]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
BUG 11786 - squid: Remove setting for filter processes the number of Squid processes
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21 #
22 # (c) 2004-2009 marco.s - http://www.advproxy.net
23 #
24 # This code is distributed under the terms of the GPL
25 #
26 # $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $
27 #
28
29 use strict;
30 use Apache::Htpasswd;
31
32 # enable only the following on debugging purpose
33 #use warnings;
34 #use CGI::Carp 'fatalsToBrowser';
35
36 require '/var/ipfire/general-functions.pl';
37 require "${General::swroot}/lang.pl";
38 require "${General::swroot}/header.pl";
39
40 my @squidversion = `/usr/sbin/squid -v`;
41 my $http_port='81';
42 my $https_port='444';
43
44 my %color = ();
45 my %mainsettings = ();
46 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
47 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
48
49 my %proxysettings=();
50 my %netsettings=();
51 my %filtersettings=();
52 my %xlratorsettings=();
53 my %stdproxysettings=();
54 my %mainsettings=();
55
56 my %checked=();
57 my %selected=();
58
59 my @throttle_limits=(64,128,256,384,512,768,1024,1280,1536,1792,2048,2560,3072,3584,4096,5120,6144,7168,8192,10240,12288,16384,20480);
60 my $throttle_binary="7z|arj|bin|bz2|cab|exe|gz|lzh|rar|sea|tar|tgz|xz|zip";
61 my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi|vmdk";
62 my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|ogg|qt|ra?m|ts|vob";
63
64 my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
65 my $def_ports_ssl="443 # https\n563 # snews\n";
66
67 my @useragent=();
68 my @useragentlist=();
69
70 my $hintcolour='#FFFFCC';
71 my $ncsa_buttontext='';
72 my $language='';
73 my $i=0;
74 my $n=0;
75 my $id=0;
76 my $line='';
77 my $user='';
78 my @userlist=();
79 my @grouplist=();
80 my @temp=();
81 my @templist=();
82
83 my $cachemem=0;
84 my $proxy1='';
85 my $proxy2='';
86 my $browser_regexp='';
87 my $needhup = 0;
88 my $errormessage='';
89
90 my $acldir = "${General::swroot}/proxy/advanced/acls";
91 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
92 my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
93 my $raddir = "${General::swroot}/proxy/advanced/radius";
94 my $identdir = "${General::swroot}/proxy/advanced/ident";
95 my $credir = "${General::swroot}/proxy/advanced/cre";
96
97 my $userdb = "$ncsadir/passwd";
98 my $stdgrp = "$ncsadir/standard.grp";
99 my $extgrp = "$ncsadir/extended.grp";
100 my $disgrp = "$ncsadir/disabled.grp";
101
102 my $browserdb = "${General::swroot}/proxy/advanced/useragents";
103 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
104 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
105
106 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
107 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
108 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
109
110 my $identhosts = "$identdir/hosts";
111
112 my $authdir = "/usr/lib/squid/";
113 my $errordir = "/usr/lib/squid/errors";
114
115 my $acl_src_subnets = "$acldir/src_subnets.acl";
116 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
117 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
118 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
119 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
120 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
121 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
122 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
123 my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
124 my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
125 my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
126 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
127 my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
128 my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
129 my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
130 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
131 my $acl_ports_safe = "$acldir/ports_safe.acl";
132 my $acl_ports_ssl = "$acldir/ports_ssl.acl";
133 my $acl_include = "$acldir/include.acl";
134
135 my $updaccelversion = 'n/a';
136 my $urlfilterversion = 'n/a';
137
138 unless (-d "$acldir") { mkdir("$acldir"); }
139 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
140 unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
141 unless (-d "$raddir") { mkdir("$raddir"); }
142 unless (-d "$identdir") { mkdir("$identdir"); }
143 unless (-d "$credir") { mkdir("$credir"); }
144
145 unless (-e $cre_groups) { system("touch $cre_groups"); }
146 unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
147
148 unless (-e $userdb) { system("touch $userdb"); }
149 unless (-e $stdgrp) { system("touch $stdgrp"); }
150 unless (-e $extgrp) { system("touch $extgrp"); }
151 unless (-e $disgrp) { system("touch $disgrp"); }
152
153 unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
154 unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
155 unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
156 unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
157 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
158 unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
159 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
160 unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
161 unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
162 unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
163 unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
164 unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
165 unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
166 unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
167 unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
168 unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
169 unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
170 unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); }
171 unless (-e $acl_include) { system("touch $acl_include"); }
172
173 unless (-e $browserdb) { system("touch $browserdb"); }
174 unless (-e $mimetypes) { system("touch $mimetypes"); }
175
176 my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
177
178 open FILE, $browserdb;
179 @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
180 close(FILE);
181
182 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
183 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
184
185 my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
186 my $blue_cidr = "";
187 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
188 $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
189 }
190
191 &Header::showhttpheaders();
192
193 $proxysettings{'ACTION'} = '';
194 $proxysettings{'VALID'} = '';
195
196 $proxysettings{'ENABLE'} = 'off';
197 $proxysettings{'ENABLE_BLUE'} = 'off';
198 $proxysettings{'TRANSPARENT'} = 'off';
199 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
200 $proxysettings{'PROXY_PORT'} = '800';
201 $proxysettings{'TRANSPARENT_PORT'} = '3128';
202 $proxysettings{'VISIBLE_HOSTNAME'} = '';
203 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
204 $proxysettings{'ADMIN_PASSWORD'} = '';
205 $proxysettings{'ERR_LANGUAGE'} = 'German';
206 $proxysettings{'ERR_DESIGN'} = 'ipfire';
207 $proxysettings{'SUPPRESS_VERSION'} = 'off';
208 $proxysettings{'FORWARD_VIA'} = 'off';
209 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
210 $proxysettings{'FORWARD_USERNAME'} = 'off';
211 $proxysettings{'NO_CONNECTION_AUTH'} = 'off';
212 $proxysettings{'UPSTREAM_PROXY'} = '';
213 $proxysettings{'UPSTREAM_USER'} = '';
214 $proxysettings{'UPSTREAM_PASSWORD'} = '';
215 $proxysettings{'LOGGING'} = 'off';
216 $proxysettings{'CACHEMGR'} = 'off';
217 $proxysettings{'LOGQUERY'} = 'off';
218 $proxysettings{'LOGUSERAGENT'} = 'off';
219 $proxysettings{'FILEDESCRIPTORS'} = '16384';
220 $proxysettings{'CACHE_MEM'} = '2';
221 $proxysettings{'CACHE_SIZE'} = '50';
222 $proxysettings{'MAX_SIZE'} = '4096';
223 $proxysettings{'MIN_SIZE'} = '0';
224 $proxysettings{'MEM_POLICY'} = 'LRU';
225 $proxysettings{'CACHE_POLICY'} = 'LRU';
226 $proxysettings{'L1_DIRS'} = '16';
227 $proxysettings{'OFFLINE_MODE'} = 'off';
228 $proxysettings{'CACHE_DIGESTS'} = 'off';
229 $proxysettings{'CLASSROOM_EXT'} = 'off';
230 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
231 $proxysettings{'NO_PROXY_LOCAL'} = 'off';
232 $proxysettings{'NO_PROXY_LOCAL_BLUE'} = 'off';
233 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
234 $proxysettings{'TIME_FROM_HOUR'} = '00';
235 $proxysettings{'TIME_FROM_MINUTE'} = '00';
236 $proxysettings{'TIME_TO_HOUR'} = '24';
237 $proxysettings{'TIME_TO_MINUTE'} = '00';
238 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
239 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
240 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
241 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
242 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
243 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
244 $proxysettings{'THROTTLE_BINARY'} = 'off';
245 $proxysettings{'THROTTLE_DSKIMG'} = 'off';
246 $proxysettings{'THROTTLE_MMEDIA'} = 'off';
247 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
248 $proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
249 $proxysettings{'FAKE_USERAGENT'} = '';
250 $proxysettings{'FAKE_REFERER'} = '';
251 $proxysettings{'AUTH_METHOD'} = 'none';
252 $proxysettings{'AUTH_REALM'} = '';
253 $proxysettings{'AUTH_MAX_USERIP'} = '';
254 $proxysettings{'AUTH_CACHE_TTL'} = '60';
255 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
256 $proxysettings{'AUTH_CHILDREN'} = '5';
257 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
258 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
259 $proxysettings{'NCSA_USERNAME'} = '';
260 $proxysettings{'NCSA_GROUP'} = '';
261 $proxysettings{'NCSA_PASS'} = '';
262 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
263 $proxysettings{'LDAP_BASEDN'} = '';
264 $proxysettings{'LDAP_TYPE'} = 'ADS';
265 $proxysettings{'LDAP_SERVER'} = '';
266 $proxysettings{'LDAP_PORT'} = '389';
267 $proxysettings{'LDAP_BINDDN_USER'} = '';
268 $proxysettings{'LDAP_BINDDN_PASS'} = '';
269 $proxysettings{'LDAP_GROUP'} = '';
270 $proxysettings{'NTLM_AUTH_GROUP'} = '';
271 $proxysettings{'NTLM_AUTH_BASIC'} = 'off';
272 $proxysettings{'NTLM_DOMAIN'} = '';
273 $proxysettings{'NTLM_PDC'} = '';
274 $proxysettings{'NTLM_BDC'} = '';
275 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
276 $proxysettings{'NTLM_USER_ACL'} = 'positive';
277 $proxysettings{'RADIUS_SERVER'} = '';
278 $proxysettings{'RADIUS_PORT'} = '1812';
279 $proxysettings{'RADIUS_IDENTIFIER'} = '';
280 $proxysettings{'RADIUS_SECRET'} = '';
281 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
282 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
283 $proxysettings{'IDENT_REQUIRED'} = 'off';
284 $proxysettings{'IDENT_TIMEOUT'} = '10';
285 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
286 $proxysettings{'IDENT_USER_ACL'} = 'positive';
287 $proxysettings{'ENABLE_FILTER'} = 'off';
288 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
289 $proxysettings{'ENABLE_CLAMAV'} = 'off';
290
291 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
292
293 &Header::getcgihash(\%proxysettings);
294
295 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
296 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
297 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
298 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
299
300 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
301 {
302 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
303 }
304
305 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
306 {
307 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
308 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
309 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
310 }
311 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
312 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
313 }
314 if ($proxysettings{'NCSA_USERNAME'} eq '') {
315 $errormessage = $Lang::tr{'advproxy errmsg no username'};
316 }
317 if (!$errormessage) {
318 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
319 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
320 }
321 $proxysettings{'NCSA_USERNAME'} = '';
322 $proxysettings{'NCSA_GROUP'} = '';
323 $proxysettings{'NCSA_PASS'} = '';
324 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
325 }
326
327 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
328 {
329 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
330 &deluser($proxysettings{'ID'});
331 }
332
333 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
334 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
335 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
336
337 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
338 {
339 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
340 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
341 @temp = split(/:/,$proxysettings{'ID'});
342 $proxysettings{'NCSA_USERNAME'} = $temp[0];
343 $proxysettings{'NCSA_GROUP'} = $temp[1];
344 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
345 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
346 }
347
348 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
349 {
350 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
351 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
352 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
353 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
354 $errormessage = $Lang::tr{'invalid input'};
355 goto ERROR;
356 }
357 if($proxysettings{'CACHE_MEM'} > $proxysettings{'CACHE_SIZE'} && $proxysettings{'CACHE_SIZE'} > 0){
358 $errormessage = $Lang::tr{'advproxy errmsg cache'}." ".$proxysettings{'CACHE_MEM'}." > ".$proxysettings{'CACHE_SIZE'};
359 goto ERROR;
360 }
361
362 if (!(&General::validport($proxysettings{'PROXY_PORT'})))
363 {
364 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
365 goto ERROR;
366 }
367 if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
368 {
369 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
370 goto ERROR;
371 }
372 if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
373 $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
374 goto ERROR;
375 }
376 if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
377 {
378 my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
379 if (!(&General::validip($temp[0])))
380 {
381 if (!(&General::validdomainname($temp[0])))
382 {
383 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
384 goto ERROR;
385 }
386 }
387 }
388 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
389 ($proxysettings{'CACHE_SIZE'} < 10))
390 {
391 if (!($proxysettings{'CACHE_SIZE'} eq '0'))
392 {
393 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
394 goto ERROR;
395 }
396 }
397 if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
398 ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576))
399 {
400 $errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
401 goto ERROR;
402 }
403 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/))
404 {
405 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
406 goto ERROR;
407 }
408 my @free = `/usr/bin/free`;
409 $free[1] =~ m/(\d+)/;
410 $cachemem = int $1 / 2048;
411 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
412 $proxysettings{'CACHE_MEM'} = $cachemem;
413 }
414 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
415 {
416 $errormessage = $Lang::tr{'invalid maximum object size'};
417 goto ERROR;
418 }
419 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
420 {
421 $errormessage = $Lang::tr{'invalid minimum object size'};
422 goto ERROR;
423 }
424 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
425 {
426 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
427 goto ERROR;
428 }
429 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
430 {
431 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
432 goto ERROR;
433 }
434 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
435 {
436 $errormessage = $Lang::tr{'invalid maximum incoming size'};
437 goto ERROR;
438 }
439 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
440 {
441 $browser_regexp = '';
442 foreach (@useragentlist)
443 {
444 chomp;
445 @useragent = split(/,/);
446 if ($proxysettings{'UA_'.$useragent[0]} eq 'on') { $browser_regexp .= "$useragent[2]|"; }
447 }
448 chop($browser_regexp);
449 if (!$browser_regexp)
450 {
451 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
452 goto ERROR;
453 }
454 }
455 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
456 {
457 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
458 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
459 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
460 {
461 if ($netsettings{'BLUE_DEV'})
462 {
463 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
464 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
465 {
466 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
467 goto ERROR;
468 }
469 } else {
470 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
471 {
472 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
473 goto ERROR;
474 }
475 }
476 }
477 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
478 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
479 {
480 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
481 goto ERROR;
482 }
483 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
484 {
485 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
486 goto ERROR;
487 }
488 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
489 {
490 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
491 goto ERROR;
492 }
493 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
494 {
495 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
496 goto ERROR;
497 }
498 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
499 {
500 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
501 goto ERROR;
502 }
503 }
504 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
505 {
506 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
507 {
508 $errormessage = $Lang::tr{'advproxy errmsg password length'};
509 goto ERROR;
510 }
511 }
512 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
513 {
514 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
515 {
516 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
517 goto ERROR;
518 }
519 }
520 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
521 {
522 if ($proxysettings{'LDAP_BASEDN'} eq '')
523 {
524 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
525 goto ERROR;
526 }
527 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
528 {
529 if (!&General::validdomainname($proxysettings{'LDAP_SERVER'}))
530 {
531 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
532 goto ERROR;
533 }
534 }
535 if (!&General::validport($proxysettings{'LDAP_PORT'}))
536 {
537 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
538 goto ERROR;
539 }
540 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
541 {
542 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
543 {
544 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
545 goto ERROR;
546 }
547 }
548 }
549 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
550 {
551 if ($proxysettings{'NTLM_DOMAIN'} eq '')
552 {
553 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
554 goto ERROR;
555 }
556 if ($proxysettings{'NTLM_PDC'} eq '')
557 {
558 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
559 goto ERROR;
560 }
561 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
562 {
563 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
564 goto ERROR;
565 }
566 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
567 {
568 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
569 goto ERROR;
570 }
571
572 $proxysettings{'NTLM_DOMAIN'} = lc($proxysettings{'NTLM_DOMAIN'});
573 $proxysettings{'NTLM_PDC'} = lc($proxysettings{'NTLM_PDC'});
574 $proxysettings{'NTLM_BDC'} = lc($proxysettings{'NTLM_BDC'});
575 }
576 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
577 {
578 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
579 {
580 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
581 goto ERROR;
582 }
583 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
584 {
585 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
586 goto ERROR;
587 }
588 if ($proxysettings{'RADIUS_SECRET'} eq '')
589 {
590 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
591 goto ERROR;
592 }
593 }
594
595 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
596 $proxy1 = 'YES';
597 $proxy2 = 'YES';
598 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
599 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
600 if ($proxysettings{'UPSTREAM_USER'} eq 'PASS') {$proxy1=$proxy2='PASS'; $proxysettings{'UPSTREAM_PASSWORD'} = '';}
601 if (($proxy1 ne $proxy2))
602 {
603 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
604 goto ERROR;
605 }
606
607 ERROR:
608 &check_acls;
609
610 if ($errormessage) {
611 $proxysettings{'VALID'} = 'no'; }
612 else {
613 $proxysettings{'VALID'} = 'yes'; }
614
615 if ($proxysettings{'VALID'} eq 'yes')
616 {
617 &write_acls;
618
619 delete $proxysettings{'SRC_SUBNETS'};
620 delete $proxysettings{'SRC_BANNED_IP'};
621 delete $proxysettings{'SRC_BANNED_MAC'};
622 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
623 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
624 delete $proxysettings{'DST_NOCACHE'};
625 delete $proxysettings{'DST_NOAUTH'};
626 delete $proxysettings{'PORTS_SAFE'};
627 delete $proxysettings{'PORTS_SSL'};
628 delete $proxysettings{'MIME_TYPES'};
629 delete $proxysettings{'NTLM_ALLOW_USERS'};
630 delete $proxysettings{'NTLM_DENY_USERS'};
631 delete $proxysettings{'RADIUS_ALLOW_USERS'};
632 delete $proxysettings{'RADIUS_DENY_USERS'};
633 delete $proxysettings{'IDENT_HOSTS'};
634 delete $proxysettings{'IDENT_ALLOW_USERS'};
635 delete $proxysettings{'IDENT_DENY_USERS'};
636
637 delete $proxysettings{'CRE_GROUPS'};
638 delete $proxysettings{'CRE_SVHOSTS'};
639
640 delete $proxysettings{'NCSA_USERNAME'};
641 delete $proxysettings{'NCSA_GROUP'};
642 delete $proxysettings{'NCSA_PASS'};
643 delete $proxysettings{'NCSA_PASS_CONFIRM'};
644
645 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
646 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
647 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
648 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
649 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
650 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
651 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
652
653 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
654 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
655
656 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
657
658 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
659 $stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
660 $stdproxysettings{'UPSTREAM_PROXY'} = $proxysettings{'UPSTREAM_PROXY'};
661 $stdproxysettings{'UPSTREAM_USER'} = $proxysettings{'UPSTREAM_USER'};
662 $stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
663 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
664 $stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
665 $stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
666 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
667
668 &writeconfig;
669 &writepacfile;
670
671 if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
672
673 system ('/usr/local/bin/squidctrl', 'disable');
674 unlink "${General::swroot}/proxy/enable";
675 unlink "${General::swroot}/proxy/transparent";
676 unlink "${General::swroot}/proxy/enable_blue";
677 unlink "${General::swroot}/proxy/transparent_blue";
678
679 if ($proxysettings{'ENABLE'} eq 'on') {
680 system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
681 system ('/usr/local/bin/squidctrl', 'enable'); }
682 if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
683 system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
684 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
685 system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
686 system ('/usr/local/bin/squidctrl', 'enable'); }
687 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
688 system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
689
690 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
691 if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
692 }
693 }
694
695 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
696 {
697 system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
698 }
699
700 if (!$errormessage)
701 {
702 if (-e "${General::swroot}/proxy/advanced/settings") {
703 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
704 } elsif (-e "${General::swroot}/proxy/settings") {
705 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
706 }
707 &read_acls;
708 }
709
710 # ------------------------------------------------------------------
711
712 # Hook to regenerate the configuration files, if cgi got called from command line.
713 if ($ENV{"REMOTE_ADDR"} eq "") {
714 writeconfig();
715 exit(0);
716 }
717
718 # -------------------------------------------------------------------
719
720 $checked{'ENABLE'}{'off'} = '';
721 $checked{'ENABLE'}{'on'} = '';
722 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
723
724 $checked{'TRANSPARENT'}{'off'} = '';
725 $checked{'TRANSPARENT'}{'on'} = '';
726 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
727
728 $checked{'ENABLE_BLUE'}{'off'} = '';
729 $checked{'ENABLE_BLUE'}{'on'} = '';
730 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
731
732 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
733 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
734 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
735
736 $checked{'SUPPRESS_VERSION'}{'off'} = '';
737 $checked{'SUPPRESS_VERSION'}{'on'} = '';
738 $checked{'SUPPRESS_VERSION'}{$proxysettings{'SUPPRESS_VERSION'}} = "checked='checked'";
739
740 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
741 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
742 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
743 $checked{'FORWARD_USERNAME'}{'off'} = '';
744 $checked{'FORWARD_USERNAME'}{'on'} = '';
745 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
746 $checked{'FORWARD_VIA'}{'off'} = '';
747 $checked{'FORWARD_VIA'}{'on'} = '';
748 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
749 $checked{'NO_CONNECTION_AUTH'}{'off'} = '';
750 $checked{'NO_CONNECTION_AUTH'}{'on'} = '';
751 $checked{'NO_CONNECTION_AUTH'}{$proxysettings{'NO_CONNECTION_AUTH'}} = "checked='checked'";
752
753 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
754 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
755 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
756 $checked{'OFFLINE_MODE'}{'off'} = '';
757 $checked{'OFFLINE_MODE'}{'on'} = '';
758 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
759 $checked{'CACHE_DIGESTS'}{'off'} = '';
760 $checked{'CACHE_DIGESTS'}{'on'} = '';
761 $checked{'CACHE_DIGESTS'}{$proxysettings{'CACHE_DIGESTS'}} = "checked='checked'";
762
763 $checked{'LOGGING'}{'off'} = '';
764 $checked{'LOGGING'}{'on'} = '';
765 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
766 $checked{'CACHEMGR'}{'off'} = '';
767 $checked{'CACHEMGR'}{'on'} = '';
768 $checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
769 $checked{'LOGQUERY'}{'off'} = '';
770 $checked{'LOGQUERY'}{'on'} = '';
771 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
772 $checked{'LOGUSERAGENT'}{'off'} = '';
773 $checked{'LOGUSERAGENT'}{'on'} = '';
774 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
775
776 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
777 $selected{'ERR_DESIGN'}{$proxysettings{'ERR_DESIGN'}} = "selected='selected'";
778
779 $checked{'NO_PROXY_LOCAL'}{'off'} = '';
780 $checked{'NO_PROXY_LOCAL'}{'on'} = '';
781 $checked{'NO_PROXY_LOCAL'}{$proxysettings{'NO_PROXY_LOCAL'}} = "checked='checked'";
782 $checked{'NO_PROXY_LOCAL_BLUE'}{'off'} = '';
783 $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} = '';
784 $checked{'NO_PROXY_LOCAL_BLUE'}{$proxysettings{'NO_PROXY_LOCAL_BLUE'}} = "checked='checked'";
785
786 $checked{'CLASSROOM_EXT'}{'off'} = '';
787 $checked{'CLASSROOM_EXT'}{'on'} = '';
788 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
789
790 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
791 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
792 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
793 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
794 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
795
796 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
797 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
798 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
799 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
800 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
801 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
802 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
803
804 $checked{'TIME_MON'}{'off'} = '';
805 $checked{'TIME_MON'}{'on'} = '';
806 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
807 $checked{'TIME_TUE'}{'off'} = '';
808 $checked{'TIME_TUE'}{'on'} = '';
809 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
810 $checked{'TIME_WED'}{'off'} = '';
811 $checked{'TIME_WED'}{'on'} = '';
812 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
813 $checked{'TIME_THU'}{'off'} = '';
814 $checked{'TIME_THU'}{'on'} = '';
815 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
816 $checked{'TIME_FRI'}{'off'} = '';
817 $checked{'TIME_FRI'}{'on'} = '';
818 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
819 $checked{'TIME_SAT'}{'off'} = '';
820 $checked{'TIME_SAT'}{'on'} = '';
821 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
822 $checked{'TIME_SUN'}{'off'} = '';
823 $checked{'TIME_SUN'}{'on'} = '';
824 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
825
826 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
827 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
828 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
829 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
830
831 $checked{'THROTTLE_BINARY'}{'off'} = '';
832 $checked{'THROTTLE_BINARY'}{'on'} = '';
833 $checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
834 $checked{'THROTTLE_DSKIMG'}{'off'} = '';
835 $checked{'THROTTLE_DSKIMG'}{'on'} = '';
836 $checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
837 $checked{'THROTTLE_MMEDIA'}{'off'} = '';
838 $checked{'THROTTLE_MMEDIA'}{'on'} = '';
839 $checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
840
841 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
842 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
843 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
844
845 $checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
846 $checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
847 $checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
848
849 foreach (@useragentlist) {
850 @useragent = split(/,/);
851 $checked{'UA_'.$useragent[0]}{'off'} = '';
852 $checked{'UA_'.$useragent[0]}{'on'} = '';
853 $checked{'UA_'.$useragent[0]}{$proxysettings{'UA_'.$useragent[0]}} = "checked='checked'";
854 }
855
856 $checked{'AUTH_METHOD'}{'none'} = '';
857 $checked{'AUTH_METHOD'}{'ncsa'} = '';
858 $checked{'AUTH_METHOD'}{'ident'} = '';
859 $checked{'AUTH_METHOD'}{'ldap'} = '';
860 $checked{'AUTH_METHOD'}{'ntlm'} = '';
861 $checked{'AUTH_METHOD'}{'ntlm-auth'} = '';
862 $checked{'AUTH_METHOD'}{'radius'} = '';
863 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
864
865 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
866
867 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
868 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
869 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
870
871 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
872 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
873 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
874
875 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
876
877 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
878
879 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
880
881 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
882 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
883 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
884
885 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
886 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
887 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
888
889 $checked{'NTLM_USER_ACL'}{'positive'} = '';
890 $checked{'NTLM_USER_ACL'}{'negative'} = '';
891 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
892
893 $checked{'NTLM_AUTH_BASIC'}{'on'} = '';
894 $checked{'NTLM_AUTH_BASIC'}{'off'} = '';
895 $checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'";
896
897 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
898 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
899 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
900
901 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
902 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
903 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
904
905 $checked{'IDENT_REQUIRED'}{'off'} = '';
906 $checked{'IDENT_REQUIRED'}{'on'} = '';
907 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
908
909 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
910 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
911 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
912
913 $checked{'IDENT_USER_ACL'}{'positive'} = '';
914 $checked{'IDENT_USER_ACL'}{'negative'} = '';
915 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
916
917 $checked{'ENABLE_FILTER'}{'off'} = '';
918 $checked{'ENABLE_FILTER'}{'on'} = '';
919 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
920
921 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
922 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
923 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
924
925 $checked{'ENABLE_CLAMAV'}{'off'} = '';
926 $checked{'ENABLE_CLAMAV'}{'on'} = '';
927 $checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
928
929 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
930
931 &Header::openbigbox('100%', 'left', '', $errormessage);
932
933 if ($errormessage) {
934 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
935 print "<font class='base'>$errormessage&nbsp;</font>\n";
936 &Header::closebox();
937 }
938
939 if ($squidversion[0] =~ /^Squid\sCache:\sVersion\s/i)
940 {
941 $squidversion[0] =~ s/^Squid\sCache:\sVersion//i;
942 $squidversion[0] =~ s/^\s+//g;
943 $squidversion[0] =~ s/\s+$//g;
944 } else {
945 $squidversion[0] = $Lang::tr{'advproxy unknown'};
946 }
947
948 # ===================================================================
949 # Main settings
950 # ===================================================================
951
952 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
953
954 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
955
956 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
957
958 print <<END
959 <table width='100%'>
960 <tr>
961 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
962 </tr>
963 <tr>
964 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
965 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
966 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
967 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
968 </tr>
969 <tr>
970 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
971 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
972 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
973 <td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
974 </tr>
975 <tr>
976 END
977 ;
978 if ($netsettings{'BLUE_DEV'}) {
979 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
980 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
981 } else {
982 print "<td colspan='2'>&nbsp;</td>";
983 }
984 print <<END
985 <td class='base'>$Lang::tr{'advproxy visible hostname'}:</td>
986 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
987 </tr>
988 <tr>
989 END
990 ;
991 if ($netsettings{'BLUE_DEV'}) {
992 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
993 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
994 } else {
995 print "<td colspan='2'>&nbsp;</td>";
996 }
997 print <<END
998 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
999 <td class='base'>
1000 <select name='ERR_LANGUAGE'>
1001 END
1002 ;
1003 foreach (<$errordir/*>) {
1004 if (-d) {
1005 $language = substr($_,rindex($_,"/")+1);
1006 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
1007 }
1008 }
1009 print <<END
1010 </select>
1011 </td>
1012 </tr>
1013 <tr>
1014 <td class='base'>$Lang::tr{'advproxy suppress version'}:</td>
1015 <td><input type='checkbox' name='SUPPRESS_VERSION' $checked{'SUPPRESS_VERSION'}{'on'} /></td>
1016 <td class='base'>$Lang::tr{'advproxy error design'}:</td>
1017 <td class='base'><select name='ERR_DESIGN'>
1018 <option value='ipfire' $selected{'ERR_DESIGN'}{'ipfire'}>IPFire</option>
1019 <option value='squid' $selected{'ERR_DESIGN'}{'squid'}>$Lang::tr{'advproxy standard'}</option>
1020 </select></td>
1021 </tr>
1022 <tr>
1023 <td class='base'>$Lang::tr{'advproxy squid version'}:</td>
1024 <td class='base'>&nbsp;[<font color='$Header::colourred'> $squidversion[0] </font>]</td>
1025 <td>&nbsp;</td>
1026 <td>&nbsp;</td>
1027 </tr>
1028 </table>
1029 <hr size='1'>
1030 <table width='100%'>
1031 END
1032 ;
1033 if ( -e "/usr/bin/squidclamav" ) {
1034 print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
1035 if ( ! -e "/var/run/clamav/clamd.pid" ){
1036 print "<font color='red'>clamav not running</font><br /><br />";
1037 $proxysettings{'ENABLE_CLAMAV'} = 'off';
1038 }
1039 else {
1040 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
1041 }
1042 print "</td>";
1043 } else {
1044 print "<td></td>";
1045 }
1046 print "<td class='base'><a href='/cgi-bin/urlfilter.cgi'><b>".$Lang::tr{'advproxy url filter'}."</a></b><br />";
1047 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_FILTER' ".$checked{'ENABLE_FILTER'}{'on'}." /><br />";
1048 print "</td>";
1049 print "<td class='base'><a href='/cgi-bin/updatexlrator.cgi'><b>".$Lang::tr{'advproxy update accelerator'}."</a></b><br />";
1050 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_UPDXLRATOR' ".$checked{'ENABLE_UPDXLRATOR'}{'on'}." /><br />";
1051 print "</td></tr>";
1052 print <<END
1053 </table>
1054 <hr size='1'>
1055 <table width='100%'>
1056 <tr>
1057 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
1058 </tr>
1059 <tr>
1060 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}:</td>
1061 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
1062 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}:</td>
1063 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
1064 </tr>
1065 <tr>
1066 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}:</td>
1067 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
1068 <td class='base'>$Lang::tr{'advproxy upstream username'}:</td>
1069 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
1070 </tr>
1071 <tr>
1072 <td class='base'>$Lang::tr{'advproxy username forwarding'}:</td>
1073 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
1074 <td class='base'>$Lang::tr{'advproxy upstream password'}:</td>
1075 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
1076 </tr>
1077 <tr>
1078 <td class='base'>$Lang::tr{'advproxy no connection auth'}:</td>
1079 <td><input type='checkbox' name='NO_CONNECTION_AUTH' $checked{'NO_CONNECTION_AUTH'}{'on'} /></td>
1080 <td>&nbsp;</td>
1081 <td>&nbsp;</td>
1082 </tr>
1083 </table>
1084 <hr size='1'>
1085 <table width='100%'>
1086 <tr>
1087 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
1088 </tr>
1089 <tr>
1090 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
1091 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
1092 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
1093 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
1094 </tr>
1095 <tr>
1096 <td>&nbsp;</td>
1097 <td>&nbsp;</td>
1098 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
1099 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
1100 </tr>
1101 </table>
1102 <hr size='1'>
1103 <table width='100%'>
1104 <tr>
1105 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
1106 </tr>
1107 <tr>
1108 <td class='base'><a href='/cgi-bin/cachemgr.cgi' target='_blank'>$Lang::tr{'proxy cachemgr'}:</td>
1109 <td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
1110 <td class='base'>$Lang::tr{'advproxy admin mail'}:</td>
1111 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
1112 </tr>
1113 <tr>
1114 <td class='base'>$Lang::tr{'proxy filedescriptors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1115 <td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
1116 <td class='base'>$Lang::tr{'proxy admin password'}:</td>
1117 <td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
1118 </tr>
1119 <tr>
1120 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1121 </tr>
1122 <tr>
1123 <td class='base'>$Lang::tr{'advproxy ram cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1124 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
1125 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1126 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
1127 </tr>
1128 <tr>
1129 <td class='base'>$Lang::tr{'advproxy min size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1130 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
1131 <td class='base'>$Lang::tr{'advproxy max size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1132 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
1133 </tr>
1134 <tr>
1135 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
1136 <td class='base'><select name='L1_DIRS'>
1137 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
1138 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
1139 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
1140 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
1141 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
1142 </select></td>
1143 <td colspan='2' rowspan= '5' valign='top' class='base'>
1144 <table cellspacing='0' cellpadding='0'>
1145 <tr>
1146 <!-- intentionally left empty -->
1147 </tr>
1148 <tr>
1149 <td>$Lang::tr{'advproxy no cache sites'}:</td>
1150 </tr>
1151 <tr>
1152 <!-- intentionally left empty -->
1153 </tr>
1154 <tr>
1155 <!-- intentionally left empty -->
1156 </tr>
1157 <tr>
1158 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
1159 END
1160 ;
1161
1162 print $proxysettings{'DST_NOCACHE'};
1163
1164 print <<END
1165 </textarea></td>
1166 </tr>
1167 </table>
1168 </td>
1169 </tr>
1170 <tr>
1171 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
1172 <td class='base'><select name='MEM_POLICY'>
1173 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
1174 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1175 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
1176 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
1177 </select></td>
1178 </tr>
1179 <tr>
1180 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1181 <td class='base'><select name='CACHE_POLICY'>
1182 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1183 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1184 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1185 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1186 </select></td>
1187 </tr>
1188 <tr>
1189 <td colspan='2'>&nbsp;</td>
1190 </tr>
1191 <tr>
1192 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1193 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1194 </tr>
1195 <tr>
1196 <td class='base'>$Lang::tr{'advproxy cache-digest'}:</td>
1197 <td><input type='checkbox' name='CACHE_DIGESTS' $checked{'CACHE_DIGESTS'}{'on'} /></td>
1198 </tr>
1199 </table>
1200 <hr size='1'>
1201 <table width='100%'>
1202 <tr>
1203 <td colspan='4'><b>$Lang::tr{'advproxy destination ports'}</b></td>
1204 </tr>
1205 <tr>
1206 <td width='25%' align='center'></td> <td width='20%' align='center'></td><td width='25%' align='center'></td><td width='30%' align='center'></td>
1207 </tr>
1208 <tr>
1209 <td colspan='2' class='base'>$Lang::tr{'advproxy standard ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1210 <td colspan='2' class='base'>$Lang::tr{'advproxy ssl ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1211 </tr>
1212 <tr>
1213 <td colspan='2'><textarea name='PORTS_SAFE' cols='32' rows='6' wrap='off'>
1214 END
1215 ;
1216 if (!$proxysettings{'PORTS_SAFE'}) { print $def_ports_safe; } else { print $proxysettings{'PORTS_SAFE'}; }
1217
1218 print <<END
1219 </textarea></td>
1220 <td colspan='2'><textarea name='PORTS_SSL' cols='32' rows='6' wrap='off'>
1221 END
1222 ;
1223 if (!$proxysettings{'PORTS_SSL'}) { print $def_ports_ssl; } else { print $proxysettings{'PORTS_SSL'}; }
1224
1225 print <<END
1226 </textarea></td>
1227 </tr>
1228 </table>
1229 <hr size='1'>
1230 <table width='100%'>
1231 <tr>
1232 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1233 </tr>
1234 <tr>
1235 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1236 </tr>
1237 <tr>
1238 <td colspan='4' class='base'>$Lang::tr{'advproxy allowed subnets'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1239 </tr>
1240 <tr>
1241 <td colspan='2' rowspan='4'><textarea name='SRC_SUBNETS' cols='32' rows='3' wrap='off'>
1242 END
1243 ;
1244
1245 if (!$proxysettings{'SRC_SUBNETS'})
1246 {
1247 print "$green_cidr\n";
1248 if ($netsettings{'BLUE_DEV'})
1249 {
1250 print "$blue_cidr\n";
1251 }
1252 } else { print $proxysettings{'SRC_SUBNETS'}; }
1253
1254 print <<END
1255 </textarea></td>
1256 END
1257 ;
1258
1259 $line = $Lang::tr{'advproxy no internal proxy on green'};
1260 $line =~ s/Green/<font color="$Header::colourgreen">Green<\/font>/i;
1261 print "<td class='base'>$line:</td>\n";
1262 print <<END
1263 <td><input type='checkbox' name='NO_PROXY_LOCAL' $checked{'NO_PROXY_LOCAL'}{'on'} /></td>
1264 </tr>
1265 END
1266 ;
1267 if ($netsettings{'BLUE_DEV'}) {
1268 $line = $Lang::tr{'advproxy no internal proxy on blue'};
1269 $line =~ s/Blue/<font color="$Header::colourblue">Blue<\/font>/i;
1270 print "<tr>\n";
1271 print "<td class='base'>$line:</td>\n";
1272 print <<END
1273 <td><input type='checkbox' name='NO_PROXY_LOCAL_BLUE' $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} /></td>
1274 </tr>
1275 END
1276 ;
1277 }
1278 print <<END
1279 <tr>
1280 <td colspan='2'>&nbsp;</td>
1281 </tr>
1282 <tr>
1283 <td colspan='2'>&nbsp;</td>
1284 </tr>
1285 </table>
1286 <table width='100%'>
1287 <tr>
1288 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1289 </tr>
1290 <tr>
1291 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:</td>
1292 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:</td>
1293 </tr>
1294 <tr>
1295 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='3' wrap='off'>
1296 END
1297 ;
1298
1299 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1300
1301 print <<END
1302 </textarea></td>
1303 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='3' wrap='off'>
1304 END
1305 ;
1306
1307 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1308
1309 print <<END
1310 </textarea></td>
1311 </tr>
1312 </table>
1313 <table width='100%'>
1314 <tr>
1315 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1316 </tr>
1317 <tr>
1318 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:</td>
1319 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:</td>
1320 </tr>
1321 <tr>
1322 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='3' wrap='off'>
1323 END
1324 ;
1325
1326 print $proxysettings{'SRC_BANNED_IP'};
1327
1328 print <<END
1329 </textarea></td>
1330 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='3' wrap='off'>
1331 END
1332 ;
1333
1334 print $proxysettings{'SRC_BANNED_MAC'};
1335
1336 print <<END
1337 </textarea></td>
1338 </tr>
1339 </table>
1340
1341 <hr size='1'>
1342
1343 END
1344 ;
1345 # -------------------------------------------------------------------
1346 # CRE GUI - optional
1347 # -------------------------------------------------------------------
1348
1349 if (-e $cre_enabled) { print <<END
1350 <table width='100%'>
1351
1352 <tr>
1353 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1354 </tr>
1355 <tr>
1356 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1357 </tr>
1358 <tr>
1359
1360 END
1361 ;
1362 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1363 print <<END
1364 <td class='base'>$Lang::tr{'advproxy supervisor password'}:</td>
1365 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1366 </tr>
1367 <tr>
1368 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1369 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:</td>
1370 END
1371 ;
1372 }
1373 print "</tr>";
1374 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1375 print <<END
1376 <tr>
1377 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1378 END
1379 ;
1380
1381 print $proxysettings{'CRE_GROUPS'};
1382
1383 print <<END
1384 </textarea></td>
1385 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1386 END
1387 ;
1388 print $proxysettings{'CRE_SVHOSTS'};
1389
1390 print <<END
1391 </textarea></td>
1392 </tr>
1393 END
1394 ;
1395 }
1396 print "</table><hr size='1'>";
1397
1398 } else {
1399 print <<END
1400 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1401 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1402 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1403 END
1404 ;
1405 }
1406
1407 # -------------------------------------------------------------------
1408
1409 print <<END
1410
1411 <table width='100%'>
1412 <tr>
1413 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1414 </tr>
1415 <table width='100%'>
1416 <tr>
1417 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1418 <td width='1%'>&nbsp;</td>
1419 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1420 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1421 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1422 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1423 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1424 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1425 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1426 <td width='1%'>&nbsp;&nbsp;</td>
1427 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1428 <td width='1%'>&nbsp;</td>
1429 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1430 <td>&nbsp;</td>
1431 </tr>
1432 <tr>
1433 <td class='base'>
1434 <select name='TIME_ACCESS_MODE'>
1435 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1436 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1437 </select>
1438 </td>
1439 <td>&nbsp;</td>
1440 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1441 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1442 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1443 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1444 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1445 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1446 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1447 <td>&nbsp;</td>
1448 <td class='base'>
1449 <select name='TIME_FROM_HOUR'>
1450 END
1451 ;
1452 for ($i=0;$i<=24;$i++) {
1453 $_ = sprintf("%02s",$i);
1454 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1455 }
1456 print <<END
1457 </select>
1458 </td>
1459 <td>:</td>
1460 <td class='base'>
1461 <select name='TIME_FROM_MINUTE'>
1462 END
1463 ;
1464 for ($i=0;$i<=45;$i+=15) {
1465 $_ = sprintf("%02s",$i);
1466 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1467 }
1468 print <<END
1469 </select>
1470 <td> - </td>
1471 </td>
1472 <td class='base'>
1473 <select name='TIME_TO_HOUR'>
1474 END
1475 ;
1476 for ($i=0;$i<=24;$i++) {
1477 $_ = sprintf("%02s",$i);
1478 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1479 }
1480 print <<END
1481 </select>
1482 </td>
1483 <td>:</td>
1484 <td class='base'>
1485 <select name='TIME_TO_MINUTE'>
1486 END
1487 ;
1488 for ($i=0;$i<=45;$i+=15) {
1489 $_ = sprintf("%02s",$i);
1490 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1491 }
1492 print <<END
1493 </select>
1494 </td>
1495 </tr>
1496 </table>
1497 <hr size='1'>
1498 <table width='100%'>
1499 <tr>
1500 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1501 </tr>
1502 <tr>
1503 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1504 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1505 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1506 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1507 </tr>
1508 </table>
1509 <hr size='1'>
1510 <table width='100%'>
1511 <tr>
1512 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1513 </tr>
1514 <tr>
1515 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1516 <td width='20%' class='base'>
1517 <select name='THROTTLING_GREEN_TOTAL'>
1518 END
1519 ;
1520
1521 foreach (@throttle_limits) {
1522 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kbit/s</option>\n";
1523 }
1524
1525 print <<END
1526 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1527 </select>
1528 </td>
1529 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1530 <td width='30%' class='base'>
1531 <select name='THROTTLING_GREEN_HOST'>
1532 END
1533 ;
1534
1535 foreach (@throttle_limits) {
1536 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kbit/s</option>\n";
1537 }
1538
1539 print <<END
1540 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1541 </select>
1542 </td>
1543 </tr>
1544 END
1545 ;
1546
1547 if ($netsettings{'BLUE_DEV'}) {
1548 print <<END
1549 <tr>
1550 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1551 <td class='base'>
1552 <select name='THROTTLING_BLUE_TOTAL'>
1553 END
1554 ;
1555
1556 foreach (@throttle_limits) {
1557 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kbit/s</option>\n";
1558 }
1559
1560 print <<END
1561 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1562 </select>
1563 </td>
1564 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1565 <td class='base'>
1566 <select name='THROTTLING_BLUE_HOST'>
1567 END
1568 ;
1569
1570 foreach (@throttle_limits) {
1571 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kbit/s</option>\n";
1572 }
1573
1574 print <<END
1575 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1576 </select>
1577 </td>
1578 </tr>
1579 END
1580 ;
1581 }
1582
1583 print <<END
1584 </table>
1585 <table width='100%'>
1586 <tr>
1587 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1588 </tr>
1589 <tr>
1590 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1591 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1592 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1593 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1594 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1595 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1596 <td width='15%'>&nbsp;</td>
1597 <td width='10%'>&nbsp;</td>
1598 </tr>
1599 </table>
1600 <hr size='1'>
1601 <table width='100%'>
1602 <tr>
1603 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1604 </tr>
1605 END
1606 ;
1607 if ( $proxysettings{'ENABLE_MIME_FILTER'} eq 'on' ){
1608 print <<END
1609 <tr>
1610 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:</td>
1611 <td>&nbsp;</td>
1612 <td>&nbsp;</td>
1613 </tr>
1614 <tr>
1615 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1616 END
1617 ;
1618
1619 print $proxysettings{'MIME_TYPES'};
1620
1621 print <<END
1622 </textarea></td>
1623 <td>&nbsp;</td>
1624 <td>&nbsp;</td>
1625 </tr>
1626 END
1627 ;
1628 }
1629 print <<END
1630 </table>
1631
1632 <hr size='1'>
1633 <table width='100%'>
1634 <tr>
1635 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b> $Lang::tr{'advproxy UA enable filter'}:<input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1636 </tr>
1637 END
1638 ;
1639 if ( $proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on' ){
1640 print <<END
1641 <tr>
1642 <td colspan='4'><i>
1643 END
1644 ;
1645 if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1646 print <<END
1647 </i></td>
1648 </tr>
1649 </table>
1650 <table width='100%'>
1651 END
1652 ;
1653
1654 for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1655 for ($i=0; $i<=3; $i++) {
1656 if ($i eq 0) { print "<tr>\n"; }
1657 if (($n+$i) < @useragentlist) {
1658 @useragent = split(/,/,@useragentlist[$n+$i]);
1659 print "<td width='15%'>$useragent[1]:<\/td>\n";
1660 print "<td width='10%'><input type='checkbox' name='UA_$useragent[0]' $checked{'UA_'.$useragent[0]}{'on'} /></td>\n";
1661 }
1662 if ($i eq 3) { print "<\/tr>\n"; }
1663 }
1664 }
1665 }
1666 print <<END
1667 </table>
1668 <hr size='1'>
1669 <table width='100%'>
1670 <tr>
1671 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1672 </tr>
1673 <tr>
1674 <td class='base'>$Lang::tr{'advproxy fake useragent'}:</td>
1675 <td class='base'>$Lang::tr{'advproxy fake referer'}:</td>
1676 </tr>
1677 <tr>
1678 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='40%' /></td>
1679 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='40%' /></td>
1680 </tr>
1681 </table>
1682 <hr size='1'>
1683 END
1684 ;
1685
1686 my $auth_columns = 5;
1687 if ($HAVE_NTLM_AUTH) {
1688 $auth_columns++;
1689 }
1690 my $auth_column_width = 100 / $auth_columns;
1691
1692 print <<END;
1693 <table width='100%'>
1694 <tr>
1695 <td colspan='$auth_columns'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1696 </tr>
1697 <tr>
1698 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1699 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1700 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1701 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1702 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1703 END
1704
1705 if ($HAVE_NTLM_AUTH) {
1706 print <<END;
1707 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm-auth' $checked{'AUTH_METHOD'}{'ntlm-auth'} />$Lang::tr{'advproxy AUTH method ntlm auth'}</td>
1708 END
1709 }
1710
1711 print <<END
1712 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1713 </tr>
1714 </table>
1715 END
1716 ;
1717
1718 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1719 <hr size='1'>
1720 <table width='100%'>
1721 <tr>
1722 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1723 </tr>
1724 <tr>
1725 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1726 </tr>
1727 <tr>
1728 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1729 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1730 <td colspan='2' rowspan= '6' valign='top' class='base'>
1731 <table cellpadding='0' cellspacing='0'>
1732 <tr>
1733 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:</td>
1734 </tr>
1735 <tr>
1736 <!-- intentionally left empty -->
1737 </tr>
1738 <tr>
1739 <!-- intentionally left empty -->
1740 </tr>
1741 <tr>
1742 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1743 </tr>
1744 <tr>
1745 <!-- intentionally left empty -->
1746 </tr>
1747 <tr>
1748 <!-- intentionally left empty -->
1749 </tr>
1750 <tr>
1751 <td>$Lang::tr{'advproxy AUTH no auth'}:</td>
1752 </tr>
1753 <tr>
1754 <!-- intentionally left empty -->
1755 </tr>
1756 <tr>
1757 <!-- intentionally left empty -->
1758 </tr>
1759 <tr>
1760 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1761 END
1762 ;
1763
1764 print $proxysettings{'DST_NOAUTH'};
1765
1766 print <<END
1767 </textarea></td>
1768 </tr>
1769 </table>
1770 </td>
1771 </tr>
1772 <tr>
1773 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1774 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1775 </tr>
1776 <tr>
1777 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
1778 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1779 </tr>
1780 <tr>
1781 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1782 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1783 </tr>
1784 <tr>
1785 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1786 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1787 </tr>
1788 <tr>
1789 <td colspan='2'>&nbsp;</td>
1790 </tr>
1791 </table>
1792 END
1793 ;
1794 }
1795
1796 # ===================================================================
1797 # NCSA auth settings
1798 # ===================================================================
1799
1800 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1801 print <<END
1802 <hr size='1'>
1803 <table width='100%'>
1804 <tr>
1805 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1806 </tr>
1807 <tr>
1808 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1809 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1810 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1811 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1812 </tr>
1813 <tr>
1814 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1815 <td>&nbsp;</td>
1816 <td>&nbsp;</td>
1817 </tr>
1818 </table>
1819 END
1820 ; }
1821
1822 # ===================================================================
1823 # IDENTD auth settings
1824 # ===================================================================
1825
1826 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1827 print <<END
1828 <hr size ='1'>
1829 <table width='100%'>
1830 <tr>
1831 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1832 </tr>
1833 <tr>
1834 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1835 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1836 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1837 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1838 </tr>
1839 <tr>
1840 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1841 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1842 <td>&nbsp;</td>
1843 <td>&nbsp;</td>
1844 </tr>
1845 <tr>
1846 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1847 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:</td>
1848 </tr>
1849 <tr>
1850 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1851 END
1852 ;
1853 if (!$proxysettings{'IDENT_HOSTS'}) {
1854 print "$green_cidr\n";
1855 if ($netsettings{'BLUE_DEV'}) {
1856 print "$blue_cidr\n";
1857 }
1858 } else {
1859 print $proxysettings{'IDENT_HOSTS'};
1860 }
1861
1862 print <<END
1863 </textarea></td>
1864 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1865 END
1866 ;
1867
1868 print $proxysettings{'DST_NOAUTH'};
1869
1870 print <<END
1871 </textarea></td>
1872 </tr>
1873 </table>
1874 <hr size ='1'>
1875 <table width='100%'>
1876 <tr>
1877 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1878 </tr>
1879 <tr>
1880 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1881 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1882 <td width='25%'>&nbsp;</td>
1883 <td width='30%'>&nbsp;</td>
1884 </tr>
1885 <tr>
1886 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1887 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1888 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1889 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1890 </tr>
1891 <tr>
1892 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1893 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1894 </tr>
1895 <tr>
1896 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1897 END
1898 ; }
1899
1900 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1901
1902 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1903 </textarea></td>
1904 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1905 END
1906 ; }
1907
1908 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1909
1910 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1911 </textarea></td>
1912 </tr>
1913 </table>
1914 END
1915 ; }
1916
1917 # ===================================================================
1918 # NTLM auth settings
1919 # ===================================================================
1920
1921 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1922 print <<END
1923 <hr size='1'>
1924 <table width='100%'>
1925 <tr>
1926 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1927 </tr>
1928 <tr>
1929 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1930 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1931 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1932 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1933 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:</td>
1934 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1935 </tr>
1936 </table>
1937 <hr size ='1'>
1938 <table width='100%'>
1939 <tr>
1940 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1941 </tr>
1942 <tr>
1943 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1944 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1945 <td>&nbsp;</td>
1946 </tr>
1947 </table>
1948 <hr size ='1'>
1949 <table width='100%'>
1950 <tr>
1951 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1952 </tr>
1953 <tr>
1954 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1955 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1956 <td width='25%'>&nbsp;</td>
1957 <td width='30%'>&nbsp;</td>
1958 </tr>
1959 <tr>
1960 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1961 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1962 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1963 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1964 </tr>
1965 <tr>
1966 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1967 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1968 </tr>
1969 <tr>
1970 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1971 END
1972 ; }
1973
1974 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1975
1976 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1977 </textarea></td>
1978 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1979 END
1980 ; }
1981
1982 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1983
1984 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1985 </textarea></td>
1986 </tr>
1987 </table>
1988 END
1989 ; }
1990
1991 # ===================================================================
1992 # NTLM-AUTH settings
1993 # ===================================================================
1994
1995 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
1996 print <<END;
1997 <hr size ='1'>
1998 <table width='100%'>
1999 <td width='20%' class='base'>$Lang::tr{'advproxy basic authentication'}:</td>
2000 <td width='40%'><input type='checkbox' name='NTLM_AUTH_BASIC' $checked{'NTLM_AUTH_BASIC'}{'on'} /></td>
2001 <td colspan='2'>&nbsp;</td>
2002 </table>
2003
2004 <hr size='1' />
2005
2006 <table width='100%'>
2007 <tr>
2008 <td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
2009 </tr>
2010 <tr>
2011 <td width='20%' class='base'>$Lang::tr{'advproxy group required'}:</td>
2012 <td width='40%'><input type='text' name='NTLM_AUTH_GROUP' value='$proxysettings{'NTLM_AUTH_GROUP'}' size='37' /></td>
2013 <td>&nbsp;</td>
2014 <td>&nbsp;</td>
2015 </tr>
2016 </table>
2017 END
2018 }
2019
2020 # ===================================================================
2021 # LDAP auth settings
2022 # ===================================================================
2023
2024 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
2025 print <<END
2026 <hr size='1'>
2027 <table width='100%'>
2028 <tr>
2029 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
2030 </tr>
2031 <tr>
2032 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
2033 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
2034 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
2035 <td class='base'><select name='LDAP_TYPE'>
2036 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
2037 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
2038 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
2039 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
2040 </select></td>
2041 </tr>
2042 <tr>
2043 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
2044 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
2045 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
2046 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
2047 </tr>
2048 </table>
2049 <hr size ='1'>
2050 <table width='100%'>
2051 <tr>
2052 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
2053 </tr>
2054 <tr>
2055 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
2056 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
2057 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
2058 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
2059 </tr>
2060 </table>
2061 <hr size ='1'>
2062 <table width='100%'>
2063 <tr>
2064 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
2065 </tr>
2066 <tr>
2067 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:</td>
2068 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
2069 <td>&nbsp;</td>
2070 <td>&nbsp;</td>
2071 </tr>
2072 </table>
2073 END
2074 ; }
2075
2076 # ===================================================================
2077 # RADIUS auth settings
2078 # ===================================================================
2079
2080 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
2081 print <<END
2082 <hr size='1'>
2083 <table width='100%'>
2084 <tr>
2085 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
2086 </tr>
2087 <tr>
2088 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
2089 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
2090 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
2091 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
2092 </tr>
2093 <tr>
2094 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:</td>
2095 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
2096 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
2097 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
2098 </tr>
2099 </table>
2100 <hr size ='1'>
2101 <table width='100%'>
2102 <tr>
2103 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
2104 </tr>
2105 <tr>
2106 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
2107 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
2108 <td width='25%'>&nbsp;</td>
2109 <td width='30%'>&nbsp;</td>
2110 </tr>
2111 <tr>
2112 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
2113 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
2114 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
2115 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
2116 </tr>
2117 <tr>
2118 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
2119 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
2120 </tr>
2121 <tr>
2122 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
2123 END
2124 ; }
2125
2126 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
2127
2128 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2129 </textarea></td>
2130 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
2131 END
2132 ; }
2133
2134 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
2135
2136 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2137 </textarea></td>
2138 </tr>
2139 </table>
2140 END
2141 ; }
2142
2143 # ===================================================================
2144
2145 }
2146
2147 print "<table>\n";
2148
2149 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
2150 print <<END
2151 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2152 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2153 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2154 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2155 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
2156 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2157 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
2158 END
2159 ; }
2160
2161 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
2162 print <<END
2163 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2164 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2165 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2166 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2167 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2168 END
2169 ; }
2170
2171 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
2172 print <<END
2173 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2174 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
2175 END
2176 ; }
2177
2178 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
2179 print <<END
2180 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
2181 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
2182 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
2183 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
2184 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
2185 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
2186 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
2187 END
2188 ; }
2189
2190 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
2191 print <<END
2192 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
2193 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
2194 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
2195 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
2196 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
2197 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
2198 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
2199 END
2200 ; }
2201
2202 if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
2203 print <<END
2204 <td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
2205 <td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
2206 <td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
2207 <td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
2208 <td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
2209 <td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
2210 <td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
2211 <td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
2212 END
2213 ; }
2214
2215 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
2216 print <<END
2217 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
2218 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
2219 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
2220 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
2221 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
2222 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
2223 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
2224 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
2225 END
2226 ; }
2227
2228 print "</table>\n";
2229
2230 print <<END
2231 <hr size='1'>
2232 END
2233 ;
2234
2235 print <<END
2236 <table width='100%'>
2237 <tr>
2238 <td>&nbsp;</td>
2239 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
2240 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'proxy reconfigure'}' /></td>
2241 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
2242 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy clear cache'}' /></td>
2243 <td>&nbsp;</td>
2244 </tr>
2245
2246 </table>
2247 <br />
2248 <table width='100%'>
2249 <tr>
2250 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'required field'}</font></td>
2251 <td align='right'>&nbsp;</td>
2252 </tr>
2253 </table>
2254 </form>
2255 END
2256 ;
2257
2258 &Header::closebox();
2259
2260 } else {
2261
2262 # ===================================================================
2263 # NCSA user management
2264 # ===================================================================
2265
2266 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2267 print <<END
2268 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2269 <table width='100%'>
2270 <tr>
2271 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2272 </tr>
2273 <tr>
2274 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2275 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2276 END
2277 ;
2278 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly='readonly' "; }
2279 print <<END
2280 /></td>
2281 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2282 <td class='base'>
2283 <select name='NCSA_GROUP'>
2284 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2285 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2286 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2287 </select>
2288 </td>
2289
2290 </tr>
2291 <tr>
2292 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2293 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2294 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2295 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2296 </tr>
2297 </table>
2298 <br>
2299 <table>
2300 <tr>
2301 <td>&nbsp;</td>
2302 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2303 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2304 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2305 END
2306 ;
2307 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2308 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2309 }
2310
2311 print <<END
2312 <td>&nbsp;</td>
2313 <td>&nbsp;</td>
2314 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2315 </tr>
2316 </table>
2317 </form>
2318 <hr size='1'>
2319 <table width='100%'>
2320 <tr>
2321 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2322 </tr>
2323 </table>
2324 <table width='100%' align='center'>
2325 END
2326 ;
2327
2328 if (-e $extgrp)
2329 {
2330 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2331 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2332 }
2333 if (-e $stdgrp)
2334 {
2335 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2336 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2337 }
2338 if (-e $disgrp)
2339 {
2340 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2341 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2342 }
2343
2344 @userlist = sort(@userlist);
2345
2346 # If the password file contains entries, print entries and action icons
2347
2348 if ( ! -z "$userdb" ) {
2349 print <<END
2350 <tr>
2351 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2352 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2353 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2354 </tr>
2355 END
2356 ;
2357 $id = 0;
2358 foreach $line (@userlist)
2359 {
2360 $id++;
2361 chomp($line);
2362 @temp = split(/:/,$line);
2363 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2364 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2365 elsif ($id % 2) {
2366 print "<tr bgcolor='$color{'color20'}'>\n"; }
2367 else {
2368 print "<tr bgcolor='$color{'color22'}'>\n"; }
2369
2370 print <<END
2371 <td align='center'>$temp[0]</td>
2372 <td align='center'>
2373 END
2374 ;
2375 if ($temp[1] eq 'standard') {
2376 print $Lang::tr{'advproxy NCSA grp standard'};
2377 } elsif ($temp[1] eq 'extended') {
2378 print $Lang::tr{'advproxy NCSA grp extended'};
2379 } elsif ($temp[1] eq 'disabled') {
2380 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2381 print <<END
2382 </td>
2383 <td width='8%' align='center'>
2384 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2385 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2386 <input type='hidden' name='ID' value='$line' />
2387 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2388 </form>
2389 </td>
2390
2391 <td width='8%' align='center'>
2392 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2393 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2394 <input type='hidden' name='ID' value='$temp[0]' />
2395 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2396 </form>
2397 </td>
2398 </tr>
2399 END
2400 ;
2401 }
2402
2403 print <<END
2404 </table>
2405 <br>
2406 <table>
2407 <tr>
2408 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2409 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2410 <td class='base'>$Lang::tr{'edit'}</td>
2411 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2412 <td class='base'>$Lang::tr{'remove'}</td>
2413 </tr>
2414 END
2415 ;
2416 } else {
2417 print <<END
2418 <tr>
2419 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2420 </tr>
2421 END
2422 ;
2423 }
2424
2425 print <<END
2426 </table>
2427 END
2428 ;
2429
2430 &Header::closebox();
2431
2432 }
2433
2434 # ===================================================================
2435
2436 &Header::closebigbox();
2437
2438 &Header::closepage();
2439
2440 # -------------------------------------------------------------------
2441
2442 sub read_acls
2443 {
2444 if (-e "$acl_src_subnets") {
2445 open(FILE,"$acl_src_subnets");
2446 delete $proxysettings{'SRC_SUBNETS'};
2447 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2448 close(FILE);
2449 }
2450 if (-e "$acl_src_banned_ip") {
2451 open(FILE,"$acl_src_banned_ip");
2452 delete $proxysettings{'SRC_BANNED_IP'};
2453 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2454 close(FILE);
2455 }
2456 if (-e "$acl_src_banned_mac") {
2457 open(FILE,"$acl_src_banned_mac");
2458 delete $proxysettings{'SRC_BANNED_MAC'};
2459 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2460 close(FILE);
2461 }
2462 if (-e "$acl_src_unrestricted_ip") {
2463 open(FILE,"$acl_src_unrestricted_ip");
2464 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2465 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2466 close(FILE);
2467 }
2468 if (-e "$acl_src_unrestricted_mac") {
2469 open(FILE,"$acl_src_unrestricted_mac");
2470 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2471 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2472 close(FILE);
2473 }
2474 if (-e "$acl_dst_nocache") {
2475 open(FILE,"$acl_dst_nocache");
2476 delete $proxysettings{'DST_NOCACHE'};
2477 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2478 close(FILE);
2479 }
2480 if (-e "$acl_dst_noauth") {
2481 open(FILE,"$acl_dst_noauth");
2482 delete $proxysettings{'DST_NOAUTH'};
2483 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2484 close(FILE);
2485 }
2486 if (-e "$acl_ports_safe") {
2487 open(FILE,"$acl_ports_safe");
2488 delete $proxysettings{'PORTS_SAFE'};
2489 while (<FILE>) { $proxysettings{'PORTS_SAFE'} .= $_ };
2490 close(FILE);
2491 }
2492 if (-e "$acl_ports_ssl") {
2493 open(FILE,"$acl_ports_ssl");
2494 delete $proxysettings{'PORTS_SSL'};
2495 while (<FILE>) { $proxysettings{'PORTS_SSL'} .= $_ };
2496 close(FILE);
2497 }
2498 if (-e "$mimetypes") {
2499 open(FILE,"$mimetypes");
2500 delete $proxysettings{'MIME_TYPES'};
2501 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2502 close(FILE);
2503 }
2504 if (-e "$ntlmdir/msntauth.allowusers") {
2505 open(FILE,"$ntlmdir/msntauth.allowusers");
2506 delete $proxysettings{'NTLM_ALLOW_USERS'};
2507 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2508 close(FILE);
2509 }
2510 if (-e "$ntlmdir/msntauth.denyusers") {
2511 open(FILE,"$ntlmdir/msntauth.denyusers");
2512 delete $proxysettings{'NTLM_DENY_USERS'};
2513 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2514 close(FILE);
2515 }
2516 if (-e "$raddir/radauth.allowusers") {
2517 open(FILE,"$raddir/radauth.allowusers");
2518 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2519 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2520 close(FILE);
2521 }
2522 if (-e "$raddir/radauth.denyusers") {
2523 open(FILE,"$raddir/radauth.denyusers");
2524 delete $proxysettings{'RADIUS_DENY_USERS'};
2525 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2526 close(FILE);
2527 }
2528 if (-e "$identdir/identauth.allowusers") {
2529 open(FILE,"$identdir/identauth.allowusers");
2530 delete $proxysettings{'IDENT_ALLOW_USERS'};
2531 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2532 close(FILE);
2533 }
2534 if (-e "$identdir/identauth.denyusers") {
2535 open(FILE,"$identdir/identauth.denyusers");
2536 delete $proxysettings{'IDENT_DENY_USERS'};
2537 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2538 close(FILE);
2539 }
2540 if (-e "$identhosts") {
2541 open(FILE,"$identhosts");
2542 delete $proxysettings{'IDENT_HOSTS'};
2543 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2544 close(FILE);
2545 }
2546 if (-e "$cre_groups") {
2547 open(FILE,"$cre_groups");
2548 delete $proxysettings{'CRE_GROUPS'};
2549 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2550 close(FILE);
2551 }
2552 if (-e "$cre_svhosts") {
2553 open(FILE,"$cre_svhosts");
2554 delete $proxysettings{'CRE_SVHOSTS'};
2555 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2556 close(FILE);
2557 }
2558 }
2559
2560 # -------------------------------------------------------------------
2561
2562 sub check_acls
2563 {
2564 @temp = split(/\n/,$proxysettings{'PORTS_SAFE'});
2565 undef $proxysettings{'PORTS_SAFE'};
2566 foreach (@temp)
2567 {
2568 s/^\s+//g; s/\s+$//g;
2569 if ($_)
2570 {
2571 $line = $_;
2572 if (/^[^#]+\s+#\sSquids\sport/) { s/(^[^#]+)(\s+#\sSquids\sport)/$proxysettings{'PROXY_PORT'}\2/; $line=$_; }
2573 s/#.*//g; s/\s+//g;
2574 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2575 @templist = split(/-/);
2576 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2577 $proxysettings{'PORTS_SAFE'} .= $line."\n";
2578 }
2579 }
2580
2581 @temp = split(/\n/,$proxysettings{'PORTS_SSL'});
2582 undef $proxysettings{'PORTS_SSL'};
2583 foreach (@temp)
2584 {
2585 s/^\s+//g; s/\s+$//g;
2586 if ($_)
2587 {
2588 $line = $_;
2589 s/#.*//g; s/\s+//g;
2590 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2591 @templist = split(/-/);
2592 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2593 $proxysettings{'PORTS_SSL'} .= $line."\n";
2594 }
2595 }
2596
2597 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2598 undef $proxysettings{'DST_NOCACHE'};
2599 foreach (@temp)
2600 {
2601 s/^\s+//g;
2602 unless (/^#/) { s/\s+//g; }
2603 if ($_)
2604 {
2605 if (/^\./) { $_ = '*'.$_; }
2606 $proxysettings{'DST_NOCACHE'} .= $_."\n";
2607 }
2608 }
2609
2610 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2611 undef $proxysettings{'SRC_SUBNETS'};
2612 foreach (@temp)
2613 {
2614 s/^\s+//g; s/\s+$//g;
2615 if ($_)
2616 {
2617 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2618 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2619 }
2620 }
2621
2622 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2623 undef $proxysettings{'SRC_BANNED_IP'};
2624 foreach (@temp)
2625 {
2626 s/^\s+//g; s/\s+$//g;
2627 if ($_)
2628 {
2629 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2630 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2631 }
2632 }
2633
2634 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2635 undef $proxysettings{'SRC_BANNED_MAC'};
2636 foreach (@temp)
2637 {
2638 s/^\s+//g; s/\s+$//g; s/-/:/g;
2639 if ($_)
2640 {
2641 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2642 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2643 }
2644 }
2645
2646 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2647 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2648 foreach (@temp)
2649 {
2650 s/^\s+//g; s/\s+$//g;
2651 if ($_)
2652 {
2653 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2654 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2655 }
2656 }
2657
2658 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2659 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2660 foreach (@temp)
2661 {
2662 s/^\s+//g; s/\s+$//g; s/-/:/g;
2663 if ($_)
2664 {
2665 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2666 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2667 }
2668 }
2669
2670 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2671 undef $proxysettings{'DST_NOAUTH'};
2672 foreach (@temp)
2673 {
2674 s/^\s+//g;
2675 unless (/^#/) { s/\s+//g; }
2676 if ($_)
2677 {
2678 if (/^\./) { $_ = '*'.$_; }
2679 $proxysettings{'DST_NOAUTH'} .= $_."\n";
2680 }
2681 }
2682
2683 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2684 {
2685 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2686 undef $proxysettings{'NTLM_ALLOW_USERS'};
2687 foreach (@temp)
2688 {
2689 s/^\s+//g; s/\s+$//g;
2690 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2691 }
2692 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2693 }
2694
2695 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2696 {
2697 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2698 undef $proxysettings{'NTLM_DENY_USERS'};
2699 foreach (@temp)
2700 {
2701 s/^\s+//g; s/\s+$//g;
2702 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2703 }
2704 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2705 }
2706
2707 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2708 {
2709 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2710 undef $proxysettings{'IDENT_ALLOW_USERS'};
2711 foreach (@temp)
2712 {
2713 s/^\s+//g; s/\s+$//g;
2714 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2715 }
2716 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2717 }
2718
2719 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2720 {
2721 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2722 undef $proxysettings{'IDENT_DENY_USERS'};
2723 foreach (@temp)
2724 {
2725 s/^\s+//g; s/\s+$//g;
2726 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2727 }
2728 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2729 }
2730
2731 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2732 {
2733 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2734 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2735 foreach (@temp)
2736 {
2737 s/^\s+//g; s/\s+$//g;
2738 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2739 }
2740 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2741 }
2742
2743 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2744 {
2745 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2746 undef $proxysettings{'RADIUS_DENY_USERS'};
2747 foreach (@temp)
2748 {
2749 s/^\s+//g; s/\s+$//g;
2750 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2751 }
2752 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2753 }
2754
2755 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2756 undef $proxysettings{'IDENT_HOSTS'};
2757 foreach (@temp)
2758 {
2759 s/^\s+//g; s/\s+$//g;
2760 if ($_)
2761 {
2762 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2763 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2764 }
2765 }
2766
2767 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2768 undef $proxysettings{'CRE_SVHOSTS'};
2769 foreach (@temp)
2770 {
2771 s/^\s+//g; s/\s+$//g;
2772 if ($_)
2773 {
2774 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2775 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2776 }
2777 }
2778 }
2779
2780 # -------------------------------------------------------------------
2781
2782 sub write_acls
2783 {
2784 open(FILE, ">$acl_src_subnets");
2785 flock(FILE, 2);
2786 if (!$proxysettings{'SRC_SUBNETS'})
2787 {
2788 print FILE "$green_cidr\n";
2789 if ($netsettings{'BLUE_DEV'})
2790 {
2791 print FILE "$blue_cidr\n";
2792 }
2793 } else { print FILE $proxysettings{'SRC_SUBNETS'}; }
2794 close(FILE);
2795
2796 open(FILE, ">$acl_src_banned_ip");
2797 flock(FILE, 2);
2798 print FILE $proxysettings{'SRC_BANNED_IP'};
2799 close(FILE);
2800
2801 open(FILE, ">$acl_src_banned_mac");
2802 flock(FILE, 2);
2803 print FILE $proxysettings{'SRC_BANNED_MAC'};
2804 close(FILE);
2805
2806 open(FILE, ">$acl_src_unrestricted_ip");
2807 flock(FILE, 2);
2808 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2809 close(FILE);
2810
2811 open(FILE, ">$acl_src_unrestricted_mac");
2812 flock(FILE, 2);
2813 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2814 close(FILE);
2815
2816 open(FILE, ">$acl_dst_noauth");
2817 flock(FILE, 2);
2818 print FILE $proxysettings{'DST_NOAUTH'};
2819 close(FILE);
2820
2821 open(FILE, ">$acl_dst_noauth_net");
2822 close(FILE);
2823 open(FILE, ">$acl_dst_noauth_dom");
2824 close(FILE);
2825 open(FILE, ">$acl_dst_noauth_url");
2826 close(FILE);
2827
2828 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2829 foreach(@temp)
2830 {
2831 unless (/^#/)
2832 {
2833 if (/^\*\.\w/)
2834 {
2835 s/^\*//;
2836 open(FILE, ">>$acl_dst_noauth_dom");
2837 flock(FILE, 2);
2838 print FILE "$_\n";
2839 close(FILE);
2840 }
2841 elsif (&General::validipormask($_))
2842 {
2843 open(FILE, ">>$acl_dst_noauth_net");
2844 flock(FILE, 2);
2845 print FILE "$_\n";
2846 close(FILE);
2847 }
2848 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2849 {
2850 open(FILE, ">>$acl_dst_noauth_net");
2851 flock(FILE, 2);
2852 print FILE "$_\n";
2853 close(FILE);
2854 }
2855 else
2856 {
2857 open(FILE, ">>$acl_dst_noauth_url");
2858 flock(FILE, 2);
2859 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2860 close(FILE);
2861 }
2862 }
2863 }
2864
2865 open(FILE, ">$acl_dst_nocache");
2866 flock(FILE, 2);
2867 print FILE $proxysettings{'DST_NOCACHE'};
2868 close(FILE);
2869
2870 open(FILE, ">$acl_dst_nocache_net");
2871 close(FILE);
2872 open(FILE, ">$acl_dst_nocache_dom");
2873 close(FILE);
2874 open(FILE, ">$acl_dst_nocache_url");
2875 close(FILE);
2876
2877 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2878 foreach(@temp)
2879 {
2880 unless (/^#/)
2881 {
2882 if (/^\*\.\w/)
2883 {
2884 s/^\*//;
2885 open(FILE, ">>$acl_dst_nocache_dom");
2886 flock(FILE, 2);
2887 print FILE "$_\n";
2888 close(FILE);
2889 }
2890 elsif (&General::validipormask($_))
2891 {
2892 open(FILE, ">>$acl_dst_nocache_net");
2893 flock(FILE, 2);
2894 print FILE "$_\n";
2895 close(FILE);
2896 }
2897 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2898 {
2899 open(FILE, ">>$acl_dst_nocache_net");
2900 flock(FILE, 2);
2901 print FILE "$_\n";
2902 close(FILE);
2903 }
2904 else
2905 {
2906 open(FILE, ">>$acl_dst_nocache_url");
2907 flock(FILE, 2);
2908 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2909 close(FILE);
2910 }
2911 }
2912 }
2913
2914 open(FILE, ">$acl_ports_safe");
2915 flock(FILE, 2);
2916 if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; }
2917 close(FILE);
2918
2919 open(FILE, ">$acl_ports_ssl");
2920 flock(FILE, 2);
2921 if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; }
2922 close(FILE);
2923
2924 open(FILE, ">$acl_dst_throttle");
2925 flock(FILE, 2);
2926 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2927 {
2928 @temp = split(/\|/,$throttle_binary);
2929 foreach (@temp) { print FILE "\\.$_\$\n"; }
2930 }
2931 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2932 {
2933 @temp = split(/\|/,$throttle_dskimg);
2934 foreach (@temp) { print FILE "\\.$_\$\n"; }
2935 }
2936 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2937 {
2938 @temp = split(/\|/,$throttle_mmedia);
2939 foreach (@temp) { print FILE "\\.$_\$\n"; }
2940 }
2941 if (-s $throttled_urls)
2942 {
2943 open(URLFILE, $throttled_urls);
2944 @temp = <URLFILE>;
2945 close(URLFILE);
2946 foreach (@temp) { print FILE; }
2947 }
2948 close(FILE);
2949
2950 open(FILE, ">$mimetypes");
2951 flock(FILE, 2);
2952 print FILE $proxysettings{'MIME_TYPES'};
2953 close(FILE);
2954
2955 open(FILE, ">$ntlmdir/msntauth.allowusers");
2956 flock(FILE, 2);
2957 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2958 close(FILE);
2959
2960 open(FILE, ">$ntlmdir/msntauth.denyusers");
2961 flock(FILE, 2);
2962 print FILE $proxysettings{'NTLM_DENY_USERS'};
2963 close(FILE);
2964
2965 open(FILE, ">$raddir/radauth.allowusers");
2966 flock(FILE, 2);
2967 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2968 close(FILE);
2969
2970 open(FILE, ">$raddir/radauth.denyusers");
2971 flock(FILE, 2);
2972 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2973 close(FILE);
2974
2975 open(FILE, ">$identdir/identauth.allowusers");
2976 flock(FILE, 2);
2977 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2978 close(FILE);
2979
2980 open(FILE, ">$identdir/identauth.denyusers");
2981 flock(FILE, 2);
2982 print FILE $proxysettings{'IDENT_DENY_USERS'};
2983 close(FILE);
2984
2985 open(FILE, ">$identhosts");
2986 flock(FILE, 2);
2987 print FILE $proxysettings{'IDENT_HOSTS'};
2988 close(FILE);
2989
2990 open(FILE, ">$cre_groups");
2991 flock(FILE, 2);
2992 print FILE $proxysettings{'CRE_GROUPS'};
2993 close(FILE);
2994
2995 open(FILE, ">$cre_svhosts");
2996 flock(FILE, 2);
2997 print FILE $proxysettings{'CRE_SVHOSTS'};
2998 close(FILE);
2999 }
3000
3001 # -------------------------------------------------------------------
3002
3003 sub writepacfile
3004 {
3005 open(FILE, ">/srv/web/ipfire/html/proxy.pac");
3006 flock(FILE, 2);
3007 print FILE "function FindProxyForURL(url, host)\n";
3008 print FILE "{\n";
3009 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
3010 {
3011 print FILE <<END
3012 if (
3013 (isPlainHostName(host)) ||
3014 (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
3015 END
3016 ;
3017
3018 if ($netsettings{'GREEN_DEV'}) {
3019 print FILE " (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
3020 }
3021
3022 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
3023 print FILE " (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
3024 }
3025
3026 if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
3027 print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
3028 }
3029
3030 print FILE <<END
3031 (isInNet(host, "169.254.0.0", "255.255.0.0"))
3032 )
3033 return "DIRECT";
3034
3035 else
3036
3037 END
3038 ;
3039 if ($proxysettings{'ENABLE'} eq 'on')
3040 {
3041 print FILE "if (\n";
3042 print FILE " (isInNet(myIpAddress(), \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\"))";
3043
3044 undef @templist;
3045 if (-e "$acl_src_subnets") {
3046 open(SUBNETS,"$acl_src_subnets");
3047 @templist = <SUBNETS>;
3048 close(SUBNETS);
3049 }
3050
3051 foreach (@templist)
3052 {
3053 @temp = split(/\//);
3054 if (
3055 ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
3056 ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
3057 )
3058 {
3059 chomp $temp[1];
3060 print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
3061 }
3062 }
3063
3064 print FILE "\n";
3065
3066 print FILE <<END
3067 )
3068 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3069 END
3070 ;
3071 }
3072 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
3073 {
3074 print FILE "\n else\n\n";
3075 }
3076 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
3077 {
3078 print FILE <<END
3079 if (
3080 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
3081 )
3082 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3083 END
3084 ;
3085 }
3086 }
3087 print FILE "}\n";
3088 close(FILE);
3089 }
3090
3091 # -------------------------------------------------------------------
3092
3093 sub writeconfig
3094 {
3095 my $authrealm;
3096 my $delaypools;
3097
3098 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
3099 $proxysettings{'THROTTLING_GREEN_HOST'} +
3100 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
3101 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
3102 {
3103 $delaypools = 1; } else { $delaypools = 0;
3104 }
3105
3106 if ($proxysettings{'AUTH_REALM'} eq '')
3107 {
3108 $authrealm = "IPFire Advanced Proxy Server";
3109 } else {
3110 $authrealm = $proxysettings{'AUTH_REALM'};
3111 }
3112
3113 $_ = $proxysettings{'UPSTREAM_PROXY'};
3114 my ($remotehost, $remoteport) = split(/:/,$_);
3115
3116 if ($remoteport eq '') { $remoteport = 80; }
3117
3118 open(FILE, ">${General::swroot}/proxy/squid.conf");
3119 flock(FILE, 2);
3120 print FILE <<END
3121 # Do not modify '${General::swroot}/proxy/squid.conf' directly since any changes
3122 # you make will be overwritten whenever you resave proxy settings using the
3123 # web interface!
3124 #
3125 # Instead, modify the file '$acl_include' and
3126 # then restart the proxy service using the web interface. Changes made to the
3127 # 'include.acl' file will propagate to the 'squid.conf' file at that time.
3128
3129 shutdown_lifetime 5 seconds
3130 icp_port 0
3131
3132 END
3133 ;
3134
3135 # Include file with user defined settings.
3136 if (-e "/etc/squid/squid.conf.pre.local") {
3137 print FILE "include /etc/squid/squid.conf.pre.local\n\n";
3138 }
3139
3140 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3141 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3142 print FILE "\n";
3143
3144 if ($proxysettings{'TRANSPARENT'} eq 'on') {
3145 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3146 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3147 print FILE "\n";
3148 }
3149
3150 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3151 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3152 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3153 print FILE "\n";
3154
3155 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
3156 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3157 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3158 print FILE "\n";
3159 }
3160 }
3161
3162 if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0))
3163 {
3164 print FILE "\n";
3165
3166 if (!-z $acl_dst_nocache_dom) {
3167 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
3168 print FILE "cache deny no_cache_domains\n";
3169 }
3170 if (!-z $acl_dst_nocache_net) {
3171 print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
3172 print FILE "cache deny no_cache_ipaddr\n";
3173 }
3174 if (!-z $acl_dst_nocache_url) {
3175 print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
3176 print FILE "cache deny no_cache_hosts\n";
3177 }
3178 }
3179
3180 print FILE <<END
3181
3182 cache_effective_user squid
3183 umask 022
3184
3185 pid_filename /var/run/squid.pid
3186
3187 cache_mem $proxysettings{'CACHE_MEM'} MB
3188 END
3189 ;
3190 print FILE "error_directory $errordir/$proxysettings{'ERR_LANGUAGE'}\n\n";
3191
3192 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
3193 if ($proxysettings{'CACHE_DIGESTS'} eq 'on') { print FILE "digest_generation on\n\n"; } else { print FILE "digest_generation off\n\n"; }
3194
3195 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
3196 {
3197 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
3198 {
3199 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
3200 }
3201 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
3202 {
3203 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
3204 }
3205 print FILE "\n";
3206 }
3207
3208 open (PORTS,"$acl_ports_ssl");
3209 my @ssl_ports = <PORTS>;
3210 close PORTS;
3211
3212 if (@ssl_ports) {
3213 foreach (@ssl_ports) {
3214 print FILE "acl SSL_ports port $_";
3215 }
3216 }
3217
3218 open (PORTS,"$acl_ports_safe");
3219 my @safe_ports = <PORTS>;
3220 close PORTS;
3221
3222 if (@safe_ports) {
3223 foreach (@safe_ports) {
3224 print FILE "acl Safe_ports port $_";
3225 }
3226 }
3227
3228 print FILE <<END
3229
3230 acl IPFire_http port $http_port
3231 acl IPFire_https port $https_port
3232 acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
3233 acl IPFire_networks src "$acl_src_subnets"
3234 acl IPFire_servers dst "$acl_src_subnets"
3235 acl IPFire_green_network src $green_cidr
3236 acl IPFire_green_servers dst $green_cidr
3237 END
3238 ;
3239 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
3240 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
3241 if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
3242 if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
3243 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
3244 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
3245 print FILE <<END
3246 acl CONNECT method CONNECT
3247 END
3248 ;
3249
3250 if ($proxysettings{'CACHE_SIZE'} > 0) {
3251 print FILE <<END
3252 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3253 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3254
3255 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
3256 END
3257 ;
3258 } else {
3259 if ($proxysettings{'CACHE_MEM'} > 0) {
3260 # always 2% of CACHE_MEM defined as max object size
3261 print FILE "maximum_object_size_in_memory " . int($proxysettings{'CACHE_MEM'} * 1024 * 0.02) . " KB\n\n";
3262 } else {
3263 print FILE "cache deny all\n\n";
3264 }
3265 }
3266
3267 print FILE <<END
3268 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3269 END
3270 ;
3271
3272 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3273 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
3274 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
3275 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3276 {
3277 if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
3278 }
3279 }
3280
3281 if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
3282 {
3283 print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
3284 }
3285
3286 if ($proxysettings{'LOGGING'} eq 'on')
3287 {
3288 print FILE <<END
3289 access_log stdio:/var/log/squid/access.log
3290 cache_log /var/log/squid/cache.log
3291 cache_store_log none
3292 END
3293 ;
3294 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "access_log stdio:\/var\/log\/squid\/user_agent.log useragent\n"; }
3295 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
3296 } else {
3297 print FILE <<END
3298 access_log /dev/null
3299 cache_log /dev/null
3300 cache_store_log none
3301 END
3302 ;}
3303 print FILE <<END
3304
3305 log_mime_hdrs off
3306 END
3307 ;
3308
3309 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
3310 {
3311 print FILE "forwarded_for on\n";
3312 } else {
3313 print FILE "forwarded_for off\n";
3314 }
3315 if ($proxysettings{'FORWARD_VIA'} eq 'on')
3316 {
3317 print FILE "via on\n";
3318 } else {
3319 print FILE "via off\n";
3320 }
3321 print FILE "\n";
3322
3323 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3324 {
3325 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3326 {
3327 print FILE "auth_param basic program $authdir/basic_ncsa_auth $userdb\n";
3328 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3329 print FILE "auth_param basic realm $authrealm\n";
3330 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3331 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3332 }
3333
3334 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
3335 {
3336 print FILE "auth_param basic utf8 on\n";
3337 print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
3338 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
3339 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
3340 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
3341 {
3342 if ($proxysettings{'LDAP_GROUP'} eq '')
3343 {
3344 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
3345 } else {
3346 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3347 }
3348 print FILE " -u sAMAccountName -P";
3349 }
3350 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
3351 {
3352 if ($proxysettings{'LDAP_GROUP'} eq '')
3353 {
3354 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
3355 } else {
3356 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
3357 }
3358 print FILE " -u cn -P";
3359 }
3360 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
3361 {
3362 if ($proxysettings{'LDAP_GROUP'} eq '')
3363 {
3364 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
3365 } else {
3366 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3367 }
3368 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
3369 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
3370 print FILE " -u uid -P";
3371 }
3372 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
3373 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3374 print FILE "auth_param basic realm $authrealm\n";
3375 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3376 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3377 }
3378
3379 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
3380 {
3381 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
3382 {
3383 print FILE "auth_param ntlm program $authdir/ntlm_smb_lm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
3384 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
3385 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
3386 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3387 } else {
3388 print FILE "auth_param basic program $authdir/basic_msnt_auth\n";
3389 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3390 print FILE "auth_param basic realm $authrealm\n";
3391 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3392 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3393
3394 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
3395 flock(MSNTCONF,2);
3396 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
3397 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
3398 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
3399 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3400 {
3401 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
3402 {
3403 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
3404 } else {
3405 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
3406 }
3407 }
3408 close(MSNTCONF);
3409 }
3410 }
3411
3412 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
3413 {
3414 print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp";
3415 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3416 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3417 $ntlm_auth_group =~ s/\\/\+/;
3418
3419 print FILE " --require-membership-of=$ntlm_auth_group";
3420 }
3421 print FILE "\n";
3422
3423 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
3424
3425 # BASIC authentication
3426 if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
3427 print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic";
3428 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3429 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3430 $ntlm_auth_group =~ s/\\/\+/;
3431
3432 print FILE " --require-membership-of=$ntlm_auth_group";
3433 }
3434 print FILE "\n";
3435 print FILE "auth_param basic children 10\n";
3436 print FILE "auth_param basic realm IPFire Web Proxy Server\n";
3437 print FILE "auth_param basic credentialsttl 2 hours\n\n";
3438 }
3439 }
3440
3441 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
3442 {
3443 print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
3444 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
3445 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
3446 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3447 print FILE "auth_param basic realm $authrealm\n";
3448 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3449 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3450 }
3451
3452 print FILE "\n";
3453 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
3454 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
3455 {
3456 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
3457 {
3458 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
3459 }
3460 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
3461 {
3462 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
3463 }
3464 }
3465 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3466 {
3467 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
3468 {
3469 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
3470 }
3471 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
3472 {
3473 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
3474 }
3475 }
3476 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3477 {
3478 print FILE "\n";
3479 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
3480 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
3481 }
3482 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
3483 print FILE "\n";
3484
3485 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3486 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3487 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3488 print FILE "\n";
3489
3490 }
3491
3492 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3493 {
3494 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
3495 {
3496 print FILE "acl for_inetusers ident REQUIRED\n";
3497 }
3498 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
3499 {
3500 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
3501 {
3502 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
3503 }
3504 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
3505 {
3506 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
3507 }
3508 }
3509 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3510 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3511 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3512 print FILE "\n";
3513 }
3514
3515 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
3516
3517 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
3518
3519 print FILE "acl within_timeframe time ";
3520 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
3521 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
3522 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
3523 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
3524 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
3525 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
3526 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
3527 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
3528 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
3529 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
3530 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
3531
3532 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3533 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
3534 }
3535
3536 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
3537 print FILE <<END
3538
3539 #Classroom extensions
3540 acl IPFire_no_access_ips src "$acl_src_noaccess_ip"
3541 acl IPFire_no_access_mac arp "$acl_src_noaccess_mac"
3542 END
3543 ;
3544 print FILE "deny_info ";
3545 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3546 {
3547 print FILE "ERR_ACCESS_DISABLED";
3548 } else {
3549 print FILE "ERR_ACCESS_DENIED";
3550 }
3551 print FILE " IPFire_no_access_ips\n";
3552 print FILE "deny_info ";
3553 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3554 {
3555 print FILE "ERR_ACCESS_DISABLED";
3556 } else {
3557 print FILE "ERR_ACCESS_DENIED";
3558 }
3559 print FILE " IPFire_no_access_mac\n";
3560
3561 print FILE <<END
3562 http_access deny IPFire_no_access_ips
3563 http_access deny IPFire_no_access_mac
3564 END
3565 ;
3566 }
3567
3568 #Insert acl file and replace __VAR__ with correct values
3569 my $blue_net = ''; #BLUE empty by default
3570 my $blue_ip = '';
3571 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3572 $blue_net = "$blue_cidr";
3573 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
3574 }
3575 if (!-z $acl_include)
3576 {
3577 open (ACL, "$acl_include");
3578 print FILE "\n#Start of custom includes\n\n";
3579 while (<ACL>) {
3580 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
3581 $_ =~ s/__GREEN_NET__/$green_cidr/;
3582 $_ =~ s/__BLUE_IP__/$blue_ip/;
3583 $_ =~ s/__BLUE_NET__/$blue_net/;
3584 $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
3585 print FILE $_;
3586 }
3587 print FILE "\n#End of custom includes\n";
3588 close (ACL);
3589 }
3590 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
3591
3592 # Check if squidclamav is enabled.
3593 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3594 print FILE "\n#Settings for squidclamav:\n";
3595 print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
3596 print FILE "acl purge method PURGE\n";
3597 print FILE "http_access deny to_localhost\n";
3598 print FILE "http_access allow localhost\n";
3599 print FILE "http_access allow purge localhost\n";
3600 print FILE "http_access deny purge\n";
3601 print FILE "url_rewrite_access deny localhost\n";
3602 }
3603 print FILE <<END;
3604
3605 #Access to squid:
3606 #local machine, no restriction
3607 http_access allow localhost
3608
3609 #GUI admin if local machine connects
3610 http_access allow IPFire_ips IPFire_networks IPFire_http
3611 http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
3612
3613 #Deny not web services
3614 END
3615
3616 if (@safe_ports) {
3617 print FILE "http_access deny !Safe_ports\n";
3618 }
3619
3620 if (@ssl_ports) {
3621 print FILE "http_access deny CONNECT !SSL_ports\n";
3622 }
3623
3624 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3625 {
3626 print FILE "#Set ident ACLs\n";
3627 if (!-z $identhosts)
3628 {
3629 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3630 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3631 print FILE "ident_lookup_access deny all\n";
3632 } else {
3633 print FILE "ident_lookup_access allow all\n";
3634 }
3635 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3636 }
3637
3638 if ($delaypools) {
3639 print FILE "#Set download throttling\n";
3640
3641 if ($netsettings{'BLUE_DEV'})
3642 {
3643 print FILE "delay_pools 2\n";
3644 } else {
3645 print FILE "delay_pools 1\n";
3646 }
3647
3648 print FILE "delay_class 1 3\n";
3649 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3650
3651 print FILE "delay_parameters 1 ";
3652 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3653 {
3654 print FILE "-1/-1";
3655 } else {
3656 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3657 print FILE "/";
3658 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3659 }
3660
3661 print FILE " -1/-1 ";
3662 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3663 {
3664 print FILE "-1/-1";
3665 } else {
3666 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3667 print FILE "/";
3668 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3669 }
3670 print FILE "\n";
3671
3672 if ($netsettings{'BLUE_DEV'})
3673 {
3674 print FILE "delay_parameters 2 ";
3675 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3676 {
3677 print FILE "-1/-1";
3678 } else {
3679 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3680 print FILE "/";
3681 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3682 }
3683 print FILE " -1/-1 ";
3684 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3685 {
3686 print FILE "-1/-1";
3687 } else {
3688 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3689 print FILE "/";
3690 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3691 }
3692 print FILE "\n";
3693 }
3694
3695 print FILE "delay_access 1 deny IPFire_ips\n";
3696 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPFire_unrestricted_ips\n"; }
3697 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPFire_unrestricted_mac\n"; }
3698 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3699
3700 if ($netsettings{'BLUE_DEV'})
3701 {
3702 print FILE "delay_access 1 allow IPFire_green_network";
3703 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3704 print FILE "\n";
3705 print FILE "delay_access 1 deny all\n";
3706 } else {
3707 print FILE "delay_access 1 allow all";
3708 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3709 print FILE "\n";
3710 }
3711
3712 if ($netsettings{'BLUE_DEV'})
3713 {
3714 print FILE "delay_access 2 deny IPFire_ips\n";
3715 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPFire_unrestricted_ips\n"; }
3716 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPFire_unrestricted_mac\n"; }
3717 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3718 print FILE "delay_access 2 allow IPFire_blue_network";
3719 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3720 print FILE "\n";
3721 print FILE "delay_access 2 deny all\n";
3722 }
3723
3724 print FILE "delay_initial_bucket_level 100\n";
3725 print FILE "\n";
3726 }
3727
3728 if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
3729 {
3730 print FILE "#Prevent internal proxy access to Green except IPFire itself\n";
3731 print FILE "http_access deny IPFire_green_servers !IPFire_ips !IPFire_green_network\n\n";
3732 }
3733
3734 if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
3735 {
3736 print FILE "#Prevent internal proxy access from Blue except IPFire itself\n";
3737 print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
3738 print FILE "http_access deny IPFire_blue_network !IPFire_ips IPFire_servers\n\n";
3739 }
3740
3741 print FILE <<END
3742 #Set custom configured ACLs
3743 END
3744 ;
3745 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPFire_banned_ips\n"; }
3746 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPFire_banned_mac\n"; }
3747
3748 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3749 {
3750 if (!-z $acl_src_unrestricted_ip)
3751 {
3752 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_ips to_ipaddr_without_auth\n"; }
3753 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_ips to_domains_without_auth\n"; }
3754 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_ips to_hosts_without_auth\n"; }
3755 }
3756 if (!-z $acl_src_unrestricted_mac)
3757 {
3758 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_mac to_ipaddr_without_auth\n"; }
3759 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_mac to_domains_without_auth\n"; }
3760 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_mac to_hosts_without_auth\n"; }
3761 }
3762 if (!-z $acl_dst_noauth_net)
3763 {
3764 print FILE "http_access allow IPFire_networks";
3765 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3766 print FILE " !within_timeframe";
3767 } else {
3768 print FILE " within_timeframe"; }
3769 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3770 print FILE " to_ipaddr_without_auth\n";
3771 }
3772 if (!-z $acl_dst_noauth_dom)
3773 {
3774 print FILE "http_access allow IPFire_networks";
3775 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3776 print FILE " !within_timeframe";
3777 } else {
3778 print FILE " within_timeframe"; }
3779 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3780 print FILE " to_domains_without_auth\n";
3781 }
3782 if (!-z $acl_dst_noauth_url)
3783 {
3784 print FILE "http_access allow IPFire_networks";
3785 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3786 print FILE " !within_timeframe";
3787 } else {
3788 print FILE " within_timeframe"; }
3789 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3790 print FILE " to_hosts_without_auth\n";
3791 }
3792 }
3793
3794 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3795 {
3796 print FILE "http_access deny !for_inetusers";
3797 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3798 print FILE "\n";
3799 }
3800
3801 if (
3802 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3803 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3804 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3805 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3806 (!-z "$identdir/identauth.denyusers")
3807 )
3808 {
3809 print FILE "http_access deny for_acl_users";
3810 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3811 print FILE "\n";
3812 }
3813
3814 if (!-z $acl_src_unrestricted_ip)
3815 {
3816 print FILE "http_access allow IPFire_unrestricted_ips";
3817 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3818 {
3819 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3820 {
3821 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3822 }
3823 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3824 {
3825 print FILE " for_inetusers";
3826 }
3827 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3828 {
3829 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3830 {
3831 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3832 {
3833 print FILE " for_acl_users";
3834 }
3835 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3836 {
3837 print FILE " !for_acl_users";
3838 }
3839 } else { print FILE " for_inetusers"; }
3840 }
3841 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3842 {
3843 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3844 {
3845 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3846 {
3847 print FILE " for_acl_users";
3848 }
3849 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3850 {
3851 print FILE " !for_acl_users";
3852 }
3853 } else { print FILE " for_inetusers"; }
3854 }
3855 }
3856 print FILE "\n";
3857 }
3858
3859 if (!-z $acl_src_unrestricted_mac)
3860 {
3861 print FILE "http_access allow IPFire_unrestricted_mac";
3862 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3863 {
3864 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3865 {
3866 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3867 }
3868 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3869 {
3870 print FILE " for_inetusers";
3871 }
3872 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3873 {
3874 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3875 {
3876 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3877 {
3878 print FILE " for_acl_users";
3879 }
3880 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3881 {
3882 print FILE " !for_acl_users";
3883 }
3884 } else { print FILE " for_inetusers"; }
3885 }
3886 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3887 {
3888 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3889 {
3890 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3891 {
3892 print FILE " for_acl_users";
3893 }
3894 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3895 {
3896 print FILE " !for_acl_users";
3897 }
3898 } else { print FILE " for_inetusers"; }
3899 }
3900 }
3901 print FILE "\n";
3902 }
3903
3904 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3905 {
3906 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3907 if (!-z $extgrp) { print FILE "http_access allow IPFire_networks for_extended_users\n"; }
3908 }
3909
3910 if (
3911 (
3912 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3913 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3914 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3915 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3916 (!-z "$ntlmdir/msntauth.denyusers")
3917 )
3918 ||
3919 (
3920 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3921 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3922 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3923 (!-z "$raddir/radauth.denyusers")
3924 )
3925 ||
3926 (
3927 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3928 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3929 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3930 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3931 (!-z "$identdir/identauth.denyusers")
3932 )
3933 )
3934 {
3935 print FILE "http_access deny for_acl_users";
3936 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3937 print FILE "\n";
3938 }
3939
3940 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3941 {
3942 print FILE "http_access allow";
3943 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3944 print FILE " !within_timeframe";
3945 } else {
3946 print FILE " within_timeframe"; }
3947 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3948 print FILE " !on_ident_aware_hosts\n";
3949 }
3950
3951 print FILE "http_access allow IPFire_networks";
3952 if (
3953 (
3954 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3955 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3956 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3957 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3958 (!-z "$ntlmdir/msntauth.allowusers")
3959 )
3960 ||
3961 (
3962 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3963 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3964 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3965 (!-z "$raddir/radauth.allowusers")
3966 )
3967 ||
3968 (
3969 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3970 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3971 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3972 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3973 (!-z "$identdir/identauth.allowusers")
3974 )
3975 )
3976 {
3977 print FILE " for_acl_users";
3978 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3979 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3980 print FILE " for_inetusers";
3981 }
3982 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3983 {
3984 print FILE " !concurrent";
3985 }
3986 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3987 print FILE " !within_timeframe";
3988 } else {
3989 print FILE " within_timeframe"; }
3990 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3991 print FILE "\n";
3992
3993 print FILE "http_access deny all\n\n";
3994
3995 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3996 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3997 {
3998 print FILE "#Strip HTTP Header\n";
3999
4000 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
4001 {
4002 print FILE "request_header_access X-Forwarded-For deny all\n";
4003 print FILE "reply_header_access X-Forwarded-For deny all\n";
4004 }
4005 if ($proxysettings{'FORWARD_VIA'} eq 'off')
4006 {
4007 print FILE "request_header_access Via deny all\n";
4008 print FILE "reply_header_access Via deny all\n";
4009 }
4010 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
4011 {
4012 print FILE "request_header_access User-Agent deny all\n";
4013 print FILE "reply_header_access User-Agent deny all\n";
4014 }
4015 if (!($proxysettings{'FAKE_REFERER'} eq ''))
4016 {
4017 print FILE "request_header_access Referer deny all\n";
4018 print FILE "reply_header_access Referer deny all\n";
4019 }
4020
4021 print FILE "\n";
4022
4023 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
4024 {
4025 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
4026 {
4027 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
4028 }
4029 if (!($proxysettings{'FAKE_REFERER'} eq ''))
4030 {
4031 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
4032 }
4033 print FILE "\n";
4034 }
4035 }
4036
4037 if ($proxysettings{'SUPPRESS_VERSION'} eq 'on') { print FILE "httpd_suppress_version_string on\n\n" }
4038
4039 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
4040 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPFire_unrestricted_ips\n"; }
4041 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPFire_unrestricted_mac\n"; }
4042 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
4043 {
4044 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
4045 }
4046 print FILE "http_reply_access deny blocked_mimetypes\n";
4047 print FILE "http_reply_access allow all\n\n";
4048 }
4049
4050 print FILE "visible_hostname";
4051 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
4052 {
4053 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
4054 } else {
4055 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
4056 }
4057
4058 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
4059 if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
4060 print FILE "\n";
4061
4062 print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
4063
4064 # Write the parent proxy info, if needed.
4065 if ($remotehost ne '')
4066 {
4067 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
4068
4069 # Enter authentication for the parent cache. Option format is
4070 # login=user:password ($proxy1='YES')
4071 # login=PASS ($proxy1='PASS')
4072 # login=*:password ($proxysettings{'FORWARD_USERNAME'} eq 'on')
4073 if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS'))
4074 {
4075 print FILE " login=$proxysettings{'UPSTREAM_USER'}";
4076 if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; }
4077 }
4078 elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
4079
4080 print FILE "\nalways_direct allow IPFire_ips\n";
4081 print FILE "never_direct allow all\n\n";
4082 }
4083 if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
4084 {
4085 print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
4086 print FILE "url_rewrite_children ", &General::number_cpu_cores(), "\n\n";
4087 }
4088
4089 # Include file with user defined settings.
4090 if (-e "/etc/squid/squid.conf.local") {
4091 print FILE "include /etc/squid/squid.conf.local\n";
4092 }
4093 close FILE;
4094
4095 # Proxy settings for squidclamav - if installed.
4096 #
4097 # Check if squidclamav is enabled.
4098 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
4099
4100 my $configfile='/etc/squidclamav.conf';
4101
4102 my $data = &General::read_file_utf8($configfile);
4103 $data =~ s/squid_port [0-9]+/squid_port $proxysettings{'PROXY_PORT'}/g;
4104 &General::write_file_utf8($configfile, $data);
4105 }
4106 }
4107
4108 # -------------------------------------------------------------------
4109
4110 sub adduser
4111 {
4112 my ($str_user, $str_pass, $str_group) = @_;
4113 my @groupmembers=();
4114
4115 if ($str_pass eq 'lEaVeAlOnE')
4116 {
4117 open(FILE, "$userdb");
4118 @groupmembers = <FILE>;
4119 close(FILE);
4120 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
4121 &deluser($str_user);
4122 open(FILE, ">>$userdb");
4123 flock FILE,2;
4124 print FILE "$str_user$str_pass";
4125 close(FILE);
4126 } else {
4127 &deluser($str_user);
4128
4129 my $htpasswd = new Apache::Htpasswd("$userdb");
4130 $htpasswd->htpasswd($str_user, $str_pass);
4131 }
4132
4133 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
4134 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
4135 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
4136 flock FILE, 2;
4137 print FILE "$str_user\n";
4138 close(FILE);
4139
4140 return;
4141 }
4142
4143 # -------------------------------------------------------------------
4144
4145 sub deluser
4146 {
4147 my ($str_user) = @_;
4148 my $groupfile='';
4149 my @groupmembers=();
4150 my @templist=();
4151
4152 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
4153 {
4154 undef @templist;
4155 open(FILE, "$groupfile");
4156 @groupmembers = <FILE>;
4157 close(FILE);
4158 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
4159 open(FILE, ">$groupfile");
4160 flock FILE, 2;
4161 print FILE @templist;
4162 close(FILE);
4163 }
4164
4165 undef @templist;
4166 open(FILE, "$userdb");
4167 @groupmembers = <FILE>;
4168 close(FILE);
4169 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
4170 open(FILE, ">$userdb");
4171 flock FILE, 2;
4172 print FILE @templist;
4173 close(FILE);
4174
4175 return;
4176 }
4177
4178 # -------------------------------------------------------------------
4179
4180 sub writecachemgr
4181 {
4182 open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
4183 flock(FILE, 2);
4184 print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
4185 print FILE "localhost";
4186 close(FILE);
4187 return;
4188 }
4189
4190 # -------------------------------------------------------------------
IPFire 2.x development tree