Merge branch 'iptables-upnpfw' into core67-merge

[ipfire-2.x.git] / html / cgi-bin / proxy.cgi

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index b217de361cfacc02dcea2d78ee7f23da81930324..cc7416a9439ba86fb54bc8d41f3fa8e4e2dfb738 100644 (file)
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2012  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -358,12 +358,17 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
                $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
                goto ERROR;
        }
-       if (!($proxysettings{'UPSTREAM_PROXY'} eq '')) {
-         my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
-         if (!(&General::validip($temp[0]))) {
-           $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
-           goto ERROR;
-          }
+       if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
+       {
+               my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
+               if (!(&General::validip($temp[0])))
+               {
+                       if (!(&General::validdomainname($temp[0])))
+                       {
+                               $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
+                               goto ERROR;
+                       }
+               }
         }
        if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
                ($proxysettings{'CACHE_SIZE'} < 10))
@@ -512,8 +517,11 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
                }
                if (!&General::validip($proxysettings{'LDAP_SERVER'}))
                {
-                       $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
-                       goto ERROR;
+                       if (!&General::validdomainname($proxysettings{'LDAP_SERVER'}))
+                       {
+                               $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
+                               goto ERROR;
+                       }
                }
                if (!&General::validport($proxysettings{'LDAP_PORT'}))
                {
@@ -3548,15 +3556,15 @@ if ($delaypools) {
 
 if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
 {
-       print FILE "#Prevent internal proxy access to Green\n";
-       print FILE "http_access deny IPFire_green_servers !IPFire_green_network\n\n";
+       print FILE "#Prevent internal proxy access to Green except IPFire itself\n";
+       print FILE "http_access deny IPFire_green_servers !IPFire_ips !IPFire_green_network\n\n";
 }
 
 if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
 {
-       print FILE "#Prevent internal proxy access from Blue\n";
+       print FILE "#Prevent internal proxy access from Blue except IPFire itself\n";
        print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
-       print FILE "http_access deny  IPFire_blue_network IPFire_servers\n\n";
+       print FILE "http_access deny  IPFire_blue_network !IPFire_ips IPFire_servers\n\n";
 }
 
        print FILE <<END