squid / WPAD: Add exception-files for generation of proxy.pac

This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:

- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl

as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri

These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 6daa7fbd2fe88d7df5fc51210139e942de933d0c..369a5cb1f97846982cb7386b6f385a7e09746c59 100644 (file)
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl";
 my $acl_ports_ssl  = "$acldir/ports_ssl.acl";
 my $acl_include = "$acldir/include.acl";
 
 my $acl_ports_ssl  = "$acldir/ports_ssl.acl";
 my $acl_include = "$acldir/include.acl";
 

+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl";
+my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
+

 my $updaccelversion  = 'n/a';
 my $urlfilterversion = 'n/a';
 
 my $updaccelversion  = 'n/a';
 my $urlfilterversion = 'n/a';
 


@@ -2763,6 +2766,42 @@ END
                print FILE "     (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
        }
 
                print FILE "     (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
        }
 

+       # Additional exceptions for URLs
+       # The file has to be created by the user and should contain one entry per line
+       # Line-Format: <URL incl. wildcards>
+       # e.g. *ipfire.org*
+       if (-s "$acl_dst_noproxy_url") {
+               undef @templist;
+
+               open(NOPROXY,"$acl_dst_noproxy_url");
+               @templist = <NOPROXY>;
+               close(NOPROXY);
+               chomp (@templist);
+
+               foreach (@templist)
+               {
+                       print FILE "     (shExpMatch(url, \"$_\")) ||\n";
+               }
+       }
+
+       # Additional exceptions for Subnets
+       # The file has to be created by the user and should contain one entry per line
+       # Line-Format: "<IP>", "<SUBNET MASK>"
+       # e.g. "192.168.0.0", "255.255.255.0"
+       if (-s "$acl_dst_noproxy_ip") {
+               undef @templist;
+
+               open(NOPROXY,"$acl_dst_noproxy_ip");
+               @templist = <NOPROXY>;
+               close(NOPROXY);
+               chomp (@templist);
+
+               foreach (@templist)
+               {
+                       print FILE "     (isInNet(host, $_)) ||\n";
+               }
+       }
+

        print FILE <<END
      (isInNet(host, "169.254.0.0", "255.255.0.0"))
    )
        print FILE <<END
      (isInNet(host, "169.254.0.0", "255.255.0.0"))
    )