp)
2570 {
2571 s/^\s+//g; s/\s+$//g;
2572 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2573 }
2574 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2575 }
2576
2577 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2578 {
2579 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2580 undef $proxysettings{'IDENT_ALLOW_USERS'};
2581 foreach (@temp)
2582 {
2583 s/^\s+//g; s/\s+$//g;
2584 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2585 }
2586 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2587 }
2588
2589 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2590 {
2591 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2592 undef $proxysettings{'IDENT_DENY_USERS'};
2593 foreach (@temp)
2594 {
2595 s/^\s+//g; s/\s+$//g;
2596 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2597 }
2598 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2599 }
2600
2601 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2602 {
2603 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2604 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2605 foreach (@temp)
2606 {
2607 s/^\s+//g; s/\s+$//g;
2608 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2609 }
2610 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2611 }
2612
2613 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2614 {
2615 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2616 undef $proxysettings{'RADIUS_DENY_USERS'};
2617 foreach (@temp)
2618 {
2619 s/^\s+//g; s/\s+$//g;
2620 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2621 }
2622 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2623 }
2624
2625 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2626 undef $proxysettings{'IDENT_HOSTS'};
2627 foreach (@temp)
2628 {
2629 s/^\s+//g; s/\s+$//g;
2630 if ($_)
2631 {
2632 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2633 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2634 }
2635 }
2636
2637 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2638 undef $proxysettings{'CRE_SVHOSTS'};
2639 foreach (@temp)
2640 {
2641 s/^\s+//g; s/\s+$//g;
2642 if ($_)
2643 {
2644 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2645 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2646 }
2647 }
2648 }
2649
2650 # -------------------------------------------------------------------
2651
2652 sub write_acls
2653 {
2654 open(FILE, ">$acl_src_subnets");
2655 flock(FILE, 2);
2656 if (!$proxysettings{'SRC_SUBNETS'})
2657 {
2658 print FILE "$green_cidr\n";
2659 if ($netsettings{'BLUE_DEV'})
2660 {
2661 print FILE "$blue_cidr\n";
2662 }
2663 } else { print FILE $proxysettings{'SRC_SUBNETS'}; }
2664 close(FILE);
2665
2666 open(FILE, ">$acl_src_banned_ip");
2667 flock(FILE, 2);
2668 print FILE $proxysettings{'SRC_BANNED_IP'};
2669 close(FILE);
2670
2671 open(FILE, ">$acl_src_banned_mac");
2672 flock(FILE, 2);
2673 print FILE $proxysettings{'SRC_BANNED_MAC'};
2674 close(FILE);
2675
2676 open(FILE, ">$acl_src_unrestricted_ip");
2677 flock(FILE, 2);
2678 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2679 close(FILE);
2680
2681 open(FILE, ">$acl_src_unrestricted_mac");
2682 flock(FILE, 2);
2683 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2684 close(FILE);
2685
2686 open(FILE, ">$acl_dst_noauth");
2687 flock(FILE, 2);
2688 print FILE $proxysettings{'DST_NOAUTH'};
2689 close(FILE);
2690
2691 open(FILE, ">$acl_dst_noauth_net");
2692 close(FILE);
2693 open(FILE, ">$acl_dst_noauth_dom");
2694 close(FILE);
2695 open(FILE, ">$acl_dst_noauth_url");
2696 close(FILE);
2697
2698 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2699 foreach(@temp)
2700 {
2701 unless (/^#/)
2702 {
2703 if (/^\*\.\w/)
2704 {
2705 s/^\*//;
2706 open(FILE, ">>$acl_dst_noauth_dom");
2707 flock(FILE, 2);
2708 print FILE "$_\n";
2709 close(FILE);
2710 }
2711 elsif (&General::validipormask($_))
2712 {
2713 open(FILE, ">>$acl_dst_noauth_net");
2714 flock(FILE, 2);
2715 print FILE "$_\n";
2716 close(FILE);
2717 }
2718 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2719 {
2720 open(FILE, ">>$acl_dst_noauth_net");
2721 flock(FILE, 2);
2722 print FILE "$_\n";
2723 close(FILE);
2724 }
2725 else
2726 {
2727 open(FILE, ">>$acl_dst_noauth_url");
2728 flock(FILE, 2);
2729 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2730 close(FILE);
2731 }
2732 }
2733 }
2734
2735 open(FILE, ">$acl_dst_nocache");
2736 flock(FILE, 2);
2737 print FILE $proxysettings{'DST_NOCACHE'};
2738 close(FILE);
2739
2740 open(FILE, ">$acl_dst_nocache_net");
2741 close(FILE);
2742 open(FILE, ">$acl_dst_nocache_dom");
2743 close(FILE);
2744 open(FILE, ">$acl_dst_nocache_url");
2745 close(FILE);
2746
2747 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2748 foreach(@temp)
2749 {
2750 unless (/^#/)
2751 {
2752 if (/^\*\.\w/)
2753 {
2754 s/^\*//;
2755 open(FILE, ">>$acl_dst_nocache_dom");
2756 flock(FILE, 2);
2757 print FILE "$_\n";
2758 close(FILE);
2759 }
2760 elsif (&General::validipormask($_))
2761 {
2762 open(FILE, ">>$acl_dst_nocache_net");
2763 flock(FILE, 2);
2764 print FILE "$_\n";
2765 close(FILE);
2766 }
2767 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2768 {
2769 open(FILE, ">>$acl_dst_nocache_net");
2770 flock(FILE, 2);
2771 print FILE "$_\n";
2772 close(FILE);
2773 }
2774 else
2775 {
2776 open(FILE, ">>$acl_dst_nocache_url");
2777 flock(FILE, 2);
2778 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2779 close(FILE);
2780 }
2781 }
2782 }
2783
2784 open(FILE, ">$acl_ports_safe");
2785 flock(FILE, 2);
2786 if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; }
2787 close(FILE);
2788
2789 open(FILE, ">$acl_ports_ssl");
2790 flock(FILE, 2);
2791 if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; }
2792 close(FILE);
2793
2794 open(FILE, ">$acl_dst_throttle");
2795 flock(FILE, 2);
2796 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2797 {
2798 @temp = split(/\|/,$throttle_binary);
2799 foreach (@temp) { print FILE "\\.$_\$\n"; }
2800 }
2801 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2802 {
2803 @temp = split(/\|/,$throttle_dskimg);
2804 foreach (@temp) { print FILE "\\.$_\$\n"; }
2805 }
2806 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2807 {
2808 @temp = split(/\|/,$throttle_mmedia);
2809 foreach (@temp) { print FILE "\\.$_\$\n"; }
2810 }
2811 if (-s $throttled_urls)
2812 {
2813 open(URLFILE, $throttled_urls);
2814 @temp = <URLFILE>;
2815 close(URLFILE);
2816 foreach (@temp) { print FILE; }
2817 }
2818 close(FILE);
2819
2820 open(FILE, ">$mimetypes");
2821 flock(FILE, 2);
2822 print FILE $proxysettings{'MIME_TYPES'};
2823 close(FILE);
2824
2825 open(FILE, ">$raddir/radauth.allowusers");
2826 flock(FILE, 2);
2827 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2828 close(FILE);
2829
2830 open(FILE, ">$raddir/radauth.denyusers");
2831 flock(FILE, 2);
2832 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2833 close(FILE);
2834
2835 open(FILE, ">$identdir/identauth.allowusers");
2836 flock(FILE, 2);
2837 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2838 close(FILE);
2839
2840 open(FILE, ">$identdir/identauth.denyusers");
2841 flock(FILE, 2);
2842 print FILE $proxysettings{'IDENT_DENY_USERS'};
2843 close(FILE);
2844
2845 open(FILE, ">$identhosts");
2846 flock(FILE, 2);
2847 print FILE $proxysettings{'IDENT_HOSTS'};
2848 close(FILE);
2849
2850 open(FILE, ">$cre_groups");
2851 flock(FILE, 2);
2852 print FILE $proxysettings{'CRE_GROUPS'};
2853 close(FILE);
2854
2855 open(FILE, ">$cre_svhosts");
2856 flock(FILE, 2);
2857 print FILE $proxysettings{'CRE_SVHOSTS'};
2858 close(FILE);
2859 }
2860
2861 # -------------------------------------------------------------------
2862
2863 sub writepacfile
2864 {
2865 open(FILE, ">/srv/web/ipfire/html/proxy.pac");
2866 flock(FILE, 2);
2867 print FILE "function FindProxyForURL(url, host)\n";
2868 print FILE "{\n";
2869 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2870 {
2871 print FILE <<END
2872 if (
2873 (isPlainHostName(host)) ||
2874 (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
2875 END
2876 ;
2877
2878 if ($netsettings{'GREEN_DEV'}) {
2879 print FILE " (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
2880 }
2881
2882 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
2883 print FILE " (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
2884 }
2885
2886 if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
2887 print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
2888 }
2889
2890 print FILE <<END
2891 (isInNet(host, "169.254.0.0", "255.255.0.0"))
2892 )
2893 return "DIRECT";
2894
2895 else
2896
2897 END
2898 ;
2899 if ($proxysettings{'ENABLE'} eq 'on')
2900 {
2901 print FILE "if (\n";
2902 print FILE " (isInNet(myIpAddress(), \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\"))";
2903
2904 undef @templist;
2905 if (-e "$acl_src_subnets") {
2906 open(SUBNETS,"$acl_src_subnets");
2907 @templist = <SUBNETS>;
2908 close(SUBNETS);
2909 }
2910
2911 foreach (@templist)
2912 {
2913 @temp = split(/\//);
2914 if (
2915 ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
2916 ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
2917 )
2918 {
2919 chomp $temp[1];
2920 print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
2921 }
2922 }
2923
2924 print FILE "\n";
2925
2926 print FILE <<END
2927 )
2928 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2929 END
2930 ;
2931 }
2932 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2933 {
2934 print FILE "\n else\n\n";
2935 }
2936 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2937 {
2938 print FILE <<END
2939 if (
2940 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2941 )
2942 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2943 END
2944 ;
2945 }
2946 }
2947 print FILE "}\n";
2948 close(FILE);
2949 }
2950
2951 # -------------------------------------------------------------------
2952
2953 sub writeconfig
2954 {
2955 my $authrealm;
2956 my $delaypools;
2957
2958 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2959 $proxysettings{'THROTTLING_GREEN_HOST'} +
2960 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2961 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2962 {
2963 $delaypools = 1; } else { $delaypools = 0;
2964 }
2965
2966 if ($proxysettings{'AUTH_REALM'} eq '')
2967 {
2968 $authrealm = "IPFire Advanced Proxy Server";
2969 } else {
2970 $authrealm = $proxysettings{'AUTH_REALM'};
2971 }
2972
2973 $_ = $proxysettings{'UPSTREAM_PROXY'};
2974 my ($remotehost, $remoteport) = split(/:/,$_);
2975
2976 if ($remoteport eq '') { $remoteport = 80; }
2977
2978 open(FILE, ">${General::swroot}/proxy/squid.conf");
2979 flock(FILE, 2);
2980 print FILE <<END
2981 # Do not modify '${General::swroot}/proxy/squid.conf' directly since any changes
2982 # you make will be overwritten whenever you resave proxy settings using the
2983 # web interface!
2984 #
2985 # Instead, modify the file '$acl_include' and
2986 # then restart the proxy service using the web interface. Changes made to the
2987 # 'include.acl' file will propagate to the 'squid.conf' file at that time.
2988
2989 shutdown_lifetime 5 seconds
2990 icp_port 0
2991
2992 END
2993 ;
2994
2995 # Include file with user defined settings.
2996 if (-e "/etc/squid/squid.conf.pre.local") {
2997 print FILE "include /etc/squid/squid.conf.pre.local\n\n";
2998 }
2999
3000 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3001 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3002 print FILE "\n";
3003
3004 if ($proxysettings{'TRANSPARENT'} eq 'on') {
3005 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3006 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3007 print FILE "\n";
3008 }
3009
3010 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3011 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3012 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3013 print FILE "\n";
3014
3015 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
3016 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3017 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3018 print FILE "\n";
3019 }
3020 }
3021
3022 if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0))
3023 {
3024 print FILE "\n";
3025
3026 if (!-z $acl_dst_nocache_dom) {
3027 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
3028 print FILE "cache deny no_cache_domains\n";
3029 }
3030 if (!-z $acl_dst_nocache_net) {
3031 print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
3032 print FILE "cache deny no_cache_ipaddr\n";
3033 }
3034 if (!-z $acl_dst_nocache_url) {
3035 print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
3036 print FILE "cache deny no_cache_hosts\n";
3037 }
3038 }
3039
3040 print FILE <<END
3041
3042 cache_effective_user squid
3043 umask 022
3044
3045 pid_filename /var/run/squid.pid
3046
3047 cache_mem $proxysettings{'CACHE_MEM'} MB
3048 END
3049 ;
3050 print FILE "error_directory $errordir/$proxysettings{'ERR_LANGUAGE'}\n\n";
3051
3052 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
3053 if ($proxysettings{'CACHE_DIGESTS'} eq 'on') { print FILE "digest_generation on\n\n"; } else { print FILE "digest_generation off\n\n"; }
3054
3055 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
3056 {
3057 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
3058 {
3059 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
3060 }
3061 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
3062 {
3063 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
3064 }
3065 print FILE "\n";
3066 }
3067
3068 open (PORTS,"$acl_ports_ssl");
3069 my @ssl_ports = <PORTS>;
3070 close PORTS;
3071
3072 if (@ssl_ports) {
3073 foreach (@ssl_ports) {
3074 print FILE "acl SSL_ports port $_";
3075 }
3076 }
3077
3078 open (PORTS,"$acl_ports_safe");
3079 my @safe_ports = <PORTS>;
3080 close PORTS;
3081
3082 if (@safe_ports) {
3083 foreach (@safe_ports) {
3084 print FILE "acl Safe_ports port $_";
3085 }
3086 }
3087
3088 print FILE <<END
3089
3090 acl IPFire_http port $http_port
3091 acl IPFire_https port $https_port
3092 acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
3093 acl IPFire_networks src "$acl_src_subnets"
3094 acl IPFire_servers dst "$acl_src_subnets"
3095 acl IPFire_green_network src $green_cidr
3096 acl IPFire_green_servers dst $green_cidr
3097 END
3098 ;
3099 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
3100 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
3101 if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
3102 if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
3103 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
3104 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
3105 print FILE <<END
3106 acl CONNECT method CONNECT
3107 END
3108 ;
3109
3110 if ($proxysettings{'CACHE_SIZE'} > 0) {
3111 print FILE <<END
3112 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3113 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3114
3115 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
3116 END
3117 ;
3118 } else {
3119 if ($proxysettings{'CACHE_MEM'} > 0) {
3120 # always 2% of CACHE_MEM defined as max object size
3121 print FILE "maximum_object_size_in_memory " . int($proxysettings{'CACHE_MEM'} * 1024 * 0.02) . " KB\n\n";
3122 } else {
3123 print FILE "cache deny all\n\n";
3124 }
3125 }
3126
3127 print FILE <<END
3128 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3129 END
3130 ;
3131
3132 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3133 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
3134 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
3135 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3136 {
3137 if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
3138 }
3139 }
3140
3141 if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
3142 {
3143 print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
3144 }
3145
3146 if ($proxysettings{'LOGGING'} eq 'on')
3147 {
3148 print FILE <<END
3149 access_log stdio:/var/log/squid/access.log
3150 cache_log /var/log/squid/cache.log
3151 cache_store_log none
3152 END
3153 ;
3154 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "access_log stdio:\/var\/log\/squid\/user_agent.log useragent\n"; }
3155 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
3156 } else {
3157 print FILE <<END
3158 access_log /dev/null
3159 cache_log /dev/null
3160 cache_store_log none
3161 END
3162 ;}
3163 print FILE <<END
3164
3165 log_mime_hdrs off
3166 END
3167 ;
3168
3169 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
3170 {
3171 print FILE "forwarded_for on\n";
3172 } else {
3173 print FILE "forwarded_for off\n";
3174 }
3175 if ($proxysettings{'FORWARD_VIA'} eq 'on')
3176 {
3177 print FILE "via on\n";
3178 } else {
3179 print FILE "via off\n";
3180 }
3181 print FILE "\n";
3182
3183 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3184 {
3185 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3186 {
3187 print FILE "auth_param basic program $authdir/basic_ncsa_auth $userdb\n";
3188 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3189 print FILE "auth_param basic realm $authrealm\n";
3190 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3191 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3192 }
3193
3194 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
3195 {
3196 print FILE "auth_param basic utf8 on\n";
3197 print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
3198 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
3199 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
3200 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
3201 {
3202 if ($proxysettings{'LDAP_GROUP'} eq '')
3203 {
3204 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
3205 } else {
3206 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3207 }
3208 print FILE " -u sAMAccountName -P";
3209 }
3210 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
3211 {
3212 if ($proxysettings{'LDAP_GROUP'} eq '')
3213 {
3214 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
3215 } else {
3216 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
3217 }
3218 print FILE " -u cn -P";
3219 }
3220 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
3221 {
3222 if ($proxysettings{'LDAP_GROUP'} eq '')
3223 {
3224 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
3225 } else {
3226 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3227 }
3228 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
3229 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
3230 print FILE " -u uid -P";
3231 }
3232 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
3233 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3234 print FILE "auth_param basic realm $authrealm\n";
3235 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3236 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3237 }
3238
3239 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
3240 {
3241 print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp";
3242 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3243 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3244 $ntlm_auth_group =~ s/\\/\+/;
3245
3246 print FILE " --require-membership-of=$ntlm_auth_group";
3247 }
3248 print FILE "\n";
3249
3250 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
3251
3252 # BASIC authentication
3253 if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
3254 print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic";
3255 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3256 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3257 $ntlm_auth_group =~ s/\\/\+/;
3258
3259 print FILE " --require-membership-of=$ntlm_auth_group";
3260 }
3261 print FILE "\n";
3262 print FILE "auth_param basic children 10\n";
3263 print FILE "auth_param basic realm IPFire Web Proxy Server\n";
3264 print FILE "auth_param basic credentialsttl 2 hours\n\n";
3265 }
3266 }
3267
3268 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
3269 {
3270 print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
3271 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
3272 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
3273 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3274 print FILE "auth_param basic realm $authrealm\n";
3275 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3276 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3277 }
3278
3279 print FILE "\n";
3280 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
3281 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3282 {
3283 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
3284 {
3285 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
3286 }
3287 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
3288 {
3289 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
3290 }
3291 }
3292 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3293 {
3294 print FILE "\n";
3295 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
3296 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
3297 }
3298 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
3299 print FILE "\n";
3300
3301 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3302 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3303 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3304 print FILE "\n";
3305
3306 }
3307
3308 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3309 {
3310 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
3311 {
3312 print FILE "acl for_inetusers ident REQUIRED\n";
3313 }
3314 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
3315 {
3316 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
3317 {
3318 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
3319 }
3320 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
3321 {
3322 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
3323 }
3324 }
3325 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3326 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3327 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3328 print FILE "\n";
3329 }
3330
3331 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
3332
3333 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
3334
3335 print FILE "acl within_timeframe time ";
3336 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
3337 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
3338 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
3339 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
3340 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
3341 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
3342 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
3343 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
3344 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
3345 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
3346 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
3347
3348 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3349 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
3350 }
3351
3352 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
3353 print FILE <<END
3354
3355 #Classroom extensions
3356 acl IPFire_no_access_ips src "$acl_src_noaccess_ip"
3357 acl IPFire_no_access_mac arp "$acl_src_noaccess_mac"
3358 END
3359 ;
3360 print FILE "deny_info ";
3361 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3362 {
3363 print FILE "ERR_ACCESS_DISABLED";
3364 } else {
3365 print FILE "ERR_ACCESS_DENIED";
3366 }
3367 print FILE " IPFire_no_access_ips\n";
3368 print FILE "deny_info ";
3369 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3370 {
3371 print FILE "ERR_ACCESS_DISABLED";
3372 } else {
3373 print FILE "ERR_ACCESS_DENIED";
3374 }
3375 print FILE " IPFire_no_access_mac\n";
3376
3377 print FILE <<END
3378 http_access deny IPFire_no_access_ips
3379 http_access deny IPFire_no_access_mac
3380 END
3381 ;
3382 }
3383
3384 #Insert acl file and replace __VAR__ with correct values
3385 my $blue_net = ''; #BLUE empty by default
3386 my $blue_ip = '';
3387 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3388 $blue_net = "$blue_cidr";
3389 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
3390 }
3391 if (!-z $acl_include)
3392 {
3393 open (ACL, "$acl_include");
3394 print FILE "\n#Start of custom includes\n\n";
3395 while (<ACL>) {
3396 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
3397 $_ =~ s/__GREEN_NET__/$green_cidr/;
3398 $_ =~ s/__BLUE_IP__/$blue_ip/;
3399 $_ =~ s/__BLUE_NET__/$blue_net/;
3400 $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
3401 print FILE $_;
3402 }
3403 print FILE "\n#End of custom includes\n";
3404 close (ACL);
3405 }
3406 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
3407
3408 # Check if squidclamav is enabled.
3409 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3410 print FILE "\n#Settings for squidclamav:\n";
3411 print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
3412 print FILE "acl purge method PURGE\n";
3413 print FILE "http_access deny to_localhost\n";
3414 print FILE "http_access allow localhost\n";
3415 print FILE "http_access allow purge localhost\n";
3416 print FILE "http_access deny purge\n";
3417 print FILE "url_rewrite_access deny localhost\n";
3418 }
3419 print FILE <<END;
3420
3421 #Access to squid:
3422 #local machine, no restriction
3423 http_access allow localhost
3424
3425 #GUI admin if local machine connects
3426 http_access allow IPFire_ips IPFire_networks IPFire_http
3427 http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
3428
3429 #Deny not web services
3430 END
3431
3432 if (@safe_ports) {
3433 print FILE "http_access deny !Safe_ports\n";
3434 }
3435
3436 if (@ssl_ports) {
3437 print FILE "http_access deny CONNECT !SSL_ports\n";
3438 }
3439
3440 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3441 {
3442 print FILE "#Set ident ACLs\n";
3443 if (!-z $identhosts)
3444 {
3445 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3446 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3447 print FILE "ident_lookup_access deny all\n";
3448 } else {
3449 print FILE "ident_lookup_access allow all\n";
3450 }
3451 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3452 }
3453
3454 if ($delaypools) {
3455 print FILE "#Set download throttling\n";
3456
3457 if ($netsettings{'BLUE_DEV'})
3458 {
3459 print FILE "delay_pools 2\n";
3460 } else {
3461 print FILE "delay_pools 1\n";
3462 }
3463
3464 print FILE "delay_class 1 3\n";
3465 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3466
3467 print FILE "delay_parameters 1 ";
3468 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3469 {
3470 print FILE "-1/-1";
3471 } else {
3472 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3473 print FILE "/";
3474 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3475 }
3476
3477 print FILE " -1/-1 ";
3478 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3479 {
3480 print FILE "-1/-1";
3481 } else {
3482 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3483 print FILE "/";
3484 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3485 }
3486 print FILE "\n";
3487
3488 if ($netsettings{'BLUE_DEV'})
3489 {
3490 print FILE "delay_parameters 2 ";
3491 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3492 {
3493 print FILE "-1/-1";
3494 } else {
3495 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3496 print FILE "/";
3497 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3498 }
3499 print FILE " -1/-1 ";
3500 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3501 {
3502 print FILE "-1/-1";
3503 } else {
3504 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3505 print FILE "/";
3506 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3507 }
3508 print FILE "\n";
3509 }
3510
3511 print FILE "delay_access 1 deny IPFire_ips\n";
3512 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPFire_unrestricted_ips\n"; }
3513 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPFire_unrestricted_mac\n"; }
3514 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3515
3516 if ($netsettings{'BLUE_DEV'})
3517 {
3518 print FILE "delay_access 1 allow IPFire_green_network";
3519 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3520 print FILE "\n";
3521 print FILE "delay_access 1 deny all\n";
3522 } else {
3523 print FILE "delay_access 1 allow all";
3524 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3525 print FILE "\n";
3526 }
3527
3528 if ($netsettings{'BLUE_DEV'})
3529 {
3530 print FILE "delay_access 2 deny IPFire_ips\n";
3531 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPFire_unrestricted_ips\n"; }
3532 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPFire_unrestricted_mac\n"; }
3533 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3534 print FILE "delay_access 2 allow IPFire_blue_network";
3535 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3536 print FILE "\n";
3537 print FILE "delay_access 2 deny all\n";
3538 }
3539
3540 print FILE "delay_initial_bucket_level 100\n";
3541 print FILE "\n";
3542 }
3543
3544 if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
3545 {
3546 print FILE "#Prevent internal proxy access to Green except IPFire itself\n";
3547 print FILE "http_access deny IPFire_green_servers !IPFire_ips !IPFire_green_network\n\n";
3548 }
3549
3550 if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
3551 {
3552 print FILE "#Prevent internal proxy access from Blue except IPFire itself\n";
3553 print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
3554 print FILE "http_access deny IPFire_blue_network !IPFire_ips IPFire_servers\n\n";
3555 }
3556
3557 print FILE <<END
3558 #Set custom configured ACLs
3559 END
3560 ;
3561 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPFire_banned_ips\n"; }
3562 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPFire_banned_mac\n"; }
3563
3564 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3565 {
3566 if (!-z $acl_src_unrestricted_ip)
3567 {
3568 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_ips to_ipaddr_without_auth\n"; }
3569 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_ips to_domains_without_auth\n"; }
3570 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_ips to_hosts_without_auth\n"; }
3571 }
3572 if (!-z $acl_src_unrestricted_mac)
3573 {
3574 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_mac to_ipaddr_without_auth\n"; }
3575 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_mac to_domains_without_auth\n"; }
3576 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_mac to_hosts_without_auth\n"; }
3577 }
3578 if (!-z $acl_dst_noauth_net)
3579 {
3580 print FILE "http_access allow IPFire_networks";
3581 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3582 print FILE " !within_timeframe";
3583 } else {
3584 print FILE " within_timeframe"; }
3585 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3586 print FILE " to_ipaddr_without_auth\n";
3587 }
3588 if (!-z $acl_dst_noauth_dom)
3589 {
3590 print FILE "http_access allow IPFire_networks";
3591 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3592 print FILE " !within_timeframe";
3593 } else {
3594 print FILE " within_timeframe"; }
3595 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3596 print FILE " to_domains_without_auth\n";
3597 }
3598 if (!-z $acl_dst_noauth_url)
3599 {
3600 print FILE "http_access allow IPFire_networks";
3601 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3602 print FILE " !within_timeframe";
3603 } else {
3604 print FILE " within_timeframe"; }
3605 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3606 print FILE " to_hosts_without_auth\n";
3607 }
3608 }
3609
3610 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3611 {
3612 print FILE "http_access deny !for_inetusers";
3613 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3614 print FILE "\n";
3615 }
3616
3617 if (
3618 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3619 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3620 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3621 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3622 (!-z "$identdir/identauth.denyusers")
3623 )
3624 {
3625 print FILE "http_access deny for_acl_users";
3626 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3627 print FILE "\n";
3628 }
3629
3630 if (!-z $acl_src_unrestricted_ip)
3631 {
3632 print FILE "http_access allow IPFire_unrestricted_ips";
3633 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3634 {
3635 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3636 {
3637 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3638 }
3639 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3640 {
3641 print FILE " for_inetusers";
3642 }
3643 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3644 {
3645 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3646 {
3647 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3648 {
3649 print FILE " for_acl_users";
3650 }
3651 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3652 {
3653 print FILE " !for_acl_users";
3654 }
3655 } else { print FILE " for_inetusers"; }
3656 }
3657 }
3658 print FILE "\n";
3659 }
3660
3661 if (!-z $acl_src_unrestricted_mac)
3662 {
3663 print FILE "http_access allow IPFire_unrestricted_mac";
3664 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3665 {
3666 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3667 {
3668 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3669 }
3670 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3671 {
3672 print FILE " for_inetusers";
3673 }
3674 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3675 {
3676 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3677 {
3678 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3679 {
3680 print FILE " for_acl_users";
3681 }
3682 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3683 {
3684 print FILE " !for_acl_users";
3685 }
3686 } else { print FILE " for_inetusers"; }
3687 }
3688 }
3689 print FILE "\n";
3690 }
3691
3692 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3693 {
3694 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3695 if (!-z $extgrp) { print FILE "http_access allow IPFire_networks for_extended_users\n"; }
3696 }
3697
3698 if (
3699 (
3700 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3701 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3702 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3703 (!-z "$raddir/radauth.denyusers")
3704 )
3705 ||
3706 (
3707 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3708 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3709 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3710 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3711 (!-z "$identdir/identauth.denyusers")
3712 )
3713 )
3714 {
3715 print FILE "http_access deny for_acl_users";
3716 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3717 print FILE "\n";
3718 }
3719
3720 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3721 {
3722 print FILE "http_access allow";
3723 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3724 print FILE " !within_timeframe";
3725 } else {
3726 print FILE " within_timeframe"; }
3727 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3728 print FILE " !on_ident_aware_hosts\n";
3729 }
3730
3731 print FILE "http_access allow IPFire_networks";
3732 if (
3733 (
3734 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3735 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3736 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3737 (!-z "$raddir/radauth.allowusers")
3738 )
3739 ||
3740 (
3741 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3742 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3743 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3744 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3745 (!-z "$identdir/identauth.allowusers")
3746 )
3747 )
3748 {
3749 print FILE " for_acl_users";
3750 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3751 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3752 print FILE " for_inetusers";
3753 }
3754 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3755 {
3756 print FILE " !concurrent";
3757 }
3758 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3759 print FILE " !within_timeframe";
3760 } else {
3761 print FILE " within_timeframe"; }
3762 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3763 print FILE "\n";
3764
3765 print FILE "http_access deny all\n\n";
3766
3767 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3768 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3769 {
3770 print FILE "#Strip HTTP Header\n";
3771
3772 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3773 {
3774 print FILE "request_header_access X-Forwarded-For deny all\n";
3775 print FILE "reply_header_access X-Forwarded-For deny all\n";
3776 }
3777 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3778 {
3779 print FILE "request_header_access Via deny all\n";
3780 print FILE "reply_header_access Via deny all\n";
3781 }
3782 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3783 {
3784 print FILE "request_header_access User-Agent deny all\n";
3785 print FILE "reply_header_access User-Agent deny all\n";
3786 }
3787 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3788 {
3789 print FILE "request_header_access Referer deny all\n";
3790 print FILE "reply_header_access Referer deny all\n";
3791 }
3792
3793 print FILE "\n";
3794
3795 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3796 {
3797 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3798 {
3799 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3800 }
3801 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3802 {
3803 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3804 }
3805 print FILE "\n";
3806 }
3807 }
3808
3809 if ($proxysettings{'SUPPRESS_VERSION'} eq 'on') { print FILE "httpd_suppress_version_string on\n\n" }
3810
3811 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3812 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPFire_unrestricted_ips\n"; }
3813 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPFire_unrestricted_mac\n"; }
3814 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3815 {
3816 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3817 }
3818 print FILE "http_reply_access deny blocked_mimetypes\n";
3819 print FILE "http_reply_access allow all\n\n";
3820 }
3821
3822 print FILE "visible_hostname";
3823 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3824 {
3825 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3826 } else {
3827 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3828 }
3829
3830 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
3831 if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
3832 print FILE "\n";
3833
3834 print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
3835
3836 # Write the parent proxy info, if needed.
3837 if ($remotehost ne '')
3838 {
3839 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3840
3841 # Enter authentication for the parent cache. Option format is
3842 # login=user:password ($proxy1='YES')
3843 # login=PASS ($proxy1='PASS')
3844 # login=*:password ($proxysettings{'FORWARD_USERNAME'} eq 'on')
3845 if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS'))
3846 {
3847 print FILE " login=$proxysettings{'UPSTREAM_USER'}";
3848 if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; }
3849 }
3850 elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3851
3852 print FILE "\nalways_direct allow IPFire_ips\n";
3853 print FILE "never_direct allow all\n\n";
3854 }
3855 if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
3856 {
3857 print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
3858 print FILE "url_rewrite_children ", &General::number_cpu_cores();
3859 print FILE " startup=", &General::number_cpu_cores();
3860 print FILE " idle=", &General::number_cpu_cores();
3861 print FILE " queue-size=", &General::number_cpu_cores() * 32, "\n\n";
3862 }
3863
3864 # Include file with user defined settings.
3865 if (-e "/etc/squid/squid.conf.local") {
3866 print FILE "include /etc/squid/squid.conf.local\n";
3867 }
3868 close FILE;
3869
3870 # Proxy settings for squidclamav - if installed.
3871 #
3872 # Check if squidclamav is enabled.
3873 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3874
3875 my $configfile='/etc/squidclamav.conf';
3876
3877 my $data = &General::read_file_utf8($configfile);
3878 $data =~ s/squid_port [0-9]+/squid_port $proxysettings{'PROXY_PORT'}/g;
3879 &General::write_file_utf8($configfile, $data);
3880 }
3881 }
3882
3883 # -------------------------------------------------------------------
3884
3885 sub adduser
3886 {
3887 my ($str_user, $str_pass, $str_group) = @_;
3888 my @groupmembers=();
3889
3890 if ($str_pass eq 'lEaVeAlOnE')
3891 {
3892 open(FILE, "$userdb");
3893 @groupmembers = <FILE>;
3894 close(FILE);
3895 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3896 &deluser($str_user);
3897 open(FILE, ">>$userdb");
3898 flock FILE,2;
3899 print FILE "$str_user$str_pass";
3900 close(FILE);
3901 } else {
3902 &deluser($str_user);
3903
3904 my $htpasswd = new Apache::Htpasswd("$userdb");
3905 $htpasswd->htpasswd($str_user, $str_pass);
3906 }
3907
3908 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3909 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3910 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3911 flock FILE, 2;
3912 print FILE "$str_user\n";
3913 close(FILE);
3914
3915 return;
3916 }
3917
3918 # -------------------------------------------------------------------
3919
3920 sub deluser
3921 {
3922 my ($str_user) = @_;
3923 my $groupfile='';
3924 my @groupmembers=();
3925 my @templist=();
3926
3927 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3928 {
3929 undef @templist;
3930 open(FILE, "$groupfile");
3931 @groupmembers = <FILE>;
3932 close(FILE);
3933 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3934 open(FILE, ">$groupfile");
3935 flock FILE, 2;
3936 print FILE @templist;
3937 close(FILE);
3938 }
3939
3940 undef @templist;
3941 open(FILE, "$userdb");
3942 @groupmembers = <FILE>;
3943 close(FILE);
3944 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3945 open(FILE, ">$userdb");
3946 flock FILE, 2;
3947 print FILE @templist;
3948 close(FILE);
3949
3950 return;
3951 }
3952
3953 # -------------------------------------------------------------------
3954
3955 sub writecachemgr
3956 {
3957 open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
3958 flock(FILE, 2);
3959 print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
3960 print FILE "localhost";
3961 close(FILE);
3962 return;
3963 }
3964
3965 # -------------------------------------------------------------------
IPFire 2.x development tree