]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
proxy.cgi: Implement proactive Fast Flux detection and detection for selectively...
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use Apache::Htpasswd;
24 use Scalar::Util qw(looks_like_number);
25
26 # enable only the following on debugging purpose
27 #use warnings;
28 #use CGI::Carp 'fatalsToBrowser';
29
30 require '/var/ipfire/general-functions.pl';
31 require "${General::swroot}/lang.pl";
32 require "${General::swroot}/header.pl";
33
34 require "${General::swroot}/ids-functions.pl";
35
36 my @squidversion = &General::system_output("/usr/sbin/squid", "-v");
37 my $http_port='81';
38 my $https_port='444';
39
40 my %color = ();
41 my %mainsettings = ();
42 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
43 &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
44
45 my %proxysettings=();
46 my %netsettings=();
47 my %filtersettings=();
48 my %xlratorsettings=();
49 my %stdproxysettings=();
50 my %mainsettings=();
51
52 my %checked=();
53 my %selected=();
54
55 my @throttle_limits=(64,128,256,512,1024,1536,2048,3072,4096,5120,6144,7168,8192,10240,16384,20480,51200,102400);
56
57 my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
58 my $def_ports_ssl="443 # https\n563 # snews\n";
59
60 my $hintcolour='#FFFFCC';
61 my $ncsa_buttontext='';
62 my $language='';
63 my $i=0;
64 my $n=0;
65 my $id=0;
66 my $line='';
67 my $user='';
68 my @userlist=();
69 my @grouplist=();
70 my @temp=();
71 my @templist=();
72
73 my $cachemem=0;
74 my $proxy1='';
75 my $proxy2='';
76 my $browser_regexp='';
77 my $needhup = 0;
78 my $errormessage='';
79
80 my $acldir = "${General::swroot}/proxy/advanced/acls";
81 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
82 my $raddir = "${General::swroot}/proxy/advanced/radius";
83 my $identdir = "${General::swroot}/proxy/advanced/ident";
84 my $credir = "${General::swroot}/proxy/advanced/cre";
85
86 my $userdb = "$ncsadir/passwd";
87 my $stdgrp = "$ncsadir/standard.grp";
88 my $extgrp = "$ncsadir/extended.grp";
89 my $disgrp = "$ncsadir/disabled.grp";
90
91 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
92 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
93
94 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
95 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
96 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
97
98 my $identhosts = "$identdir/hosts";
99
100 my $authdir = "/usr/lib/squid";
101 my $errordir = "/usr/lib/squid/errors";
102
103 my $acl_src_subnets = "$acldir/src_subnets.acl";
104 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
105 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
106 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
107 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
108 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
109 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
110 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
111 my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
112 my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
113 my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
114 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
115 my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
116 my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
117 my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
118 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
119 my $acl_ports_safe = "$acldir/ports_safe.acl";
120 my $acl_ports_ssl = "$acldir/ports_ssl.acl";
121 my $acl_include = "$acldir/include.acl";
122
123 my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl";
124 my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
125
126 my $updaccelversion = 'n/a';
127 my $urlfilterversion = 'n/a';
128
129 unless (-d "$acldir") { mkdir("$acldir"); }
130 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
131 unless (-d "$raddir") { mkdir("$raddir"); }
132 unless (-d "$identdir") { mkdir("$identdir"); }
133 unless (-d "$credir") { mkdir("$credir"); }
134
135 unless (-e $cre_groups) { &General::system("touch", "$cre_groups"); }
136 unless (-e $cre_svhosts) { &General::system("touch $cre_svhosts"); }
137
138 unless (-e $userdb) { &General::system("touch", "$userdb"); }
139 unless (-e $stdgrp) { &General::system("touch", "$stdgrp"); }
140 unless (-e $extgrp) { &General::system("touch", "$extgrp"); }
141 unless (-e $disgrp) { &General::system("touch", "$disgrp"); }
142
143 unless (-e $acl_src_subnets) { &General::system("touch", "$acl_src_subnets"); }
144 unless (-e $acl_src_banned_ip) { &General::system("touch", "$acl_src_banned_ip"); }
145 unless (-e $acl_src_banned_mac) { &General::system("touch", "$acl_src_banned_mac"); }
146 unless (-e $acl_src_unrestricted_ip) { &General::system("touch", "$acl_src_unrestricted_ip"); }
147 unless (-e $acl_src_unrestricted_mac) { &General::system("touch", "$acl_src_unrestricted_mac"); }
148 unless (-e $acl_src_noaccess_ip) { &General::system("touch", "$acl_src_noaccess_ip"); }
149 unless (-e $acl_src_noaccess_mac) { &General::system("touch", "$acl_src_noaccess_mac"); }
150 unless (-e $acl_dst_noauth) { &General::system("touch", "$acl_dst_noauth"); }
151 unless (-e $acl_dst_noauth_dom) { &General::system("touch", "$acl_dst_noauth_dom"); }
152 unless (-e $acl_dst_noauth_net) { &General::system("touch", "$acl_dst_noauth_net"); }
153 unless (-e $acl_dst_noauth_url) { &General::system("touch", "$acl_dst_noauth_url"); }
154 unless (-e $acl_dst_nocache) { &General::system("touch", "$acl_dst_nocache"); }
155 unless (-e $acl_dst_nocache_dom) { &General::system("touch", "$acl_dst_nocache_dom"); }
156 unless (-e $acl_dst_nocache_net) { &General::system("touch", "$acl_dst_nocache_net"); }
157 unless (-e $acl_dst_nocache_url) { &General::system("touch", "$acl_dst_nocache_url"); }
158 unless (-e $acl_dst_throttle) { &General::system("touch", "$acl_dst_throttle"); }
159 unless (-e $acl_ports_safe) { &General::system("touch", "$acl_ports_safe"); }
160 unless (-e $acl_ports_ssl) { &General::system("touch", "$acl_ports_ssl"); }
161 unless (-e $acl_include) { &General::system("touch", "$acl_include"); }
162
163 unless (-e $mimetypes) { &General::system("touch", "$mimetypes"); }
164
165 my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
166
167 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
168 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
169
170 my $green_cidr = "";
171 if (&Header::green_used() && $netsettings{'GREEN_DEV'}) {
172 $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
173 }
174
175 my $blue_cidr = "";
176 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
177 $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
178 }
179
180 &Header::showhttpheaders();
181
182 $proxysettings{'ACTION'} = '';
183 $proxysettings{'VALID'} = '';
184
185 $proxysettings{'ENABLE'} = 'off';
186 $proxysettings{'ENABLE_BLUE'} = 'off';
187 $proxysettings{'TRANSPARENT'} = 'off';
188 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
189 $proxysettings{'PROXY_PORT'} = '800';
190 $proxysettings{'TRANSPARENT_PORT'} = '3128';
191 $proxysettings{'VISIBLE_HOSTNAME'} = '';
192 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
193 $proxysettings{'ADMIN_PASSWORD'} = '';
194 $proxysettings{'ERR_LANGUAGE'} = 'en';
195 $proxysettings{'ERR_DESIGN'} = 'ipfire';
196 $proxysettings{'SUPPRESS_VERSION'} = 'on';
197 $proxysettings{'FORWARD_VIA'} = 'off';
198 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
199 $proxysettings{'FORWARD_USERNAME'} = 'off';
200 $proxysettings{'NO_CONNECTION_AUTH'} = 'off';
201 $proxysettings{'UPSTREAM_PROXY'} = '';
202 $proxysettings{'UPSTREAM_USER'} = '';
203 $proxysettings{'UPSTREAM_PASSWORD'} = '';
204 $proxysettings{'LOGGING'} = 'off';
205 $proxysettings{'CACHEMGR'} = 'off';
206 $proxysettings{'LOGQUERY'} = 'off';
207 $proxysettings{'LOGUSERAGENT'} = 'off';
208 $proxysettings{'FILEDESCRIPTORS'} = '16384';
209 $proxysettings{'CACHE_MEM'} = '128';
210 $proxysettings{'CACHE_SIZE'} = '0';
211 $proxysettings{'MAX_SIZE'} = '4096';
212 $proxysettings{'MIN_SIZE'} = '0';
213 $proxysettings{'MEM_POLICY'} = 'LRU';
214 $proxysettings{'CACHE_POLICY'} = 'LRU';
215 $proxysettings{'L1_DIRS'} = '16';
216 $proxysettings{'OFFLINE_MODE'} = 'off';
217 $proxysettings{'CACHE_DIGESTS'} = 'off';
218 $proxysettings{'CLASSROOM_EXT'} = 'off';
219 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
220 $proxysettings{'NO_PROXY_LOCAL'} = 'off';
221 $proxysettings{'NO_PROXY_LOCAL_BLUE'} = 'off';
222 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
223 $proxysettings{'TIME_FROM_HOUR'} = '00';
224 $proxysettings{'TIME_FROM_MINUTE'} = '00';
225 $proxysettings{'TIME_TO_HOUR'} = '24';
226 $proxysettings{'TIME_TO_MINUTE'} = '00';
227 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
228 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
229 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
230 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
231 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
232 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
233 $proxysettings{'ASNBL_FASTFLUX_DETECTION'} = 'off';
234 $proxysettings{'ASNBL_FASTFLUX_THRESHOLD'} = '5';
235 $proxysettings{'ASNBL_SELECANN_DETECTION'} = 'off';
236 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
237 $proxysettings{'AUTH_METHOD'} = 'none';
238 $proxysettings{'AUTH_REALM'} = '';
239 $proxysettings{'AUTH_MAX_USERIP'} = '';
240 $proxysettings{'AUTH_CACHE_TTL'} = '60';
241 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
242 $proxysettings{'AUTH_CHILDREN'} = '5';
243 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
244 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
245 $proxysettings{'NCSA_USERNAME'} = '';
246 $proxysettings{'NCSA_GROUP'} = '';
247 $proxysettings{'NCSA_PASS'} = '';
248 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
249 $proxysettings{'LDAP_BASEDN'} = '';
250 $proxysettings{'LDAP_TYPE'} = 'ADS';
251 $proxysettings{'LDAP_SERVER'} = '';
252 $proxysettings{'LDAP_PORT'} = '389';
253 $proxysettings{'LDAP_BINDDN_USER'} = '';
254 $proxysettings{'LDAP_BINDDN_PASS'} = '';
255 $proxysettings{'LDAP_GROUP'} = '';
256 $proxysettings{'NTLM_AUTH_GROUP'} = '';
257 $proxysettings{'NTLM_AUTH_BASIC'} = 'off';
258 $proxysettings{'NTLM_DOMAIN'} = '';
259 $proxysettings{'NTLM_PDC'} = '';
260 $proxysettings{'NTLM_BDC'} = '';
261 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
262 $proxysettings{'NTLM_USER_ACL'} = 'positive';
263 $proxysettings{'RADIUS_SERVER'} = '';
264 $proxysettings{'RADIUS_PORT'} = '1812';
265 $proxysettings{'RADIUS_IDENTIFIER'} = '';
266 $proxysettings{'RADIUS_SECRET'} = '';
267 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
268 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
269 $proxysettings{'IDENT_REQUIRED'} = 'off';
270 $proxysettings{'IDENT_TIMEOUT'} = '10';
271 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
272 $proxysettings{'IDENT_USER_ACL'} = 'positive';
273 $proxysettings{'ENABLE_FILTER'} = 'off';
274 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
275 $proxysettings{'ENABLE_CLAMAV'} = 'off';
276
277 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
278
279 &Header::getcgihash(\%proxysettings);
280
281 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
282 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
283 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
284 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
285
286 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
287 {
288 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
289 }
290
291 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
292 {
293 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
294 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
295 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
296 }
297 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
298 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
299 }
300 if ($proxysettings{'NCSA_USERNAME'} eq '') {
301 $errormessage = $Lang::tr{'advproxy errmsg no username'};
302 }
303 if (!$errormessage) {
304 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
305 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
306 }
307 $proxysettings{'NCSA_USERNAME'} = '';
308 $proxysettings{'NCSA_GROUP'} = '';
309 $proxysettings{'NCSA_PASS'} = '';
310 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
311 }
312
313 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
314 {
315 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
316 &deluser($proxysettings{'ID'});
317 }
318
319 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
320 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
321 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
322
323 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
324 {
325 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
326 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
327 @temp = split(/:/,$proxysettings{'ID'});
328 $proxysettings{'NCSA_USERNAME'} = $temp[0];
329 $proxysettings{'NCSA_GROUP'} = $temp[1];
330 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
331 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
332 }
333
334 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
335 {
336 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
337 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
338 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
339 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
340 $errormessage = $Lang::tr{'invalid input'};
341 goto ERROR;
342 }
343 if($proxysettings{'CACHE_MEM'} > $proxysettings{'CACHE_SIZE'} && $proxysettings{'CACHE_SIZE'} > 0){
344 $errormessage = $Lang::tr{'advproxy errmsg cache'}." ".$proxysettings{'CACHE_MEM'}." > ".$proxysettings{'CACHE_SIZE'};
345 goto ERROR;
346 }
347
348 if (!(&General::validport($proxysettings{'PROXY_PORT'})))
349 {
350 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
351 goto ERROR;
352 }
353 if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
354 {
355 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
356 goto ERROR;
357 }
358 if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
359 $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
360 goto ERROR;
361 }
362 if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
363 {
364 my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
365 if (!(&General::validip($temp[0])))
366 {
367 if (!(&General::validdomainname($temp[0])))
368 {
369 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
370 goto ERROR;
371 }
372 }
373 }
374 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
375 ($proxysettings{'CACHE_SIZE'} < 10))
376 {
377 if (!($proxysettings{'CACHE_SIZE'} eq '0'))
378 {
379 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
380 goto ERROR;
381 }
382 }
383 if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
384 ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576))
385 {
386 $errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
387 goto ERROR;
388 }
389 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/))
390 {
391 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
392 goto ERROR;
393 }
394 my @free = &General::system_output("/usr/bin/free");
395 $free[1] =~ m/(\d+)/;
396 $cachemem = int $1 / 2048;
397 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
398 $proxysettings{'CACHE_MEM'} = $cachemem;
399 }
400 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
401 {
402 $errormessage = $Lang::tr{'invalid maximum object size'};
403 goto ERROR;
404 }
405 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
406 {
407 $errormessage = $Lang::tr{'invalid minimum object size'};
408 goto ERROR;
409 }
410 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
411 {
412 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
413 goto ERROR;
414 }
415 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
416 {
417 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
418 goto ERROR;
419 }
420 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
421 {
422 $errormessage = $Lang::tr{'invalid maximum incoming size'};
423 goto ERROR;
424 }
425 if (($proxysettings{'ASNBL_FASTFLUX_DETECTION'} eq 'on') || ($proxysettings{'ASNBL_SELECANN_DETECTION'} eq 'on'))
426 {
427 if (-z $proxysettings{'ASNBL_FASTFLUX_THRESHOLD'}) {
428 $errormessage = $Lang::tr{'advproxy fastflux no threshold given'};
429 goto ERROR;
430 }
431 if (! looks_like_number($proxysettings{'ASNBL_FASTFLUX_THRESHOLD'})) {
432 $errormessage = $Lang::tr{'advproxy fastflux threshold invalid'};
433 goto ERROR;
434 }
435 if (($proxysettings{'ASNBL_FASTFLUX_THRESHOLD'} < 2) || ($proxysettings{'ASNBL_FASTFLUX_THRESHOLD'} > 10)) {
436 $errormessage = $Lang::tr{'advproxy fastflux threshold out of bounds'};
437 goto ERROR;
438 }
439 }
440 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
441 {
442 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
443 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
444 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
445 {
446 if ($netsettings{'BLUE_DEV'})
447 {
448 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
449 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
450 {
451 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
452 goto ERROR;
453 }
454 } else {
455 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
456 {
457 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
458 goto ERROR;
459 }
460 }
461 }
462 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
463 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
464 {
465 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
466 goto ERROR;
467 }
468 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
469 {
470 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
471 goto ERROR;
472 }
473 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
474 {
475 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
476 goto ERROR;
477 }
478 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
479 {
480 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
481 goto ERROR;
482 }
483 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
484 {
485 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
486 goto ERROR;
487 }
488 }
489 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
490 {
491 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg password length'};
494 goto ERROR;
495 }
496 }
497 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
498 {
499 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
500 {
501 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
502 goto ERROR;
503 }
504 }
505 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
506 {
507 if ($proxysettings{'LDAP_BASEDN'} eq '')
508 {
509 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
510 goto ERROR;
511 }
512 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
513 {
514 if (!&General::validdomainname($proxysettings{'LDAP_SERVER'}))
515 {
516 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
517 goto ERROR;
518 }
519 }
520 if (!&General::validport($proxysettings{'LDAP_PORT'}))
521 {
522 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
523 goto ERROR;
524 }
525 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
526 {
527 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
528 {
529 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
530 goto ERROR;
531 }
532 }
533 }
534 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
535 {
536 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
537 {
538 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
539 goto ERROR;
540 }
541 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
542 {
543 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
544 goto ERROR;
545 }
546 if ($proxysettings{'RADIUS_SECRET'} eq '')
547 {
548 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
549 goto ERROR;
550 }
551 }
552
553 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
554 $proxy1 = 'YES';
555 $proxy2 = 'YES';
556 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
557 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
558 if ($proxysettings{'UPSTREAM_USER'} eq 'PASS') {$proxy1=$proxy2='PASS'; $proxysettings{'UPSTREAM_PASSWORD'} = '';}
559 if (($proxy1 ne $proxy2))
560 {
561 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
562 goto ERROR;
563 }
564
565 ERROR:
566 &check_acls;
567
568 if ($errormessage) {
569 $proxysettings{'VALID'} = 'no'; }
570 else {
571 $proxysettings{'VALID'} = 'yes'; }
572
573 if ($proxysettings{'VALID'} eq 'yes')
574 {
575 # Determine if suricata may needs to be restarted.
576 my $suricata_proxy_ports_changed;
577
578 # Check if the IDS is running
579 if(&IDS::ids_is_running()) {
580 my %oldproxysettings;
581
582 # Read-in current proxy settings and store them as oldsettings hash.
583 &General::readhash("${General::swroot}/proxy/advanced/settings", \%oldproxysettings);
584
585 # Check if the proxy port has been changed.
586 unless ($proxysettings{'PROXY_PORT'} eq $oldproxysettings{'PROXY_PORT'}) {
587 # Port has changed, suricata needs to be adjusted.
588 $suricata_proxy_ports_changed = 1;
589 }
590
591 # Check if the transparent port has been changed.
592 unless ($proxysettings{'TRANSPARENT_PORT'} eq $oldproxysettings{'TRANSPARENT_PORT'}) {
593 # Transparent port has changed, suricata needs to be adjusted.
594 $suricata_proxy_ports_changed = 1;
595 }
596 }
597
598 &write_acls;
599
600 delete $proxysettings{'SRC_SUBNETS'};
601 delete $proxysettings{'SRC_BANNED_IP'};
602 delete $proxysettings{'SRC_BANNED_MAC'};
603 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
604 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
605 delete $proxysettings{'DST_NOCACHE'};
606 delete $proxysettings{'DST_NOAUTH'};
607 delete $proxysettings{'DST_NOPROXY_IP'};
608 delete $proxysettings{'DST_NOPROXY_URL'};
609 delete $proxysettings{'PORTS_SAFE'};
610 delete $proxysettings{'PORTS_SSL'};
611 delete $proxysettings{'MIME_TYPES'};
612 delete $proxysettings{'NTLM_ALLOW_USERS'};
613 delete $proxysettings{'NTLM_DENY_USERS'};
614 delete $proxysettings{'RADIUS_ALLOW_USERS'};
615 delete $proxysettings{'RADIUS_DENY_USERS'};
616 delete $proxysettings{'IDENT_HOSTS'};
617 delete $proxysettings{'IDENT_ALLOW_USERS'};
618 delete $proxysettings{'IDENT_DENY_USERS'};
619
620 delete $proxysettings{'CRE_GROUPS'};
621 delete $proxysettings{'CRE_SVHOSTS'};
622
623 delete $proxysettings{'NCSA_USERNAME'};
624 delete $proxysettings{'NCSA_GROUP'};
625 delete $proxysettings{'NCSA_PASS'};
626 delete $proxysettings{'NCSA_PASS_CONFIRM'};
627
628 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
629 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
630 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
631 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
632 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
633 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
634 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
635
636 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
637 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
638
639 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
640
641 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
642 $stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
643 $stdproxysettings{'UPSTREAM_PROXY'} = $proxysettings{'UPSTREAM_PROXY'};
644 $stdproxysettings{'UPSTREAM_USER'} = $proxysettings{'UPSTREAM_USER'};
645 $stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
646 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
647 $stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
648 $stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
649 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
650
651 &writeconfig;
652 &writepacfile;
653
654 if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
655
656 &General::system ('/usr/local/bin/squidctrl', 'disable');
657 unlink "${General::swroot}/proxy/enable";
658 unlink "${General::swroot}/proxy/transparent";
659 unlink "${General::swroot}/proxy/enable_blue";
660 unlink "${General::swroot}/proxy/transparent_blue";
661
662 if ($proxysettings{'ENABLE'} eq 'on') {
663 &General::system('/usr/bin/touch', "${General::swroot}/proxy/enable");
664 &General::system('/usr/local/bin/squidctrl', 'enable'); }
665 if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
666 &General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
667 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
668 &General::system('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
669 &General::system('/usr/local/bin/squidctrl', 'enable'); }
670 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
671 &General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
672
673 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
674 if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { &General::system('/usr/local/bin/squidctrl', 'reconfigure'); }
675
676 # Check if the suricata_proxy_ports_changed flag has been set.
677 if ($suricata_proxy_ports_changed) {
678 # Re-generate HTTP ports file.
679 &IDS::generate_http_ports_file();
680
681 # Restart suricata.
682 &IDS::call_suricatactrl("restart");
683 }
684 }
685 }
686
687 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
688 {
689 &General::system('/usr/local/bin/squidctrl', 'flush');
690 }
691
692 if (!$errormessage)
693 {
694 if (-e "${General::swroot}/proxy/advanced/settings") {
695 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
696 } elsif (-e "${General::swroot}/proxy/settings") {
697 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
698 }
699 &read_acls;
700 }
701
702 # ------------------------------------------------------------------
703
704 # Hook to regenerate the configuration files, if cgi got called from command line.
705 if ($ENV{"REMOTE_ADDR"} eq "") {
706 writeconfig();
707 exit(0);
708 }
709
710 # -------------------------------------------------------------------
711
712 $checked{'ENABLE'}{'off'} = '';
713 $checked{'ENABLE'}{'on'} = '';
714 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
715
716 $checked{'TRANSPARENT'}{'off'} = '';
717 $checked{'TRANSPARENT'}{'on'} = '';
718 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
719
720 $checked{'ENABLE_BLUE'}{'off'} = '';
721 $checked{'ENABLE_BLUE'}{'on'} = '';
722 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
723
724 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
725 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
726 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
727
728 $checked{'SUPPRESS_VERSION'}{'off'} = '';
729 $checked{'SUPPRESS_VERSION'}{'on'} = '';
730 $checked{'SUPPRESS_VERSION'}{$proxysettings{'SUPPRESS_VERSION'}} = "checked='checked'";
731
732 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
733 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
734 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
735 $checked{'FORWARD_USERNAME'}{'off'} = '';
736 $checked{'FORWARD_USERNAME'}{'on'} = '';
737 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
738 $checked{'FORWARD_VIA'}{'off'} = '';
739 $checked{'FORWARD_VIA'}{'on'} = '';
740 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
741 $checked{'NO_CONNECTION_AUTH'}{'off'} = '';
742 $checked{'NO_CONNECTION_AUTH'}{'on'} = '';
743 $checked{'NO_CONNECTION_AUTH'}{$proxysettings{'NO_CONNECTION_AUTH'}} = "checked='checked'";
744
745 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
746 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
747 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
748 $checked{'OFFLINE_MODE'}{'off'} = '';
749 $checked{'OFFLINE_MODE'}{'on'} = '';
750 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
751 $checked{'CACHE_DIGESTS'}{'off'} = '';
752 $checked{'CACHE_DIGESTS'}{'on'} = '';
753 $checked{'CACHE_DIGESTS'}{$proxysettings{'CACHE_DIGESTS'}} = "checked='checked'";
754
755 $checked{'LOGGING'}{'off'} = '';
756 $checked{'LOGGING'}{'on'} = '';
757 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
758 $checked{'CACHEMGR'}{'off'} = '';
759 $checked{'CACHEMGR'}{'on'} = '';
760 $checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
761 $checked{'LOGQUERY'}{'off'} = '';
762 $checked{'LOGQUERY'}{'on'} = '';
763 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
764 $checked{'LOGUSERAGENT'}{'off'} = '';
765 $checked{'LOGUSERAGENT'}{'on'} = '';
766 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
767
768 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
769 $selected{'ERR_DESIGN'}{$proxysettings{'ERR_DESIGN'}} = "selected='selected'";
770
771 $checked{'NO_PROXY_LOCAL'}{'off'} = '';
772 $checked{'NO_PROXY_LOCAL'}{'on'} = '';
773 $checked{'NO_PROXY_LOCAL'}{$proxysettings{'NO_PROXY_LOCAL'}} = "checked='checked'";
774 $checked{'NO_PROXY_LOCAL_BLUE'}{'off'} = '';
775 $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} = '';
776 $checked{'NO_PROXY_LOCAL_BLUE'}{$proxysettings{'NO_PROXY_LOCAL_BLUE'}} = "checked='checked'";
777
778 $checked{'CLASSROOM_EXT'}{'off'} = '';
779 $checked{'CLASSROOM_EXT'}{'on'} = '';
780 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
781
782 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
783 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
784 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
785 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
786 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
787
788 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
789 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
790 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
791 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
792 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
793 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
794 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
795
796 $checked{'TIME_MON'}{'off'} = '';
797 $checked{'TIME_MON'}{'on'} = '';
798 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
799 $checked{'TIME_TUE'}{'off'} = '';
800 $checked{'TIME_TUE'}{'on'} = '';
801 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
802 $checked{'TIME_WED'}{'off'} = '';
803 $checked{'TIME_WED'}{'on'} = '';
804 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
805 $checked{'TIME_THU'}{'off'} = '';
806 $checked{'TIME_THU'}{'on'} = '';
807 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
808 $checked{'TIME_FRI'}{'off'} = '';
809 $checked{'TIME_FRI'}{'on'} = '';
810 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
811 $checked{'TIME_SAT'}{'off'} = '';
812 $checked{'TIME_SAT'}{'on'} = '';
813 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
814 $checked{'TIME_SUN'}{'off'} = '';
815 $checked{'TIME_SUN'}{'on'} = '';
816 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
817
818 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
819 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
820 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
821 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
822
823 $checked{'ASNBL_FASTFLUX_DETECTION'}{'off'} = '';
824 $checked{'ASNBL_FASTFLUX_DETECTION'}{'on'} = '';
825 $checked{'ASNBL_FASTFLUX_DETECTION'}{$proxysettings{'ASNBL_FASTFLUX_DETECTION'}} = "checked='checked'";
826
827 $checked{'ASNBL_SELECANN_DETECTION'}{'off'} = '';
828 $checked{'ASNBL_SELECANN_DETECTION'}{'on'} = '';
829 $checked{'ASNBL_SELECANN_DETECTION'}{$proxysettings{'ASNBL_SELECANN_DETECTION'}} = "checked='checked'";
830
831 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
832 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
833 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
834
835 $checked{'AUTH_METHOD'}{'none'} = '';
836 $checked{'AUTH_METHOD'}{'ncsa'} = '';
837 $checked{'AUTH_METHOD'}{'ident'} = '';
838 $checked{'AUTH_METHOD'}{'ldap'} = '';
839 $checked{'AUTH_METHOD'}{'ntlm-auth'} = '';
840 $checked{'AUTH_METHOD'}{'radius'} = '';
841 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
842
843 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
844
845 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
846 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
847 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
848
849 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
850 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
851 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
852
853 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
854
855 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
856
857 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
858
859 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
860 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
861 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
862
863 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
864 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
865 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
866
867 $checked{'NTLM_USER_ACL'}{'positive'} = '';
868 $checked{'NTLM_USER_ACL'}{'negative'} = '';
869 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
870
871 $checked{'NTLM_AUTH_BASIC'}{'on'} = '';
872 $checked{'NTLM_AUTH_BASIC'}{'off'} = '';
873 $checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'";
874
875 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
876 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
877 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
878
879 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
880 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
881 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
882
883 $checked{'IDENT_REQUIRED'}{'off'} = '';
884 $checked{'IDENT_REQUIRED'}{'on'} = '';
885 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
886
887 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
888 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
889 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
890
891 $checked{'IDENT_USER_ACL'}{'positive'} = '';
892 $checked{'IDENT_USER_ACL'}{'negative'} = '';
893 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
894
895 $checked{'ENABLE_FILTER'}{'off'} = '';
896 $checked{'ENABLE_FILTER'}{'on'} = '';
897 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
898
899 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
900 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
901 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
902
903 $checked{'ENABLE_CLAMAV'}{'off'} = '';
904 $checked{'ENABLE_CLAMAV'}{'on'} = '';
905 $checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
906
907 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
908
909 &Header::openbigbox('100%', 'left', '', $errormessage);
910
911 if ($errormessage) {
912 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
913 print "<font class='base'>$errormessage&nbsp;</font>\n";
914 &Header::closebox();
915 }
916
917 if ($squidversion[0] =~ /^Squid\sCache:\sVersion\s/i)
918 {
919 $squidversion[0] =~ s/^Squid\sCache:\sVersion//i;
920 $squidversion[0] =~ s/^\s+//g;
921 $squidversion[0] =~ s/\s+$//g;
922 } else {
923 $squidversion[0] = $Lang::tr{'advproxy unknown'};
924 }
925
926 # ===================================================================
927 # Main settings
928 # ===================================================================
929
930 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
931
932 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
933
934 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
935
936 print <<END
937 <table width='100%'>
938 <tr>
939 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
940 </tr>
941 <tr>
942 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
943 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
944 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
945 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
946 </tr>
947 <tr>
948 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
949 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
950 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
951 <td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
952 </tr>
953 <tr>
954 END
955 ;
956 if ($netsettings{'BLUE_DEV'}) {
957 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
958 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
959 } else {
960 print "<td colspan='2'>&nbsp;</td>";
961 }
962 print <<END
963 <td class='base'>$Lang::tr{'advproxy visible hostname'}:</td>
964 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
965 </tr>
966 <tr>
967 END
968 ;
969 if ($netsettings{'BLUE_DEV'}) {
970 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
971 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
972 } else {
973 print "<td colspan='2'>&nbsp;</td>";
974 }
975 print <<END
976 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
977 <td class='base'>
978 <select name='ERR_LANGUAGE'>
979 END
980 ;
981 foreach (<$errordir/*>) {
982 if (-d) {
983 $language = substr($_,rindex($_,"/")+1);
984 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
985 }
986 }
987 print <<END
988 </select>
989 </td>
990 </tr>
991 <tr>
992 <td class='base'>$Lang::tr{'advproxy suppress version'}:</td>
993 <td><input type='checkbox' name='SUPPRESS_VERSION' $checked{'SUPPRESS_VERSION'}{'on'} /></td>
994 <td class='base'>$Lang::tr{'advproxy error design'}:</td>
995 <td class='base'><select name='ERR_DESIGN'>
996 <option value='ipfire' $selected{'ERR_DESIGN'}{'ipfire'}>IPFire</option>
997 <option value='squid' $selected{'ERR_DESIGN'}{'squid'}>$Lang::tr{'advproxy standard'}</option>
998 </select></td>
999 </tr>
1000 <tr>
1001 <td class='base'>$Lang::tr{'advproxy squid version'}:</td>
1002 <td class='base'>&nbsp;[<font color='$Header::colourred'> $squidversion[0] </font>]</td>
1003 <td>&nbsp;</td>
1004 <td>&nbsp;</td>
1005 </tr>
1006 </table>
1007 <hr size='1'>
1008 <table width='100%'>
1009 END
1010 ;
1011 if ( -e "/usr/bin/squidclamav" ) {
1012 print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
1013 if ( ! -e "/var/run/clamav/clamd.pid" ){
1014 print "<font color='red'>clamav not running</font><br /><br />";
1015 $proxysettings{'ENABLE_CLAMAV'} = 'off';
1016 }
1017 else {
1018 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
1019 }
1020 print "</td>";
1021 } else {
1022 print "<td></td>";
1023 }
1024 print "<td class='base'><a href='/cgi-bin/urlfilter.cgi'><b>".$Lang::tr{'advproxy url filter'}."</a></b><br />";
1025 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_FILTER' ".$checked{'ENABLE_FILTER'}{'on'}." /><br />";
1026 print "</td>";
1027 print "<td class='base'><a href='/cgi-bin/updatexlrator.cgi'><b>".$Lang::tr{'advproxy update accelerator'}."</a></b><br />";
1028 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_UPDXLRATOR' ".$checked{'ENABLE_UPDXLRATOR'}{'on'}." /><br />";
1029 print "</td></tr>";
1030 print <<END
1031 </table>
1032 <hr size='1'>
1033 <table width='100%'>
1034 <tr>
1035 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
1036 </tr>
1037 <tr>
1038 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}:</td>
1039 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
1040 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}:</td>
1041 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
1042 </tr>
1043 <tr>
1044 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}:</td>
1045 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
1046 <td class='base'>$Lang::tr{'advproxy upstream username'}:</td>
1047 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
1048 </tr>
1049 <tr>
1050 <td class='base'>$Lang::tr{'advproxy username forwarding'}:</td>
1051 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
1052 <td class='base'>$Lang::tr{'advproxy upstream password'}:</td>
1053 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
1054 </tr>
1055 <tr>
1056 <td class='base'>$Lang::tr{'advproxy no connection auth'}:</td>
1057 <td><input type='checkbox' name='NO_CONNECTION_AUTH' $checked{'NO_CONNECTION_AUTH'}{'on'} /></td>
1058 <td>&nbsp;</td>
1059 <td>&nbsp;</td>
1060 </tr>
1061 </table>
1062 <hr size='1'>
1063 <table width='100%'>
1064 <tr>
1065 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
1066 </tr>
1067 <tr>
1068 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
1069 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
1070 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
1071 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
1072 </tr>
1073 <tr>
1074 <td>&nbsp;</td>
1075 <td>&nbsp;</td>
1076 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
1077 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
1078 </tr>
1079 </table>
1080 <hr size='1'>
1081 <table width='100%'>
1082 <tr>
1083 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
1084 </tr>
1085 <tr>
1086 <td class='base'><a href='/cgi-bin/cachemgr.cgi' target='_blank'>$Lang::tr{'proxy cachemgr'}:</td>
1087 <td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
1088 <td class='base'>$Lang::tr{'advproxy admin mail'}:</td>
1089 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
1090 </tr>
1091 <tr>
1092 <td class='base'>$Lang::tr{'proxy filedescriptors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1093 <td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
1094 <td class='base'>$Lang::tr{'proxy admin password'}:</td>
1095 <td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
1096 </tr>
1097 <tr>
1098 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1099 </tr>
1100 <tr>
1101 <td class='base'>$Lang::tr{'advproxy ram cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1102 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
1103 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1104 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
1105 </tr>
1106 <tr>
1107 <td class='base'>$Lang::tr{'advproxy min size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1108 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
1109 <td class='base'>$Lang::tr{'advproxy max size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1110 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
1111 </tr>
1112 <tr>
1113 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
1114 <td class='base'><select name='L1_DIRS'>
1115 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
1116 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
1117 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
1118 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
1119 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
1120 </select></td>
1121 <td colspan='2' rowspan= '5' valign='top' class='base'>
1122 <table cellspacing='0' cellpadding='0'>
1123 <tr>
1124 <!-- intentionally left empty -->
1125 </tr>
1126 <tr>
1127 <td>$Lang::tr{'advproxy no cache sites'}:</td>
1128 </tr>
1129 <tr>
1130 <!-- intentionally left empty -->
1131 </tr>
1132 <tr>
1133 <!-- intentionally left empty -->
1134 </tr>
1135 <tr>
1136 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
1137 END
1138 ;
1139
1140 print $proxysettings{'DST_NOCACHE'};
1141
1142 print <<END
1143 </textarea></td>
1144 </tr>
1145 </table>
1146 </td>
1147 </tr>
1148 <tr>
1149 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
1150 <td class='base'><select name='MEM_POLICY'>
1151 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
1152 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1153 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
1154 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
1155 </select></td>
1156 </tr>
1157 <tr>
1158 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1159 <td class='base'><select name='CACHE_POLICY'>
1160 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1161 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1162 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1163 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1164 </select></td>
1165 </tr>
1166 <tr>
1167 <td colspan='2'>&nbsp;</td>
1168 </tr>
1169 <tr>
1170 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1171 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1172 </tr>
1173 <tr>
1174 <td class='base'>$Lang::tr{'advproxy cache-digest'}:</td>
1175 <td><input type='checkbox' name='CACHE_DIGESTS' $checked{'CACHE_DIGESTS'}{'on'} /></td>
1176 </tr>
1177 </table>
1178 <hr size='1'>
1179 <table width='100%'>
1180 <tr>
1181 <td colspan='4'><b>$Lang::tr{'advproxy destination ports'}</b></td>
1182 </tr>
1183 <tr>
1184 <td width='25%' align='center'></td> <td width='20%' align='center'></td><td width='25%' align='center'></td><td width='30%' align='center'></td>
1185 </tr>
1186 <tr>
1187 <td colspan='2' class='base'>$Lang::tr{'advproxy standard ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1188 <td colspan='2' class='base'>$Lang::tr{'advproxy ssl ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1189 </tr>
1190 <tr>
1191 <td colspan='2'><textarea name='PORTS_SAFE' cols='32' rows='6' wrap='off'>
1192 END
1193 ;
1194 if (!$proxysettings{'PORTS_SAFE'}) { print $def_ports_safe; } else { print $proxysettings{'PORTS_SAFE'}; }
1195
1196 print <<END
1197 </textarea></td>
1198 <td colspan='2'><textarea name='PORTS_SSL' cols='32' rows='6' wrap='off'>
1199 END
1200 ;
1201 if (!$proxysettings{'PORTS_SSL'}) { print $def_ports_ssl; } else { print $proxysettings{'PORTS_SSL'}; }
1202
1203 print <<END
1204 </textarea></td>
1205 </tr>
1206 </table>
1207 <hr size='1'>
1208 <table width='100%'>
1209 <tr>
1210 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1211 </tr>
1212 <tr>
1213 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1214 </tr>
1215 <tr>
1216 <td colspan='4' class='base'>$Lang::tr{'advproxy allowed subnets'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1217 </tr>
1218 <tr>
1219 <td colspan='2' rowspan='4'><textarea name='SRC_SUBNETS' cols='32' rows='3' wrap='off'>
1220 END
1221 ;
1222
1223 if (!$proxysettings{'SRC_SUBNETS'})
1224 {
1225 if (&Header::green_used()) {
1226 print "$green_cidr\n";
1227 }
1228
1229 if (&Header::blue_used()) {
1230 print "$blue_cidr\n";
1231 }
1232 } else { print $proxysettings{'SRC_SUBNETS'}; }
1233
1234 print <<END
1235 </textarea></td>
1236 END
1237 ;
1238
1239 $line = $Lang::tr{'advproxy no internal proxy on green'};
1240 $line =~ s/Green/<font color="$Header::colourgreen">Green<\/font>/i;
1241 print "<td class='base'>$line:</td>\n";
1242 print <<END
1243 <td><input type='checkbox' name='NO_PROXY_LOCAL' $checked{'NO_PROXY_LOCAL'}{'on'} /></td>
1244 </tr>
1245 END
1246 ;
1247 if ($netsettings{'BLUE_DEV'}) {
1248 $line = $Lang::tr{'advproxy no internal proxy on blue'};
1249 $line =~ s/Blue/<font color="$Header::colourblue">Blue<\/font>/i;
1250 print "<tr>\n";
1251 print "<td class='base'>$line:</td>\n";
1252 print <<END
1253 <td><input type='checkbox' name='NO_PROXY_LOCAL_BLUE' $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} /></td>
1254 </tr>
1255 END
1256 ;
1257 }
1258 print <<END
1259 <tr>
1260 <td colspan='2'>&nbsp;</td>
1261 </tr>
1262 <tr>
1263 <td colspan='2'>&nbsp;</td>
1264 </tr>
1265 </table>
1266 <table width='100%'>
1267 <tr>
1268 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1269 </tr>
1270 <tr>
1271 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:</td>
1272 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:</td>
1273 </tr>
1274 <tr>
1275 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='3' wrap='off'>
1276 END
1277 ;
1278
1279 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1280
1281 print <<END
1282 </textarea></td>
1283 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='3' wrap='off'>
1284 END
1285 ;
1286
1287 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1288
1289 print <<END
1290 </textarea></td>
1291 </tr>
1292 </table>
1293 <table width='100%'>
1294 <tr>
1295 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1296 </tr>
1297 <tr>
1298 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:</td>
1299 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:</td>
1300 </tr>
1301 <tr>
1302 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='3' wrap='off'>
1303 END
1304 ;
1305
1306 print $proxysettings{'SRC_BANNED_IP'};
1307
1308 print <<END
1309 </textarea></td>
1310 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='3' wrap='off'>
1311 END
1312 ;
1313
1314 print $proxysettings{'SRC_BANNED_MAC'};
1315
1316 print <<END
1317 </textarea></td>
1318 </tr>
1319 </table>
1320
1321 <hr size='1'>
1322
1323 END
1324 ;
1325 # -------------------------------------------------------------------
1326 # CRE GUI - optional
1327 # -------------------------------------------------------------------
1328
1329 if (-e $cre_enabled) { print <<END
1330 <table width='100%'>
1331
1332 <tr>
1333 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1334 </tr>
1335 <tr>
1336 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1337 </tr>
1338 <tr>
1339
1340 END
1341 ;
1342 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1343 print <<END
1344 <td class='base'>$Lang::tr{'advproxy supervisor password'}:</td>
1345 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1346 </tr>
1347 <tr>
1348 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1349 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:</td>
1350 END
1351 ;
1352 }
1353 print "</tr>";
1354 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1355 print <<END
1356 <tr>
1357 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1358 END
1359 ;
1360
1361 print $proxysettings{'CRE_GROUPS'};
1362
1363 print <<END
1364 </textarea></td>
1365 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1366 END
1367 ;
1368 print $proxysettings{'CRE_SVHOSTS'};
1369
1370 print <<END
1371 </textarea></td>
1372 </tr>
1373 END
1374 ;
1375 }
1376 print "</table><hr size='1'>";
1377
1378 } else {
1379 print <<END
1380 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1381 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1382 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1383 END
1384 ;
1385 }
1386
1387 # ===================================================================
1388 # WPAD settings
1389 # ===================================================================
1390
1391 print <<END
1392 <table width='100%'>
1393 <tr>
1394 <td colspan='4'><b>$Lang::tr{'advproxy wpad title'}</b></td>
1395 </tr>
1396 <tr>
1397 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1398 </tr>
1399 <tr>
1400 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_ip'}:</td>
1401 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_url'}:</td>
1402 </tr>
1403 <tr>
1404 <td colspan='2'><textarea name='DST_NOPROXY_IP' cols='32' rows='3' wrap='off'>
1405 END
1406 ;
1407
1408 print $proxysettings{'DST_NOPROXY_IP'};
1409
1410 print <<END
1411 </textarea></td>
1412
1413 <td colspan='2'><textarea name='DST_NOPROXY_URL' cols='32' rows='3' wrap='off'>
1414 END
1415 ;
1416
1417 print $proxysettings{'DST_NOPROXY_URL'};
1418
1419 print <<END
1420 </textarea></td>
1421 </tr>
1422 <tr>
1423 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_ip'}</td>
1424 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_url'}</td>
1425 </tr>
1426 <tr>
1427 <td colspan="4">&nbsp;</td>
1428 </tr>
1429 <tr>
1430 <td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td>
1431 </tr>
1432 <tr>
1433 <td colspan="4">&nbsp;</td>
1434 </tr>
1435 <tr>
1436 <td colspan="4">$Lang::tr{'advproxy wpad notice'}</td>
1437 </tr>
1438 </table>
1439
1440 <hr size='1'>
1441
1442 END
1443 ;
1444
1445 # -------------------------------------------------------------------
1446
1447 print <<END
1448
1449 <table width='100%'>
1450 <tr>
1451 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1452 </tr>
1453 <table width='100%'>
1454 <tr>
1455 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1456 <td width='1%'>&nbsp;</td>
1457 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1458 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1459 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1460 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1461 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1462 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1463 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1464 <td width='1%'>&nbsp;&nbsp;</td>
1465 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1466 <td width='1%'>&nbsp;</td>
1467 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1468 <td>&nbsp;</td>
1469 </tr>
1470 <tr>
1471 <td class='base'>
1472 <select name='TIME_ACCESS_MODE'>
1473 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1474 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1475 </select>
1476 </td>
1477 <td>&nbsp;</td>
1478 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1479 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1480 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1481 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1482 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1483 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1484 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1485 <td>&nbsp;</td>
1486 <td class='base'>
1487 <select name='TIME_FROM_HOUR'>
1488 END
1489 ;
1490 for ($i=0;$i<=24;$i++) {
1491 $_ = sprintf("%02s",$i);
1492 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1493 }
1494 print <<END
1495 </select>
1496 </td>
1497 <td>:</td>
1498 <td class='base'>
1499 <select name='TIME_FROM_MINUTE'>
1500 END
1501 ;
1502 for ($i=0;$i<=45;$i+=15) {
1503 $_ = sprintf("%02s",$i);
1504 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1505 }
1506 print <<END
1507 </select>
1508 <td> - </td>
1509 </td>
1510 <td class='base'>
1511 <select name='TIME_TO_HOUR'>
1512 END
1513 ;
1514 for ($i=0;$i<=24;$i++) {
1515 $_ = sprintf("%02s",$i);
1516 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1517 }
1518 print <<END
1519 </select>
1520 </td>
1521 <td>:</td>
1522 <td class='base'>
1523 <select name='TIME_TO_MINUTE'>
1524 END
1525 ;
1526 for ($i=0;$i<=45;$i+=15) {
1527 $_ = sprintf("%02s",$i);
1528 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1529 }
1530 print <<END
1531 </select>
1532 </td>
1533 </tr>
1534 </table>
1535 <hr size='1'>
1536 <table width='100%'>
1537 <tr>
1538 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1539 </tr>
1540 <tr>
1541 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1542 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1543 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1544 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1545 </tr>
1546 </table>
1547 <hr size='1'>
1548 <table width='100%'>
1549 <tr>
1550 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1551 </tr>
1552 <tr>
1553 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1554 <td width='20%' class='base'>
1555 <select name='THROTTLING_GREEN_TOTAL'>
1556 END
1557 ;
1558
1559 foreach (@throttle_limits) {
1560 my $val = $_;
1561 my $unit = "kbit/s";
1562
1563 if ($val >= 1024) {
1564 $unit = "Mbit/s";
1565 $val /= 1024;
1566 }
1567
1568 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$val $unit</option>\n";
1569 }
1570
1571 print <<END
1572 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1573 </select>
1574 </td>
1575 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1576 <td width='30%' class='base'>
1577 <select name='THROTTLING_GREEN_HOST'>
1578 END
1579 ;
1580
1581 foreach (@throttle_limits) {
1582 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kbit/s</option>\n";
1583 }
1584
1585 print <<END
1586 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1587 </select>
1588 </td>
1589 </tr>
1590 END
1591 ;
1592
1593 if ($netsettings{'BLUE_DEV'}) {
1594 print <<END
1595 <tr>
1596 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1597 <td class='base'>
1598 <select name='THROTTLING_BLUE_TOTAL'>
1599 END
1600 ;
1601
1602 foreach (@throttle_limits) {
1603 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kbit/s</option>\n";
1604 }
1605
1606 print <<END
1607 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1608 </select>
1609 </td>
1610 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1611 <td class='base'>
1612 <select name='THROTTLING_BLUE_HOST'>
1613 END
1614 ;
1615
1616 foreach (@throttle_limits) {
1617 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kbit/s</option>\n";
1618 }
1619
1620 print <<END
1621 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1622 </select>
1623 </td>
1624 </tr>
1625 END
1626 ;
1627 }
1628
1629 print <<END
1630 </table>
1631 <hr size='1'>
1632 <table width='100%'>
1633 <tr>
1634 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1635 </tr>
1636 END
1637 ;
1638 if ( $proxysettings{'ENABLE_MIME_FILTER'} eq 'on' ){
1639 print <<END
1640 <tr>
1641 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:</td>
1642 <td>&nbsp;</td>
1643 <td>&nbsp;</td>
1644 </tr>
1645 <tr>
1646 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1647 END
1648 ;
1649
1650 print $proxysettings{'MIME_TYPES'};
1651
1652 print <<END
1653 </textarea></td>
1654 <td>&nbsp;</td>
1655 <td>&nbsp;</td>
1656 </tr>
1657 END
1658 ;
1659 }
1660 print <<END
1661 </table>
1662
1663 <hr size='1'>
1664
1665 <table width='100%'>
1666 <tr>
1667 <td><b>$Lang::tr{'advproxy asbased anomaly detection'}</b></td>
1668 </tr>
1669 <tr>
1670 <td class='base'>$Lang::tr{'advproxy fastflux detection'}:</td>
1671 <td><input type='checkbox' name='ASNBL_FASTFLUX_DETECTION' $checked{'ASNBL_FASTFLUX_DETECTION'}{'on'} /></td>
1672 <td class='base'>$Lang::tr{'advproxy fastflux detection threshold'}:</td>
1673 <td><input type='text' name='ASNBL_FASTFLUX_THRESHOLD' value='$proxysettings{'ASNBL_FASTFLUX_THRESHOLD'}' size=2 /></td>
1674 </tr>
1675 <tr>
1676 <td class='base'>$Lang::tr{'advproxy selectively announcements detection'}:</td>
1677 <td colspan='3'><input type='checkbox' name='ASNBL_SELECANN_DETECTION' $checked{'ASNBL_SELECANN_DETECTION'}{'on'} /></td>
1678 </tr>
1679 </table>
1680
1681 <hr size='1'>
1682 END
1683 ;
1684
1685 my $auth_columns = 5;
1686 if ($HAVE_NTLM_AUTH) {
1687 $auth_columns++;
1688 }
1689 my $auth_column_width = 100 / $auth_columns;
1690
1691 print <<END;
1692 <table width='100%'>
1693 <tr>
1694 <td colspan='$auth_columns'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1695 </tr>
1696 <tr>
1697 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1698 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1699 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1700 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1701 END
1702
1703 if ($HAVE_NTLM_AUTH) {
1704 print <<END;
1705 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm-auth' $checked{'AUTH_METHOD'}{'ntlm-auth'} />$Lang::tr{'advproxy AUTH method ntlm auth'}</td>
1706 END
1707 }
1708
1709 print <<END
1710 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1711 </tr>
1712 </table>
1713 END
1714 ;
1715
1716 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1717 <hr size='1'>
1718 <table width='100%'>
1719 <tr>
1720 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1721 </tr>
1722 <tr>
1723 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1724 </tr>
1725 <tr>
1726 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1727 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1728 <td colspan='2' rowspan= '6' valign='top' class='base'>
1729 <table cellpadding='0' cellspacing='0'>
1730 <tr>
1731 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:</td>
1732 </tr>
1733 <tr>
1734 <!-- intentionally left empty -->
1735 </tr>
1736 <tr>
1737 <!-- intentionally left empty -->
1738 </tr>
1739 <tr>
1740 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1741 </tr>
1742 <tr>
1743 <!-- intentionally left empty -->
1744 </tr>
1745 <tr>
1746 <!-- intentionally left empty -->
1747 </tr>
1748 <tr>
1749 <td>$Lang::tr{'advproxy AUTH no auth'}:</td>
1750 </tr>
1751 <tr>
1752 <!-- intentionally left empty -->
1753 </tr>
1754 <tr>
1755 <!-- intentionally left empty -->
1756 </tr>
1757 <tr>
1758 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1759 END
1760 ;
1761
1762 print $proxysettings{'DST_NOAUTH'};
1763
1764 print <<END
1765 </textarea></td>
1766 </tr>
1767 </table>
1768 </td>
1769 </tr>
1770 <tr>
1771 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1772 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1773 </tr>
1774 <tr>
1775 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
1776 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1777 </tr>
1778 <tr>
1779 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1780 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1781 </tr>
1782 <tr>
1783 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1784 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1785 </tr>
1786 <tr>
1787 <td colspan='2'>&nbsp;</td>
1788 </tr>
1789 </table>
1790 END
1791 ;
1792 }
1793
1794 # ===================================================================
1795 # NCSA auth settings
1796 # ===================================================================
1797
1798 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1799 print <<END
1800 <hr size='1'>
1801 <table width='100%'>
1802 <tr>
1803 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1804 </tr>
1805 <tr>
1806 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1807 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1808 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1809 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1810 </tr>
1811 <tr>
1812 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1813 <td>&nbsp;</td>
1814 <td>&nbsp;</td>
1815 </tr>
1816 </table>
1817 END
1818 ; }
1819
1820 # ===================================================================
1821 # IDENTD auth settings
1822 # ===================================================================
1823
1824 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1825 print <<END
1826 <hr size ='1'>
1827 <table width='100%'>
1828 <tr>
1829 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1830 </tr>
1831 <tr>
1832 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1833 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1834 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1835 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1836 </tr>
1837 <tr>
1838 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1839 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1840 <td>&nbsp;</td>
1841 <td>&nbsp;</td>
1842 </tr>
1843 <tr>
1844 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1845 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:</td>
1846 </tr>
1847 <tr>
1848 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1849 END
1850 ;
1851 if (!$proxysettings{'IDENT_HOSTS'}) {
1852 if (&Header::green_used()) {
1853 print "$green_cidr\n";
1854 }
1855
1856 if (&Header::blue_used()) {
1857 print "$blue_cidr\n";
1858 }
1859 } else {
1860 print $proxysettings{'IDENT_HOSTS'};
1861 }
1862
1863 print <<END
1864 </textarea></td>
1865 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1866 END
1867 ;
1868
1869 print $proxysettings{'DST_NOAUTH'};
1870
1871 print <<END
1872 </textarea></td>
1873 </tr>
1874 </table>
1875 <hr size ='1'>
1876 <table width='100%'>
1877 <tr>
1878 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1879 </tr>
1880 <tr>
1881 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1882 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1883 <td width='25%'>&nbsp;</td>
1884 <td width='30%'>&nbsp;</td>
1885 </tr>
1886 <tr>
1887 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1888 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1889 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1890 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1891 </tr>
1892 <tr>
1893 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1894 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1895 </tr>
1896 <tr>
1897 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1898 END
1899 ; }
1900
1901 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1902
1903 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1904 </textarea></td>
1905 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1906 END
1907 ; }
1908
1909 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1910
1911 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1912 </textarea></td>
1913 </tr>
1914 </table>
1915 END
1916 ; }
1917
1918 # ===================================================================
1919 # NTLM-AUTH settings
1920 # ===================================================================
1921
1922 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
1923 print <<END;
1924 <hr size ='1'>
1925 <table width='100%'>
1926 <td width='20%' class='base'>$Lang::tr{'advproxy basic authentication'}:</td>
1927 <td width='40%'><input type='checkbox' name='NTLM_AUTH_BASIC' $checked{'NTLM_AUTH_BASIC'}{'on'} /></td>
1928 <td colspan='2'>&nbsp;</td>
1929 </table>
1930
1931 <hr size='1' />
1932
1933 <table width='100%'>
1934 <tr>
1935 <td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
1936 </tr>
1937 <tr>
1938 <td width='20%' class='base'>$Lang::tr{'advproxy group required'}:</td>
1939 <td width='40%'><input type='text' name='NTLM_AUTH_GROUP' value='$proxysettings{'NTLM_AUTH_GROUP'}' size='37' /></td>
1940 <td>&nbsp;</td>
1941 <td>&nbsp;</td>
1942 </tr>
1943 </table>
1944 END
1945 }
1946
1947 # ===================================================================
1948 # LDAP auth settings
1949 # ===================================================================
1950
1951 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1952 print <<END
1953 <hr size='1'>
1954 <table width='100%'>
1955 <tr>
1956 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1957 </tr>
1958 <tr>
1959 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1960 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1961 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1962 <td class='base'><select name='LDAP_TYPE'>
1963 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1964 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1965 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1966 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1967 </select></td>
1968 </tr>
1969 <tr>
1970 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1971 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1972 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1973 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1974 </tr>
1975 </table>
1976 <hr size ='1'>
1977 <table width='100%'>
1978 <tr>
1979 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1980 </tr>
1981 <tr>
1982 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1983 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1984 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1985 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1986 </tr>
1987 </table>
1988 <hr size ='1'>
1989 <table width='100%'>
1990 <tr>
1991 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1992 </tr>
1993 <tr>
1994 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:</td>
1995 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1996 <td>&nbsp;</td>
1997 <td>&nbsp;</td>
1998 </tr>
1999 </table>
2000 END
2001 ; }
2002
2003 # ===================================================================
2004 # RADIUS auth settings
2005 # ===================================================================
2006
2007 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
2008 print <<END
2009 <hr size='1'>
2010 <table width='100%'>
2011 <tr>
2012 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
2013 </tr>
2014 <tr>
2015 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
2016 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
2017 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
2018 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
2019 </tr>
2020 <tr>
2021 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:</td>
2022 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
2023 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
2024 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
2025 </tr>
2026 </table>
2027 <hr size ='1'>
2028 <table width='100%'>
2029 <tr>
2030 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
2031 </tr>
2032 <tr>
2033 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
2034 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
2035 <td width='25%'>&nbsp;</td>
2036 <td width='30%'>&nbsp;</td>
2037 </tr>
2038 <tr>
2039 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
2040 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
2041 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
2042 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
2043 </tr>
2044 <tr>
2045 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
2046 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
2047 </tr>
2048 <tr>
2049 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
2050 END
2051 ; }
2052
2053 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
2054
2055 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2056 </textarea></td>
2057 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
2058 END
2059 ; }
2060
2061 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
2062
2063 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2064 </textarea></td>
2065 </tr>
2066 </table>
2067 END
2068 ; }
2069
2070 # ===================================================================
2071
2072 }
2073
2074 print "<table>\n";
2075
2076 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
2077 print <<END
2078 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2079 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2080 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2081 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2082 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
2083 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2084 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
2085 END
2086 ; }
2087
2088 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
2089 print <<END
2090 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2091 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2092 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2093 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2094 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2095 END
2096 ; }
2097
2098 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
2099 print <<END
2100 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2101 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
2102 END
2103 ; }
2104
2105 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
2106 print <<END
2107 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
2108 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
2109 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
2110 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
2111 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
2112 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
2113 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
2114 END
2115 ; }
2116
2117 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
2118 print <<END
2119 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
2120 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
2121 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
2122 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
2123 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
2124 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
2125 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
2126 END
2127 ; }
2128
2129 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
2130 print <<END
2131 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
2132 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
2133 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
2134 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
2135 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
2136 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
2137 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
2138 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
2139 END
2140 ; }
2141
2142 print "</table>\n";
2143
2144 print <<END
2145 <hr size='1'>
2146 END
2147 ;
2148
2149 print <<END
2150 <table width='100%'>
2151 <tr>
2152 <td>&nbsp;</td>
2153 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
2154 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'proxy reconfigure'}' /></td>
2155 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
2156 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy clear cache'}' /></td>
2157 <td>&nbsp;</td>
2158 </tr>
2159
2160 </table>
2161 <br />
2162 <table width='100%'>
2163 <tr>
2164 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'required field'}</font></td>
2165 <td align='right'>&nbsp;</td>
2166 </tr>
2167 </table>
2168 </form>
2169 END
2170 ;
2171
2172 &Header::closebox();
2173
2174 } else {
2175
2176 # ===================================================================
2177 # NCSA user management
2178 # ===================================================================
2179
2180 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2181 print <<END
2182 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2183 <table width='100%'>
2184 <tr>
2185 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2186 </tr>
2187 <tr>
2188 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2189 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2190 END
2191 ;
2192 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly='readonly' "; }
2193 print <<END
2194 /></td>
2195 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2196 <td class='base'>
2197 <select name='NCSA_GROUP'>
2198 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2199 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2200 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2201 </select>
2202 </td>
2203
2204 </tr>
2205 <tr>
2206 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2207 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2208 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2209 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2210 </tr>
2211 </table>
2212 <br>
2213 <table>
2214 <tr>
2215 <td>&nbsp;</td>
2216 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2217 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2218 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2219 END
2220 ;
2221 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2222 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2223 }
2224
2225 print <<END
2226 <td>&nbsp;</td>
2227 <td>&nbsp;</td>
2228 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2229 </tr>
2230 </table>
2231 </form>
2232 <hr size='1'>
2233 <table width='100%'>
2234 <tr>
2235 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2236 </tr>
2237 </table>
2238 <table width='100%' align='center'>
2239 END
2240 ;
2241
2242 if (-e $extgrp)
2243 {
2244 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2245 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2246 }
2247 if (-e $stdgrp)
2248 {
2249 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2250 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2251 }
2252 if (-e $disgrp)
2253 {
2254 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2255 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2256 }
2257
2258 @userlist = sort(@userlist);
2259
2260 # If the password file contains entries, print entries and action icons
2261
2262 if ( ! -z "$userdb" ) {
2263 print <<END
2264 <tr>
2265 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2266 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2267 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2268 </tr>
2269 END
2270 ;
2271 $id = 0;
2272 foreach $line (@userlist)
2273 {
2274 $id++;
2275 chomp($line);
2276 @temp = split(/:/,$line);
2277 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2278 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2279 elsif ($id % 2) {
2280 print "<tr bgcolor='$color{'color20'}'>\n"; }
2281 else {
2282 print "<tr bgcolor='$color{'color22'}'>\n"; }
2283
2284 print <<END
2285 <td align='center'>$temp[0]</td>
2286 <td align='center'>
2287 END
2288 ;
2289 if ($temp[1] eq 'standard') {
2290 print $Lang::tr{'advproxy NCSA grp standard'};
2291 } elsif ($temp[1] eq 'extended') {
2292 print $Lang::tr{'advproxy NCSA grp extended'};
2293 } elsif ($temp[1] eq 'disabled') {
2294 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2295 print <<END
2296 </td>
2297 <td width='8%' align='center'>
2298 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2299 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2300 <input type='hidden' name='ID' value='$line' />
2301 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2302 </form>
2303 </td>
2304
2305 <td width='8%' align='center'>
2306 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2307 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2308 <input type='hidden' name='ID' value='$temp[0]' />
2309 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2310 </form>
2311 </td>
2312 </tr>
2313 END
2314 ;
2315 }
2316
2317 print <<END
2318 </table>
2319 <br>
2320 <table>
2321 <tr>
2322 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2323 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2324 <td class='base'>$Lang::tr{'edit'}</td>
2325 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2326 <td class='base'>$Lang::tr{'remove'}</td>
2327 </tr>
2328 END
2329 ;
2330 } else {
2331 print <<END
2332 <tr>
2333 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2334 </tr>
2335 END
2336 ;
2337 }
2338
2339 print <<END
2340 </table>
2341 END
2342 ;
2343
2344 &Header::closebox();
2345
2346 }
2347
2348 # ===================================================================
2349
2350 &Header::closebigbox();
2351
2352 &Header::closepage();
2353
2354 # -------------------------------------------------------------------
2355
2356 sub read_acls
2357 {
2358 if (-e "$acl_src_subnets") {
2359 open(FILE,"$acl_src_subnets");
2360 delete $proxysettings{'SRC_SUBNETS'};
2361 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2362 close(FILE);
2363 }
2364 if (-e "$acl_src_banned_ip") {
2365 open(FILE,"$acl_src_banned_ip");
2366 delete $proxysettings{'SRC_BANNED_IP'};
2367 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2368 close(FILE);
2369 }
2370 if (-e "$acl_src_banned_mac") {
2371 open(FILE,"$acl_src_banned_mac");
2372 delete $proxysettings{'SRC_BANNED_MAC'};
2373 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2374 close(FILE);
2375 }
2376 if (-e "$acl_src_unrestricted_ip") {
2377 open(FILE,"$acl_src_unrestricted_ip");
2378 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2379 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2380 close(FILE);
2381 }
2382 if (-e "$acl_src_unrestricted_mac") {
2383 open(FILE,"$acl_src_unrestricted_mac");
2384 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2385 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2386 close(FILE);
2387 }
2388 if (-e "$acl_dst_nocache") {
2389 open(FILE,"$acl_dst_nocache");
2390 delete $proxysettings{'DST_NOCACHE'};
2391 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2392 close(FILE);
2393 }
2394 if (-e "$acl_dst_noauth") {
2395 open(FILE,"$acl_dst_noauth");
2396 delete $proxysettings{'DST_NOAUTH'};
2397 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2398 close(FILE);
2399 }
2400 if (-e "$acl_dst_noproxy_ip") {
2401 open(FILE,"$acl_dst_noproxy_ip");
2402 delete $proxysettings{'DST_NOPROXY_IP'};
2403 while (<FILE>) { $proxysettings{'DST_NOPROXY_IP'} .= $_ };
2404 close(FILE);
2405 }
2406 if (-e "$acl_dst_noproxy_url") {
2407 open(FILE,"$acl_dst_noproxy_url");
2408 delete $proxysettings{'DST_NOPROXY_URL'};
2409 while (<FILE>) { $proxysettings{'DST_NOPROXY_URL'} .= $_ };
2410 close(FILE);
2411 }
2412 if (-e "$acl_ports_safe") {
2413 open(FILE,"$acl_ports_safe");
2414 delete $proxysettings{'PORTS_SAFE'};
2415 while (<FILE>) { $proxysettings{'PORTS_SAFE'} .= $_ };
2416 close(FILE);
2417 }
2418 if (-e "$acl_ports_ssl") {
2419 open(FILE,"$acl_ports_ssl");
2420 delete $proxysettings{'PORTS_SSL'};
2421 while (<FILE>) { $proxysettings{'PORTS_SSL'} .= $_ };
2422 close(FILE);
2423 }
2424 if (-e "$mimetypes") {
2425 open(FILE,"$mimetypes");
2426 delete $proxysettings{'MIME_TYPES'};
2427 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2428 close(FILE);
2429 }
2430 if (-e "$raddir/radauth.allowusers") {
2431 open(FILE,"$raddir/radauth.allowusers");
2432 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2433 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2434 close(FILE);
2435 }
2436 if (-e "$raddir/radauth.denyusers") {
2437 open(FILE,"$raddir/radauth.denyusers");
2438 delete $proxysettings{'RADIUS_DENY_USERS'};
2439 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2440 close(FILE);
2441 }
2442 if (-e "$identdir/identauth.allowusers") {
2443 open(FILE,"$identdir/identauth.allowusers");
2444 delete $proxysettings{'IDENT_ALLOW_USERS'};
2445 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2446 close(FILE);
2447 }
2448 if (-e "$identdir/identauth.denyusers") {
2449 open(FILE,"$identdir/identauth.denyusers");
2450 delete $proxysettings{'IDENT_DENY_USERS'};
2451 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2452 close(FILE);
2453 }
2454 if (-e "$identhosts") {
2455 open(FILE,"$identhosts");
2456 delete $proxysettings{'IDENT_HOSTS'};
2457 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2458 close(FILE);
2459 }
2460 if (-e "$cre_groups") {
2461 open(FILE,"$cre_groups");
2462 delete $proxysettings{'CRE_GROUPS'};
2463 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2464 close(FILE);
2465 }
2466 if (-e "$cre_svhosts") {
2467 open(FILE,"$cre_svhosts");
2468 delete $proxysettings{'CRE_SVHOSTS'};
2469 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2470 close(FILE);
2471 }
2472 }
2473
2474 # -------------------------------------------------------------------
2475
2476 sub check_acls
2477 {
2478 @temp = split(/\n/,$proxysettings{'PORTS_SAFE'});
2479 undef $proxysettings{'PORTS_SAFE'};
2480 foreach (@temp)
2481 {
2482 s/^\s+//g; s/\s+$//g;
2483 if ($_)
2484 {
2485 $line = $_;
2486 if (/^[^#]+\s+#\sSquids\sport/) { s/(^[^#]+)(\s+#\sSquids\sport)/$proxysettings{'PROXY_PORT'}\2/; $line=$_; }
2487 s/#.*//g; s/\s+//g;
2488 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2489 @templist = split(/-/);
2490 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2491 $proxysettings{'PORTS_SAFE'} .= $line."\n";
2492 }
2493 }
2494
2495 @temp = split(/\n/,$proxysettings{'PORTS_SSL'});
2496 undef $proxysettings{'PORTS_SSL'};
2497 foreach (@temp)
2498 {
2499 s/^\s+//g; s/\s+$//g;
2500 if ($_)
2501 {
2502 $line = $_;
2503 s/#.*//g; s/\s+//g;
2504 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2505 @templist = split(/-/);
2506 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2507 $proxysettings{'PORTS_SSL'} .= $line."\n";
2508 }
2509 }
2510
2511 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2512 undef $proxysettings{'DST_NOCACHE'};
2513 foreach (@temp)
2514 {
2515 s/^\s+//g;
2516 unless (/^#/) { s/\s+//g; }
2517 if ($_)
2518 {
2519 if (/^\./) { $_ = '*'.$_; }
2520 $proxysettings{'DST_NOCACHE'} .= $_."\n";
2521 }
2522 }
2523
2524 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2525 undef $proxysettings{'SRC_SUBNETS'};
2526 foreach (@temp)
2527 {
2528 s/^\s+//g; s/\s+$//g;
2529 if ($_)
2530 {
2531 unless (&Network::check_subnet($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'} . ": $_"; }
2532 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2533 }
2534 }
2535
2536 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2537 undef $proxysettings{'SRC_BANNED_IP'};
2538 foreach (@temp)
2539 {
2540 s/^\s+//g; s/\s+$//g;
2541 if ($_)
2542 {
2543 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2544 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2545 }
2546 }
2547
2548 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2549 undef $proxysettings{'SRC_BANNED_MAC'};
2550 foreach (@temp)
2551 {
2552 s/^\s+//g; s/\s+$//g; s/-/:/g;
2553 if ($_)
2554 {
2555 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2556 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2557 }
2558 }
2559
2560 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2561 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2562 foreach (@temp)
2563 {
2564 s/^\s+//g; s/\s+$//g;
2565 if ($_)
2566 {
2567 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2568 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2569 }
2570 }
2571
2572 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2573 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2574 foreach (@temp)
2575 {
2576 s/^\s+//g; s/\s+$//g; s/-/:/g;
2577 if ($_)
2578 {
2579 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2580 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2581 }
2582 }
2583
2584 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2585 undef $proxysettings{'DST_NOAUTH'};
2586 foreach (@temp)
2587 {
2588 s/^\s+//g;
2589 unless (/^#/) { s/\s+//g; }
2590 if ($_)
2591 {
2592 if (/^\./) { $_ = '*'.$_; }
2593 $proxysettings{'DST_NOAUTH'} .= $_."\n";
2594 }
2595 }
2596
2597 @temp = split(/\n/,$proxysettings{'DST_NOPROXY_IP'});
2598 undef $proxysettings{'DST_NOPROXY_IP'};
2599 foreach (@temp)
2600 {
2601 s/^\s+//g; s/\s+$//g;
2602 if ($_)
2603 {
2604 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg wpad invalid ip or mask'}; }
2605 $proxysettings{'DST_NOPROXY_IP'} .= $_."\n";
2606 }
2607 }
2608
2609 @temp = split(/\n/,$proxysettings{'DST_NOPROXY_URL'});
2610 undef $proxysettings{'DST_NOPROXY_URL'};
2611 foreach (@temp)
2612 {
2613 s/^\s+//g;
2614 unless (/^#/) { s/\s+//g; }
2615 if ($_)
2616 {
2617 if (/^\./) { $_ = '*'.$_; }
2618 $proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
2619 }
2620 }
2621
2622 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2623 {
2624 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2625 undef $proxysettings{'NTLM_ALLOW_USERS'};
2626 foreach (@temp)
2627 {
2628 s/^\s+//g; s/\s+$//g;
2629 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2630 }
2631 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2632 }
2633
2634 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2635 {
2636 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2637 undef $proxysettings{'NTLM_DENY_USERS'};
2638 foreach (@temp)
2639 {
2640 s/^\s+//g; s/\s+$//g;
2641 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2642 }
2643 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2644 }
2645
2646 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2647 {
2648 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2649 undef $proxysettings{'IDENT_ALLOW_USERS'};
2650 foreach (@temp)
2651 {
2652 s/^\s+//g; s/\s+$//g;
2653 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2654 }
2655 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2656 }
2657
2658 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2659 {
2660 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2661 undef $proxysettings{'IDENT_DENY_USERS'};
2662 foreach (@temp)
2663 {
2664 s/^\s+//g; s/\s+$//g;
2665 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2666 }
2667 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2668 }
2669
2670 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2671 {
2672 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2673 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2674 foreach (@temp)
2675 {
2676 s/^\s+//g; s/\s+$//g;
2677 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2678 }
2679 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2680 }
2681
2682 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2683 {
2684 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2685 undef $proxysettings{'RADIUS_DENY_USERS'};
2686 foreach (@temp)
2687 {
2688 s/^\s+//g; s/\s+$//g;
2689 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2690 }
2691 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2692 }
2693
2694 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2695 undef $proxysettings{'IDENT_HOSTS'};
2696 foreach (@temp)
2697 {
2698 s/^\s+//g; s/\s+$//g;
2699 if ($_)
2700 {
2701 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2702 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2703 }
2704 }
2705
2706 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2707 undef $proxysettings{'CRE_SVHOSTS'};
2708 foreach (@temp)
2709 {
2710 s/^\s+//g; s/\s+$//g;
2711 if ($_)
2712 {
2713 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2714 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2715 }
2716 }
2717 }
2718
2719 # -------------------------------------------------------------------
2720
2721 sub write_acls
2722 {
2723 open(FILE, ">$acl_src_subnets");
2724 flock(FILE, 2);
2725 if (!$proxysettings{'SRC_SUBNETS'})
2726 {
2727 if (&Header::green_used()) {
2728 print FILE "$green_cidr\n";
2729 }
2730
2731 if (&Header::blue_used()) {
2732 print FILE "$blue_cidr\n";
2733 }
2734 } else { print FILE $proxysettings{'SRC_SUBNETS'}; }
2735 close(FILE);
2736
2737 open(FILE, ">$acl_src_banned_ip");
2738 flock(FILE, 2);
2739 print FILE $proxysettings{'SRC_BANNED_IP'};
2740 close(FILE);
2741
2742 open(FILE, ">$acl_src_banned_mac");
2743 flock(FILE, 2);
2744 print FILE $proxysettings{'SRC_BANNED_MAC'};
2745 close(FILE);
2746
2747 open(FILE, ">$acl_src_unrestricted_ip");
2748 flock(FILE, 2);
2749 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2750 close(FILE);
2751
2752 open(FILE, ">$acl_src_unrestricted_mac");
2753 flock(FILE, 2);
2754 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2755 close(FILE);
2756
2757 open(FILE, ">$acl_dst_noauth");
2758 flock(FILE, 2);
2759 print FILE $proxysettings{'DST_NOAUTH'};
2760 close(FILE);
2761
2762 open(FILE, ">$acl_dst_noproxy_ip");
2763 flock(FILE, 2);
2764 print FILE $proxysettings{'DST_NOPROXY_IP'};
2765 close(FILE);
2766
2767 open(FILE, ">$acl_dst_noproxy_url");
2768 flock(FILE, 2);
2769 print FILE $proxysettings{'DST_NOPROXY_URL'};
2770 close(FILE);
2771
2772 open(FILE, ">$acl_dst_noauth_net");
2773 close(FILE);
2774 open(FILE, ">$acl_dst_noauth_dom");
2775 close(FILE);
2776 open(FILE, ">$acl_dst_noauth_url");
2777 close(FILE);
2778
2779 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2780 foreach(@temp)
2781 {
2782 unless (/^#/)
2783 {
2784 if (/^\*\.\w/)
2785 {
2786 s/^\*//;
2787 open(FILE, ">>$acl_dst_noauth_dom");
2788 flock(FILE, 2);
2789 print FILE "$_\n";
2790 close(FILE);
2791 }
2792 elsif (&General::validipormask($_))
2793 {
2794 open(FILE, ">>$acl_dst_noauth_net");
2795 flock(FILE, 2);
2796 print FILE "$_\n";
2797 close(FILE);
2798 }
2799 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2800 {
2801 open(FILE, ">>$acl_dst_noauth_net");
2802 flock(FILE, 2);
2803 print FILE "$_\n";
2804 close(FILE);
2805 }
2806 else
2807 {
2808 open(FILE, ">>$acl_dst_noauth_url");
2809 flock(FILE, 2);
2810 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2811 close(FILE);
2812 }
2813 }
2814 }
2815
2816 open(FILE, ">$acl_dst_nocache");
2817 flock(FILE, 2);
2818 print FILE $proxysettings{'DST_NOCACHE'};
2819 close(FILE);
2820
2821 open(FILE, ">$acl_dst_nocache_net");
2822 close(FILE);
2823 open(FILE, ">$acl_dst_nocache_dom");
2824 close(FILE);
2825 open(FILE, ">$acl_dst_nocache_url");
2826 close(FILE);
2827
2828 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2829 foreach(@temp)
2830 {
2831 unless (/^#/)
2832 {
2833 if (/^\*\.\w/)
2834 {
2835 s/^\*//;
2836 open(FILE, ">>$acl_dst_nocache_dom");
2837 flock(FILE, 2);
2838 print FILE "$_\n";
2839 close(FILE);
2840 }
2841 elsif (&General::validipormask($_))
2842 {
2843 open(FILE, ">>$acl_dst_nocache_net");
2844 flock(FILE, 2);
2845 print FILE "$_\n";
2846 close(FILE);
2847 }
2848 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2849 {
2850 open(FILE, ">>$acl_dst_nocache_net");
2851 flock(FILE, 2);
2852 print FILE "$_\n";
2853 close(FILE);
2854 }
2855 else
2856 {
2857 open(FILE, ">>$acl_dst_nocache_url");
2858 flock(FILE, 2);
2859 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2860 close(FILE);
2861 }
2862 }
2863 }
2864
2865 open(FILE, ">$acl_ports_safe");
2866 flock(FILE, 2);
2867 if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; }
2868 close(FILE);
2869
2870 open(FILE, ">$acl_ports_ssl");
2871 flock(FILE, 2);
2872 if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; }
2873 close(FILE);
2874
2875 if (-s $throttled_urls)
2876 {
2877 open(URLFILE, $throttled_urls);
2878 @temp = <URLFILE>;
2879 close(URLFILE);
2880 foreach (@temp) { print FILE; }
2881 }
2882 close(FILE);
2883
2884 open(FILE, ">$mimetypes");
2885 flock(FILE, 2);
2886 print FILE $proxysettings{'MIME_TYPES'};
2887 close(FILE);
2888
2889 open(FILE, ">$raddir/radauth.allowusers");
2890 flock(FILE, 2);
2891 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2892 close(FILE);
2893
2894 open(FILE, ">$raddir/radauth.denyusers");
2895 flock(FILE, 2);
2896 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2897 close(FILE);
2898
2899 open(FILE, ">$identdir/identauth.allowusers");
2900 flock(FILE, 2);
2901 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2902 close(FILE);
2903
2904 open(FILE, ">$identdir/identauth.denyusers");
2905 flock(FILE, 2);
2906 print FILE $proxysettings{'IDENT_DENY_USERS'};
2907 close(FILE);
2908
2909 open(FILE, ">$identhosts");
2910 flock(FILE, 2);
2911 print FILE $proxysettings{'IDENT_HOSTS'};
2912 close(FILE);
2913
2914 open(FILE, ">$cre_groups");
2915 flock(FILE, 2);
2916 print FILE $proxysettings{'CRE_GROUPS'};
2917 close(FILE);
2918
2919 open(FILE, ">$cre_svhosts");
2920 flock(FILE, 2);
2921 print FILE $proxysettings{'CRE_SVHOSTS'};
2922 close(FILE);
2923 }
2924
2925 # -------------------------------------------------------------------
2926
2927 sub writepacfile
2928 {
2929 my %vpnconfig=();
2930 my %ovpnconfig=();
2931 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
2932 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig);
2933 open(FILE, ">/srv/web/ipfire/html/proxy.pac");
2934 flock(FILE, 2);
2935 print FILE "function FindProxyForURL(url, host)\n";
2936 print FILE "{\n";
2937 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2938 {
2939 print FILE <<END
2940 if (
2941 (isPlainHostName(host)) ||
2942 (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
2943 END
2944 ;
2945
2946 if ($netsettings{'GREEN_DEV'}) {
2947 print FILE " (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
2948 }
2949
2950 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
2951 print FILE " (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
2952 }
2953
2954 if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
2955 print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
2956 }
2957
2958 # Additional exceptions for URLs
2959 # The file has to be created by the user and should contain one entry per line
2960 # Line-Format: <URL incl. wildcards>
2961 # e.g. *.ipfire.org*
2962 if (-s "$acl_dst_noproxy_url") {
2963 undef @templist;
2964
2965 open(NOPROXY,"$acl_dst_noproxy_url");
2966 @templist = <NOPROXY>;
2967 close(NOPROXY);
2968 chomp (@templist);
2969
2970 foreach (@templist)
2971 {
2972 print FILE " (shExpMatch(url, \"$_\")) ||\n";
2973 }
2974 }
2975
2976 # Additional exceptions for Subnets
2977 # The file has to be created by the user and should contain one entry per line
2978 # Line-Format: <IP>/<SUBNET MASK>
2979 # e.g. 192.168.0.0/255.255.255.0
2980 if (-s "$acl_dst_noproxy_ip") {
2981 undef @templist;
2982
2983 open(NOPROXY,"$acl_dst_noproxy_ip");
2984 @templist = <NOPROXY>;
2985 close(NOPROXY);
2986 chomp (@templist);
2987
2988 foreach (@templist)
2989 {
2990 @temp = split(/\//);
2991 print FILE " (isInNet(host, \"$temp[0]\", \"$temp[1]\")) ||\n";
2992 }
2993 }
2994
2995 foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
2996 if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {
2997 my @networks = split(/\|/, $vpnconfig{$key}[11]);
2998 foreach my $network (@networks) {
2999 my ($vpnip, $vpnsub) = split("/", $network);
3000 $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
3001 print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
3002 }
3003 }
3004 }
3005
3006 foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
3007 if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {
3008 my @networks = split(/\|/, $ovpnconfig{$key}[11]);
3009 foreach my $network (@networks) {
3010 my ($vpnip, $vpnsub) = split("/", $network);
3011 print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
3012 }
3013 }
3014 }
3015
3016 print FILE <<END
3017 (isInNet(host, "169.254.0.0", "255.255.0.0"))
3018 )
3019 return "DIRECT";
3020
3021 else
3022
3023 END
3024 ;
3025 if ($proxysettings{'ENABLE'} eq 'on')
3026 {
3027 print FILE "if (\n";
3028 print FILE " (isInNet(myIpAddress(), \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\"))";
3029
3030 undef @templist;
3031 if (-e "$acl_src_subnets") {
3032 open(SUBNETS,"$acl_src_subnets");
3033 @templist = <SUBNETS>;
3034 close(SUBNETS);
3035 }
3036
3037 foreach (@templist)
3038 {
3039 @temp = split(/\//);
3040 if (
3041 ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
3042 ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
3043 )
3044 {
3045 chomp $temp[1];
3046 my $tempmask = &Network::convert_prefix2netmask($temp[1]);
3047 print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$tempmask\"))";
3048 }
3049 }
3050
3051 print FILE "\n";
3052
3053 print FILE <<END
3054 )
3055 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3056 END
3057 ;
3058 }
3059 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
3060 {
3061 print FILE "\n else\n\n";
3062 }
3063 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
3064 {
3065 print FILE <<END
3066 if (
3067 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
3068 )
3069 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3070 END
3071 ;
3072 }
3073 }
3074 print FILE "}\n";
3075 close(FILE);
3076 }
3077
3078 # -------------------------------------------------------------------
3079
3080 sub writeconfig
3081 {
3082 my $authrealm;
3083 my $delaypools;
3084
3085 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
3086 $proxysettings{'THROTTLING_GREEN_HOST'} +
3087 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
3088 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
3089 {
3090 $delaypools = 1; } else { $delaypools = 0;
3091 }
3092
3093 if ($proxysettings{'AUTH_REALM'} eq '')
3094 {
3095 $authrealm = "IPFire Advanced Proxy Server";
3096 } else {
3097 $authrealm = $proxysettings{'AUTH_REALM'};
3098 }
3099
3100 $_ = $proxysettings{'UPSTREAM_PROXY'};
3101 my ($remotehost, $remoteport) = split(/:/,$_);
3102
3103 if ($remoteport eq '') { $remoteport = 80; }
3104
3105 open(FILE, ">${General::swroot}/proxy/squid.conf");
3106 flock(FILE, 2);
3107 print FILE <<END
3108 # Do not modify '${General::swroot}/proxy/squid.conf' directly since any changes
3109 # you make will be overwritten whenever you resave proxy settings using the
3110 # web interface!
3111 #
3112 # Instead, modify the file '$acl_include' and
3113 # then restart the proxy service using the web interface. Changes made to the
3114 # 'include.acl' file will propagate to the 'squid.conf' file at that time.
3115
3116 shutdown_lifetime 5 seconds
3117 icp_port 0
3118
3119 END
3120 ;
3121
3122 # Include file with user defined settings.
3123 if (-e "/etc/squid/squid.conf.pre.local") {
3124 print FILE "include /etc/squid/squid.conf.pre.local\n\n";
3125 }
3126
3127 if (&Header::green_used()) {
3128 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3129 } else {
3130 print FILE "http_port 0.0.0.0:$proxysettings{'PROXY_PORT'}";
3131 }
3132 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3133 print FILE "\n";
3134
3135 if (&Header::green_used() && $proxysettings{'TRANSPARENT'} eq 'on') {
3136 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3137 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3138 print FILE "\n";
3139 }
3140
3141 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3142 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3143 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3144 print FILE "\n";
3145
3146 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
3147 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3148 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3149 print FILE "\n";
3150 }
3151 }
3152
3153 if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0))
3154 {
3155 print FILE "\n";
3156
3157 if (!-z $acl_dst_nocache_dom) {
3158 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
3159 print FILE "cache deny no_cache_domains\n";
3160 }
3161 if (!-z $acl_dst_nocache_net) {
3162 print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
3163 print FILE "cache deny no_cache_ipaddr\n";
3164 }
3165 if (!-z $acl_dst_nocache_url) {
3166 print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
3167 print FILE "cache deny no_cache_hosts\n";
3168 }
3169 }
3170
3171 print FILE <<END
3172
3173 cache_effective_user squid
3174 umask 022
3175
3176 pid_filename /var/run/squid.pid
3177
3178 cache_mem $proxysettings{'CACHE_MEM'} MB
3179 END
3180 ;
3181 print FILE "error_directory $errordir/$proxysettings{'ERR_LANGUAGE'}\n\n";
3182
3183 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
3184 if ($proxysettings{'CACHE_DIGESTS'} eq 'on') { print FILE "digest_generation on\n\n"; } else { print FILE "digest_generation off\n\n"; }
3185
3186 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
3187 {
3188 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
3189 {
3190 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
3191 }
3192 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
3193 {
3194 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
3195 }
3196 print FILE "\n";
3197 }
3198
3199 open (PORTS,"$acl_ports_ssl");
3200 my @ssl_ports = <PORTS>;
3201 close PORTS;
3202
3203 if (@ssl_ports) {
3204 foreach (@ssl_ports) {
3205 print FILE "acl SSL_ports port $_";
3206 }
3207 }
3208
3209 open (PORTS,"$acl_ports_safe");
3210 my @safe_ports = <PORTS>;
3211 close PORTS;
3212
3213 if (@safe_ports) {
3214 foreach (@safe_ports) {
3215 print FILE "acl Safe_ports port $_";
3216 }
3217 }
3218
3219 print FILE <<END;
3220 acl IPFire_ips dst 127.0.0.1
3221 acl IPFire_http port $http_port
3222 acl IPFire_https port $https_port
3223 acl IPFire_networks src "$acl_src_subnets"
3224 acl IPFire_servers dst "$acl_src_subnets"
3225 END
3226 if (&Header::green_used()) {
3227 print FILE <<END;
3228 acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
3229 acl IPFire_green_network src $green_cidr
3230 acl IPFire_green_servers dst $green_cidr
3231 END
3232 }
3233 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
3234 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
3235 if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
3236 if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
3237 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
3238 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
3239 print FILE <<END
3240 acl CONNECT method CONNECT
3241 END
3242 ;
3243
3244 if ($proxysettings{'CACHE_SIZE'} > 0) {
3245 print FILE <<END
3246 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3247 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3248
3249 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
3250 END
3251 ;
3252 } else {
3253 if ($proxysettings{'CACHE_MEM'} > 0) {
3254 # always 2% of CACHE_MEM defined as max object size
3255 print FILE "maximum_object_size_in_memory " . int($proxysettings{'CACHE_MEM'} * 1024 * 0.02) . " KB\n\n";
3256 } else {
3257 print FILE "cache deny all\n\n";
3258 }
3259 }
3260
3261 print FILE <<END
3262 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3263 END
3264 ;
3265
3266 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3267 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
3268 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
3269 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3270 {
3271 if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
3272 }
3273 }
3274
3275 if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
3276 {
3277 print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
3278 }
3279
3280 if ($proxysettings{'LOGGING'} eq 'on')
3281 {
3282 print FILE <<END
3283 access_log stdio:/var/log/squid/access.log
3284 cache_log /var/log/squid/cache.log
3285 cache_store_log none
3286 END
3287 ;
3288 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "access_log stdio:\/var\/log\/squid\/user_agent.log useragent\n"; }
3289 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
3290 } else {
3291 print FILE <<END
3292 access_log /dev/null
3293 cache_log /dev/null
3294 cache_store_log none
3295 END
3296 ;}
3297 print FILE <<END
3298
3299 log_mime_hdrs off
3300 END
3301 ;
3302
3303 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
3304 {
3305 print FILE "forwarded_for on\n";
3306 } else {
3307 print FILE "forwarded_for off\n";
3308 }
3309 if ($proxysettings{'FORWARD_VIA'} eq 'on')
3310 {
3311 print FILE "via on\n";
3312 } else {
3313 print FILE "via off\n";
3314 }
3315 print FILE "\n";
3316
3317 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3318 {
3319 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3320 {
3321 print FILE "auth_param basic program $authdir/basic_ncsa_auth $userdb\n";
3322 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3323 print FILE "auth_param basic realm $authrealm\n";
3324 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3325 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3326 }
3327
3328 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
3329 {
3330 print FILE "auth_param basic utf8 on\n";
3331 print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
3332 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
3333 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
3334 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
3335 {
3336 if ($proxysettings{'LDAP_GROUP'} eq '')
3337 {
3338 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
3339 } else {
3340 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3341 }
3342 print FILE " -u sAMAccountName -P";
3343 }
3344 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
3345 {
3346 if ($proxysettings{'LDAP_GROUP'} eq '')
3347 {
3348 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
3349 } else {
3350 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
3351 }
3352 print FILE " -u cn -P";
3353 }
3354 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
3355 {
3356 if ($proxysettings{'LDAP_GROUP'} eq '')
3357 {
3358 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
3359 } else {
3360 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3361 }
3362 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
3363 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
3364 print FILE " -u uid -P";
3365 }
3366 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
3367 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3368 print FILE "auth_param basic realm $authrealm\n";
3369 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3370 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3371 }
3372
3373 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
3374 {
3375 print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp";
3376 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3377 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3378 $ntlm_auth_group =~ s/\\/\+/;
3379
3380 print FILE " --require-membership-of=$ntlm_auth_group";
3381 }
3382 print FILE "\n";
3383
3384 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
3385 print FILE "auth_param ntlm credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
3386
3387 # BASIC authentication
3388 if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
3389 print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic";
3390 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3391 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3392 $ntlm_auth_group =~ s/\\/\+/;
3393
3394 print FILE " --require-membership-of=$ntlm_auth_group";
3395 }
3396 print FILE "\n";
3397 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3398 print FILE "auth_param basic realm $authrealm\n";
3399 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
3400 }
3401 }
3402
3403 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
3404 {
3405 print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
3406 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
3407 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
3408 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3409 print FILE "auth_param basic realm $authrealm\n";
3410 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3411 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3412 }
3413
3414 print FILE "\n";
3415 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
3416 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3417 {
3418 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
3419 {
3420 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
3421 }
3422 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
3423 {
3424 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
3425 }
3426 }
3427 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3428 {
3429 print FILE "\n";
3430 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
3431 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
3432 }
3433 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
3434 print FILE "\n";
3435
3436 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3437 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3438 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3439 print FILE "\n";
3440
3441 }
3442
3443 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3444 {
3445 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
3446 {
3447 print FILE "acl for_inetusers ident REQUIRED\n";
3448 }
3449 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
3450 {
3451 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
3452 {
3453 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
3454 }
3455 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
3456 {
3457 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
3458 }
3459 }
3460 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3461 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3462 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3463 print FILE "\n";
3464 }
3465
3466 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
3467
3468 print FILE "acl within_timeframe time ";
3469 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
3470 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
3471 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
3472 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
3473 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
3474 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
3475 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
3476 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
3477 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
3478 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
3479 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
3480
3481 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3482 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
3483 }
3484
3485 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
3486 print FILE <<END
3487
3488 #Classroom extensions
3489 acl IPFire_no_access_ips src "$acl_src_noaccess_ip"
3490 acl IPFire_no_access_mac arp "$acl_src_noaccess_mac"
3491 END
3492 ;
3493 print FILE "deny_info ";
3494 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3495 {
3496 print FILE "ERR_ACCESS_DISABLED";
3497 } else {
3498 print FILE "ERR_ACCESS_DENIED";
3499 }
3500 print FILE " IPFire_no_access_ips\n";
3501 print FILE "deny_info ";
3502 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3503 {
3504 print FILE "ERR_ACCESS_DISABLED";
3505 } else {
3506 print FILE "ERR_ACCESS_DENIED";
3507 }
3508 print FILE " IPFire_no_access_mac\n";
3509
3510 print FILE <<END
3511 http_access deny IPFire_no_access_ips
3512 http_access deny IPFire_no_access_mac
3513 END
3514 ;
3515 }
3516
3517 #Insert acl file and replace __VAR__ with correct values
3518 my $blue_net = ''; #BLUE empty by default
3519 my $blue_ip = '';
3520 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3521 $blue_net = "$blue_cidr";
3522 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
3523 }
3524 if (!-z $acl_include)
3525 {
3526 open (ACL, "$acl_include");
3527 print FILE "\n#Start of custom includes\n\n";
3528 while (<ACL>) {
3529 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
3530 $_ =~ s/__GREEN_NET__/$green_cidr/;
3531 $_ =~ s/__BLUE_IP__/$blue_ip/;
3532 $_ =~ s/__BLUE_NET__/$blue_net/;
3533 $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
3534 print FILE $_;
3535 }
3536 print FILE "\n#End of custom includes\n";
3537 close (ACL);
3538 }
3539 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
3540
3541 # Check if squidclamav is enabled.
3542 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3543 print FILE "\n#Settings for squidclamav:\n";
3544 print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
3545 print FILE "acl purge method PURGE\n";
3546 print FILE "http_access deny to_localhost\n";
3547 print FILE "http_access allow localhost\n";
3548 print FILE "http_access allow purge localhost\n";
3549 print FILE "http_access deny purge\n";
3550 print FILE "url_rewrite_access deny localhost\n";
3551 }
3552 print FILE <<END;
3553
3554 #Access to squid:
3555 #local machine, no restriction
3556 http_access allow localhost
3557
3558 #GUI admin if local machine connects
3559 http_access allow IPFire_ips IPFire_networks IPFire_http
3560 http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
3561
3562 #Deny not web services
3563 END
3564
3565 if (@safe_ports) {
3566 print FILE "http_access deny !Safe_ports\n";
3567 }
3568
3569 if (@ssl_ports) {
3570 print FILE "http_access deny CONNECT !SSL_ports\n";
3571 }
3572
3573 if ((($proxysettings{'ASNBL_FASTFLUX_DETECTION'} eq 'on') && (!-z $proxysettings{'ASNBL_FASTFLUX_THRESHOLD'})) || ($proxysettings{'ASNBL_SELECANN_DETECTION'} eq 'on')) {
3574 print FILE "external_acl_type asnblhelper children-max=10 children-startup=2 ttl=86400 %DST /usr/bin/asnbl-helper.py ${General::swroot}/proxy/asnbl-helper.conf\n";
3575 print FILE "acl asnbl external asnblhelper\n";
3576
3577 # Use the user-defined URL filter whitelist (if present and populated) for the ASNBL helper as well
3578 # Necessary for destinations such as fedoraproject.org, but we do not want to maintain a dedicated
3579 # or hardcoded list for such FQDNs.
3580 if ((-e "${General::swroot}/urlfilter/blacklists/custom/allowed/domains") && (!-z "${General::swroot}/urlfilter/blacklists/custom/allowed/domains")) {
3581 print FILE "acl asnbl_whitelisted_destinations dstdomain \"${General::swroot}/urlfilter/blacklists/custom/allowed/domains\"\n";
3582 print FILE "http_access deny asnbl !asnbl_whitelisted_destinations\n\n";
3583 } else {
3584 print FILE "http_access deny asnbl\n\n";
3585 }
3586
3587 # Write ASNBL helper configuration file...
3588 open(ASNBLFILE, ">${General::swroot}/proxy/asnbl-helper.conf");
3589 flock(ASNBLFILE, 2);
3590
3591 print ASNBLFILE<<END
3592 #
3593 # This file has been automatically generated. Manual changes will be overwritten.
3594 #
3595
3596 [GENERAL]
3597 LOGLEVEL = INFO
3598 ASNDB_PATH = /var/lib/location/database.db
3599 USE_REPLYMAP = no
3600 END
3601 ;
3602
3603 print ASNBLFILE "AS_DIVERSITY_THRESHOLD = $proxysettings{'ASNBL_FASTFLUX_THRESHOLD'}\n";
3604
3605 if ($proxysettings{'ASNBL_SELECANN_DETECTION'} eq 'on') {
3606 print ASNBLFILE "BLOCK_SUSPECTED_SELECTIVE_ANNOUNCEMENTS = yes\n";
3607 } else {
3608 print ASNBLFILE "BLOCK_SUSPECTED_SELECTIVE_ANNOUNCEMENTS = no\n";
3609 }
3610
3611 if ($proxysettings{'ASNBL_FASTFLUX_DETECTION'} eq 'on') {
3612 print ASNBLFILE "BLOCK_DIVERSITY_EXCEEDING_DESTINATIONS = yes\n";
3613 } else {
3614 print ASNBLFILE "BLOCK_DIVERSITY_EXCEEDING_DESTINATIONS = no\n";
3615 }
3616
3617 print ASNBLFILE<<END
3618 TESTDATA = (10.0.0.1, 0) (127.0.0.1, 0) (fe80::1, 0)
3619 ACTIVE_ASNBLS =
3620 END
3621 ;
3622
3623 close ASNBLFILE;
3624 }
3625
3626 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3627 {
3628 print FILE "#Set ident ACLs\n";
3629 if (!-z $identhosts)
3630 {
3631 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3632 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3633 print FILE "ident_lookup_access deny all\n";
3634 } else {
3635 print FILE "ident_lookup_access allow all\n";
3636 }
3637 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3638 }
3639
3640 if ($delaypools) {
3641 print FILE "#Set download throttling\n";
3642
3643 if ($netsettings{'BLUE_DEV'})
3644 {
3645 print FILE "delay_pools 2\n";
3646 } else {
3647 print FILE "delay_pools 1\n";
3648 }
3649
3650 print FILE "delay_class 1 3\n";
3651 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3652
3653 print FILE "delay_parameters 1 ";
3654 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3655 {
3656 print FILE "-1/-1";
3657 } else {
3658 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3659 print FILE "/";
3660 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3661 }
3662
3663 print FILE " -1/-1 ";
3664 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3665 {
3666 print FILE "-1/-1";
3667 } else {
3668 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3669 print FILE "/";
3670 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3671 }
3672 print FILE "\n";
3673
3674 if ($netsettings{'BLUE_DEV'})
3675 {
3676 print FILE "delay_parameters 2 ";
3677 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3678 {
3679 print FILE "-1/-1";
3680 } else {
3681 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3682 print FILE "/";
3683 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3684 }
3685 print FILE " -1/-1 ";
3686 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3687 {
3688 print FILE "-1/-1";
3689 } else {
3690 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3691 print FILE "/";
3692 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3693 }
3694 print FILE "\n";
3695 }
3696
3697 print FILE "delay_access 1 deny IPFire_ips\n";
3698 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPFire_unrestricted_ips\n"; }
3699 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPFire_unrestricted_mac\n"; }
3700 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3701
3702 if ($netsettings{'BLUE_DEV'})
3703 {
3704 if (&Header::green_used()) {
3705 print FILE "delay_access 1 allow IPFire_green_network";
3706 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3707 print FILE "\n";
3708 }
3709 print FILE "delay_access 1 deny all\n";
3710 } else {
3711 print FILE "delay_access 1 allow all";
3712 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3713 print FILE "\n";
3714 }
3715
3716 if ($netsettings{'BLUE_DEV'})
3717 {
3718 print FILE "delay_access 2 deny IPFire_ips\n";
3719 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPFire_unrestricted_ips\n"; }
3720 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPFire_unrestricted_mac\n"; }
3721 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3722 print FILE "delay_access 2 allow IPFire_blue_network";
3723 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3724 print FILE "\n";
3725 print FILE "delay_access 2 deny all\n";
3726 }
3727
3728 print FILE "delay_initial_bucket_level 100\n";
3729 print FILE "\n";
3730 }
3731
3732 if (&Header::green_used() && $proxysettings{'NO_PROXY_LOCAL'} eq 'on')
3733 {
3734 print FILE "#Prevent internal proxy access to Green except IPFire itself\n";
3735 print FILE "http_access deny IPFire_green_servers !IPFire_ips !IPFire_green_network\n\n";
3736 }
3737
3738 if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
3739 {
3740 print FILE "#Prevent internal proxy access from Blue except IPFire itself\n";
3741 print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
3742 print FILE "http_access deny IPFire_blue_network !IPFire_ips IPFire_servers\n\n";
3743 }
3744
3745 print FILE <<END
3746 #Set custom configured ACLs
3747 END
3748 ;
3749 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPFire_banned_ips\n"; }
3750 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPFire_banned_mac\n"; }
3751
3752 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3753 {
3754 if (!-z $acl_src_unrestricted_ip)
3755 {
3756 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_ips to_ipaddr_without_auth\n"; }
3757 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_ips to_domains_without_auth\n"; }
3758 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_ips to_hosts_without_auth\n"; }
3759 }
3760 if (!-z $acl_src_unrestricted_mac)
3761 {
3762 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_mac to_ipaddr_without_auth\n"; }
3763 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_mac to_domains_without_auth\n"; }
3764 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_mac to_hosts_without_auth\n"; }
3765 }
3766 if (!-z $acl_dst_noauth_net)
3767 {
3768 print FILE "http_access allow IPFire_networks";
3769 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3770 print FILE " !within_timeframe";
3771 } else {
3772 print FILE " within_timeframe"; }
3773 print FILE " to_ipaddr_without_auth\n";
3774 }
3775 if (!-z $acl_dst_noauth_dom)
3776 {
3777 print FILE "http_access allow IPFire_networks";
3778 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3779 print FILE " !within_timeframe";
3780 } else {
3781 print FILE " within_timeframe"; }
3782 print FILE " to_domains_without_auth\n";
3783 }
3784 if (!-z $acl_dst_noauth_url)
3785 {
3786 print FILE "http_access allow IPFire_networks";
3787 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3788 print FILE " !within_timeframe";
3789 } else {
3790 print FILE " within_timeframe"; }
3791 print FILE " to_hosts_without_auth\n";
3792 }
3793 }
3794
3795 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3796 {
3797 print FILE "http_access deny !for_inetusers";
3798 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3799 print FILE "\n";
3800 }
3801
3802 if (
3803 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3804 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3805 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3806 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3807 (!-z "$identdir/identauth.denyusers")
3808 )
3809 {
3810 print FILE "http_access deny for_acl_users";
3811 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3812 print FILE "\n";
3813 }
3814
3815 if (!-z $acl_src_unrestricted_ip)
3816 {
3817 print FILE "http_access allow IPFire_unrestricted_ips";
3818 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3819 {
3820 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3821 {
3822 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3823 }
3824 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3825 {
3826 print FILE " for_inetusers";
3827 }
3828 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3829 {
3830 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3831 {
3832 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3833 {
3834 print FILE " for_acl_users";
3835 }
3836 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3837 {
3838 print FILE " !for_acl_users";
3839 }
3840 } else { print FILE " for_inetusers"; }
3841 }
3842 }
3843 print FILE "\n";
3844 }
3845
3846 if (!-z $acl_src_unrestricted_mac)
3847 {
3848 print FILE "http_access allow IPFire_unrestricted_mac";
3849 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3850 {
3851 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3852 {
3853 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3854 }
3855 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3856 {
3857 print FILE " for_inetusers";
3858 }
3859 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3860 {
3861 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3862 {
3863 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3864 {
3865 print FILE " for_acl_users";
3866 }
3867 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3868 {
3869 print FILE " !for_acl_users";
3870 }
3871 } else { print FILE " for_inetusers"; }
3872 }
3873 }
3874 print FILE "\n";
3875 }
3876
3877 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3878 {
3879 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3880 if (!-z $extgrp) { print FILE "http_access allow IPFire_networks for_extended_users\n"; }
3881 }
3882
3883 if (
3884 (
3885 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3886 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3887 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3888 (!-z "$raddir/radauth.denyusers")
3889 )
3890 ||
3891 (
3892 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3893 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3894 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3895 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3896 (!-z "$identdir/identauth.denyusers")
3897 )
3898 )
3899 {
3900 print FILE "http_access deny for_acl_users";
3901 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3902 print FILE "\n";
3903 }
3904
3905 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3906 {
3907 print FILE "http_access allow";
3908 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3909 print FILE " !within_timeframe";
3910 } else {
3911 print FILE " within_timeframe"; }
3912 print FILE " !on_ident_aware_hosts\n";
3913 }
3914
3915 print FILE "http_access allow IPFire_networks";
3916 if (
3917 (
3918 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3919 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3920 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3921 (!-z "$raddir/radauth.allowusers")
3922 )
3923 ||
3924 (
3925 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3926 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3927 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3928 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3929 (!-z "$identdir/identauth.allowusers")
3930 )
3931 )
3932 {
3933 print FILE " for_acl_users";
3934 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3935 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3936 print FILE " for_inetusers";
3937 }
3938 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3939 {
3940 print FILE " !concurrent";
3941 }
3942 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3943 print FILE " !within_timeframe";
3944 } else {
3945 print FILE " within_timeframe"; }
3946 print FILE "\n";
3947
3948 print FILE "http_access deny all\n\n";
3949
3950 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off'))
3951 {
3952 print FILE "#Strip HTTP Header\n";
3953
3954 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3955 {
3956 print FILE "request_header_access X-Forwarded-For deny all\n";
3957 print FILE "reply_header_access X-Forwarded-For deny all\n";
3958 }
3959 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3960 {
3961 print FILE "request_header_access Via deny all\n";
3962 print FILE "reply_header_access Via deny all\n";
3963 }
3964
3965 print FILE "\n";
3966
3967 }
3968
3969 if ($proxysettings{'SUPPRESS_VERSION'} eq 'on') { print FILE "httpd_suppress_version_string on\n\n" }
3970
3971 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3972 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPFire_unrestricted_ips\n"; }
3973 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPFire_unrestricted_mac\n"; }
3974 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3975 {
3976 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3977 }
3978 print FILE "http_reply_access deny blocked_mimetypes\n";
3979 print FILE "http_reply_access allow all\n\n";
3980 }
3981
3982 print FILE "visible_hostname";
3983 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3984 {
3985 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3986 } else {
3987 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3988 }
3989
3990 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
3991 if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
3992 print FILE "\n";
3993
3994 print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
3995
3996 # Write the parent proxy info, if needed.
3997 if ($remotehost ne '')
3998 {
3999 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
4000
4001 # Enter authentication for the parent cache. Option format is
4002 # login=user:password ($proxy1='YES')
4003 # login=PASS ($proxy1='PASS')
4004 # login=*:password ($proxysettings{'FORWARD_USERNAME'} eq 'on')
4005 if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS'))
4006 {
4007 print FILE " login=$proxysettings{'UPSTREAM_USER'}";
4008 if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; }
4009 }
4010 elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
4011
4012 print FILE "\nalways_direct allow IPFire_ips\n";
4013 print FILE "never_direct allow all\n\n";
4014 }
4015 if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
4016 {
4017 print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
4018 print FILE "url_rewrite_children ", &General::number_cpu_cores();
4019 print FILE " startup=", &General::number_cpu_cores();
4020 print FILE " idle=", &General::number_cpu_cores();
4021 print FILE " queue-size=", &General::number_cpu_cores() * 32, "\n\n";
4022 }
4023
4024 # Include file with user defined settings.
4025 if (-e "/etc/squid/squid.conf.local") {
4026 print FILE "include /etc/squid/squid.conf.local\n";
4027 }
4028 close FILE;
4029
4030 # Proxy settings for squidclamav - if installed.
4031 #
4032 # Check if squidclamav is enabled.
4033 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
4034
4035 my $configfile='/etc/squidclamav.conf';
4036
4037 my $data = &General::read_file_utf8($configfile);
4038 $data =~ s/squid_port [0-9]+/squid_port $proxysettings{'PROXY_PORT'}/g;
4039 &General::write_file_utf8($configfile, $data);
4040 }
4041 }
4042
4043 # -------------------------------------------------------------------
4044
4045 sub adduser
4046 {
4047 my ($str_user, $str_pass, $str_group) = @_;
4048 my @groupmembers=();
4049
4050 if ($str_pass eq 'lEaVeAlOnE')
4051 {
4052 open(FILE, "$userdb");
4053 @groupmembers = <FILE>;
4054 close(FILE);
4055 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
4056 &deluser($str_user);
4057 open(FILE, ">>$userdb");
4058 flock FILE,2;
4059 print FILE "$str_user$str_pass";
4060 close(FILE);
4061 } else {
4062 &deluser($str_user);
4063
4064 my %htpasswd_options = (
4065 passwdFile => "$userdb",
4066 UseMD5 => 1,
4067 );
4068
4069 my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);
4070
4071 $htpasswd->htpasswd($str_user, $str_pass);
4072 }
4073
4074 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
4075 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
4076 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
4077 flock FILE, 2;
4078 print FILE "$str_user\n";
4079 close(FILE);
4080
4081 return;
4082 }
4083
4084 # -------------------------------------------------------------------
4085
4086 sub deluser
4087 {
4088 my ($str_user) = @_;
4089 my $groupfile='';
4090 my @groupmembers=();
4091 my @templist=();
4092
4093 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
4094 {
4095 undef @templist;
4096 open(FILE, "$groupfile");
4097 @groupmembers = <FILE>;
4098 close(FILE);
4099 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
4100 open(FILE, ">$groupfile");
4101 flock FILE, 2;
4102 print FILE @templist;
4103 close(FILE);
4104 }
4105
4106 undef @templist;
4107 open(FILE, "$userdb");
4108 @groupmembers = <FILE>;
4109 close(FILE);
4110 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
4111 open(FILE, ">$userdb");
4112 flock FILE, 2;
4113 print FILE @templist;
4114 close(FILE);
4115
4116 return;
4117 }
4118
4119 # -------------------------------------------------------------------
4120
4121 sub writecachemgr
4122 {
4123 open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
4124 flock(FILE, 2);
4125 if (&Header::green_used()) {
4126 print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
4127 }
4128 print FILE "localhost";
4129 close(FILE);
4130 return;
4131 }
4132
4133 # -------------------------------------------------------------------
IPFire 2.x development tree