]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
HinzugefĆ¼gt:
[ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 #
3 # IPCop CGIs
4 #
5 # This code is distributed under the terms of the GPL
6 #
7 # $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $
8 #
9
10 use strict;
11
12 # enable only the following on debugging purpose
13 #use warnings;
14 #use CGI::Carp 'fatalsToBrowser';
15
16 use IO::Socket;
17
18 require '/var/ipfire/general-functions.pl';
19 require "${General::swroot}/lang.pl";
20 require "${General::swroot}/header.pl";
21
22 my $advproxyversion = `cat ${General::swroot}/proxy/advanced/version`;
23 my $sysupdflagfile = "${General::swroot}/proxy/advanced/.up2date";
24
25 my %proxysettings=();
26 my %netsettings=();
27 my %filtersettings=();
28 my %updaccsettings=();
29 my %stdproxysettings=();
30 my %mainsettings=();
31 my $urlfilter_addon=0;
32 my $updacclrtr_addon=0;
33
34 my %checked=();
35 my %selected=();
36
37 my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
38 my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
39 my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
40 my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
41
42 my @useragent=();
43 my @useragentlist=();
44
45 my $hintcolour='#FFFFCC';
46 my $ncsa_buttontext='';
47 my $language='';
48 my $i=0;
49 my $n=0;
50 my $id=0;
51 my $line='';
52 my $user='';
53 my @userlist=();
54 my @grouplist=();
55 my @temp=();
56 my @templist=();
57
58 my $cachemem=0;
59 my $proxy1='';
60 my $proxy2='';
61 my $replybodymaxsize=0;
62 my $browser_regexp='';
63 my $needhup = 0;
64 my $errormessage='';
65
66 my $acldir = "${General::swroot}/proxy/advanced/acls";
67 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
68 my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
69 my $raddir = "${General::swroot}/proxy/advanced/radius";
70 my $identdir = "${General::swroot}/proxy/advanced/ident";
71 my $credir = "${General::swroot}/proxy/advanced/cre";
72
73 my $userdb = "$ncsadir/passwd";
74 my $stdgrp = "$ncsadir/standard.grp";
75 my $extgrp = "$ncsadir/extended.grp";
76 my $disgrp = "$ncsadir/disabled.grp";
77
78 my $browserdb = "${General::swroot}/proxy/advanced/useragents";
79 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
80 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
81
82 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
83 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
84 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
85
86 my $identhosts = "$identdir/hosts";
87
88 my $libexecdir = "/usr/lib/squid";
89
90 my $acl_src_subnets = "$acldir/src_subnets.acl";
91 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
92 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
93 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
94 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
95 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
96 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
97 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
98 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
99 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
100 my $acl_include = "$acldir/include.acl";
101
102 unless (-d "$acldir") { mkdir("$acldir"); }
103 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
104 unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
105 unless (-d "$raddir") { mkdir("$raddir"); }
106 unless (-d "$identdir") { mkdir("$identdir"); }
107 unless (-d "$credir") { mkdir("$credir"); }
108
109 unless (-e $cre_groups) { system("touch $cre_groups"); }
110 unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
111
112 unless (-e $userdb) { system("touch $userdb"); }
113 unless (-e $stdgrp) { system("touch $stdgrp"); }
114 unless (-e $extgrp) { system("touch $extgrp"); }
115 unless (-e $disgrp) { system("touch $disgrp"); }
116
117 unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
118 unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
119 unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
120 unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
121 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
122 unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
123 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
124 unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
125 unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
126 unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
127 unless (-e $acl_include) { system("touch $acl_include"); }
128
129 unless (-e $browserdb) { system("touch $browserdb"); }
130 unless (-e $mimetypes) { system("touch $mimetypes"); }
131
132 open FILE, $browserdb;
133 @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
134 close(FILE);
135
136 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
137 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
138
139 if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; }
140 if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; }
141
142 if ($urlfilter_addon) {
143 $filtersettings{'CHILDREN'} = '5';
144 if (-e "${General::swroot}/urlfilter/settings") {
145 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
146 }
147 }
148
149 if ($updacclrtr_addon) {
150 $updaccsettings{'ACCELERATORS'} = '10';
151 if (-e "${General::swroot}/updacclrtr/settings") {
152 &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings);
153 }
154 }
155
156 &Header::showhttpheaders();
157
158 $proxysettings{'ACTION'} = '';
159 $proxysettings{'VALID'} = '';
160
161 $proxysettings{'ENABLE'} = 'off';
162 $proxysettings{'ENABLE_BLUE'} = 'off';
163 $proxysettings{'TRANSPARENT'} = 'off';
164 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
165 $proxysettings{'PROXY_PORT'} = '800';
166 $proxysettings{'VISIBLE_HOSTNAME'} = '';
167 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
168 $proxysettings{'ERR_LANGUAGE'} = 'English';
169 $proxysettings{'FORWARD_VIA'} = 'off';
170 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
171 $proxysettings{'FORWARD_USERNAME'} = 'off';
172 $proxysettings{'UPSTREAM_PROXY'} = '';
173 $proxysettings{'UPSTREAM_USER'} = '';
174 $proxysettings{'UPSTREAM_PASSWORD'} = '';
175 $proxysettings{'LOGGING'} = 'off';
176 $proxysettings{'LOGQUERY'} = 'off';
177 $proxysettings{'LOGUSERAGENT'} = 'off';
178 $proxysettings{'CACHE_MEM'} = '2';
179 $proxysettings{'CACHE_SIZE'} = '50';
180 $proxysettings{'MAX_SIZE'} = '4096';
181 $proxysettings{'MIN_SIZE'} = '0';
182 $proxysettings{'MEM_POLICY'} = 'LRU';
183 $proxysettings{'CACHE_POLICY'} = 'LRU';
184 $proxysettings{'L1_DIRS'} = '16';
185 $proxysettings{'OFFLINE_MODE'} = 'off';
186 $proxysettings{'CLASSROOM_EXT'} = 'off';
187 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
188 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
189 $proxysettings{'TIME_FROM_HOUR'} = '00';
190 $proxysettings{'TIME_FROM_MINUTE'} = '00';
191 $proxysettings{'TIME_TO_HOUR'} = '24';
192 $proxysettings{'TIME_TO_MINUTE'} = '00';
193 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
194 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
195 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
196 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
197 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
198 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
199 $proxysettings{'THROTTLE_BINARY'} = 'off';
200 $proxysettings{'THROTTLE_DSKIMG'} = 'off';
201 $proxysettings{'THROTTLE_MMEDIA'} = 'off';
202 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
203 $proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
204 $proxysettings{'FAKE_USERAGENT'} = '';
205 $proxysettings{'FAKE_REFERER'} = '';
206 $proxysettings{'AUTH_METHOD'} = 'none';
207 $proxysettings{'AUTH_REALM'} = '';
208 $proxysettings{'AUTH_MAX_USERIP'} = '';
209 $proxysettings{'AUTH_CACHE_TTL'} = '60';
210 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
211 $proxysettings{'AUTH_CHILDREN'} = '5';
212 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
213 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
214 $proxysettings{'NCSA_USERNAME'} = '';
215 $proxysettings{'NCSA_GROUP'} = '';
216 $proxysettings{'NCSA_PASS'} = '';
217 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
218 $proxysettings{'LDAP_BASEDN'} = '';
219 $proxysettings{'LDAP_TYPE'} = 'ADS';
220 $proxysettings{'LDAP_SERVER'} = '';
221 $proxysettings{'LDAP_PORT'} = '389';
222 $proxysettings{'LDAP_BINDDN_USER'} = '';
223 $proxysettings{'LDAP_BINDDN_PASS'} = '';
224 $proxysettings{'LDAP_GROUP'} = '';
225 $proxysettings{'NTLM_DOMAIN'} = '';
226 $proxysettings{'NTLM_PDC'} = '';
227 $proxysettings{'NTLM_BDC'} = '';
228 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
229 $proxysettings{'NTLM_USER_ACL'} = 'positive';
230 $proxysettings{'RADIUS_SERVER'} = '';
231 $proxysettings{'RADIUS_PORT'} = '1645';
232 $proxysettings{'RADIUS_IDENTIFIER'} = '';
233 $proxysettings{'RADIUS_SECRET'} = '';
234 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
235 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
236 $proxysettings{'IDENT_REQUIRED'} = 'off';
237 $proxysettings{'IDENT_TIMEOUT'} = '10';
238 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
239 $proxysettings{'IDENT_USER_ACL'} = 'positive';
240
241 if ($urlfilter_addon) {
242 $proxysettings{'ENABLE_FILTER'} = 'off';
243 }
244
245 if ($updacclrtr_addon) {
246 $proxysettings{'ENABLE_UPDACCEL'} = 'off';
247 }
248
249 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
250
251 &Header::getcgihash(\%proxysettings);
252
253 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
254 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
255 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
256 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
257
258 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
259 {
260 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
261 }
262
263 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
264 {
265 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
266 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
267 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
268 }
269 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
270 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
271 }
272 if ($proxysettings{'NCSA_USERNAME'} eq '') {
273 $errormessage = $Lang::tr{'advproxy errmsg no username'};
274 }
275 if (!$errormessage) {
276 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
277 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
278 }
279 $proxysettings{'NCSA_USERNAME'} = '';
280 $proxysettings{'NCSA_GROUP'} = '';
281 $proxysettings{'NCSA_PASS'} = '';
282 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
283 }
284
285 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
286 {
287 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
288 &deluser($proxysettings{'ID'});
289 }
290
291 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
292 {
293 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
294 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
295 @temp = split(/:/,$proxysettings{'ID'});
296 $proxysettings{'NCSA_USERNAME'} = $temp[0];
297 $proxysettings{'NCSA_GROUP'} = $temp[1];
298 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
299 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
300 }
301
302 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
303 {
304 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
305 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
306 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
307 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
308 $errormessage = $Lang::tr{'invalid input'};
309 goto ERROR;
310 }
311 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
312 ($proxysettings{'CACHE_SIZE'} < 10))
313 {
314 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
315 goto ERROR;
316 }
317 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
318 ($proxysettings{'CACHE_MEM'} < 1))
319 {
320 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
321 goto ERROR;
322 }
323 my @free = `/usr/bin/free`;
324 $free[1] =~ m/(\d+)/;
325 $cachemem = int $1 / 2048;
326 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
327 $proxysettings{'CACHE_MEM'} = $cachemem;
328 }
329 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
330 {
331 $errormessage = $Lang::tr{'invalid maximum object size'};
332 goto ERROR;
333 }
334 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
335 {
336 $errormessage = $Lang::tr{'invalid minimum object size'};
337 goto ERROR;
338 }
339 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
340 {
341 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
342 goto ERROR;
343 }
344 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
345 {
346 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
347 goto ERROR;
348 }
349 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
350 {
351 $errormessage = $Lang::tr{'invalid maximum incoming size'};
352 goto ERROR;
353 }
354 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
355 {
356 $browser_regexp = '';
357 foreach (@useragentlist)
358 {
359 chomp;
360 @useragent = split(/,/);
361 if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
362 }
363 chop($browser_regexp);
364 if (!$browser_regexp)
365 {
366 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
367 goto ERROR;
368 }
369 }
370 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
371 {
372 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
373 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
374 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
375 {
376 if ($netsettings{'BLUE_DEV'})
377 {
378 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
379 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
380 {
381 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
382 goto ERROR;
383 }
384 } else {
385 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
386 {
387 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
388 goto ERROR;
389 }
390 }
391 }
392 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
393 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
394 {
395 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
396 goto ERROR;
397 }
398 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
399 {
400 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
401 goto ERROR;
402 }
403 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
404 {
405 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
406 goto ERROR;
407 }
408 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
409 {
410 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
411 goto ERROR;
412 }
413 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
414 {
415 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
416 goto ERROR;
417 }
418 }
419 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
420 {
421 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
422 {
423 $errormessage = $Lang::tr{'advproxy errmsg password length'};
424 goto ERROR;
425 }
426 }
427 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
428 {
429 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
430 {
431 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
432 goto ERROR;
433 }
434 }
435 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
436 {
437 if ($proxysettings{'LDAP_BASEDN'} eq '')
438 {
439 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
440 goto ERROR;
441 }
442 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
443 {
444 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
445 goto ERROR;
446 }
447 if (!&General::validport($proxysettings{'LDAP_PORT'}))
448 {
449 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
450 goto ERROR;
451 }
452 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
453 {
454 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
455 {
456 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
457 goto ERROR;
458 }
459 }
460 }
461 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
462 {
463 if ($proxysettings{'NTLM_DOMAIN'} eq '')
464 {
465 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
466 goto ERROR;
467 }
468 if ($proxysettings{'NTLM_PDC'} eq '')
469 {
470 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
471 goto ERROR;
472 }
473 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
474 {
475 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
476 goto ERROR;
477 }
478 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
479 {
480 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
481 goto ERROR;
482 }
483 }
484 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
485 {
486 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
487 {
488 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
489 goto ERROR;
490 }
491 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
494 goto ERROR;
495 }
496 if ($proxysettings{'RADIUS_SECRET'} eq '')
497 {
498 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
499 goto ERROR;
500 }
501 }
502
503 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
504 $proxy1 = 'YES';
505 $proxy2 = 'YES';
506 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
507 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
508 if (($proxy1 ne $proxy2))
509 {
510 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
511 goto ERROR;
512 }
513
514 ERROR:
515 &check_acls;
516
517 if ($errormessage) {
518 $proxysettings{'VALID'} = 'no'; }
519 else {
520 $proxysettings{'VALID'} = 'yes'; }
521
522 if ($proxysettings{'VALID'} eq 'yes')
523 {
524 &write_acls;
525
526 delete $proxysettings{'SRC_SUBNETS'};
527 delete $proxysettings{'SRC_BANNED_IP'};
528 delete $proxysettings{'SRC_BANNED_MAC'};
529 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
530 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
531 delete $proxysettings{'DST_NOCACHE'};
532 delete $proxysettings{'DST_NOAUTH'};
533 delete $proxysettings{'MIME_TYPES'};
534 delete $proxysettings{'NTLM_ALLOW_USERS'};
535 delete $proxysettings{'NTLM_DENY_USERS'};
536 delete $proxysettings{'RADIUS_ALLOW_USERS'};
537 delete $proxysettings{'RADIUS_DENY_USERS'};
538 delete $proxysettings{'IDENT_HOSTS'};
539 delete $proxysettings{'IDENT_ALLOW_USERS'};
540 delete $proxysettings{'IDENT_DENY_USERS'};
541
542 delete $proxysettings{'CRE_GROUPS'};
543 delete $proxysettings{'CRE_SVHOSTS'};
544
545 delete $proxysettings{'NCSA_USERNAME'};
546 delete $proxysettings{'NCSA_GROUP'};
547 delete $proxysettings{'NCSA_PASS'};
548 delete $proxysettings{'NCSA_PASS_CONFIRM'};
549
550 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
551 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
552 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
553 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
554 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
555 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
556 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
557
558 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
559 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
560
561 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
562
563 if ($urlfilter_addon)
564 {
565 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
566 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
567 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
568 }
569
570 if ($updacclrtr_addon)
571 {
572 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
573 $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'};
574 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
575 }
576
577 &writeconfig;
578 &writepacfile;
579
580 unlink "${General::swroot}/proxy/enable";
581 unlink "${General::swroot}/proxy/transparent";
582 unlink "${General::swroot}/proxy/enable_blue";
583 unlink "${General::swroot}/proxy/transparent_blue";
584
585 if ($proxysettings{'ENABLE'} eq 'on') {
586 system ('/bin/touch', "${General::swroot}/proxy/enable"); }
587 if ($proxysettings{'TRANSPARENT'} eq 'on') {
588 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }
589 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
590 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }
591 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
592 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
593
594 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
595 }
596 }
597
598 if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})
599 {
600 system('/usr/local/bin/restartsquid','-f');
601 }
602
603 if (!$errormessage)
604 {
605 if (-e "${General::swroot}/proxy/advanced/settings") {
606 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
607 } elsif (-e "${General::swroot}/proxy/settings") {
608 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
609 }
610 &read_acls;
611 }
612
613 $checked{'ENABLE'}{'off'} = '';
614 $checked{'ENABLE'}{'on'} = '';
615 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
616
617 $checked{'TRANSPARENT'}{'off'} = '';
618 $checked{'TRANSPARENT'}{'on'} = '';
619 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
620
621 $checked{'ENABLE_BLUE'}{'off'} = '';
622 $checked{'ENABLE_BLUE'}{'on'} = '';
623 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
624
625 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
626 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
627 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
628
629 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
630 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
631 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
632 $checked{'FORWARD_USERNAME'}{'off'} = '';
633 $checked{'FORWARD_USERNAME'}{'on'} = '';
634 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
635 $checked{'FORWARD_VIA'}{'off'} = '';
636 $checked{'FORWARD_VIA'}{'on'} = '';
637 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
638
639 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
640 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
641 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
642 $checked{'OFFLINE_MODE'}{'off'} = '';
643 $checked{'OFFLINE_MODE'}{'on'} = '';
644 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
645
646 $checked{'LOGGING'}{'off'} = '';
647 $checked{'LOGGING'}{'on'} = '';
648 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
649 $checked{'LOGQUERY'}{'off'} = '';
650 $checked{'LOGQUERY'}{'on'} = '';
651 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
652 $checked{'LOGUSERAGENT'}{'off'} = '';
653 $checked{'LOGUSERAGENT'}{'on'} = '';
654 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
655
656 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
657
658 $checked{'CLASSROOM_EXT'}{'off'} = '';
659 $checked{'CLASSROOM_EXT'}{'on'} = '';
660 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
661
662 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
663 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
664 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
665 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
666 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
667
668 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
669 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
670 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
671 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
672 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
673 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
674 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
675
676 $checked{'TIME_MON'}{'off'} = '';
677 $checked{'TIME_MON'}{'on'} = '';
678 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
679 $checked{'TIME_TUE'}{'off'} = '';
680 $checked{'TIME_TUE'}{'on'} = '';
681 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
682 $checked{'TIME_WED'}{'off'} = '';
683 $checked{'TIME_WED'}{'on'} = '';
684 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
685 $checked{'TIME_THU'}{'off'} = '';
686 $checked{'TIME_THU'}{'on'} = '';
687 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
688 $checked{'TIME_FRI'}{'off'} = '';
689 $checked{'TIME_FRI'}{'on'} = '';
690 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
691 $checked{'TIME_SAT'}{'off'} = '';
692 $checked{'TIME_SAT'}{'on'} = '';
693 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
694 $checked{'TIME_SUN'}{'off'} = '';
695 $checked{'TIME_SUN'}{'on'} = '';
696 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
697
698 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
699 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
700 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
701 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
702
703 $checked{'THROTTLE_BINARY'}{'off'} = '';
704 $checked{'THROTTLE_BINARY'}{'on'} = '';
705 $checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
706 $checked{'THROTTLE_DSKIMG'}{'off'} = '';
707 $checked{'THROTTLE_DSKIMG'}{'on'} = '';
708 $checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
709 $checked{'THROTTLE_MMEDIA'}{'off'} = '';
710 $checked{'THROTTLE_MMEDIA'}{'on'} = '';
711 $checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
712
713 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
714 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
715 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
716
717 $checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
718 $checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
719 $checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
720
721 foreach (@useragentlist) {
722 @useragent = split(/,/);
723 $checked{'UA_'.@useragent[0]}{'off'} = '';
724 $checked{'UA_'.@useragent[0]}{'on'} = '';
725 $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
726 }
727
728 $checked{'AUTH_METHOD'}{'none'} = '';
729 $checked{'AUTH_METHOD'}{'ncsa'} = '';
730 $checked{'AUTH_METHOD'}{'ident'} = '';
731 $checked{'AUTH_METHOD'}{'ldap'} = '';
732 $checked{'AUTH_METHOD'}{'ntlm'} = '';
733 $checked{'AUTH_METHOD'}{'radius'} = '';
734 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
735
736 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
737
738 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
739 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
740 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
741
742 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
743 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
744 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
745
746 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
747
748 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
749
750 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
751
752 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
753 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
754 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
755
756 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
757 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
758 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
759
760 $checked{'NTLM_USER_ACL'}{'positive'} = '';
761 $checked{'NTLM_USER_ACL'}{'negative'} = '';
762 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
763
764 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
765 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
766 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
767
768 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
769 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
770 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
771
772 $checked{'IDENT_REQUIRED'}{'off'} = '';
773 $checked{'IDENT_REQUIRED'}{'on'} = '';
774 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
775
776 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
777 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
778 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
779
780 $checked{'IDENT_USER_ACL'}{'positive'} = '';
781 $checked{'IDENT_USER_ACL'}{'negative'} = '';
782 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
783
784 if ($urlfilter_addon) {
785 $checked{'ENABLE_FILTER'}{'off'} = '';
786 $checked{'ENABLE_FILTER'}{'on'} = '';
787 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
788 }
789
790 if ($updacclrtr_addon) {
791 $checked{'ENABLE_UPDACCEL'}{'off'} = '';
792 $checked{'ENABLE_UPDACCEL'}{'on'} = '';
793 $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'";
794 }
795
796 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
797
798 &Header::openbigbox('100%', 'left', '', $errormessage);
799
800 if ($errormessage) {
801 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
802 print "<font class='base'>$errormessage&nbsp;</font>\n";
803 &Header::closebox();
804 }
805
806 if (($advproxyversion lt $latest) && (-e $sysupdflagfile)) { unlink($sysupdflagfile); }
807
808 if (!-e $sysupdflagfile) {
809 &Header::openbox('100%', 'left', $Lang::tr{'advproxy update notification'});
810 print "<table width='100%' cellpadding='5'>\n";
811 print "<tr>\n";
812 print "<td bgcolor='$hintcolour' class='base'>$Lang::tr{'advproxy update information'}</td>";
813 print "</tr>\n";
814 print "</table>\n";
815 &Header::closebox();
816 }
817
818 # ===================================================================
819 # Main settings
820 # ===================================================================
821
822 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
823
824 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
825
826 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
827
828 print <<END
829 <table width='100%'>
830 <tr>
831 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
832 </tr>
833 <tr>
834 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
835 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
836 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:</td>
837 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
838 </tr>
839 <tr>
840 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
841 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
842 <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
843 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
844 </tr>
845 <tr>
846 END
847 ;
848 if ($netsettings{'BLUE_DEV'}) {
849 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
850 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
851 } else {
852 print "<td colspan='2'>&nbsp;</td>";
853 }
854 print <<END
855 <td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
856 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
857 </tr>
858 <tr>
859 END
860 ;
861 if ($netsettings{'BLUE_DEV'}) {
862 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
863 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
864 } else {
865 print "<td colspan='2'>&nbsp;</td>";
866 }
867 print <<END
868 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
869 <td class='base'>
870 <select name='ERR_LANGUAGE'>
871 END
872 ;
873 foreach (</usr/lib/squid/errors/*>) {
874 if (-d) {
875 $language = substr($_,rindex($_,"/")+1);
876 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
877 }
878 }
879 print <<END
880 </select>
881 </td>
882 </tr>
883 </table>
884 <hr size='1'>
885 <table width='100%'>
886 <tr>
887 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
888 </tr>
889 <tr>
890 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}</font>:</td>
891 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
892 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
893 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
894 </tr>
895 <tr>
896 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}</font>:</td>
897 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
898 <td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
899 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
900 </tr>
901 <tr>
902 <td class='base'>$Lang::tr{'advproxy username forwarding'}</font>:</td>
903 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
904 <td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
905 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
906 </tr>
907 </table>
908 <hr size='1'>
909 <table width='100%'>
910 <tr>
911 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
912 </tr>
913 <tr>
914 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
915 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
916 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
917 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
918 </tr>
919 <tr>
920 <td>&nbsp;</td>
921 <td>&nbsp;</td>
922 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
923 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
924 </tr>
925 </table>
926 <hr size='1'>
927 <table width='100%'>
928 <tr>
929 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
930 </tr>
931 <tr>
932 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
933 </tr>
934 <tr>
935 <td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
936 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
937 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:</td>
938 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
939 </tr>
940 <tr>
941 <td class='base'>$Lang::tr{'advproxy min size'}:</td>
942 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
943 <td class='base'>$Lang::tr{'advproxy max size'}:</td>
944 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
945 </tr>
946 <tr>
947 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
948 <td class='base'><select name='L1_DIRS'>
949 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
950 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
951 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
952 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
953 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
954 </select></td>
955 <td colspan='2' rowspan= '5' valign='top' class='base'>
956 <table cellpadding='0' cellspacing='0'>
957 <tr>
958 <!-- intentionally left empty -->
959 </tr>
960 <tr>
961 <td>$Lang::tr{'advproxy no cache sites'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
962 </tr>
963 <tr>
964 <!-- intentionally left empty -->
965 </tr>
966 <tr>
967 <!-- intentionally left empty -->
968 </tr>
969 <tr>
970 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
971 END
972 ;
973
974 print $proxysettings{'DST_NOCACHE'};
975
976 print <<END
977 </textarea></td>
978 </tr>
979 </table>
980 </td>
981 </tr>
982 <tr>
983 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
984 <td class='base'><select name='MEM_POLICY'>
985 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
986 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
987 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
988 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
989 </select></td>
990 </tr>
991 <tr>
992 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
993 <td class='base'><select name='CACHE_POLICY'>
994 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
995 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
996 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
997 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
998 </select></td>
999 </tr>
1000 <tr>
1001 <td colspan='2'>&nbsp;</td>
1002 </tr>
1003 <tr>
1004 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1005 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1006 </tr>
1007 </table>
1008 <hr size='1'>
1009 <table width='100%'>
1010 <tr>
1011 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1012 </tr>
1013 <tr>
1014 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1015 </tr>
1016 <tr>
1017 <td colspan='2' class='base'>$Lang::tr{'advproxy allowed subnets'}:</td>
1018 <td colspan='2'>&nbsp;</td>
1019 </tr>
1020 <tr>
1021 <td colspan='2'><textarea name='SRC_SUBNETS' cols='32' rows='6' wrap='off'>
1022 END
1023 ;
1024
1025 if (!$proxysettings{'SRC_SUBNETS'}) {
1026 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1027 if ($netsettings{'BLUE_DEV'}) {
1028 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1029 }
1030 } else {
1031 print $proxysettings{'SRC_SUBNETS'};
1032 }
1033
1034 print <<END
1035 </textarea></td>
1036 <td colspan='2'>&nbsp;</td>
1037 </tr>
1038 </table>
1039 <table width='100%'>
1040 <tr>
1041 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1042 </tr>
1043 <tr>
1044 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1045 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1046 </tr>
1047 <tr>
1048 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='6' wrap='off'>
1049 END
1050 ;
1051
1052 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1053
1054 print <<END
1055 </textarea></td>
1056 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='6' wrap='off'>
1057 END
1058 ;
1059
1060 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1061
1062 print <<END
1063 </textarea></td>
1064 </tr>
1065 </table>
1066 <table width='100%'>
1067 <tr>
1068 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1069 </tr>
1070 <tr>
1071 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1072 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1073 </tr>
1074 <tr>
1075 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='6' wrap='off'>
1076 END
1077 ;
1078
1079 print $proxysettings{'SRC_BANNED_IP'};
1080
1081 print <<END
1082 </textarea></td>
1083 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='6' wrap='off'>
1084 END
1085 ;
1086
1087 print $proxysettings{'SRC_BANNED_MAC'};
1088
1089 print <<END
1090 </textarea></td>
1091 </tr>
1092 </table>
1093
1094 <hr size='1'>
1095
1096 END
1097 ;
1098 # -------------------------------------------------------------------
1099 # CRE GUI - optional
1100 # -------------------------------------------------------------------
1101
1102 if (-e $cre_enabled) { print <<END
1103 <table width='100%'>
1104
1105 <tr>
1106 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b></td>
1107 </tr>
1108 <tr>
1109 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1110 </tr>
1111 <tr>
1112 <td class='base'>$Lang::tr{'advproxy enabled'}:</td>
1113 <td><input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1114 <td class='base'>$Lang::tr{'advproxy supervisor password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1115 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1116 </tr>
1117 <tr>
1118 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1119 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1120 </tr>
1121 <tr>
1122 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1123 END
1124 ;
1125
1126 print $proxysettings{'CRE_GROUPS'};
1127
1128 print <<END
1129 </textarea></td>
1130 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1131 END
1132 ;
1133 print $proxysettings{'CRE_SVHOSTS'};
1134
1135 print <<END
1136 </textarea></td>
1137 </tr>
1138
1139 </table>
1140
1141 <hr size='1'>
1142 END
1143 ;
1144 } else {
1145 print <<END
1146 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1147 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1148 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1149 END
1150 ;
1151 }
1152 # -------------------------------------------------------------------
1153
1154 print <<END
1155
1156 <table width='100%'>
1157 <tr>
1158 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1159 </tr>
1160 <table width='100%'>
1161 <tr>
1162 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1163 <td width='1%'>&nbsp;</td>
1164 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1165 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1166 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1167 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1168 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1169 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1170 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1171 <td width='1%'>&nbsp;&nbsp;</td>
1172 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1173 <td width='1%'>&nbsp;</td>
1174 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1175 <td>&nbsp;</td>
1176 </tr>
1177 <tr>
1178 <td class='base'>
1179 <select name='TIME_ACCESS_MODE'>
1180 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1181 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1182 </select>
1183 </td>
1184 <td>&nbsp;</td>
1185 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1186 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1187 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1188 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1189 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1190 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1191 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1192 <td>&nbsp;</td>
1193 <td class='base'>
1194 <select name='TIME_FROM_HOUR'>
1195 END
1196 ;
1197 for ($i=0;$i<=24;$i++) {
1198 $_ = sprintf("%02s",$i);
1199 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1200 }
1201 print <<END
1202 </select>
1203 </td>
1204 <td>:</td>
1205 <td class='base'>
1206 <select name='TIME_FROM_MINUTE'>
1207 END
1208 ;
1209 for ($i=0;$i<=45;$i+=15) {
1210 $_ = sprintf("%02s",$i);
1211 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1212 }
1213 print <<END
1214 </select>
1215 <td> - </td>
1216 </td>
1217 <td class='base'>
1218 <select name='TIME_TO_HOUR'>
1219 END
1220 ;
1221 for ($i=0;$i<=24;$i++) {
1222 $_ = sprintf("%02s",$i);
1223 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1224 }
1225 print <<END
1226 </select>
1227 </td>
1228 <td>:</td>
1229 <td class='base'>
1230 <select name='TIME_TO_MINUTE'>
1231 END
1232 ;
1233 for ($i=0;$i<=45;$i+=15) {
1234 $_ = sprintf("%02s",$i);
1235 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1236 }
1237 print <<END
1238 </select>
1239 </td>
1240 </tr>
1241 </table>
1242 <hr size='1'>
1243 <table width='100%'>
1244 <tr>
1245 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1246 </tr>
1247 <tr>
1248 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:</td>
1249 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1250 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:</td>
1251 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1252 </tr>
1253 </table>
1254 <hr size='1'>
1255 <table width='100%'>
1256 <tr>
1257 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1258 </tr>
1259 <tr>
1260 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1261 <td width='20%' class='base'>
1262 <select name='THROTTLING_GREEN_TOTAL'>
1263 END
1264 ;
1265
1266 foreach (@throttle_limits) {
1267 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
1268 }
1269
1270 print <<END
1271 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1272 </select>
1273 </td>
1274 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1275 <td width='30%' class='base'>
1276 <select name='THROTTLING_GREEN_HOST'>
1277 END
1278 ;
1279
1280 foreach (@throttle_limits) {
1281 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
1282 }
1283
1284 print <<END
1285 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1286 </select>
1287 </td>
1288 </tr>
1289 END
1290 ;
1291
1292 if ($netsettings{'BLUE_DEV'}) {
1293 print <<END
1294 <tr>
1295 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1296 <td class='base'>
1297 <select name='THROTTLING_BLUE_TOTAL'>
1298 END
1299 ;
1300
1301 foreach (@throttle_limits) {
1302 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
1303 }
1304
1305 print <<END
1306 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1307 </select>
1308 </td>
1309 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1310 <td class='base'>
1311 <select name='THROTTLING_BLUE_HOST'>
1312 END
1313 ;
1314
1315 foreach (@throttle_limits) {
1316 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
1317 }
1318
1319 print <<END
1320 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1321 </select>
1322 </td>
1323 </tr>
1324 END
1325 ;
1326 }
1327
1328 print <<END
1329 </table>
1330 <table width='100%'>
1331 <tr>
1332 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1333 </tr>
1334 <tr>
1335 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1336 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1337 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1338 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1339 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1340 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1341 <td width='15%'>&nbsp;</td>
1342 <td width='10%'>&nbsp;</td>
1343 </tr>
1344 </table>
1345 <hr size='1'>
1346 <table width='100%'>
1347 <tr>
1348 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b></td>
1349 </tr>
1350 <tr>
1351 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1352 <td width='20%'><input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1353 </tr>
1354 <tr>
1355 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1356 <td>&nbsp;</td>
1357 <td>&nbsp;</td>
1358 </tr>
1359 <tr>
1360 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1361 END
1362 ;
1363
1364 print $proxysettings{'MIME_TYPES'};
1365
1366 print <<END
1367 </textarea></td>
1368 <td>&nbsp;</td>
1369 <td>&nbsp;</td>
1370 </tr>
1371 </table>
1372 <hr size='1'>
1373 <table width='100%'>
1374 <tr>
1375 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b></td>
1376 </tr>
1377 <tr>
1378 <td width='25%' class='base'>$Lang::tr{'advproxy UA enable filter'}:</td>
1379 <td width='20%'><input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1380 <td>&nbsp;</td>
1381 <td>&nbsp;</td>
1382 </tr>
1383 <tr>
1384 <td colspan='4'><i>
1385 END
1386 ;
1387 if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1388 print <<END
1389 </i></td>
1390 </tr>
1391 </table>
1392 <table width='100%'>
1393 END
1394 ;
1395
1396 for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1397 for ($i=0; $i<=3; $i++) {
1398 if ($i eq 0) { print "<tr>\n"; }
1399 if (($n+$i) < @useragentlist) {
1400 @useragent = split(/,/,@useragentlist[$n+$i]);
1401 print "<td width='15%'>@useragent[1]:<\/td>\n";
1402 print "<td width='10%'><input type='checkbox' name='UA_@useragent[0]' $checked{'UA_'.@useragent[0]}{'on'} /></td>\n";
1403 }
1404 if ($i eq 3) { print "<\/tr>\n"; }
1405 }
1406 }
1407
1408 print <<END
1409 </table>
1410 <hr size='1'>
1411 <table width='100%'>
1412 <tr>
1413 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1414 </tr>
1415 <tr>
1416 <td class='base'>$Lang::tr{'advproxy fake useragent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1417 </tr>
1418 <tr>
1419 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
1420 </tr>
1421 <tr>
1422 <td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1423 </tr>
1424 <tr>
1425 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
1426 </tr>
1427 </table>
1428 <hr size='1'>
1429 END
1430 ;
1431
1432 if ($urlfilter_addon) {
1433 print <<END
1434 <table width='100%'>
1435 <tr>
1436 <td colspan='4'><b>$Lang::tr{'advproxy url filter'}</b></td>
1437 </tr>
1438 <tr>
1439 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1440 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
1441 <td>&nbsp;</td>
1442 <td>&nbsp;</td>
1443 </tr>
1444 </table>
1445 <hr size='1'>
1446 END
1447 ; }
1448
1449 if (($updacclrtr_addon) && (!($urlfilter_addon))) {
1450 print <<END
1451 <table width='100%'>
1452 <tr>
1453 <td colspan='4'><b>$Lang::tr{'advproxy update accelerator'}</b></td>
1454 </tr>
1455 <tr>
1456 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1457 <td><input type='checkbox' name='ENABLE_UPDACCEL' $checked{'ENABLE_UPDACCEL'}{'on'} /></td>
1458 <td>&nbsp;</td>
1459 <td>&nbsp;</td>
1460 </tr>
1461 </table>
1462 <hr size='1'>
1463 END
1464 ; }
1465
1466 print <<END
1467 <table width='100%'>
1468 <tr>
1469 <td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1470 </tr>
1471 <tr>
1472 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1473 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1474 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1475 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1476 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1477 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1478 </tr>
1479 </table>
1480 END
1481 ;
1482
1483 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1484 <hr size='1'>
1485 <table width='100%'>
1486 <tr>
1487 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1488 </tr>
1489 <tr>
1490 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1491 </tr>
1492 <tr>
1493 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1494 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1495 <td colspan='2' rowspan= '6' valign='top' class='base'>
1496 <table cellpadding='0' cellspacing='0'>
1497 <tr>
1498 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1499 </tr>
1500 <tr>
1501 <!-- intentionally left empty -->
1502 </tr>
1503 <tr>
1504 <!-- intentionally left empty -->
1505 </tr>
1506 <tr>
1507 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1508 </tr>
1509 <tr>
1510 <!-- intentionally left empty -->
1511 </tr>
1512 <tr>
1513 <!-- intentionally left empty -->
1514 </tr>
1515 <tr>
1516 <td>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1517 </tr>
1518 <tr>
1519 <!-- intentionally left empty -->
1520 </tr>
1521 <tr>
1522 <!-- intentionally left empty -->
1523 </tr>
1524 <tr>
1525 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1526 END
1527 ;
1528
1529 print $proxysettings{'DST_NOAUTH'};
1530
1531 print <<END
1532 </textarea></td>
1533 </tr>
1534 </table>
1535 </td>
1536 </tr>
1537 <tr>
1538 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1539 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1540 </tr>
1541 <tr>
1542 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1543 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1544 </tr>
1545 <tr>
1546 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1547 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1548 </tr>
1549 <tr>
1550 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1551 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1552 </tr>
1553 <tr>
1554 <td colspan='2'>&nbsp;</td>
1555 </tr>
1556 </table>
1557 END
1558 ;
1559 }
1560
1561 # ===================================================================
1562 # NCSA auth settings
1563 # ===================================================================
1564
1565 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1566 print <<END
1567 <hr size='1'>
1568 <table width='100%'>
1569 <tr>
1570 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1571 </tr>
1572 <tr>
1573 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1574 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1575 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1576 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1577 </tr>
1578 <tr>
1579 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1580 <td>&nbsp;</td>
1581 <td>&nbsp;</td>
1582 </tr>
1583 </table>
1584 END
1585 ; }
1586
1587 # ===================================================================
1588 # IDENTD auth settings
1589 # ===================================================================
1590
1591 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1592 print <<END
1593 <hr size ='1'>
1594 <table width='100%'>
1595 <tr>
1596 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1597 </tr>
1598 <tr>
1599 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1600 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1601 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1602 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1603 </tr>
1604 <tr>
1605 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1606 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1607 <td>&nbsp;</td>
1608 <td>&nbsp;</td>
1609 </tr>
1610 <tr>
1611 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1612 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1613 </tr>
1614 <tr>
1615 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1616 END
1617 ;
1618 if (!$proxysettings{'IDENT_HOSTS'}) {
1619 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1620 if ($netsettings{'BLUE_DEV'}) {
1621 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1622 }
1623 } else {
1624 print $proxysettings{'IDENT_HOSTS'};
1625 }
1626
1627 print <<END
1628 </textarea></td>
1629 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1630 END
1631 ;
1632
1633 print $proxysettings{'DST_NOAUTH'};
1634
1635 print <<END
1636 </textarea></td>
1637 </tr>
1638 </table>
1639 <hr size ='1'>
1640 <table width='100%'>
1641 <tr>
1642 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1643 </tr>
1644 <tr>
1645 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1646 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1647 <td width='25%'>&nbsp;</td>
1648 <td width='30%'>&nbsp;</td>
1649 </tr>
1650 <tr>
1651 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1652 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1653 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1654 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1655 </tr>
1656 <tr>
1657 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1658 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1659 </tr>
1660 <tr>
1661 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1662 END
1663 ; }
1664
1665 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1666
1667 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1668 </textarea></td>
1669 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1670 END
1671 ; }
1672
1673 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1674
1675 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1676 </textarea></td>
1677 </tr>
1678 </table>
1679 END
1680 ; }
1681
1682 # ===================================================================
1683 # NTLM auth settings
1684 # ===================================================================
1685
1686 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1687 print <<END
1688 <hr size='1'>
1689 <table width='100%'>
1690 <tr>
1691 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1692 </tr>
1693 <tr>
1694 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1695 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1696 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1697 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1698 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1699 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1700 </tr>
1701 </table>
1702 <hr size ='1'>
1703 <table width='100%'>
1704 <tr>
1705 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1706 </tr>
1707 <tr>
1708 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1709 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1710 <td>&nbsp;</td>
1711 </tr>
1712 </table>
1713 <hr size ='1'>
1714 <table width='100%'>
1715 <tr>
1716 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1717 </tr>
1718 <tr>
1719 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1720 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1721 <td width='25%'>&nbsp;</td>
1722 <td width='30%'>&nbsp;</td>
1723 </tr>
1724 <tr>
1725 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1726 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1727 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1728 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1729 </tr>
1730 <tr>
1731 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1732 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1733 </tr>
1734 <tr>
1735 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1736 END
1737 ; }
1738
1739 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1740
1741 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1742 </textarea></td>
1743 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1744 END
1745 ; }
1746
1747 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1748
1749 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1750 </textarea></td>
1751 </tr>
1752 </table>
1753 END
1754 ; }
1755
1756 # ===================================================================
1757 # LDAP auth settings
1758 # ===================================================================
1759
1760 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1761 print <<END
1762 <hr size='1'>
1763 <table width='100%'>
1764 <tr>
1765 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1766 </tr>
1767 <tr>
1768 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1769 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1770 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1771 <td class='base'><select name='LDAP_TYPE'>
1772 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1773 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1774 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1775 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1776 </select></td>
1777 </tr>
1778 <tr>
1779 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1780 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1781 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1782 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1783 </tr>
1784 </table>
1785 <hr size ='1'>
1786 <table width='100%'>
1787 <tr>
1788 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1789 </tr>
1790 <tr>
1791 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1792 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1793 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1794 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1795 </tr>
1796 </table>
1797 <hr size ='1'>
1798 <table width='100%'>
1799 <tr>
1800 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1801 </tr>
1802 <tr>
1803 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1804 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1805 <td>&nbsp;</td>
1806 <td>&nbsp;</td>
1807 </tr>
1808 </table>
1809 END
1810 ; }
1811
1812 # ===================================================================
1813 # RADIUS auth settings
1814 # ===================================================================
1815
1816 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1817 print <<END
1818 <hr size='1'>
1819 <table width='100%'>
1820 <tr>
1821 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1822 </tr>
1823 <tr>
1824 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1825 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1826 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1827 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1828 </tr>
1829 <tr>
1830 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1831 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1832 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1833 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1834 </tr>
1835 </table>
1836 <hr size ='1'>
1837 <table width='100%'>
1838 <tr>
1839 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1840 </tr>
1841 <tr>
1842 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1843 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1844 <td width='25%'>&nbsp;</td>
1845 <td width='30%'>&nbsp;</td>
1846 </tr>
1847 <tr>
1848 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1849 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1850 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1851 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1852 </tr>
1853 <tr>
1854 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1855 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1856 </tr>
1857 <tr>
1858 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1859 END
1860 ; }
1861
1862 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
1863
1864 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1865 </textarea></td>
1866 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
1867 END
1868 ; }
1869
1870 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
1871
1872 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1873 </textarea></td>
1874 </tr>
1875 </table>
1876 END
1877 ; }
1878
1879 # ===================================================================
1880
1881 }
1882
1883 print "<table>\n";
1884
1885 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
1886 print <<END
1887 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1888 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1889 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1890 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1891 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
1892 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1893 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
1894 END
1895 ; }
1896
1897 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1898 print <<END
1899 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1900 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1901 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1902 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1903 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1904 END
1905 ; }
1906
1907 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
1908 print <<END
1909 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
1910 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
1911 END
1912 ; }
1913
1914 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
1915 print <<END
1916 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
1917 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
1918 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
1919 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
1920 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
1921 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
1922 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
1923 END
1924 ; }
1925
1926 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
1927 print <<END
1928 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
1929 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
1930 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
1931 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
1932 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
1933 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
1934 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
1935 END
1936 ; }
1937
1938 if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
1939 print <<END
1940 <td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
1941 <td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
1942 <td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
1943 <td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
1944 <td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
1945 <td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
1946 <td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
1947 <td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
1948 END
1949 ; }
1950
1951 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
1952 print <<END
1953 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
1954 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
1955 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
1956 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
1957 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
1958 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
1959 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
1960 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
1961 END
1962 ; }
1963
1964 print "</table>\n";
1965
1966 print <<END
1967 <hr size='1'>
1968 END
1969 ;
1970
1971 print <<END
1972 <table width='100%'>
1973 <tr>
1974 <td>&nbsp;</td>
1975 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
1976 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
1977 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>
1978 <td>&nbsp;</td>
1979 </tr>
1980
1981 </table>
1982 <br />
1983 <table width='100%'>
1984 <tr>
1985 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;
1986 <font class='base'>$Lang::tr{'this field may be blank'}</font>
1987 </td>
1988 <td align='right'>
1989 <sup><small><a href='http://www.advproxy.net' target='_blank'>Advanced Proxy $advproxyversion</a></small></sup>
1990 </td>
1991 </tr>
1992 </table>
1993 </form>
1994 END
1995 ;
1996
1997 &Header::closebox();
1998
1999 } else {
2000
2001 # ===================================================================
2002 # NCSA user management
2003 # ===================================================================
2004
2005 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2006 print <<END
2007 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2008 <table width='100%'>
2009 <tr>
2010 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2011 </tr>
2012 <tr>
2013 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2014 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2015 END
2016 ;
2017 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
2018 print <<END
2019 /></td>
2020 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2021 <td class='base'>
2022 <select name='NCSA_GROUP'>
2023 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2024 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2025 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2026 </select>
2027 </td>
2028
2029 </tr>
2030 <tr>
2031 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2032 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2033 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2034 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2035 </tr>
2036 </table>
2037 <br>
2038 <table>
2039 <tr>
2040 <td>&nbsp;</td>
2041 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2042 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2043 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2044 END
2045 ;
2046 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2047 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2048 }
2049
2050 print <<END
2051 <td>&nbsp;</td>
2052 <td>&nbsp;</td>
2053 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2054 </tr>
2055 </table>
2056 </form>
2057 <hr size='1'>
2058 <table width='100%'>
2059 <tr>
2060 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2061 </tr>
2062 </table>
2063 <table width='100%' align='center'>
2064 END
2065 ;
2066
2067 if (-e $extgrp)
2068 {
2069 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2070 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2071 }
2072 if (-e $stdgrp)
2073 {
2074 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2075 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2076 }
2077 if (-e $disgrp)
2078 {
2079 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2080 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2081 }
2082
2083 @userlist = sort(@userlist);
2084
2085 # If the password file contains entries, print entries and action icons
2086
2087 if (! -z "$userdb") {
2088 print <<END
2089 <tr>
2090 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2091 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2092 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2093 </tr>
2094 END
2095 ;
2096 $id = 0;
2097 foreach $line (@userlist)
2098 {
2099 $id++;
2100 chomp($line);
2101 @temp = split(/:/,$line);
2102 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2103 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2104 elsif ($id % 2) {
2105 print "<tr bgcolor='$Header::table1colour'>\n"; }
2106 else {
2107 print "<tr bgcolor='$Header::table2colour'>\n"; }
2108
2109 print <<END
2110 <td align='center'>$temp[0]</td>
2111 <td align='center'>
2112 END
2113 ;
2114 if ($temp[1] eq 'standard') {
2115 print $Lang::tr{'advproxy NCSA grp standard'};
2116 } elsif ($temp[1] eq 'extended') {
2117 print $Lang::tr{'advproxy NCSA grp extended'};
2118 } elsif ($temp[1] eq 'disabled') {
2119 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2120 print <<END
2121 </td>
2122 <td width='8%' align='center'>
2123 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2124 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2125 <input type='hidden' name='ID' value='$line' />
2126 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2127 </form>
2128 </td>
2129
2130 <td width='8%' align='center'>
2131 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2132 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2133 <input type='hidden' name='ID' value='$temp[0]' />
2134 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2135 </form>
2136 </td>
2137 </tr>
2138 END
2139 ;
2140 }
2141
2142 print <<END
2143 </table>
2144 <br>
2145 <table witdh='100%'>
2146 <tr>
2147 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2148 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2149 <td class='base'>$Lang::tr{'edit'}</td>
2150 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2151 <td class='base'>$Lang::tr{'remove'}</td>
2152 </tr>
2153 END
2154 ;
2155 } else {
2156 print <<END
2157 <tr>
2158 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2159 </tr>
2160 END
2161 ;
2162 }
2163
2164 print <<END
2165 </table>
2166 END
2167 ;
2168
2169 &Header::closebox();
2170
2171 }
2172
2173 # ===================================================================
2174
2175 &Header::closebigbox();
2176
2177 &Header::closepage();
2178
2179 # -------------------------------------------------------------------
2180
2181 sub read_acls
2182 {
2183 if (-e "$acl_src_subnets") {
2184 open(FILE,"$acl_src_subnets");
2185 delete $proxysettings{'SRC_SUBNETS'};
2186 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2187 close(FILE);
2188 }
2189 if (-e "$acl_src_banned_ip") {
2190 open(FILE,"$acl_src_banned_ip");
2191 delete $proxysettings{'SRC_BANNED_IP'};
2192 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2193 close(FILE);
2194 }
2195 if (-e "$acl_src_banned_mac") {
2196 open(FILE,"$acl_src_banned_mac");
2197 delete $proxysettings{'SRC_BANNED_MAC'};
2198 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2199 close(FILE);
2200 }
2201 if (-e "$acl_src_unrestricted_ip") {
2202 open(FILE,"$acl_src_unrestricted_ip");
2203 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2204 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2205 close(FILE);
2206 }
2207 if (-e "$acl_src_unrestricted_mac") {
2208 open(FILE,"$acl_src_unrestricted_mac");
2209 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2210 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2211 close(FILE);
2212 }
2213 if (-e "$acl_dst_nocache") {
2214 open(FILE,"$acl_dst_nocache");
2215 delete $proxysettings{'DST_NOCACHE'};
2216 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2217 close(FILE);
2218 }
2219 if (-e "$acl_dst_noauth") {
2220 open(FILE,"$acl_dst_noauth");
2221 delete $proxysettings{'DST_NOAUTH'};
2222 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2223 close(FILE);
2224 }
2225 if (-e "$mimetypes") {
2226 open(FILE,"$mimetypes");
2227 delete $proxysettings{'MIME_TYPES'};
2228 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2229 close(FILE);
2230 }
2231 if (-e "$ntlmdir/msntauth.allowusers") {
2232 open(FILE,"$ntlmdir/msntauth.allowusers");
2233 delete $proxysettings{'NTLM_ALLOW_USERS'};
2234 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2235 close(FILE);
2236 }
2237 if (-e "$ntlmdir/msntauth.denyusers") {
2238 open(FILE,"$ntlmdir/msntauth.denyusers");
2239 delete $proxysettings{'NTLM_DENY_USERS'};
2240 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2241 close(FILE);
2242 }
2243 if (-e "$raddir/radauth.allowusers") {
2244 open(FILE,"$raddir/radauth.allowusers");
2245 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2246 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2247 close(FILE);
2248 }
2249 if (-e "$raddir/radauth.denyusers") {
2250 open(FILE,"$raddir/radauth.denyusers");
2251 delete $proxysettings{'RADIUS_DENY_USERS'};
2252 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2253 close(FILE);
2254 }
2255 if (-e "$identdir/identauth.allowusers") {
2256 open(FILE,"$identdir/identauth.allowusers");
2257 delete $proxysettings{'IDENT_ALLOW_USERS'};
2258 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2259 close(FILE);
2260 }
2261 if (-e "$identdir/identauth.denyusers") {
2262 open(FILE,"$identdir/identauth.denyusers");
2263 delete $proxysettings{'IDENT_DENY_USERS'};
2264 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2265 close(FILE);
2266 }
2267 if (-e "$identhosts") {
2268 open(FILE,"$identhosts");
2269 delete $proxysettings{'IDENT_HOSTS'};
2270 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2271 close(FILE);
2272 }
2273 if (-e "$cre_groups") {
2274 open(FILE,"$cre_groups");
2275 delete $proxysettings{'CRE_GROUPS'};
2276 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2277 close(FILE);
2278 }
2279 if (-e "$cre_svhosts") {
2280 open(FILE,"$cre_svhosts");
2281 delete $proxysettings{'CRE_SVHOSTS'};
2282 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2283 close(FILE);
2284 }
2285 }
2286
2287 # -------------------------------------------------------------------
2288
2289 sub check_acls
2290 {
2291 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2292 undef $proxysettings{'SRC_SUBNETS'};
2293 foreach (@temp)
2294 {
2295 s/^\s+//g; s/\s+$//g;
2296 if ($_)
2297 {
2298 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2299 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2300 }
2301 }
2302
2303 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2304 undef $proxysettings{'SRC_BANNED_IP'};
2305 foreach (@temp)
2306 {
2307 s/^\s+//g; s/\s+$//g;
2308 if ($_)
2309 {
2310 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2311 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2312 }
2313 }
2314
2315 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2316 undef $proxysettings{'SRC_BANNED_MAC'};
2317 foreach (@temp)
2318 {
2319 s/^\s+//g; s/\s+$//g; s/-/:/g;
2320 if ($_)
2321 {
2322 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2323 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2324 }
2325 }
2326
2327 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2328 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2329 foreach (@temp)
2330 {
2331 s/^\s+//g; s/\s+$//g;
2332 if ($_)
2333 {
2334 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2335 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2336 }
2337 }
2338
2339 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2340 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2341 foreach (@temp)
2342 {
2343 s/^\s+//g; s/\s+$//g; s/-/:/g;
2344 if ($_)
2345 {
2346 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2347 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2348 }
2349 }
2350
2351 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2352 {
2353 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2354 undef $proxysettings{'NTLM_ALLOW_USERS'};
2355 foreach (@temp)
2356 {
2357 s/^\s+//g; s/\s+$//g;
2358 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2359 }
2360 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2361 }
2362
2363 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2364 {
2365 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2366 undef $proxysettings{'NTLM_DENY_USERS'};
2367 foreach (@temp)
2368 {
2369 s/^\s+//g; s/\s+$//g;
2370 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2371 }
2372 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2373 }
2374
2375 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2376 {
2377 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2378 undef $proxysettings{'IDENT_ALLOW_USERS'};
2379 foreach (@temp)
2380 {
2381 s/^\s+//g; s/\s+$//g;
2382 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2383 }
2384 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2385 }
2386
2387 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2388 {
2389 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2390 undef $proxysettings{'IDENT_DENY_USERS'};
2391 foreach (@temp)
2392 {
2393 s/^\s+//g; s/\s+$//g;
2394 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2395 }
2396 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2397 }
2398
2399 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2400 {
2401 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2402 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2403 foreach (@temp)
2404 {
2405 s/^\s+//g; s/\s+$//g;
2406 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2407 }
2408 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2409 }
2410
2411 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2412 {
2413 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2414 undef $proxysettings{'RADIUS_DENY_USERS'};
2415 foreach (@temp)
2416 {
2417 s/^\s+//g; s/\s+$//g;
2418 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2419 }
2420 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2421 }
2422
2423 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2424 undef $proxysettings{'IDENT_HOSTS'};
2425 foreach (@temp)
2426 {
2427 s/^\s+//g; s/\s+$//g;
2428 if ($_)
2429 {
2430 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2431 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2432 }
2433 }
2434
2435 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2436 undef $proxysettings{'CRE_SVHOSTS'};
2437 foreach (@temp)
2438 {
2439 s/^\s+//g; s/\s+$//g;
2440 if ($_)
2441 {
2442 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2443 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2444 }
2445 }
2446 }
2447
2448
2449 # -------------------------------------------------------------------
2450
2451 sub write_acls
2452 {
2453 open(FILE, ">$acl_src_subnets");
2454 flock(FILE, 2);
2455 print FILE $proxysettings{'SRC_SUBNETS'};
2456 close(FILE);
2457
2458 open(FILE, ">$acl_src_banned_ip");
2459 flock(FILE, 2);
2460 print FILE $proxysettings{'SRC_BANNED_IP'};
2461 close(FILE);
2462
2463 open(FILE, ">$acl_src_banned_mac");
2464 flock(FILE, 2);
2465 print FILE $proxysettings{'SRC_BANNED_MAC'};
2466 close(FILE);
2467
2468 open(FILE, ">$acl_src_unrestricted_ip");
2469 flock(FILE, 2);
2470 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2471 close(FILE);
2472
2473 open(FILE, ">$acl_src_unrestricted_mac");
2474 flock(FILE, 2);
2475 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2476 close(FILE);
2477
2478 open(FILE, ">$acl_dst_nocache");
2479 flock(FILE, 2);
2480 print FILE $proxysettings{'DST_NOCACHE'};
2481 close(FILE);
2482
2483 open(FILE, ">$acl_dst_noauth");
2484 flock(FILE, 2);
2485 print FILE $proxysettings{'DST_NOAUTH'};
2486 close(FILE);
2487
2488 open(FILE, ">$acl_dst_throttle");
2489 flock(FILE, 2);
2490 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2491 {
2492 @temp = split(/\|/,$throttle_binary);
2493 foreach (@temp) { print FILE "\\.$_\$\n"; }
2494 }
2495 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2496 {
2497 @temp = split(/\|/,$throttle_dskimg);
2498 foreach (@temp) { print FILE "\\.$_\$\n"; }
2499 }
2500 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2501 {
2502 @temp = split(/\|/,$throttle_mmedia);
2503 foreach (@temp) { print FILE "\\.$_\$\n"; }
2504 }
2505 if (-s $throttled_urls)
2506 {
2507 open(URLFILE, $throttled_urls);
2508 @temp = <URLFILE>;
2509 close(URLFILE);
2510 foreach (@temp) { print FILE; }
2511 }
2512 close(FILE);
2513
2514 open(FILE, ">$mimetypes");
2515 flock(FILE, 2);
2516 print FILE $proxysettings{'MIME_TYPES'};
2517 close(FILE);
2518
2519 open(FILE, ">$ntlmdir/msntauth.allowusers");
2520 flock(FILE, 2);
2521 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2522 close(FILE);
2523
2524 open(FILE, ">$ntlmdir/msntauth.denyusers");
2525 flock(FILE, 2);
2526 print FILE $proxysettings{'NTLM_DENY_USERS'};
2527 close(FILE);
2528
2529 open(FILE, ">$raddir/radauth.allowusers");
2530 flock(FILE, 2);
2531 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2532 close(FILE);
2533
2534 open(FILE, ">$raddir/radauth.denyusers");
2535 flock(FILE, 2);
2536 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2537 close(FILE);
2538
2539 open(FILE, ">$identdir/identauth.allowusers");
2540 flock(FILE, 2);
2541 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2542 close(FILE);
2543
2544 open(FILE, ">$identdir/identauth.denyusers");
2545 flock(FILE, 2);
2546 print FILE $proxysettings{'IDENT_DENY_USERS'};
2547 close(FILE);
2548
2549 open(FILE, ">$identhosts");
2550 flock(FILE, 2);
2551 print FILE $proxysettings{'IDENT_HOSTS'};
2552 close(FILE);
2553
2554 open(FILE, ">$cre_groups");
2555 flock(FILE, 2);
2556 print FILE $proxysettings{'CRE_GROUPS'};
2557 close(FILE);
2558
2559 open(FILE, ">$cre_svhosts");
2560 flock(FILE, 2);
2561 print FILE $proxysettings{'CRE_SVHOSTS'};
2562 close(FILE);
2563 }
2564
2565 # -------------------------------------------------------------------
2566
2567 sub writepacfile
2568 {
2569 open(FILE, ">/home/httpd/html/proxy.pac");
2570 flock(FILE, 2);
2571 print FILE "function FindProxyForURL(url, host)\n";
2572 print FILE "{\n";
2573 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2574 {
2575 print FILE <<END
2576 if (
2577 (isPlainHostName(host)) ||
2578 (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
2579 (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
2580 (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
2581 (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
2582 (isInNet(host, "192.168.0.0", "255.255.0.0"))
2583 )
2584 return "DIRECT";
2585
2586 else
2587
2588 END
2589 ;
2590 if ($proxysettings{'ENABLE'} eq 'on')
2591 {
2592 print FILE <<END
2593 if (
2594 (isInNet(myIpAddress(), "$netsettings{'GREEN_NETADDRESS'}", "$netsettings{'GREEN_NETMASK'}"))
2595 )
2596 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2597 END
2598 ;
2599 }
2600 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2601 {
2602 print FILE "\n else\n\n";
2603 }
2604 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2605 {
2606 print FILE <<END
2607 if (
2608 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2609 )
2610 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2611 END
2612 ;
2613 }
2614 }
2615 print FILE "}\n";
2616 close(FILE);
2617 }
2618
2619 # -------------------------------------------------------------------
2620
2621 sub writeconfig
2622 {
2623 my $authrealm;
2624 my $delaypools;
2625
2626 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2627 $proxysettings{'THROTTLING_GREEN_HOST'} +
2628 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2629 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2630 {
2631 $delaypools = 1; } else { $delaypools = 0;
2632 }
2633
2634 if ($proxysettings{'AUTH_REALM'} eq '')
2635 {
2636 $authrealm = "IPFire Advanced Proxy Server";
2637 } else {
2638 $authrealm = $proxysettings{'AUTH_REALM'};
2639 }
2640
2641 $_ = $proxysettings{'UPSTREAM_PROXY'};
2642 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
2643
2644 if ($remoteport eq '') { $remoteport = 80; }
2645
2646 open(FILE, ">${General::swroot}/proxy/squid.conf");
2647 flock(FILE, 2);
2648 print FILE <<END
2649 shutdown_lifetime 5 seconds
2650 icp_port 0
2651
2652 http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}
2653 END
2654 ;
2655 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2656 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
2657 }
2658
2659 print FILE <<END
2660
2661 acl QUERY urlpath_regex cgi-bin \\?
2662 no_cache deny QUERY
2663 END
2664 ;
2665 if (!-z $acl_dst_nocache) {
2666 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
2667 print FILE "no_cache deny no_cache_domains\n";
2668 }
2669
2670 print FILE <<END
2671
2672 cache_effective_user squid
2673 cache_effective_group squid
2674
2675 pid_filename /var/run/squid.pid
2676
2677 cache_mem $proxysettings{'CACHE_MEM'} MB
2678 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
2679
2680 error_directory /usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}
2681
2682 END
2683 ;
2684
2685 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
2686
2687 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
2688 {
2689 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
2690 {
2691 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
2692 }
2693 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
2694 {
2695 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
2696 }
2697 print FILE "\n";
2698 }
2699
2700 if ($proxysettings{'LOGGING'} eq 'on')
2701 {
2702 print FILE <<END
2703 cache_access_log /var/log/squid/access.log
2704 cache_log /var/log/squid/cache.log
2705 cache_store_log none
2706 END
2707 ;
2708 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
2709 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
2710 } else {
2711 print FILE <<END
2712 cache_access_log /dev/null
2713 cache_log /dev/null
2714 cache_store_log none
2715 END
2716 ;}
2717 print FILE <<END
2718
2719 log_mime_hdrs off
2720 END
2721 ;
2722
2723 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
2724 {
2725 print FILE "forwarded_for on\n\n";
2726 } else {
2727 print FILE "forwarded_for off\n\n";
2728 }
2729
2730 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
2731 {
2732 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2733 {
2734 print FILE "auth_param basic program $libexecdir/ncsa_auth $userdb\n";
2735 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2736 print FILE "auth_param basic realm $authrealm\n";
2737 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2738 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2739 }
2740
2741 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
2742 {
2743 print FILE "auth_param basic program $libexecdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
2744 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
2745 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
2746 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
2747 {
2748 if ($proxysettings{'LDAP_GROUP'} eq '')
2749 {
2750 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
2751 } else {
2752 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2753 }
2754 print FILE " -u sAMAccountName -P";
2755 }
2756 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
2757 {
2758 if ($proxysettings{'LDAP_GROUP'} eq '')
2759 {
2760 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
2761 } else {
2762 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
2763 }
2764 print FILE " -u cn -P";
2765 }
2766 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
2767 {
2768 if ($proxysettings{'LDAP_GROUP'} eq '')
2769 {
2770 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
2771 } else {
2772 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2773 }
2774 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
2775 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
2776 print FILE " -u uid -P";
2777 }
2778 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
2779 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2780 print FILE "auth_param basic realm $authrealm\n";
2781 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2782 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2783 }
2784
2785 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
2786 {
2787 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
2788 {
2789 print FILE "auth_param ntlm program $libexecdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
2790 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
2791 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
2792 print FILE "auth_param ntlm max_challenge_reuses 0\n";
2793 print FILE "auth_param ntlm max_challenge_lifetime 2 minutes\n";
2794 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2795 } else {
2796 print FILE "auth_param basic program $libexecdir/msnt_auth\n";
2797 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2798 print FILE "auth_param basic realm $authrealm\n";
2799 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2800 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2801
2802 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
2803 flock(MSNTCONF,2);
2804 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
2805 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
2806 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
2807 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
2808 {
2809 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
2810 {
2811 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
2812 } else {
2813 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
2814 }
2815 }
2816 close(MSNTCONF);
2817 }
2818 }
2819
2820 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
2821 {
2822 print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
2823 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
2824 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
2825 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2826 print FILE "auth_param basic realm $authrealm\n";
2827 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2828 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2829 }
2830
2831 print FILE "\n";
2832 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
2833 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
2834 {
2835 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2836 {
2837 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
2838 }
2839 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2840 {
2841 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
2842 }
2843 }
2844 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
2845 {
2846 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2847 {
2848 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
2849 }
2850 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2851 {
2852 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
2853 }
2854 }
2855 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2856 {
2857 print FILE "\n";
2858 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
2859 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
2860 }
2861 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
2862 print FILE "\n";
2863
2864 if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; }
2865 }
2866
2867 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2868 {
2869 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
2870 {
2871 print FILE "acl for_inetusers ident REQUIRED\n";
2872 }
2873 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
2874 {
2875 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2876 {
2877 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
2878 }
2879 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2880 {
2881 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
2882 }
2883 }
2884 }
2885
2886 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
2887
2888 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
2889
2890 print FILE "acl within_timeframe time ";
2891 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
2892 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
2893 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
2894 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
2895 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
2896 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
2897 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
2898 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
2899 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
2900 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
2901 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
2902
2903 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
2904 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
2905 }
2906
2907 print FILE <<END
2908 acl all src 0.0.0.0/0.0.0.0
2909 acl localhost src 127.0.0.1/255.255.255.255
2910 acl SSL_ports port 443 563
2911 acl Safe_ports port 80 # http
2912 acl Safe_ports port 21 # ftp
2913 acl Safe_ports port 443 563 # https, snews
2914 acl Safe_ports port 70 # gopher
2915 acl Safe_ports port 210 # wais
2916 acl Safe_ports port 1025-65535 # unregistered ports
2917 acl Safe_ports port 280 # http-mgmt
2918 acl Safe_ports port 488 # gss-http
2919 acl Safe_ports port 591 # filemaker
2920 acl Safe_ports port 777 # multiling http
2921 acl Safe_ports port 800 # Squids port (for icons)
2922
2923 acl IPCop_http port 81
2924 acl IPCop_https port 445
2925 acl IPCop_ips dst $netsettings{'GREEN_ADDRESS'}
2926 acl IPCop_networks src "$acl_src_subnets"
2927 acl IPCop_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
2928 END
2929 ;
2930 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
2931 if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips src \"$acl_src_banned_ip\"\n"; }
2932 if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac arp \"$acl_src_banned_mac\"\n"; }
2933 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
2934 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
2935 print FILE <<END
2936 acl CONNECT method CONNECT
2937 END
2938 ;
2939
2940 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
2941 print FILE <<END
2942
2943 #Classroom extensions
2944 acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
2945 acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
2946 END
2947 ;
2948 print FILE "deny_info ";
2949 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2950 print FILE "ERR_ACCESS_DISABLED";
2951 } else { print FILE "ERR_ACCESS_DENIED"; }
2952 print FILE " IPCop_no_access_ips\n";
2953 print FILE "deny_info ";
2954 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2955 print FILE "ERR_ACCESS_DISABLED";
2956 } else { print FILE "ERR_ACCESS_DENIED"; }
2957 print FILE " IPCop_no_access_mac\n";
2958
2959 print FILE <<END
2960 http_access deny IPCop_no_access_ips
2961 http_access deny IPCop_no_access_mac
2962 END
2963 ;
2964 }
2965
2966 #Insert acl file and replace __VAR__ with correct values
2967 my $blue_net = ''; #BLUE empty by default
2968 my $blue_ip = '';
2969 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2970 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
2971 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
2972 }
2973 if (!-z $acl_include)
2974 {
2975 open (ACL, "$acl_include");
2976 print FILE "\n#Start of custom includes\n";
2977 while (<ACL>) {
2978 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
2979 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
2980 $_ =~ s/__BLUE_IP__/$blue_ip/;
2981 $_ =~ s/__BLUE_NET__/$blue_net/;
2982 print FILE $_;
2983 }
2984 print FILE "#End of custom includes\n";
2985 close (ACL);
2986 }
2987 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
2988 print FILE <<END
2989
2990 #Access to squid:
2991 #local machine, no restriction
2992 http_access allow localhost
2993
2994 #GUI admin if local machine connects
2995 http_access allow IPCop_ips IPCop_networks IPCop_http
2996 http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
2997
2998 #Deny not web services
2999 http_access deny !Safe_ports
3000 http_access deny CONNECT !SSL_ports
3001
3002 END
3003 ;
3004
3005 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3006 {
3007 print FILE "#Set ident ACLs\n";
3008 if (!-z $identhosts)
3009 {
3010 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3011 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3012 print FILE "ident_lookup_access deny all\n";
3013 } else {
3014 print FILE "ident_lookup_access allow all\n";
3015 }
3016 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3017 }
3018
3019 if ($delaypools) {
3020 print FILE "#Set download throttling\n";
3021
3022 if ($netsettings{'BLUE_DEV'})
3023 {
3024 print FILE "delay_pools 2\n";
3025 } else {
3026 print FILE "delay_pools 1\n";
3027 }
3028
3029 print FILE "delay_class 1 3\n";
3030 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3031
3032 print FILE "delay_parameters 1 ";
3033 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3034 {
3035 print FILE "-1/-1";
3036 } else {
3037 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3038 print FILE "/";
3039 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3040 }
3041
3042 print FILE " -1/-1 ";
3043 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3044 {
3045 print FILE "-1/-1";
3046 } else {
3047 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3048 print FILE "/";
3049 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3050 }
3051 print FILE "\n";
3052
3053 if ($netsettings{'BLUE_DEV'})
3054 {
3055 print FILE "delay_parameters 2 ";
3056 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3057 {
3058 print FILE "-1/-1";
3059 } else {
3060 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3061 print FILE "/";
3062 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3063 }
3064 print FILE " -1/-1 ";
3065 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3066 {
3067 print FILE "-1/-1";
3068 } else {
3069 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3070 print FILE "/";
3071 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3072 }
3073 print FILE "\n";
3074 }
3075
3076 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
3077 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
3078 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3079
3080 if ($netsettings{'BLUE_DEV'})
3081 {
3082 print FILE "delay_access 1 allow IPCop_green_network";
3083 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3084 print FILE "\n";
3085 print FILE "delay_access 1 deny all\n";
3086 } else {
3087 print FILE "delay_access 1 allow all";
3088 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3089 print FILE "\n";
3090 }
3091
3092 if ($netsettings{'BLUE_DEV'})
3093 {
3094 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
3095 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
3096 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3097 print FILE "delay_access 2 allow IPCop_blue_network";
3098 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3099 print FILE "\n";
3100 print FILE "delay_access 2 deny all\n";
3101 }
3102
3103 print FILE "delay_initial_bucket_level 100%\n";
3104 print FILE "\n";
3105 }
3106 print FILE <<END
3107 #Set custom configured ACLs
3108 END
3109 ;
3110 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPCop_banned_ips\n"; }
3111 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPCop_banned_mac\n"; }
3112
3113 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3114 {
3115 if (!-z $acl_src_unrestricted_ip)
3116 {
3117 print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
3118 }
3119 if (!-z $acl_src_unrestricted_mac)
3120 {
3121 print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
3122 }
3123 print FILE "http_access allow IPCop_networks";
3124 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3125 print FILE " !within_timeframe";
3126 } else {
3127 print FILE " within_timeframe"; }
3128 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3129 print FILE " to_domains_without_auth\n";
3130 }
3131
3132 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3133 {
3134 print FILE "http_access deny !for_inetusers";
3135 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3136 print FILE "\n";
3137 }
3138
3139 if (
3140 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3141 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3142 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3143 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3144 (!-z "$identdir/identauth.denyusers")
3145 )
3146 {
3147 print FILE "http_access deny for_acl_users";
3148 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3149 print FILE "\n";
3150 }
3151
3152 if (!-z $acl_src_unrestricted_ip)
3153 {
3154 print FILE "http_access allow IPCop_unrestricted_ips";
3155 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3156 {
3157 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3158 {
3159 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3160 }
3161 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3162 {
3163 print FILE " for_inetusers";
3164 }
3165 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3166 {
3167 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3168 {
3169 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3170 {
3171 print FILE " for_acl_users";
3172 }
3173 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3174 {
3175 print FILE " !for_acl_users";
3176 }
3177 } else { print FILE " for_inetusers"; }
3178 }
3179 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3180 {
3181 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3182 {
3183 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3184 {
3185 print FILE " for_acl_users";
3186 }
3187 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3188 {
3189 print FILE " !for_acl_users";
3190 }
3191 } else { print FILE " for_inetusers"; }
3192 }
3193 }
3194 print FILE "\n";
3195 }
3196
3197 if (!-z $acl_src_unrestricted_mac)
3198 {
3199 print FILE "http_access allow IPCop_unrestricted_mac";
3200 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3201 {
3202 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3203 {
3204 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3205 }
3206 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3207 {
3208 print FILE " for_inetusers";
3209 }
3210 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3211 {
3212 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3213 {
3214 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3215 {
3216 print FILE " for_acl_users";
3217 }
3218 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3219 {
3220 print FILE " !for_acl_users";
3221 }
3222 } else { print FILE " for_inetusers"; }
3223 }
3224 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3225 {
3226 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3227 {
3228 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3229 {
3230 print FILE " for_acl_users";
3231 }
3232 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3233 {
3234 print FILE " !for_acl_users";
3235 }
3236 } else { print FILE " for_inetusers"; }
3237 }
3238 }
3239 print FILE "\n";
3240 }
3241
3242 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3243 {
3244 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3245 if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
3246 }
3247
3248 if (
3249 (
3250 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3251 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3252 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3253 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3254 (!-z "$ntlmdir/msntauth.denyusers")
3255 )
3256 ||
3257 (
3258 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3259 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3260 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3261 (!-z "$raddir/radauth.denyusers")
3262 )
3263 ||
3264 (
3265 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3266 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3267 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3268 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3269 (!-z "$identdir/identauth.denyusers")
3270 )
3271 )
3272 {
3273 print FILE "http_access deny for_acl_users";
3274 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3275 print FILE "\n";
3276 }
3277
3278 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3279 {
3280 print FILE "http_access allow";
3281 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3282 print FILE " !within_timeframe";
3283 } else {
3284 print FILE " within_timeframe"; }
3285 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3286 print FILE " !on_ident_aware_hosts\n";
3287 }
3288
3289 print FILE "http_access allow IPCop_networks";
3290 if (
3291 (
3292 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3293 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3294 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3295 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3296 (!-z "$ntlmdir/msntauth.allowusers")
3297 )
3298 ||
3299 (
3300 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3301 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3302 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3303 (!-z "$raddir/radauth.allowusers")
3304 )
3305 ||
3306 (
3307 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3308 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3309 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3310 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3311 (!-z "$identdir/identauth.allowusers")
3312 )
3313 )
3314 {
3315 print FILE " for_acl_users";
3316 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3317 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3318 print FILE " for_inetusers";
3319 }
3320 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3321 {
3322 print FILE " !concurrent";
3323 }
3324 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3325 print FILE " !within_timeframe";
3326 } else {
3327 print FILE " within_timeframe"; }
3328 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3329 print FILE "\n";
3330
3331 print FILE "http_access deny all\n\n";
3332
3333 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3334 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3335 {
3336 print FILE "#Strip HTTP Header\n";
3337
3338 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3339 {
3340 print FILE "header_access X-Forwarded-For deny all\n";
3341 }
3342 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3343 {
3344 print FILE "header_access Via deny all\n";
3345 }
3346 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3347 {
3348 print FILE "header_access User-Agent deny all\n";
3349 }
3350 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3351 {
3352 print FILE "header_access Referer deny all\n";
3353 }
3354
3355 print FILE "\n";
3356
3357 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3358 {
3359 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3360 {
3361 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3362 }
3363 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3364 {
3365 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3366 }
3367 print FILE "\n";
3368 }
3369 }
3370
3371 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3372 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
3373 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
3374 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3375 {
3376 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3377 }
3378 print FILE "http_reply_access deny blocked_mimetypes\n";
3379 print FILE "http_reply_access allow all\n\n";
3380 }
3381
3382 print FILE <<END
3383 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3384 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3385
3386 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3387 END
3388 ;
3389 $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
3390 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3391 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
3392 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
3393 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3394 {
3395 if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
3396 }
3397 }
3398 print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
3399
3400 print FILE "visible_hostname";
3401 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3402 {
3403 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3404 } else {
3405 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3406 }
3407
3408 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
3409
3410 # Write the parent proxy info, if needed.
3411 if ($remotehost ne '')
3412 {
3413 # Enter authentication for the parent cache (format is login=user:password)
3414 if ($proxy1 eq 'YES') {
3415 print FILE <<END
3416 cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query
3417
3418 END
3419 ;
3420 } else {
3421 # Not using authentication with the parent cache
3422 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3423 if ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3424 print FILE "\n";
3425 }
3426 print FILE "never_direct allow all\n\n";
3427 }
3428 if ($urlfilter_addon) {
3429 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
3430 {
3431 print FILE <<END
3432 redirect_program /usr/sbin/squidGuard
3433 redirect_children $filtersettings{'CHILDREN'}
3434
3435 END
3436 ;
3437 }
3438 }
3439 if ($updacclrtr_addon) {
3440 if ($proxysettings{'ENABLE_UPDACCEL'} eq 'on')
3441 {
3442 print FILE <<END
3443 redirect_program /usr/local/bin/updacclrtr
3444 redirect_children $updaccsettings{'ACCELERATORS'}
3445
3446 END
3447 ;
3448 }
3449 }
3450 if (($proxysettings{'TRANSPARENT'} eq 'on') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))
3451 {
3452 print FILE <<END
3453 httpd_accel_host virtual
3454 httpd_accel_port 80
3455 httpd_accel_with_proxy on
3456 httpd_accel_uses_host_header on
3457 END
3458 ;
3459 }
3460 close FILE;
3461 }
3462
3463 # -------------------------------------------------------------------
3464
3465 sub adduser
3466 {
3467 my ($str_user, $str_pass, $str_group) = @_;
3468 my @groupmembers=();
3469
3470 if ($str_pass eq 'lEaVeAlOnE')
3471 {
3472 open(FILE, "$userdb");
3473 @groupmembers = <FILE>;
3474 close(FILE);
3475 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3476 &deluser($str_user);
3477 open(FILE, ">>$userdb");
3478 flock FILE,2;
3479 print FILE "$str_user$str_pass";
3480 close(FILE);
3481 } else {
3482 &deluser($str_user);
3483 system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
3484 }
3485
3486 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3487 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3488 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3489 flock FILE, 2;
3490 print FILE "$str_user\n";
3491 close(FILE);
3492
3493 return;
3494 }
3495
3496 # -------------------------------------------------------------------
3497
3498 sub deluser
3499 {
3500 my ($str_user) = @_;
3501 my $groupfile='';
3502 my @groupmembers=();
3503 my @templist=();
3504
3505 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3506 {
3507 undef @templist;
3508 open(FILE, "$groupfile");
3509 @groupmembers = <FILE>;
3510 close(FILE);
3511 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3512 open(FILE, ">$groupfile");
3513 flock FILE, 2;
3514 print FILE @templist;
3515 close(FILE);
3516 }
3517
3518 undef @templist;
3519 open(FILE, "$userdb");
3520 @groupmembers = <FILE>;
3521 close(FILE);
3522 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3523 open(FILE, ">$userdb");
3524 flock FILE, 2;
3525 print FILE @templist;
3526 close(FILE);
3527
3528 return;
3529 }
3530
3531 # -------------------------------------------------------------------
IPFire 2.x development tree