]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blob
? search:


81b6ad12ec7a3c679b877e9d821117600a84e2e7
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 #
3 # IPCop CGIs
4 #
5 # This code is distributed under the terms of the GPL
6 #
7 # $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $
8 #
9
10 use strict;
11
12 # enable only the following on debugging purpose
13 #use warnings;
14 #use CGI::Carp 'fatalsToBrowser';
15
16 use IO::Socket;
17
18 require '/var/ipfire/general-functions.pl';
19 require "${General::swroot}/lang.pl";
20 require "${General::swroot}/header.pl";
21
22 my $advproxyversion = `cat ${General::swroot}/proxy/advanced/version`;
23 my $sysupdflagfile = "${General::swroot}/proxy/advanced/.up2date";
24
25 my %proxysettings=();
26 my %netsettings=();
27 my %filtersettings=();
28 my %updaccsettings=();
29 my %stdproxysettings=();
30 my %mainsettings=();
31 my $urlfilter_addon=0;
32 my $updacclrtr_addon=0;
33
34 my %checked=();
35 my %selected=();
36
37 my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
38 my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
39 my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
40 my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
41
42 my @useragent=();
43 my @useragentlist=();
44
45 my $hintcolour='#FFFFCC';
46 my $ncsa_buttontext='';
47 my $language='';
48 my $i=0;
49 my $n=0;
50 my $id=0;
51 my $line='';
52 my $user='';
53 my @userlist=();
54 my @grouplist=();
55 my @temp=();
56 my @templist=();
57
58 my $cachemem=0;
59 my $proxy1='';
60 my $proxy2='';
61 my $replybodymaxsize=0;
62 my $browser_regexp='';
63 my $needhup = 0;
64 my $errormessage='';
65
66 my $acldir = "${General::swroot}/proxy/advanced/acls";
67 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
68 my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
69 my $raddir = "${General::swroot}/proxy/advanced/radius";
70 my $identdir = "${General::swroot}/proxy/advanced/ident";
71 my $credir = "${General::swroot}/proxy/advanced/cre";
72
73 my $userdb = "$ncsadir/passwd";
74 my $stdgrp = "$ncsadir/standard.grp";
75 my $extgrp = "$ncsadir/extended.grp";
76 my $disgrp = "$ncsadir/disabled.grp";
77
78 my $browserdb = "${General::swroot}/proxy/advanced/useragents";
79 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
80 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
81
82 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
83 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
84 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
85
86 my $identhosts = "$identdir/hosts";
87
88 my $libexecdir = "/usr/lib/squid";
89
90 my $acl_src_subnets = "$acldir/src_subnets.acl";
91 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
92 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
93 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
94 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
95 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
96 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
97 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
98 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
99 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
100 my $acl_include = "$acldir/include.acl";
101
102 unless (-d "$acldir") { mkdir("$acldir"); }
103 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
104 unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
105 unless (-d "$raddir") { mkdir("$raddir"); }
106 unless (-d "$identdir") { mkdir("$identdir"); }
107 unless (-d "$credir") { mkdir("$credir"); }
108
109 unless (-e $cre_groups) { system("touch $cre_groups"); }
110 unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
111
112 unless (-e $userdb) { system("touch $userdb"); }
113 unless (-e $stdgrp) { system("touch $stdgrp"); }
114 unless (-e $extgrp) { system("touch $extgrp"); }
115 unless (-e $disgrp) { system("touch $disgrp"); }
116
117 unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
118 unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
119 unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
120 unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
121 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
122 unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
123 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
124 unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
125 unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
126 unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
127 unless (-e $acl_include) { system("touch $acl_include"); }
128
129 unless (-e $browserdb) { system("touch $browserdb"); }
130 unless (-e $mimetypes) { system("touch $mimetypes"); }
131
132 open FILE, $browserdb;
133 @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
134 close(FILE);
135
136 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
137 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
138
139 if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; }
140 if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; }
141
142 if ($urlfilter_addon) {
143 $filtersettings{'CHILDREN'} = '5';
144 if (-e "${General::swroot}/urlfilter/settings") {
145 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
146 }
147 }
148
149 if ($updacclrtr_addon) {
150 $updaccsettings{'ACCELERATORS'} = '10';
151 if (-e "${General::swroot}/updacclrtr/settings") {
152 &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings);
153 }
154 }
155
156 &Header::showhttpheaders();
157
158 $proxysettings{'ACTION'} = '';
159 $proxysettings{'VALID'} = '';
160
161 $proxysettings{'ENABLE'} = 'off';
162 $proxysettings{'ENABLE_BLUE'} = 'off';
163 $proxysettings{'TRANSPARENT'} = 'off';
164 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
165 $proxysettings{'PROXY_PORT'} = '800';
166 $proxysettings{'VISIBLE_HOSTNAME'} = '';
167 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
168 $proxysettings{'ERR_LANGUAGE'} = 'English';
169 $proxysettings{'FORWARD_VIA'} = 'off';
170 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
171 $proxysettings{'FORWARD_USERNAME'} = 'off';
172 $proxysettings{'UPSTREAM_PROXY'} = '';
173 $proxysettings{'UPSTREAM_USER'} = '';
174 $proxysettings{'UPSTREAM_PASSWORD'} = '';
175 $proxysettings{'LOGGING'} = 'off';
176 $proxysettings{'LOGQUERY'} = 'off';
177 $proxysettings{'LOGUSERAGENT'} = 'off';
178 $proxysettings{'CACHE_MEM'} = '2';
179 $proxysettings{'CACHE_SIZE'} = '50';
180 $proxysettings{'MAX_SIZE'} = '4096';
181 $proxysettings{'MIN_SIZE'} = '0';
182 $proxysettings{'MEM_POLICY'} = 'LRU';
183 $proxysettings{'CACHE_POLICY'} = 'LRU';
184 $proxysettings{'L1_DIRS'} = '16';
185 $proxysettings{'OFFLINE_MODE'} = 'off';
186 $proxysettings{'CLASSROOM_EXT'} = 'off';
187 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
188 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
189 $proxysettings{'TIME_FROM_HOUR'} = '00';
190 $proxysettings{'TIME_FROM_MINUTE'} = '00';
191 $proxysettings{'TIME_TO_HOUR'} = '24';
192 $proxysettings{'TIME_TO_MINUTE'} = '00';
193 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
194 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
195 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
196 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
197 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
198 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
199 $proxysettings{'THROTTLE_BINARY'} = 'off';
200 $proxysettings{'THROTTLE_DSKIMG'} = 'off';
201 $proxysettings{'THROTTLE_MMEDIA'} = 'off';
202 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
203 $proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
204 $proxysettings{'FAKE_USERAGENT'} = '';
205 $proxysettings{'FAKE_REFERER'} = '';
206 $proxysettings{'AUTH_METHOD'} = 'none';
207 $proxysettings{'AUTH_REALM'} = '';
208 $proxysettings{'AUTH_MAX_USERIP'} = '';
209 $proxysettings{'AUTH_CACHE_TTL'} = '60';
210 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
211 $proxysettings{'AUTH_CHILDREN'} = '5';
212 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
213 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
214 $proxysettings{'NCSA_USERNAME'} = '';
215 $proxysettings{'NCSA_GROUP'} = '';
216 $proxysettings{'NCSA_PASS'} = '';
217 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
218 $proxysettings{'LDAP_BASEDN'} = '';
219 $proxysettings{'LDAP_TYPE'} = 'ADS';
220 $proxysettings{'LDAP_SERVER'} = '';
221 $proxysettings{'LDAP_PORT'} = '389';
222 $proxysettings{'LDAP_BINDDN_USER'} = '';
223 $proxysettings{'LDAP_BINDDN_PASS'} = '';
224 $proxysettings{'LDAP_GROUP'} = '';
225 $proxysettings{'NTLM_DOMAIN'} = '';
226 $proxysettings{'NTLM_PDC'} = '';
227 $proxysettings{'NTLM_BDC'} = '';
228 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
229 $proxysettings{'NTLM_USER_ACL'} = 'positive';
230 $proxysettings{'RADIUS_SERVER'} = '';
231 $proxysettings{'RADIUS_PORT'} = '1645';
232 $proxysettings{'RADIUS_IDENTIFIER'} = '';
233 $proxysettings{'RADIUS_SECRET'} = '';
234 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
235 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
236 $proxysettings{'IDENT_REQUIRED'} = 'off';
237 $proxysettings{'IDENT_TIMEOUT'} = '10';
238 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
239 $proxysettings{'IDENT_USER_ACL'} = 'positive';
240
241 if ($urlfilter_addon) {
242 $proxysettings{'ENABLE_FILTER'} = 'off';
243 }
244
245 if ($updacclrtr_addon) {
246 $proxysettings{'ENABLE_UPDACCEL'} = 'off';
247 }
248
249 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
250
251 &Header::getcgihash(\%proxysettings);
252
253 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
254 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
255 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
256 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
257
258 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
259 {
260 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
261 }
262
263 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
264 {
265 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
266 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
267 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
268 }
269 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
270 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
271 }
272 if ($proxysettings{'NCSA_USERNAME'} eq '') {
273 $errormessage = $Lang::tr{'advproxy errmsg no username'};
274 }
275 if (!$errormessage) {
276 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
277 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
278 }
279 $proxysettings{'NCSA_USERNAME'} = '';
280 $proxysettings{'NCSA_GROUP'} = '';
281 $proxysettings{'NCSA_PASS'} = '';
282 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
283 }
284
285 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
286 {
287 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
288 &deluser($proxysettings{'ID'});
289 }
290
291 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
292 {
293 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
294 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
295 @temp = split(/:/,$proxysettings{'ID'});
296 $proxysettings{'NCSA_USERNAME'} = $temp[0];
297 $proxysettings{'NCSA_GROUP'} = $temp[1];
298 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
299 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
300 }
301
302 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
303 {
304 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
305 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
306 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
307 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
308 $errormessage = $Lang::tr{'invalid input'};
309 goto ERROR;
310 }
311 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
312 ($proxysettings{'CACHE_SIZE'} < 10))
313 {
314 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
315 goto ERROR;
316 }
317 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
318 ($proxysettings{'CACHE_MEM'} < 1))
319 {
320 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
321 goto ERROR;
322 }
323 my @free = `/usr/bin/free`;
324 $free[1] =~ m/(\d+)/;
325 $cachemem = int $1 / 2048;
326 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
327 $proxysettings{'CACHE_MEM'} = $cachemem;
328 }
329 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
330 {
331 $errormessage = $Lang::tr{'invalid maximum object size'};
332 goto ERROR;
333 }
334 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
335 {
336 $errormessage = $Lang::tr{'invalid minimum object size'};
337 goto ERROR;
338 }
339 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
340 {
341 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
342 goto ERROR;
343 }
344 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
345 {
346 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
347 goto ERROR;
348 }
349 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
350 {
351 $errormessage = $Lang::tr{'invalid maximum incoming size'};
352 goto ERROR;
353 }
354 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
355 {
356 $browser_regexp = '';
357 foreach (@useragentlist)
358 {
359 chomp;
360 @useragent = split(/,/);
361 if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
362 }
363 chop($browser_regexp);
364 if (!$browser_regexp)
365 {
366 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
367 goto ERROR;
368 }
369 }
370 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
371 {
372 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
373 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
374 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
375 {
376 if ($netsettings{'BLUE_DEV'})
377 {
378 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
379 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
380 {
381 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
382 goto ERROR;
383 }
384 } else {
385 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
386 {
387 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
388 goto ERROR;
389 }
390 }
391 }
392 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
393 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
394 {
395 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
396 goto ERROR;
397 }
398 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
399 {
400 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
401 goto ERROR;
402 }
403 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
404 {
405 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
406 goto ERROR;
407 }
408 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
409 {
410 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
411 goto ERROR;
412 }
413 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
414 {
415 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
416 goto ERROR;
417 }
418 }
419 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
420 {
421 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
422 {
423 $errormessage = $Lang::tr{'advproxy errmsg password length'};
424 goto ERROR;
425 }
426 }
427 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
428 {
429 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
430 {
431 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
432 goto ERROR;
433 }
434 }
435 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
436 {
437 if ($proxysettings{'LDAP_BASEDN'} eq '')
438 {
439 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
440 goto ERROR;
441 }
442 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
443 {
444 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
445 goto ERROR;
446 }
447 if (!&General::validport($proxysettings{'LDAP_PORT'}))
448 {
449 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
450 goto ERROR;
451 }
452 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
453 {
454 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
455 {
456 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
457 goto ERROR;
458 }
459 }
460 }
461 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
462 {
463 if ($proxysettings{'NTLM_DOMAIN'} eq '')
464 {
465 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
466 goto ERROR;
467 }
468 if ($proxysettings{'NTLM_PDC'} eq '')
469 {
470 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
471 goto ERROR;
472 }
473 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
474 {
475 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
476 goto ERROR;
477 }
478 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
479 {
480 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
481 goto ERROR;
482 }
483 }
484 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
485 {
486 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
487 {
488 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
489 goto ERROR;
490 }
491 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
494 goto ERROR;
495 }
496 if ($proxysettings{'RADIUS_SECRET'} eq '')
497 {
498 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
499 goto ERROR;
500 }
501 }
502
503 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
504 $proxy1 = 'YES';
505 $proxy2 = 'YES';
506 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
507 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
508 if (($proxy1 ne $proxy2))
509 {
510 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
511 goto ERROR;
512 }
513
514 ERROR:
515 &check_acls;
516
517 if ($errormessage) {
518 $proxysettings{'VALID'} = 'no'; }
519 else {
520 $proxysettings{'VALID'} = 'yes'; }
521
522 if ($proxysettings{'VALID'} eq 'yes')
523 {
524 &write_acls;
525
526 delete $proxysettings{'SRC_SUBNETS'};
527 delete $proxysettings{'SRC_BANNED_IP'};
528 delete $proxysettings{'SRC_BANNED_MAC'};
529 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
530 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
531 delete $proxysettings{'DST_NOCACHE'};
532 delete $proxysettings{'DST_NOAUTH'};
533 delete $proxysettings{'MIME_TYPES'};
534 delete $proxysettings{'NTLM_ALLOW_USERS'};
535 delete $proxysettings{'NTLM_DENY_USERS'};
536 delete $proxysettings{'RADIUS_ALLOW_USERS'};
537 delete $proxysettings{'RADIUS_DENY_USERS'};
538 delete $proxysettings{'IDENT_HOSTS'};
539 delete $proxysettings{'IDENT_ALLOW_USERS'};
540 delete $proxysettings{'IDENT_DENY_USERS'};
541
542 delete $proxysettings{'CRE_GROUPS'};
543 delete $proxysettings{'CRE_SVHOSTS'};
544
545 delete $proxysettings{'NCSA_USERNAME'};
546 delete $proxysettings{'NCSA_GROUP'};
547 delete $proxysettings{'NCSA_PASS'};
548 delete $proxysettings{'NCSA_PASS_CONFIRM'};
549
550 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
551 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
552 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
553 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
554 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
555 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
556 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
557
558 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
559 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
560
561 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
562
563 if ($urlfilter_addon)
564 {
565 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
566 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
567 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
568 }
569
570 if ($updacclrtr_addon)
571 {
572 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
573 $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'};
574 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
575 }
576
577 &writeconfig;
578 &writepacfile;
579
580 unlink "${General::swroot}/proxy/enable";
581 unlink "${General::swroot}/proxy/transparent";
582 unlink "${General::swroot}/proxy/enable_blue";
583 unlink "${General::swroot}/proxy/transparent_blue";
584
585 if ($proxysettings{'ENABLE'} eq 'on') {
586 system ('/bin/touch', "${General::swroot}/proxy/enable"); }
587 if ($proxysettings{'TRANSPARENT'} eq 'on') {
588 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }
589 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
590 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }
591 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
592 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
593
594 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
595 }
596 }
597
598 if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})
599 {
600 system('/usr/local/bin/restartsquid','-f');
601 }
602
603 if (!$errormessage)
604 {
605 if (-e "${General::swroot}/proxy/advanced/settings") {
606 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
607 } elsif (-e "${General::swroot}/proxy/settings") {
608 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
609 }
610 &read_acls;
611 }
612
613 $checked{'ENABLE'}{'off'} = '';
614 $checked{'ENABLE'}{'on'} = '';
615 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
616
617 $checked{'TRANSPARENT'}{'off'} = '';
618 $checked{'TRANSPARENT'}{'on'} = '';
619 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
620
621 $checked{'ENABLE_BLUE'}{'off'} = '';
622 $checked{'ENABLE_BLUE'}{'on'} = '';
623 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
624
625 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
626 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
627 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
628
629 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
630 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
631 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
632 $checked{'FORWARD_USERNAME'}{'off'} = '';
633 $checked{'FORWARD_USERNAME'}{'on'} = '';
634 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
635 $checked{'FORWARD_VIA'}{'off'} = '';
636 $checked{'FORWARD_VIA'}{'on'} = '';
637 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
638
639 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
640 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
641 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
642 $checked{'OFFLINE_MODE'}{'off'} = '';
643 $checked{'OFFLINE_MODE'}{'on'} = '';
644 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
645
646 $checked{'LOGGING'}{'off'} = '';
647 $checked{'LOGGING'}{'on'} = '';
648 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
649 $checked{'LOGQUERY'}{'off'} = '';
650 $checked{'LOGQUERY'}{'on'} = '';
651 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
652 $checked{'LOGUSERAGENT'}{'off'} = '';
653 $checked{'LOGUSERAGENT'}{'on'} = '';
654 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
655
656 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
657
658 $checked{'CLASSROOM_EXT'}{'off'} = '';
659 $checked{'CLASSROOM_EXT'}{'on'} = '';
660 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
661
662 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
663 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
664 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
665 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
666 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
667
668 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
669 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
670 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
671 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
672 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
673 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
674 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
675
676 $checked{'TIME_MON'}{'off'} = '';
677 $checked{'TIME_MON'}{'on'} = '';
678 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
679 $checked{'TIME_TUE'}{'off'} = '';
680 $checked{'TIME_TUE'}{'on'} = '';
681 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
682 $checked{'TIME_WED'}{'off'} = '';
683 $checked{'TIME_WED'}{'on'} = '';
684 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
685 $checked{'TIME_THU'}{'off'} = '';
686 $checked{'TIME_THU'}{'on'} = '';
687 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
688 $checked{'TIME_FRI'}{'off'} = '';
689 $checked{'TIME_FRI'}{'on'} = '';
690 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
691 $checked{'TIME_SAT'}{'off'} = '';
692 $checked{'TIME_SAT'}{'on'} = '';
693 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
694 $checked{'TIME_SUN'}{'off'} = '';
695 $checked{'TIME_SUN'}{'on'} = '';
696 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
697
698 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
699 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
700 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
701 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
702
703 $checked{'THROTTLE_BINARY'}{'off'} = '';
704 $checked{'THROTTLE_BINARY'}{'on'} = '';
705 $checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
706 $checked{'THROTTLE_DSKIMG'}{'off'} = '';
707 $checked{'THROTTLE_DSKIMG'}{'on'} = '';
708 $checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
709 $checked{'THROTTLE_MMEDIA'}{'off'} = '';
710 $checked{'THROTTLE_MMEDIA'}{'on'} = '';
711 $checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
712
713 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
714 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
715 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
716
717 $checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
718 $checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
719 $checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
720
721 foreach (@useragentlist) {
722 @useragent = split(/,/);
723 $checked{'UA_'.@useragent[0]}{'off'} = '';
724 $checked{'UA_'.@useragent[0]}{'on'} = '';
725 $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
726 }
727
728 $checked{'AUTH_METHOD'}{'none'} = '';
729 $checked{'AUTH_METHOD'}{'ncsa'} = '';
730 $checked{'AUTH_METHOD'}{'ident'} = '';
731 $checked{'AUTH_METHOD'}{'ldap'} = '';
732 $checked{'AUTH_METHOD'}{'ntlm'} = '';
733 $checked{'AUTH_METHOD'}{'radius'} = '';
734 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
735
736 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
737
738 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
739 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
740 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
741
742 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
743 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
744 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
745
746 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
747
748 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
749
750 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
751
752 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
753 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
754 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
755
756 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
757 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
758 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
759
760 $checked{'NTLM_USER_ACL'}{'positive'} = '';
761 $checked{'NTLM_USER_ACL'}{'negative'} = '';
762 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
763
764 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
765 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
766 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
767
768 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
769 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
770 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
771
772 $checked{'IDENT_REQUIRED'}{'off'} = '';
773 $checked{'IDENT_REQUIRED'}{'on'} = '';
774 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
775
776 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
777 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
778 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
779
780 $checked{'IDENT_USER_ACL'}{'positive'} = '';
781 $checked{'IDENT_USER_ACL'}{'negative'} = '';
782 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
783
784 if ($urlfilter_addon) {
785 $checked{'ENABLE_FILTER'}{'off'} = '';
786 $checked{'ENABLE_FILTER'}{'on'} = '';
787 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
788 }
789
790 if ($updacclrtr_addon) {
791 $checked{'ENABLE_UPDACCEL'}{'off'} = '';
792 $checked{'ENABLE_UPDACCEL'}{'on'} = '';
793 $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'";
794 }
795
796 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
797
798 &Header::openbigbox('100%', 'left', '', $errormessage);
799
800 if ($errormessage) {
801 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
802 print "<font class='base'>$errormessage&nbsp;</font>\n";
803 &Header::closebox();
804 }
805
806 # ===================================================================
807 # Main settings
808 # ===================================================================
809
810 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
811
812 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
813
814 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
815
816 print <<END
817 <table width='100%'>
818 <tr>
819 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
820 </tr>
821 <tr>
822 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
823 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
824 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:</td>
825 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
826 </tr>
827 <tr>
828 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
829 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
830 <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
831 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
832 </tr>
833 <tr>
834 END
835 ;
836 if ($netsettings{'BLUE_DEV'}) {
837 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
838 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
839 } else {
840 print "<td colspan='2'>&nbsp;</td>";
841 }
842 print <<END
843 <td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
844 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
845 </tr>
846 <tr>
847 END
848 ;
849 if ($netsettings{'BLUE_DEV'}) {
850 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
851 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
852 } else {
853 print "<td colspan='2'>&nbsp;</td>";
854 }
855 print <<END
856 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
857 <td class='base'>
858 <select name='ERR_LANGUAGE'>
859 END
860 ;
861 foreach (</usr/lib/squid/errors/*>) {
862 if (-d) {
863 $language = substr($_,rindex($_,"/")+1);
864 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
865 }
866 }
867 print <<END
868 </select>
869 </td>
870 </tr>
871 </table>
872 <hr size='1'>
873 <table width='100%'>
874 <tr>
875 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
876 </tr>
877 <tr>
878 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}</font>:</td>
879 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
880 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
881 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
882 </tr>
883 <tr>
884 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}</font>:</td>
885 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
886 <td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
887 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
888 </tr>
889 <tr>
890 <td class='base'>$Lang::tr{'advproxy username forwarding'}</font>:</td>
891 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
892 <td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
893 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
894 </tr>
895 </table>
896 <hr size='1'>
897 <table width='100%'>
898 <tr>
899 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
900 </tr>
901 <tr>
902 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
903 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
904 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
905 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
906 </tr>
907 <tr>
908 <td>&nbsp;</td>
909 <td>&nbsp;</td>
910 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
911 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
912 </tr>
913 </table>
914 <hr size='1'>
915 <table width='100%'>
916 <tr>
917 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
918 </tr>
919 <tr>
920 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
921 </tr>
922 <tr>
923 <td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
924 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
925 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:</td>
926 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
927 </tr>
928 <tr>
929 <td class='base'>$Lang::tr{'advproxy min size'}:</td>
930 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
931 <td class='base'>$Lang::tr{'advproxy max size'}:</td>
932 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
933 </tr>
934 <tr>
935 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
936 <td class='base'><select name='L1_DIRS'>
937 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
938 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
939 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
940 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
941 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
942 </select></td>
943 <td colspan='2' rowspan= '5' valign='top' class='base'>
944 <table cellpadding='0' cellspacing='0'>
945 <tr>
946 <!-- intentionally left empty -->
947 </tr>
948 <tr>
949 <td>$Lang::tr{'advproxy no cache sites'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
950 </tr>
951 <tr>
952 <!-- intentionally left empty -->
953 </tr>
954 <tr>
955 <!-- intentionally left empty -->
956 </tr>
957 <tr>
958 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
959 END
960 ;
961
962 print $proxysettings{'DST_NOCACHE'};
963
964 print <<END
965 </textarea></td>
966 </tr>
967 </table>
968 </td>
969 </tr>
970 <tr>
971 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
972 <td class='base'><select name='MEM_POLICY'>
973 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
974 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
975 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
976 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
977 </select></td>
978 </tr>
979 <tr>
980 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
981 <td class='base'><select name='CACHE_POLICY'>
982 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
983 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
984 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
985 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
986 </select></td>
987 </tr>
988 <tr>
989 <td colspan='2'>&nbsp;</td>
990 </tr>
991 <tr>
992 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
993 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
994 </tr>
995 </table>
996 <hr size='1'>
997 <table width='100%'>
998 <tr>
999 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1000 </tr>
1001 <tr>
1002 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1003 </tr>
1004 <tr>
1005 <td colspan='2' class='base'>$Lang::tr{'advproxy allowed subnets'}:</td>
1006 <td colspan='2'>&nbsp;</td>
1007 </tr>
1008 <tr>
1009 <td colspan='2'><textarea name='SRC_SUBNETS' cols='32' rows='6' wrap='off'>
1010 END
1011 ;
1012
1013 if (!$proxysettings{'SRC_SUBNETS'}) {
1014 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1015 if ($netsettings{'BLUE_DEV'}) {
1016 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1017 }
1018 } else {
1019 print $proxysettings{'SRC_SUBNETS'};
1020 }
1021
1022 print <<END
1023 </textarea></td>
1024 <td colspan='2'>&nbsp;</td>
1025 </tr>
1026 </table>
1027 <table width='100%'>
1028 <tr>
1029 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1030 </tr>
1031 <tr>
1032 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1033 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1034 </tr>
1035 <tr>
1036 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='6' wrap='off'>
1037 END
1038 ;
1039
1040 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1041
1042 print <<END
1043 </textarea></td>
1044 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='6' wrap='off'>
1045 END
1046 ;
1047
1048 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1049
1050 print <<END
1051 </textarea></td>
1052 </tr>
1053 </table>
1054 <table width='100%'>
1055 <tr>
1056 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1057 </tr>
1058 <tr>
1059 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1060 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1061 </tr>
1062 <tr>
1063 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='6' wrap='off'>
1064 END
1065 ;
1066
1067 print $proxysettings{'SRC_BANNED_IP'};
1068
1069 print <<END
1070 </textarea></td>
1071 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='6' wrap='off'>
1072 END
1073 ;
1074
1075 print $proxysettings{'SRC_BANNED_MAC'};
1076
1077 print <<END
1078 </textarea></td>
1079 </tr>
1080 </table>
1081
1082 <hr size='1'>
1083
1084 END
1085 ;
1086 # -------------------------------------------------------------------
1087 # CRE GUI - optional
1088 # -------------------------------------------------------------------
1089
1090 if (-e $cre_enabled) { print <<END
1091 <table width='100%'>
1092
1093 <tr>
1094 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b></td>
1095 </tr>
1096 <tr>
1097 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1098 </tr>
1099 <tr>
1100 <td class='base'>$Lang::tr{'advproxy enabled'}:</td>
1101 <td><input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1102 <td class='base'>$Lang::tr{'advproxy supervisor password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1103 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1104 </tr>
1105 <tr>
1106 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1107 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1108 </tr>
1109 <tr>
1110 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1111 END
1112 ;
1113
1114 print $proxysettings{'CRE_GROUPS'};
1115
1116 print <<END
1117 </textarea></td>
1118 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1119 END
1120 ;
1121 print $proxysettings{'CRE_SVHOSTS'};
1122
1123 print <<END
1124 </textarea></td>
1125 </tr>
1126
1127 </table>
1128
1129 <hr size='1'>
1130 END
1131 ;
1132 } else {
1133 print <<END
1134 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1135 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1136 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1137 END
1138 ;
1139 }
1140 # -------------------------------------------------------------------
1141
1142 print <<END
1143
1144 <table width='100%'>
1145 <tr>
1146 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1147 </tr>
1148 <table width='100%'>
1149 <tr>
1150 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1151 <td width='1%'>&nbsp;</td>
1152 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1153 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1154 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1155 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1156 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1157 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1158 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1159 <td width='1%'>&nbsp;&nbsp;</td>
1160 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1161 <td width='1%'>&nbsp;</td>
1162 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1163 <td>&nbsp;</td>
1164 </tr>
1165 <tr>
1166 <td class='base'>
1167 <select name='TIME_ACCESS_MODE'>
1168 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1169 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1170 </select>
1171 </td>
1172 <td>&nbsp;</td>
1173 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1174 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1175 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1176 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1177 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1178 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1179 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1180 <td>&nbsp;</td>
1181 <td class='base'>
1182 <select name='TIME_FROM_HOUR'>
1183 END
1184 ;
1185 for ($i=0;$i<=24;$i++) {
1186 $_ = sprintf("%02s",$i);
1187 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1188 }
1189 print <<END
1190 </select>
1191 </td>
1192 <td>:</td>
1193 <td class='base'>
1194 <select name='TIME_FROM_MINUTE'>
1195 END
1196 ;
1197 for ($i=0;$i<=45;$i+=15) {
1198 $_ = sprintf("%02s",$i);
1199 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1200 }
1201 print <<END
1202 </select>
1203 <td> - </td>
1204 </td>
1205 <td class='base'>
1206 <select name='TIME_TO_HOUR'>
1207 END
1208 ;
1209 for ($i=0;$i<=24;$i++) {
1210 $_ = sprintf("%02s",$i);
1211 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1212 }
1213 print <<END
1214 </select>
1215 </td>
1216 <td>:</td>
1217 <td class='base'>
1218 <select name='TIME_TO_MINUTE'>
1219 END
1220 ;
1221 for ($i=0;$i<=45;$i+=15) {
1222 $_ = sprintf("%02s",$i);
1223 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1224 }
1225 print <<END
1226 </select>
1227 </td>
1228 </tr>
1229 </table>
1230 <hr size='1'>
1231 <table width='100%'>
1232 <tr>
1233 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1234 </tr>
1235 <tr>
1236 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:</td>
1237 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1238 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:</td>
1239 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1240 </tr>
1241 </table>
1242 <hr size='1'>
1243 <table width='100%'>
1244 <tr>
1245 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1246 </tr>
1247 <tr>
1248 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1249 <td width='20%' class='base'>
1250 <select name='THROTTLING_GREEN_TOTAL'>
1251 END
1252 ;
1253
1254 foreach (@throttle_limits) {
1255 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
1256 }
1257
1258 print <<END
1259 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1260 </select>
1261 </td>
1262 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1263 <td width='30%' class='base'>
1264 <select name='THROTTLING_GREEN_HOST'>
1265 END
1266 ;
1267
1268 foreach (@throttle_limits) {
1269 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
1270 }
1271
1272 print <<END
1273 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1274 </select>
1275 </td>
1276 </tr>
1277 END
1278 ;
1279
1280 if ($netsettings{'BLUE_DEV'}) {
1281 print <<END
1282 <tr>
1283 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1284 <td class='base'>
1285 <select name='THROTTLING_BLUE_TOTAL'>
1286 END
1287 ;
1288
1289 foreach (@throttle_limits) {
1290 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
1291 }
1292
1293 print <<END
1294 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1295 </select>
1296 </td>
1297 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1298 <td class='base'>
1299 <select name='THROTTLING_BLUE_HOST'>
1300 END
1301 ;
1302
1303 foreach (@throttle_limits) {
1304 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
1305 }
1306
1307 print <<END
1308 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1309 </select>
1310 </td>
1311 </tr>
1312 END
1313 ;
1314 }
1315
1316 print <<END
1317 </table>
1318 <table width='100%'>
1319 <tr>
1320 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1321 </tr>
1322 <tr>
1323 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1324 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1325 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1326 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1327 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1328 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1329 <td width='15%'>&nbsp;</td>
1330 <td width='10%'>&nbsp;</td>
1331 </tr>
1332 </table>
1333 <hr size='1'>
1334 <table width='100%'>
1335 <tr>
1336 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b></td>
1337 </tr>
1338 <tr>
1339 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1340 <td width='20%'><input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1341 </tr>
1342 <tr>
1343 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1344 <td>&nbsp;</td>
1345 <td>&nbsp;</td>
1346 </tr>
1347 <tr>
1348 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1349 END
1350 ;
1351
1352 print $proxysettings{'MIME_TYPES'};
1353
1354 print <<END
1355 </textarea></td>
1356 <td>&nbsp;</td>
1357 <td>&nbsp;</td>
1358 </tr>
1359 </table>
1360 <hr size='1'>
1361 <table width='100%'>
1362 <tr>
1363 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b></td>
1364 </tr>
1365 <tr>
1366 <td width='25%' class='base'>$Lang::tr{'advproxy UA enable filter'}:</td>
1367 <td width='20%'><input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1368 <td>&nbsp;</td>
1369 <td>&nbsp;</td>
1370 </tr>
1371 <tr>
1372 <td colspan='4'><i>
1373 END
1374 ;
1375 if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1376 print <<END
1377 </i></td>
1378 </tr>
1379 </table>
1380 <table width='100%'>
1381 END
1382 ;
1383
1384 for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1385 for ($i=0; $i<=3; $i++) {
1386 if ($i eq 0) { print "<tr>\n"; }
1387 if (($n+$i) < @useragentlist) {
1388 @useragent = split(/,/,@useragentlist[$n+$i]);
1389 print "<td width='15%'>@useragent[1]:<\/td>\n";
1390 print "<td width='10%'><input type='checkbox' name='UA_@useragent[0]' $checked{'UA_'.@useragent[0]}{'on'} /></td>\n";
1391 }
1392 if ($i eq 3) { print "<\/tr>\n"; }
1393 }
1394 }
1395
1396 print <<END
1397 </table>
1398 <hr size='1'>
1399 <table width='100%'>
1400 <tr>
1401 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1402 </tr>
1403 <tr>
1404 <td class='base'>$Lang::tr{'advproxy fake useragent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1405 </tr>
1406 <tr>
1407 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
1408 </tr>
1409 <tr>
1410 <td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1411 </tr>
1412 <tr>
1413 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
1414 </tr>
1415 </table>
1416 <hr size='1'>
1417 END
1418 ;
1419
1420 if ($urlfilter_addon) {
1421 print <<END
1422 <table width='100%'>
1423 <tr>
1424 <td colspan='4'><b>$Lang::tr{'advproxy url filter'}</b></td>
1425 </tr>
1426 <tr>
1427 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1428 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
1429 <td>&nbsp;</td>
1430 <td>&nbsp;</td>
1431 </tr>
1432 </table>
1433 <hr size='1'>
1434 END
1435 ; }
1436
1437 if (($updacclrtr_addon) && (!($urlfilter_addon))) {
1438 print <<END
1439 <table width='100%'>
1440 <tr>
1441 <td colspan='4'><b>$Lang::tr{'advproxy update accelerator'}</b></td>
1442 </tr>
1443 <tr>
1444 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1445 <td><input type='checkbox' name='ENABLE_UPDACCEL' $checked{'ENABLE_UPDACCEL'}{'on'} /></td>
1446 <td>&nbsp;</td>
1447 <td>&nbsp;</td>
1448 </tr>
1449 </table>
1450 <hr size='1'>
1451 END
1452 ; }
1453
1454 print <<END
1455 <table width='100%'>
1456 <tr>
1457 <td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1458 </tr>
1459 <tr>
1460 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1461 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1462 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1463 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1464 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1465 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1466 </tr>
1467 </table>
1468 END
1469 ;
1470
1471 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1472 <hr size='1'>
1473 <table width='100%'>
1474 <tr>
1475 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1476 </tr>
1477 <tr>
1478 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1479 </tr>
1480 <tr>
1481 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1482 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1483 <td colspan='2' rowspan= '6' valign='top' class='base'>
1484 <table cellpadding='0' cellspacing='0'>
1485 <tr>
1486 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1487 </tr>
1488 <tr>
1489 <!-- intentionally left empty -->
1490 </tr>
1491 <tr>
1492 <!-- intentionally left empty -->
1493 </tr>
1494 <tr>
1495 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1496 </tr>
1497 <tr>
1498 <!-- intentionally left empty -->
1499 </tr>
1500 <tr>
1501 <!-- intentionally left empty -->
1502 </tr>
1503 <tr>
1504 <td>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1505 </tr>
1506 <tr>
1507 <!-- intentionally left empty -->
1508 </tr>
1509 <tr>
1510 <!-- intentionally left empty -->
1511 </tr>
1512 <tr>
1513 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1514 END
1515 ;
1516
1517 print $proxysettings{'DST_NOAUTH'};
1518
1519 print <<END
1520 </textarea></td>
1521 </tr>
1522 </table>
1523 </td>
1524 </tr>
1525 <tr>
1526 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1527 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1528 </tr>
1529 <tr>
1530 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1531 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1532 </tr>
1533 <tr>
1534 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1535 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1536 </tr>
1537 <tr>
1538 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1539 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1540 </tr>
1541 <tr>
1542 <td colspan='2'>&nbsp;</td>
1543 </tr>
1544 </table>
1545 END
1546 ;
1547 }
1548
1549 # ===================================================================
1550 # NCSA auth settings
1551 # ===================================================================
1552
1553 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1554 print <<END
1555 <hr size='1'>
1556 <table width='100%'>
1557 <tr>
1558 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1559 </tr>
1560 <tr>
1561 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1562 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1563 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1564 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1565 </tr>
1566 <tr>
1567 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1568 <td>&nbsp;</td>
1569 <td>&nbsp;</td>
1570 </tr>
1571 </table>
1572 END
1573 ; }
1574
1575 # ===================================================================
1576 # IDENTD auth settings
1577 # ===================================================================
1578
1579 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1580 print <<END
1581 <hr size ='1'>
1582 <table width='100%'>
1583 <tr>
1584 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1585 </tr>
1586 <tr>
1587 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1588 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1589 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1590 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1591 </tr>
1592 <tr>
1593 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1594 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1595 <td>&nbsp;</td>
1596 <td>&nbsp;</td>
1597 </tr>
1598 <tr>
1599 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1600 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1601 </tr>
1602 <tr>
1603 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1604 END
1605 ;
1606 if (!$proxysettings{'IDENT_HOSTS'}) {
1607 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1608 if ($netsettings{'BLUE_DEV'}) {
1609 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1610 }
1611 } else {
1612 print $proxysettings{'IDENT_HOSTS'};
1613 }
1614
1615 print <<END
1616 </textarea></td>
1617 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1618 END
1619 ;
1620
1621 print $proxysettings{'DST_NOAUTH'};
1622
1623 print <<END
1624 </textarea></td>
1625 </tr>
1626 </table>
1627 <hr size ='1'>
1628 <table width='100%'>
1629 <tr>
1630 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1631 </tr>
1632 <tr>
1633 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1634 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1635 <td width='25%'>&nbsp;</td>
1636 <td width='30%'>&nbsp;</td>
1637 </tr>
1638 <tr>
1639 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1640 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1641 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1642 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1643 </tr>
1644 <tr>
1645 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1646 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1647 </tr>
1648 <tr>
1649 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1650 END
1651 ; }
1652
1653 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1654
1655 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1656 </textarea></td>
1657 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1658 END
1659 ; }
1660
1661 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1662
1663 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1664 </textarea></td>
1665 </tr>
1666 </table>
1667 END
1668 ; }
1669
1670 # ===================================================================
1671 # NTLM auth settings
1672 # ===================================================================
1673
1674 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1675 print <<END
1676 <hr size='1'>
1677 <table width='100%'>
1678 <tr>
1679 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1680 </tr>
1681 <tr>
1682 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1683 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1684 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1685 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1686 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1687 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1688 </tr>
1689 </table>
1690 <hr size ='1'>
1691 <table width='100%'>
1692 <tr>
1693 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1694 </tr>
1695 <tr>
1696 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1697 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1698 <td>&nbsp;</td>
1699 </tr>
1700 </table>
1701 <hr size ='1'>
1702 <table width='100%'>
1703 <tr>
1704 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1705 </tr>
1706 <tr>
1707 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1708 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1709 <td width='25%'>&nbsp;</td>
1710 <td width='30%'>&nbsp;</td>
1711 </tr>
1712 <tr>
1713 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1714 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1715 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1716 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1717 </tr>
1718 <tr>
1719 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1720 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1721 </tr>
1722 <tr>
1723 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1724 END
1725 ; }
1726
1727 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1728
1729 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1730 </textarea></td>
1731 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1732 END
1733 ; }
1734
1735 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1736
1737 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1738 </textarea></td>
1739 </tr>
1740 </table>
1741 END
1742 ; }
1743
1744 # ===================================================================
1745 # LDAP auth settings
1746 # ===================================================================
1747
1748 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1749 print <<END
1750 <hr size='1'>
1751 <table width='100%'>
1752 <tr>
1753 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1754 </tr>
1755 <tr>
1756 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1757 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1758 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1759 <td class='base'><select name='LDAP_TYPE'>
1760 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1761 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1762 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1763 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1764 </select></td>
1765 </tr>
1766 <tr>
1767 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1768 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1769 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1770 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1771 </tr>
1772 </table>
1773 <hr size ='1'>
1774 <table width='100%'>
1775 <tr>
1776 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1777 </tr>
1778 <tr>
1779 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1780 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1781 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1782 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1783 </tr>
1784 </table>
1785 <hr size ='1'>
1786 <table width='100%'>
1787 <tr>
1788 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1789 </tr>
1790 <tr>
1791 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1792 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1793 <td>&nbsp;</td>
1794 <td>&nbsp;</td>
1795 </tr>
1796 </table>
1797 END
1798 ; }
1799
1800 # ===================================================================
1801 # RADIUS auth settings
1802 # ===================================================================
1803
1804 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1805 print <<END
1806 <hr size='1'>
1807 <table width='100%'>
1808 <tr>
1809 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1810 </tr>
1811 <tr>
1812 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1813 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1814 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1815 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1816 </tr>
1817 <tr>
1818 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1819 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1820 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1821 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1822 </tr>
1823 </table>
1824 <hr size ='1'>
1825 <table width='100%'>
1826 <tr>
1827 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1828 </tr>
1829 <tr>
1830 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1831 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1832 <td width='25%'>&nbsp;</td>
1833 <td width='30%'>&nbsp;</td>
1834 </tr>
1835 <tr>
1836 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1837 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1838 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1839 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1840 </tr>
1841 <tr>
1842 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1843 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1844 </tr>
1845 <tr>
1846 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1847 END
1848 ; }
1849
1850 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
1851
1852 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1853 </textarea></td>
1854 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
1855 END
1856 ; }
1857
1858 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
1859
1860 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1861 </textarea></td>
1862 </tr>
1863 </table>
1864 END
1865 ; }
1866
1867 # ===================================================================
1868
1869 }
1870
1871 print "<table>\n";
1872
1873 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
1874 print <<END
1875 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1876 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1877 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1878 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1879 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
1880 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1881 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
1882 END
1883 ; }
1884
1885 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1886 print <<END
1887 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1888 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1889 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1890 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1891 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1892 END
1893 ; }
1894
1895 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
1896 print <<END
1897 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
1898 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
1899 END
1900 ; }
1901
1902 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
1903 print <<END
1904 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
1905 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
1906 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
1907 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
1908 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
1909 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
1910 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
1911 END
1912 ; }
1913
1914 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
1915 print <<END
1916 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
1917 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
1918 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
1919 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
1920 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
1921 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
1922 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
1923 END
1924 ; }
1925
1926 if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
1927 print <<END
1928 <td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
1929 <td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
1930 <td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
1931 <td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
1932 <td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
1933 <td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
1934 <td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
1935 <td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
1936 END
1937 ; }
1938
1939 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
1940 print <<END
1941 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
1942 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
1943 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
1944 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
1945 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
1946 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
1947 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
1948 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
1949 END
1950 ; }
1951
1952 print "</table>\n";
1953
1954 print <<END
1955 <hr size='1'>
1956 END
1957 ;
1958
1959 print <<END
1960 <table width='100%'>
1961 <tr>
1962 <td>&nbsp;</td>
1963 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
1964 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
1965 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>
1966 <td>&nbsp;</td>
1967 </tr>
1968
1969 </table>
1970 <br />
1971 <table width='100%'>
1972 <tr>
1973 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;
1974 <font class='base'>$Lang::tr{'this field may be blank'}</font>
1975 </td>
1976 <td align='right'>
1977 <sup><small><a href='http://www.advproxy.net' target='_blank'>Advanced Proxy $advproxyversion</a></small></sup>
1978 </td>
1979 </tr>
1980 </table>
1981 </form>
1982 END
1983 ;
1984
1985 &Header::closebox();
1986
1987 } else {
1988
1989 # ===================================================================
1990 # NCSA user management
1991 # ===================================================================
1992
1993 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
1994 print <<END
1995 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
1996 <table width='100%'>
1997 <tr>
1998 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
1999 </tr>
2000 <tr>
2001 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2002 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2003 END
2004 ;
2005 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
2006 print <<END
2007 /></td>
2008 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2009 <td class='base'>
2010 <select name='NCSA_GROUP'>
2011 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2012 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2013 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2014 </select>
2015 </td>
2016
2017 </tr>
2018 <tr>
2019 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2020 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2021 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2022 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2023 </tr>
2024 </table>
2025 <br>
2026 <table>
2027 <tr>
2028 <td>&nbsp;</td>
2029 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2030 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2031 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2032 END
2033 ;
2034 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2035 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2036 }
2037
2038 print <<END
2039 <td>&nbsp;</td>
2040 <td>&nbsp;</td>
2041 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2042 </tr>
2043 </table>
2044 </form>
2045 <hr size='1'>
2046 <table width='100%'>
2047 <tr>
2048 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2049 </tr>
2050 </table>
2051 <table width='100%' align='center'>
2052 END
2053 ;
2054
2055 if (-e $extgrp)
2056 {
2057 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2058 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2059 }
2060 if (-e $stdgrp)
2061 {
2062 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2063 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2064 }
2065 if (-e $disgrp)
2066 {
2067 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2068 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2069 }
2070
2071 @userlist = sort(@userlist);
2072
2073 # If the password file contains entries, print entries and action icons
2074
2075 if (! -z "$userdb") {
2076 print <<END
2077 <tr>
2078 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2079 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2080 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2081 </tr>
2082 END
2083 ;
2084 $id = 0;
2085 foreach $line (@userlist)
2086 {
2087 $id++;
2088 chomp($line);
2089 @temp = split(/:/,$line);
2090 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2091 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2092 elsif ($id % 2) {
2093 print "<tr bgcolor='$Header::table1colour'>\n"; }
2094 else {
2095 print "<tr bgcolor='$Header::table2colour'>\n"; }
2096
2097 print <<END
2098 <td align='center'>$temp[0]</td>
2099 <td align='center'>
2100 END
2101 ;
2102 if ($temp[1] eq 'standard') {
2103 print $Lang::tr{'advproxy NCSA grp standard'};
2104 } elsif ($temp[1] eq 'extended') {
2105 print $Lang::tr{'advproxy NCSA grp extended'};
2106 } elsif ($temp[1] eq 'disabled') {
2107 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2108 print <<END
2109 </td>
2110 <td width='8%' align='center'>
2111 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2112 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2113 <input type='hidden' name='ID' value='$line' />
2114 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2115 </form>
2116 </td>
2117
2118 <td width='8%' align='center'>
2119 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2120 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2121 <input type='hidden' name='ID' value='$temp[0]' />
2122 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2123 </form>
2124 </td>
2125 </tr>
2126 END
2127 ;
2128 }
2129
2130 print <<END
2131 </table>
2132 <br>
2133 <table witdh='100%'>
2134 <tr>
2135 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2136 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2137 <td class='base'>$Lang::tr{'edit'}</td>
2138 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2139 <td class='base'>$Lang::tr{'remove'}</td>
2140 </tr>
2141 END
2142 ;
2143 } else {
2144 print <<END
2145 <tr>
2146 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2147 </tr>
2148 END
2149 ;
2150 }
2151
2152 print <<END
2153 </table>
2154 END
2155 ;
2156
2157 &Header::closebox();
2158
2159 }
2160
2161 # ===================================================================
2162
2163 &Header::closebigbox();
2164
2165 &Header::closepage();
2166
2167 # -------------------------------------------------------------------
2168
2169 sub read_acls
2170 {
2171 if (-e "$acl_src_subnets") {
2172 open(FILE,"$acl_src_subnets");
2173 delete $proxysettings{'SRC_SUBNETS'};
2174 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2175 close(FILE);
2176 }
2177 if (-e "$acl_src_banned_ip") {
2178 open(FILE,"$acl_src_banned_ip");
2179 delete $proxysettings{'SRC_BANNED_IP'};
2180 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2181 close(FILE);
2182 }
2183 if (-e "$acl_src_banned_mac") {
2184 open(FILE,"$acl_src_banned_mac");
2185 delete $proxysettings{'SRC_BANNED_MAC'};
2186 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2187 close(FILE);
2188 }
2189 if (-e "$acl_src_unrestricted_ip") {
2190 open(FILE,"$acl_src_unrestricted_ip");
2191 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2192 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2193 close(FILE);
2194 }
2195 if (-e "$acl_src_unrestricted_mac") {
2196 open(FILE,"$acl_src_unrestricted_mac");
2197 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2198 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2199 close(FILE);
2200 }
2201 if (-e "$acl_dst_nocache") {
2202 open(FILE,"$acl_dst_nocache");
2203 delete $proxysettings{'DST_NOCACHE'};
2204 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2205 close(FILE);
2206 }
2207 if (-e "$acl_dst_noauth") {
2208 open(FILE,"$acl_dst_noauth");
2209 delete $proxysettings{'DST_NOAUTH'};
2210 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2211 close(FILE);
2212 }
2213 if (-e "$mimetypes") {
2214 open(FILE,"$mimetypes");
2215 delete $proxysettings{'MIME_TYPES'};
2216 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2217 close(FILE);
2218 }
2219 if (-e "$ntlmdir/msntauth.allowusers") {
2220 open(FILE,"$ntlmdir/msntauth.allowusers");
2221 delete $proxysettings{'NTLM_ALLOW_USERS'};
2222 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2223 close(FILE);
2224 }
2225 if (-e "$ntlmdir/msntauth.denyusers") {
2226 open(FILE,"$ntlmdir/msntauth.denyusers");
2227 delete $proxysettings{'NTLM_DENY_USERS'};
2228 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2229 close(FILE);
2230 }
2231 if (-e "$raddir/radauth.allowusers") {
2232 open(FILE,"$raddir/radauth.allowusers");
2233 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2234 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2235 close(FILE);
2236 }
2237 if (-e "$raddir/radauth.denyusers") {
2238 open(FILE,"$raddir/radauth.denyusers");
2239 delete $proxysettings{'RADIUS_DENY_USERS'};
2240 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2241 close(FILE);
2242 }
2243 if (-e "$identdir/identauth.allowusers") {
2244 open(FILE,"$identdir/identauth.allowusers");
2245 delete $proxysettings{'IDENT_ALLOW_USERS'};
2246 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2247 close(FILE);
2248 }
2249 if (-e "$identdir/identauth.denyusers") {
2250 open(FILE,"$identdir/identauth.denyusers");
2251 delete $proxysettings{'IDENT_DENY_USERS'};
2252 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2253 close(FILE);
2254 }
2255 if (-e "$identhosts") {
2256 open(FILE,"$identhosts");
2257 delete $proxysettings{'IDENT_HOSTS'};
2258 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2259 close(FILE);
2260 }
2261 if (-e "$cre_groups") {
2262 open(FILE,"$cre_groups");
2263 delete $proxysettings{'CRE_GROUPS'};
2264 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2265 close(FILE);
2266 }
2267 if (-e "$cre_svhosts") {
2268 open(FILE,"$cre_svhosts");
2269 delete $proxysettings{'CRE_SVHOSTS'};
2270 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2271 close(FILE);
2272 }
2273 }
2274
2275 # -------------------------------------------------------------------
2276
2277 sub check_acls
2278 {
2279 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2280 undef $proxysettings{'SRC_SUBNETS'};
2281 foreach (@temp)
2282 {
2283 s/^\s+//g; s/\s+$//g;
2284 if ($_)
2285 {
2286 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2287 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2288 }
2289 }
2290
2291 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2292 undef $proxysettings{'SRC_BANNED_IP'};
2293 foreach (@temp)
2294 {
2295 s/^\s+//g; s/\s+$//g;
2296 if ($_)
2297 {
2298 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2299 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2300 }
2301 }
2302
2303 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2304 undef $proxysettings{'SRC_BANNED_MAC'};
2305 foreach (@temp)
2306 {
2307 s/^\s+//g; s/\s+$//g; s/-/:/g;
2308 if ($_)
2309 {
2310 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2311 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2312 }
2313 }
2314
2315 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2316 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2317 foreach (@temp)
2318 {
2319 s/^\s+//g; s/\s+$//g;
2320 if ($_)
2321 {
2322 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2323 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2324 }
2325 }
2326
2327 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2328 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2329 foreach (@temp)
2330 {
2331 s/^\s+//g; s/\s+$//g; s/-/:/g;
2332 if ($_)
2333 {
2334 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2335 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2336 }
2337 }
2338
2339 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2340 {
2341 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2342 undef $proxysettings{'NTLM_ALLOW_USERS'};
2343 foreach (@temp)
2344 {
2345 s/^\s+//g; s/\s+$//g;
2346 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2347 }
2348 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2349 }
2350
2351 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2352 {
2353 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2354 undef $proxysettings{'NTLM_DENY_USERS'};
2355 foreach (@temp)
2356 {
2357 s/^\s+//g; s/\s+$//g;
2358 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2359 }
2360 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2361 }
2362
2363 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2364 {
2365 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2366 undef $proxysettings{'IDENT_ALLOW_USERS'};
2367 foreach (@temp)
2368 {
2369 s/^\s+//g; s/\s+$//g;
2370 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2371 }
2372 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2373 }
2374
2375 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2376 {
2377 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2378 undef $proxysettings{'IDENT_DENY_USERS'};
2379 foreach (@temp)
2380 {
2381 s/^\s+//g; s/\s+$//g;
2382 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2383 }
2384 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2385 }
2386
2387 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2388 {
2389 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2390 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2391 foreach (@temp)
2392 {
2393 s/^\s+//g; s/\s+$//g;
2394 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2395 }
2396 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2397 }
2398
2399 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2400 {
2401 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2402 undef $proxysettings{'RADIUS_DENY_USERS'};
2403 foreach (@temp)
2404 {
2405 s/^\s+//g; s/\s+$//g;
2406 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2407 }
2408 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2409 }
2410
2411 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2412 undef $proxysettings{'IDENT_HOSTS'};
2413 foreach (@temp)
2414 {
2415 s/^\s+//g; s/\s+$//g;
2416 if ($_)
2417 {
2418 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2419 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2420 }
2421 }
2422
2423 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2424 undef $proxysettings{'CRE_SVHOSTS'};
2425 foreach (@temp)
2426 {
2427 s/^\s+//g; s/\s+$//g;
2428 if ($_)
2429 {
2430 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2431 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2432 }
2433 }
2434 }
2435
2436
2437 # -------------------------------------------------------------------
2438
2439 sub write_acls
2440 {
2441 open(FILE, ">$acl_src_subnets");
2442 flock(FILE, 2);
2443 print FILE $proxysettings{'SRC_SUBNETS'};
2444 close(FILE);
2445
2446 open(FILE, ">$acl_src_banned_ip");
2447 flock(FILE, 2);
2448 print FILE $proxysettings{'SRC_BANNED_IP'};
2449 close(FILE);
2450
2451 open(FILE, ">$acl_src_banned_mac");
2452 flock(FILE, 2);
2453 print FILE $proxysettings{'SRC_BANNED_MAC'};
2454 close(FILE);
2455
2456 open(FILE, ">$acl_src_unrestricted_ip");
2457 flock(FILE, 2);
2458 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2459 close(FILE);
2460
2461 open(FILE, ">$acl_src_unrestricted_mac");
2462 flock(FILE, 2);
2463 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2464 close(FILE);
2465
2466 open(FILE, ">$acl_dst_nocache");
2467 flock(FILE, 2);
2468 print FILE $proxysettings{'DST_NOCACHE'};
2469 close(FILE);
2470
2471 open(FILE, ">$acl_dst_noauth");
2472 flock(FILE, 2);
2473 print FILE $proxysettings{'DST_NOAUTH'};
2474 close(FILE);
2475
2476 open(FILE, ">$acl_dst_throttle");
2477 flock(FILE, 2);
2478 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2479 {
2480 @temp = split(/\|/,$throttle_binary);
2481 foreach (@temp) { print FILE "\\.$_\$\n"; }
2482 }
2483 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2484 {
2485 @temp = split(/\|/,$throttle_dskimg);
2486 foreach (@temp) { print FILE "\\.$_\$\n"; }
2487 }
2488 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2489 {
2490 @temp = split(/\|/,$throttle_mmedia);
2491 foreach (@temp) { print FILE "\\.$_\$\n"; }
2492 }
2493 if (-s $throttled_urls)
2494 {
2495 open(URLFILE, $throttled_urls);
2496 @temp = <URLFILE>;
2497 close(URLFILE);
2498 foreach (@temp) { print FILE; }
2499 }
2500 close(FILE);
2501
2502 open(FILE, ">$mimetypes");
2503 flock(FILE, 2);
2504 print FILE $proxysettings{'MIME_TYPES'};
2505 close(FILE);
2506
2507 open(FILE, ">$ntlmdir/msntauth.allowusers");
2508 flock(FILE, 2);
2509 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2510 close(FILE);
2511
2512 open(FILE, ">$ntlmdir/msntauth.denyusers");
2513 flock(FILE, 2);
2514 print FILE $proxysettings{'NTLM_DENY_USERS'};
2515 close(FILE);
2516
2517 open(FILE, ">$raddir/radauth.allowusers");
2518 flock(FILE, 2);
2519 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2520 close(FILE);
2521
2522 open(FILE, ">$raddir/radauth.denyusers");
2523 flock(FILE, 2);
2524 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2525 close(FILE);
2526
2527 open(FILE, ">$identdir/identauth.allowusers");
2528 flock(FILE, 2);
2529 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2530 close(FILE);
2531
2532 open(FILE, ">$identdir/identauth.denyusers");
2533 flock(FILE, 2);
2534 print FILE $proxysettings{'IDENT_DENY_USERS'};
2535 close(FILE);
2536
2537 open(FILE, ">$identhosts");
2538 flock(FILE, 2);
2539 print FILE $proxysettings{'IDENT_HOSTS'};
2540 close(FILE);
2541
2542 open(FILE, ">$cre_groups");
2543 flock(FILE, 2);
2544 print FILE $proxysettings{'CRE_GROUPS'};
2545 close(FILE);
2546
2547 open(FILE, ">$cre_svhosts");
2548 flock(FILE, 2);
2549 print FILE $proxysettings{'CRE_SVHOSTS'};
2550 close(FILE);
2551 }
2552
2553 # -------------------------------------------------------------------
2554
2555 sub writepacfile
2556 {
2557 open(FILE, ">/home/httpd/html/proxy.pac");
2558 flock(FILE, 2);
2559 print FILE "function FindProxyForURL(url, host)\n";
2560 print FILE "{\n";
2561 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2562 {
2563 print FILE <<END
2564 if (
2565 (isPlainHostName(host)) ||
2566 (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
2567 (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
2568 (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
2569 (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
2570 (isInNet(host, "192.168.0.0", "255.255.0.0"))
2571 )
2572 return "DIRECT";
2573
2574 else
2575
2576 END
2577 ;
2578 if ($proxysettings{'ENABLE'} eq 'on')
2579 {
2580 print FILE <<END
2581 if (
2582 (isInNet(myIpAddress(), "$netsettings{'GREEN_NETADDRESS'}", "$netsettings{'GREEN_NETMASK'}"))
2583 )
2584 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2585 END
2586 ;
2587 }
2588 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2589 {
2590 print FILE "\n else\n\n";
2591 }
2592 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2593 {
2594 print FILE <<END
2595 if (
2596 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2597 )
2598 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2599 END
2600 ;
2601 }
2602 }
2603 print FILE "}\n";
2604 close(FILE);
2605 }
2606
2607 # -------------------------------------------------------------------
2608
2609 sub writeconfig
2610 {
2611 my $authrealm;
2612 my $delaypools;
2613
2614 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2615 $proxysettings{'THROTTLING_GREEN_HOST'} +
2616 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2617 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2618 {
2619 $delaypools = 1; } else { $delaypools = 0;
2620 }
2621
2622 if ($proxysettings{'AUTH_REALM'} eq '')
2623 {
2624 $authrealm = "IPFire Advanced Proxy Server";
2625 } else {
2626 $authrealm = $proxysettings{'AUTH_REALM'};
2627 }
2628
2629 $_ = $proxysettings{'UPSTREAM_PROXY'};
2630 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
2631
2632 if ($remoteport eq '') { $remoteport = 80; }
2633
2634 open(FILE, ">${General::swroot}/proxy/squid.conf");
2635 flock(FILE, 2);
2636 print FILE <<END
2637 shutdown_lifetime 5 seconds
2638 icp_port 0
2639
2640 http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}
2641 END
2642 ;
2643 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2644 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
2645 }
2646
2647 print FILE <<END
2648
2649 acl QUERY urlpath_regex cgi-bin \\?
2650 no_cache deny QUERY
2651 END
2652 ;
2653 if (!-z $acl_dst_nocache) {
2654 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
2655 print FILE "no_cache deny no_cache_domains\n";
2656 }
2657
2658 print FILE <<END
2659
2660 cache_effective_user squid
2661 cache_effective_group squid
2662
2663 pid_filename /var/run/squid.pid
2664
2665 cache_mem $proxysettings{'CACHE_MEM'} MB
2666 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
2667
2668 error_directory /usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}
2669
2670 END
2671 ;
2672
2673 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
2674
2675 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
2676 {
2677 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
2678 {
2679 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
2680 }
2681 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
2682 {
2683 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
2684 }
2685 print FILE "\n";
2686 }
2687
2688 if ($proxysettings{'LOGGING'} eq 'on')
2689 {
2690 print FILE <<END
2691 cache_access_log /var/log/squid/access.log
2692 cache_log /var/log/squid/cache.log
2693 cache_store_log none
2694 END
2695 ;
2696 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
2697 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
2698 } else {
2699 print FILE <<END
2700 cache_access_log /dev/null
2701 cache_log /dev/null
2702 cache_store_log none
2703 END
2704 ;}
2705 print FILE <<END
2706
2707 log_mime_hdrs off
2708 END
2709 ;
2710
2711 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
2712 {
2713 print FILE "forwarded_for on\n\n";
2714 } else {
2715 print FILE "forwarded_for off\n\n";
2716 }
2717
2718 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
2719 {
2720 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2721 {
2722 print FILE "auth_param basic program $libexecdir/ncsa_auth $userdb\n";
2723 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2724 print FILE "auth_param basic realm $authrealm\n";
2725 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2726 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2727 }
2728
2729 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
2730 {
2731 print FILE "auth_param basic program $libexecdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
2732 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
2733 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
2734 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
2735 {
2736 if ($proxysettings{'LDAP_GROUP'} eq '')
2737 {
2738 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
2739 } else {
2740 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2741 }
2742 print FILE " -u sAMAccountName -P";
2743 }
2744 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
2745 {
2746 if ($proxysettings{'LDAP_GROUP'} eq '')
2747 {
2748 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
2749 } else {
2750 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
2751 }
2752 print FILE " -u cn -P";
2753 }
2754 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
2755 {
2756 if ($proxysettings{'LDAP_GROUP'} eq '')
2757 {
2758 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
2759 } else {
2760 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2761 }
2762 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
2763 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
2764 print FILE " -u uid -P";
2765 }
2766 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
2767 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2768 print FILE "auth_param basic realm $authrealm\n";
2769 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2770 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2771 }
2772
2773 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
2774 {
2775 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
2776 {
2777 print FILE "auth_param ntlm program $libexecdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
2778 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
2779 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
2780 print FILE "auth_param ntlm max_challenge_reuses 0\n";
2781 print FILE "auth_param ntlm max_challenge_lifetime 2 minutes\n";
2782 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2783 } else {
2784 print FILE "auth_param basic program $libexecdir/msnt_auth\n";
2785 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2786 print FILE "auth_param basic realm $authrealm\n";
2787 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2788 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2789
2790 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
2791 flock(MSNTCONF,2);
2792 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
2793 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
2794 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
2795 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
2796 {
2797 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
2798 {
2799 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
2800 } else {
2801 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
2802 }
2803 }
2804 close(MSNTCONF);
2805 }
2806 }
2807
2808 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
2809 {
2810 print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
2811 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
2812 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
2813 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2814 print FILE "auth_param basic realm $authrealm\n";
2815 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2816 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2817 }
2818
2819 print FILE "\n";
2820 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
2821 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
2822 {
2823 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2824 {
2825 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
2826 }
2827 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2828 {
2829 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
2830 }
2831 }
2832 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
2833 {
2834 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2835 {
2836 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
2837 }
2838 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2839 {
2840 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
2841 }
2842 }
2843 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2844 {
2845 print FILE "\n";
2846 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
2847 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
2848 }
2849 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
2850 print FILE "\n";
2851
2852 if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; }
2853 }
2854
2855 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2856 {
2857 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
2858 {
2859 print FILE "acl for_inetusers ident REQUIRED\n";
2860 }
2861 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
2862 {
2863 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2864 {
2865 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
2866 }
2867 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2868 {
2869 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
2870 }
2871 }
2872 }
2873
2874 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
2875
2876 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
2877
2878 print FILE "acl within_timeframe time ";
2879 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
2880 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
2881 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
2882 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
2883 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
2884 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
2885 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
2886 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
2887 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
2888 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
2889 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
2890
2891 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
2892 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
2893 }
2894
2895 print FILE <<END
2896 acl all src 0.0.0.0/0.0.0.0
2897 acl localhost src 127.0.0.1/255.255.255.255
2898 acl SSL_ports port 443 563
2899 acl Safe_ports port 80 # http
2900 acl Safe_ports port 21 # ftp
2901 acl Safe_ports port 443 563 # https, snews
2902 acl Safe_ports port 70 # gopher
2903 acl Safe_ports port 210 # wais
2904 acl Safe_ports port 1025-65535 # unregistered ports
2905 acl Safe_ports port 280 # http-mgmt
2906 acl Safe_ports port 488 # gss-http
2907 acl Safe_ports port 591 # filemaker
2908 acl Safe_ports port 777 # multiling http
2909 acl Safe_ports port 800 # Squids port (for icons)
2910
2911 acl IPCop_http port 81
2912 acl IPCop_https port 445
2913 acl IPCop_ips dst $netsettings{'GREEN_ADDRESS'}
2914 acl IPCop_networks src "$acl_src_subnets"
2915 acl IPCop_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
2916 END
2917 ;
2918 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
2919 if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips src \"$acl_src_banned_ip\"\n"; }
2920 if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac arp \"$acl_src_banned_mac\"\n"; }
2921 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
2922 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
2923 print FILE <<END
2924 acl CONNECT method CONNECT
2925 END
2926 ;
2927
2928 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
2929 print FILE <<END
2930
2931 #Classroom extensions
2932 acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
2933 acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
2934 END
2935 ;
2936 print FILE "deny_info ";
2937 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2938 print FILE "ERR_ACCESS_DISABLED";
2939 } else { print FILE "ERR_ACCESS_DENIED"; }
2940 print FILE " IPCop_no_access_ips\n";
2941 print FILE "deny_info ";
2942 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2943 print FILE "ERR_ACCESS_DISABLED";
2944 } else { print FILE "ERR_ACCESS_DENIED"; }
2945 print FILE " IPCop_no_access_mac\n";
2946
2947 print FILE <<END
2948 http_access deny IPCop_no_access_ips
2949 http_access deny IPCop_no_access_mac
2950 END
2951 ;
2952 }
2953
2954 #Insert acl file and replace __VAR__ with correct values
2955 my $blue_net = ''; #BLUE empty by default
2956 my $blue_ip = '';
2957 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2958 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
2959 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
2960 }
2961 if (!-z $acl_include)
2962 {
2963 open (ACL, "$acl_include");
2964 print FILE "\n#Start of custom includes\n";
2965 while (<ACL>) {
2966 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
2967 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
2968 $_ =~ s/__BLUE_IP__/$blue_ip/;
2969 $_ =~ s/__BLUE_NET__/$blue_net/;
2970 print FILE $_;
2971 }
2972 print FILE "#End of custom includes\n";
2973 close (ACL);
2974 }
2975 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
2976 print FILE <<END
2977
2978 #Access to squid:
2979 #local machine, no restriction
2980 http_access allow localhost
2981
2982 #GUI admin if local machine connects
2983 http_access allow IPCop_ips IPCop_networks IPCop_http
2984 http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
2985
2986 #Deny not web services
2987 http_access deny !Safe_ports
2988 http_access deny CONNECT !SSL_ports
2989
2990 END
2991 ;
2992
2993 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2994 {
2995 print FILE "#Set ident ACLs\n";
2996 if (!-z $identhosts)
2997 {
2998 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
2999 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3000 print FILE "ident_lookup_access deny all\n";
3001 } else {
3002 print FILE "ident_lookup_access allow all\n";
3003 }
3004 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3005 }
3006
3007 if ($delaypools) {
3008 print FILE "#Set download throttling\n";
3009
3010 if ($netsettings{'BLUE_DEV'})
3011 {
3012 print FILE "delay_pools 2\n";
3013 } else {
3014 print FILE "delay_pools 1\n";
3015 }
3016
3017 print FILE "delay_class 1 3\n";
3018 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3019
3020 print FILE "delay_parameters 1 ";
3021 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3022 {
3023 print FILE "-1/-1";
3024 } else {
3025 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3026 print FILE "/";
3027 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3028 }
3029
3030 print FILE " -1/-1 ";
3031 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3032 {
3033 print FILE "-1/-1";
3034 } else {
3035 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3036 print FILE "/";
3037 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3038 }
3039 print FILE "\n";
3040
3041 if ($netsettings{'BLUE_DEV'})
3042 {
3043 print FILE "delay_parameters 2 ";
3044 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3045 {
3046 print FILE "-1/-1";
3047 } else {
3048 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3049 print FILE "/";
3050 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3051 }
3052 print FILE " -1/-1 ";
3053 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3054 {
3055 print FILE "-1/-1";
3056 } else {
3057 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3058 print FILE "/";
3059 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3060 }
3061 print FILE "\n";
3062 }
3063
3064 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
3065 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
3066 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3067
3068 if ($netsettings{'BLUE_DEV'})
3069 {
3070 print FILE "delay_access 1 allow IPCop_green_network";
3071 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3072 print FILE "\n";
3073 print FILE "delay_access 1 deny all\n";
3074 } else {
3075 print FILE "delay_access 1 allow all";
3076 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3077 print FILE "\n";
3078 }
3079
3080 if ($netsettings{'BLUE_DEV'})
3081 {
3082 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
3083 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
3084 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3085 print FILE "delay_access 2 allow IPCop_blue_network";
3086 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3087 print FILE "\n";
3088 print FILE "delay_access 2 deny all\n";
3089 }
3090
3091 print FILE "delay_initial_bucket_level 100%\n";
3092 print FILE "\n";
3093 }
3094 print FILE <<END
3095 #Set custom configured ACLs
3096 END
3097 ;
3098 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPCop_banned_ips\n"; }
3099 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPCop_banned_mac\n"; }
3100
3101 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3102 {
3103 if (!-z $acl_src_unrestricted_ip)
3104 {
3105 print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
3106 }
3107 if (!-z $acl_src_unrestricted_mac)
3108 {
3109 print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
3110 }
3111 print FILE "http_access allow IPCop_networks";
3112 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3113 print FILE " !within_timeframe";
3114 } else {
3115 print FILE " within_timeframe"; }
3116 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3117 print FILE " to_domains_without_auth\n";
3118 }
3119
3120 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3121 {
3122 print FILE "http_access deny !for_inetusers";
3123 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3124 print FILE "\n";
3125 }
3126
3127 if (
3128 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3129 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3130 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3131 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3132 (!-z "$identdir/identauth.denyusers")
3133 )
3134 {
3135 print FILE "http_access deny for_acl_users";
3136 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3137 print FILE "\n";
3138 }
3139
3140 if (!-z $acl_src_unrestricted_ip)
3141 {
3142 print FILE "http_access allow IPCop_unrestricted_ips";
3143 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3144 {
3145 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3146 {
3147 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3148 }
3149 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3150 {
3151 print FILE " for_inetusers";
3152 }
3153 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3154 {
3155 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3156 {
3157 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3158 {
3159 print FILE " for_acl_users";
3160 }
3161 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3162 {
3163 print FILE " !for_acl_users";
3164 }
3165 } else { print FILE " for_inetusers"; }
3166 }
3167 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3168 {
3169 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3170 {
3171 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3172 {
3173 print FILE " for_acl_users";
3174 }
3175 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3176 {
3177 print FILE " !for_acl_users";
3178 }
3179 } else { print FILE " for_inetusers"; }
3180 }
3181 }
3182 print FILE "\n";
3183 }
3184
3185 if (!-z $acl_src_unrestricted_mac)
3186 {
3187 print FILE "http_access allow IPCop_unrestricted_mac";
3188 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3189 {
3190 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3191 {
3192 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3193 }
3194 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3195 {
3196 print FILE " for_inetusers";
3197 }
3198 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3199 {
3200 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3201 {
3202 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3203 {
3204 print FILE " for_acl_users";
3205 }
3206 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3207 {
3208 print FILE " !for_acl_users";
3209 }
3210 } else { print FILE " for_inetusers"; }
3211 }
3212 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3213 {
3214 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3215 {
3216 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3217 {
3218 print FILE " for_acl_users";
3219 }
3220 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3221 {
3222 print FILE " !for_acl_users";
3223 }
3224 } else { print FILE " for_inetusers"; }
3225 }
3226 }
3227 print FILE "\n";
3228 }
3229
3230 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3231 {
3232 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3233 if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
3234 }
3235
3236 if (
3237 (
3238 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3239 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3240 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3241 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3242 (!-z "$ntlmdir/msntauth.denyusers")
3243 )
3244 ||
3245 (
3246 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3247 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3248 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3249 (!-z "$raddir/radauth.denyusers")
3250 )
3251 ||
3252 (
3253 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3254 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3255 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3256 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3257 (!-z "$identdir/identauth.denyusers")
3258 )
3259 )
3260 {
3261 print FILE "http_access deny for_acl_users";
3262 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3263 print FILE "\n";
3264 }
3265
3266 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3267 {
3268 print FILE "http_access allow";
3269 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3270 print FILE " !within_timeframe";
3271 } else {
3272 print FILE " within_timeframe"; }
3273 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3274 print FILE " !on_ident_aware_hosts\n";
3275 }
3276
3277 print FILE "http_access allow IPCop_networks";
3278 if (
3279 (
3280 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3281 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3282 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3283 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3284 (!-z "$ntlmdir/msntauth.allowusers")
3285 )
3286 ||
3287 (
3288 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3289 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3290 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3291 (!-z "$raddir/radauth.allowusers")
3292 )
3293 ||
3294 (
3295 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3296 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3297 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3298 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3299 (!-z "$identdir/identauth.allowusers")
3300 )
3301 )
3302 {
3303 print FILE " for_acl_users";
3304 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3305 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3306 print FILE " for_inetusers";
3307 }
3308 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3309 {
3310 print FILE " !concurrent";
3311 }
3312 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3313 print FILE " !within_timeframe";
3314 } else {
3315 print FILE " within_timeframe"; }
3316 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3317 print FILE "\n";
3318
3319 print FILE "http_access deny all\n\n";
3320
3321 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3322 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3323 {
3324 print FILE "#Strip HTTP Header\n";
3325
3326 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3327 {
3328 print FILE "header_access X-Forwarded-For deny all\n";
3329 }
3330 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3331 {
3332 print FILE "header_access Via deny all\n";
3333 }
3334 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3335 {
3336 print FILE "header_access User-Agent deny all\n";
3337 }
3338 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3339 {
3340 print FILE "header_access Referer deny all\n";
3341 }
3342
3343 print FILE "\n";
3344
3345 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3346 {
3347 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3348 {
3349 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3350 }
3351 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3352 {
3353 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3354 }
3355 print FILE "\n";
3356 }
3357 }
3358
3359 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3360 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
3361 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
3362 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3363 {
3364 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3365 }
3366 print FILE "http_reply_access deny blocked_mimetypes\n";
3367 print FILE "http_reply_access allow all\n\n";
3368 }
3369
3370 print FILE <<END
3371 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3372 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3373
3374 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3375 END
3376 ;
3377 $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
3378 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3379 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
3380 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
3381 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3382 {
3383 if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
3384 }
3385 }
3386 print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
3387
3388 print FILE "visible_hostname";
3389 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3390 {
3391 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3392 } else {
3393 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3394 }
3395
3396 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
3397
3398 # Write the parent proxy info, if needed.
3399 if ($remotehost ne '')
3400 {
3401 # Enter authentication for the parent cache (format is login=user:password)
3402 if ($proxy1 eq 'YES') {
3403 print FILE <<END
3404 cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query
3405
3406 END
3407 ;
3408 } else {
3409 # Not using authentication with the parent cache
3410 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3411 if ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3412 print FILE "\n";
3413 }
3414 print FILE "never_direct allow all\n\n";
3415 }
3416 if ($urlfilter_addon) {
3417 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
3418 {
3419 print FILE <<END
3420 redirect_program /usr/sbin/squidGuard
3421 redirect_children $filtersettings{'CHILDREN'}
3422
3423 END
3424 ;
3425 }
3426 }
3427 if ($updacclrtr_addon) {
3428 if ($proxysettings{'ENABLE_UPDACCEL'} eq 'on')
3429 {
3430 print FILE <<END
3431 redirect_program /usr/local/bin/updacclrtr
3432 redirect_children $updaccsettings{'ACCELERATORS'}
3433
3434 END
3435 ;
3436 }
3437 }
3438 if (($proxysettings{'TRANSPARENT'} eq 'on') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))
3439 {
3440 print FILE <<END
3441 httpd_accel_host virtual
3442 httpd_accel_port 80
3443 httpd_accel_with_proxy on
3444 httpd_accel_uses_host_header on
3445 END
3446 ;
3447 }
3448 close FILE;
3449 }
3450
3451 # -------------------------------------------------------------------
3452
3453 sub adduser
3454 {
3455 my ($str_user, $str_pass, $str_group) = @_;
3456 my @groupmembers=();
3457
3458 if ($str_pass eq 'lEaVeAlOnE')
3459 {
3460 open(FILE, "$userdb");
3461 @groupmembers = <FILE>;
3462 close(FILE);
3463 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3464 &deluser($str_user);
3465 open(FILE, ">>$userdb");
3466 flock FILE,2;
3467 print FILE "$str_user$str_pass";
3468 close(FILE);
3469 } else {
3470 &deluser($str_user);
3471 system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
3472 }
3473
3474 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3475 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3476 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3477 flock FILE, 2;
3478 print FILE "$str_user\n";
3479 close(FILE);
3480
3481 return;
3482 }
3483
3484 # -------------------------------------------------------------------
3485
3486 sub deluser
3487 {
3488 my ($str_user) = @_;
3489 my $groupfile='';
3490 my @groupmembers=();
3491 my @templist=();
3492
3493 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3494 {
3495 undef @templist;
3496 open(FILE, "$groupfile");
3497 @groupmembers = <FILE>;
3498 close(FILE);
3499 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3500 open(FILE, ">$groupfile");
3501 flock FILE, 2;
3502 print FILE @templist;
3503 close(FILE);
3504 }
3505
3506 undef @templist;
3507 open(FILE, "$userdb");
3508 @groupmembers = <FILE>;
3509 close(FILE);
3510 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3511 open(FILE, ">$userdb");
3512 flock FILE, 2;
3513 print FILE @templist;
3514 close(FILE);
3515
3516 return;
3517 }
3518
3519 # -------------------------------------------------------------------
IPFire 2.x development tree