immernoch das alte Problem...
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / proxy.cgi
CommitLineData
cd1a2927
MT
1#!/usr/bin/perl\r
2#\r
3# SmoothWall CGIs\r
4#\r
5# This code is distributed under the terms of the GPL\r
6#\r
7# (c) The SmoothWall Team\r
8#\r
9# $Id: proxy.cgi,v 1.13.2.23 2006/01/29 09:29:47 eoberlander Exp $\r
10#\r
11\r
12use strict;\r
13\r
14# enable only the following on debugging purpose\r
15#use warnings;\r
16#use CGI::Carp 'fatalsToBrowser';\r
17\r
18require 'CONFIG_ROOT/general-functions.pl';\r
19require "${General::swroot}/lang.pl";\r
20require "${General::swroot}/header.pl";\r
21\r
22my %proxysettings=();\r
23my %netsettings=();\r
24my %mainsettings=();\r
25my $errormessage = '';\r
26my $NeedDoHTML = 1;\r
27\r
28&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);\r
29&General::readhash("${General::swroot}/main/settings", \%mainsettings);\r
30\r
31&Header::showhttpheaders();\r
32\r
33$proxysettings{'ACTION'} = '';\r
34$proxysettings{'VALID'} = '';\r
35\r
36$proxysettings{'UPSTREAM_PROXY'} = '';\r
37$proxysettings{'UPSTREAM_USER'} = '';\r
38$proxysettings{'UPSTREAM_PASSWORD'} = '';\r
39$proxysettings{'ENABLE'} = 'off';\r
40$proxysettings{'ENABLE_BLUE'} = 'off';\r
41$proxysettings{'CACHE_SIZE'} = '50';\r
42$proxysettings{'TRANSPARENT'} = 'off';\r
43$proxysettings{'TRANSPARENT_BLUE'} = 'off';\r
44$proxysettings{'MAX_SIZE'} = '4096';\r
45$proxysettings{'MIN_SIZE'} = '0';\r
46$proxysettings{'MAX_OUTGOING_SIZE'} = '0';\r
47$proxysettings{'MAX_INCOMING_SIZE'} = '0';\r
48$proxysettings{'LOGGING'} = 'off';\r
49$proxysettings{'PROXY_PORT'} = '800';\r
50$proxysettings{'EXTENSION_METHODS'} = '';\r
51\r
52&Header::getcgihash(\%proxysettings);\r
53\r
54my $needhup = 0;\r
55my $cachemem = '';\r
56\r
57if ($proxysettings{'ACTION'} eq $Lang::tr{'save'})\r
58{\r
59 \r
60 #assume error\r
61 my $configerror = 1;\r
62\r
63 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ || \r
64 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ || \r
65 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ || \r
66 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {\r
67 $errormessage = $Lang::tr{'invalid input'};\r
68 goto ERROR;\r
69 } \r
70 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||\r
71 ($proxysettings{'CACHE_SIZE'} < 10))\r
72 {\r
73 $errormessage = $Lang::tr{'invalid cache size'};\r
74 goto ERROR;\r
75 } \r
76 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))\r
77 {\r
78 $errormessage = $Lang::tr{'invalid maximum object size'};\r
79 goto ERROR;\r
80 }\r
81 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))\r
82 {\r
83 $errormessage = $Lang::tr{'invalid minimum object size'};\r
84 goto ERROR;\r
85 }\r
86 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))\r
87 {\r
88 $errormessage = $Lang::tr{'invalid maximum outgoing size'};\r
89 goto ERROR;\r
90 }\r
91 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))\r
92 {\r
93 $errormessage = $Lang::tr{'invalid maximum incoming size'};\r
94 goto ERROR;\r
95 }\r
96\r
97 if (!($proxysettings{'EXTENSION_METHODS'} =~ /^(|[A-Z0-9 _-]+)$/))\r
98 {\r
99 $errormessage = $Lang::tr{'squid extension methods invalid'};\r
100 goto ERROR;\r
101 }\r
102\r
103 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.\r
104 my $proxy1 = 'YES';\r
105 my $proxy2 = 'YES';\r
106 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}\r
107 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}\r
108 if (($proxy1 ne $proxy2))\r
109 {\r
110 $errormessage = $Lang::tr{'invalid upstream proxy username or password setting'};\r
111 goto ERROR;\r
112 }\r
113\r
114 $_ = $proxysettings{'UPSTREAM_PROXY'};\r
115 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);\r
116 $remoteport = 80 if ($remoteport eq '');\r
117\r
118 $proxysettings{'VALID'} = 'yes';\r
119 &General::writehash("${General::swroot}/proxy/settings", \%proxysettings);\r
120\r
121 #\r
122 # NAH, 03-Jan-2004\r
123 #\r
124 my @free = `/usr/bin/free`;\r
125 $free[1] =~ m/(\d+)/;\r
126 $cachemem = int $1 / 10;\r
127 if ($cachemem < 4096) {\r
128 $cachemem = 4096;\r
129 }\r
130 if ($cachemem > $proxysettings{'CACHE_SIZE'} * 40) {\r
131 $cachemem = ( $proxysettings{'CACHE_SIZE'} * 40 );\r
132 }\r
133\r
134 open(FILE, ">/${General::swroot}/proxy/squid.conf") or die "Unable to write squid.conf file";\r
135 flock(FILE, 2);\r
136 print FILE <<END\r
137shutdown_lifetime 5 seconds\r
138icp_port 0\r
139\r
140http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\r
141END\r
142 ;\r
143 print FILE "\nextension_methods $proxysettings{'EXTENSION_METHODS'}\n" if ($proxysettings{'EXTENSION_METHODS'} ne '');\r
144\r
145 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {\r
146 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";\r
147 }\r
148 print FILE <<END\r
149\r
150acl QUERY urlpath_regex cgi-bin \\?\r
151no_cache deny QUERY\r
152\r
153cache_effective_user squid\r
154cache_effective_group squid\r
155\r
156pid_filename /var/run/squid.pid\r
157\r
158END\r
159 ;\r
160\r
161 if ($proxysettings{'LOGGING'} eq 'on')\r
162 {\r
163 print FILE <<END\r
164cache_access_log /var/log/squid/access.log\r
165cache_log /var/log/squid/cache.log\r
166cache_store_log none\r
167\r
168END\r
169 ;} else {\r
170 print FILE <<END\r
171cache_access_log /dev/null\r
172cache_log /dev/null\r
173cache_store_log none\r
174\r
175END\r
176 ;}\r
177 print FILE <<END\r
178log_mime_hdrs off\r
179forwarded_for off\r
180\r
181END\r
182 ;\r
183\r
184 #Insert acl file and replace __VAR__ with correct values\r
185 my $blue_net = ''; #BLUE empty by default\r
186 my $blue_ip = '';\r
187 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {\r
188 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";\r
189 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";\r
190 }\r
191 open (ACL, "${General::swroot}/proxy/acl") or die "Unable to open ACL list file";\r
192 while (<ACL>) {\r
193 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;\r
194 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;\r
195 $_ =~ s/__BLUE_IP__/$blue_ip/;\r
196 $_ =~ s/__BLUE_NET__/$blue_net/;\r
197 $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;\r
198 print FILE $_;\r
199 }\r
200 close (ACL);\r
201\r
202 # This value is in bytes, so we must turn it from KB into bytes\r
203 my $max_incoming_size = $proxysettings{'MAX_INCOMING_SIZE'} * 1024;\r
204\r
205 print FILE <<END\r
206\r
207maximum_object_size $proxysettings{'MAX_SIZE'} KB\r
208minimum_object_size $proxysettings{'MIN_SIZE'} KB\r
209\r
210cache_mem $cachemem KB\r
211cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} 16 256\r
212\r
213request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB\r
214reply_body_max_size $max_incoming_size allow all\r
215\r
216visible_hostname $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\r
217\r
218END\r
219 ;\r
220\r
221 # Write the parent proxy info, if needed.\r
222 if ($remotehost ne '')\r
223 {\r
224 # Enter authentication for the parent cache (format is login=user:password)\r
225 if ($proxy1 eq 'YES') {\r
226 print FILE <<END\r
227cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query\r
228\r
229END\r
230 ; \r
231 } else {\r
232 # Not using authentication with the parent cache\r
233 print FILE <<END\r
234cache_peer $remotehost parent $remoteport 3130 default no-query\r
235\r
236END\r
237 ;\r
238 }\r
239 print FILE "never_direct allow all\n";\r
240 }\r
241 if (($proxysettings{'TRANSPARENT'} eq 'on') ||\r
242 ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))\r
243 {\r
244 print FILE <<END\r
245httpd_accel_host virtual \r
246httpd_accel_port 80 \r
247httpd_accel_with_proxy on\r
248httpd_accel_uses_host_header on \r
249END\r
250 ;\r
251 }\r
252 close FILE;\r
253 $configerror = 0; ## a good config!\r
254\r
255ERROR:\r
256 unlink "${General::swroot}/proxy/enable";\r
257 unlink "${General::swroot}/proxy/transparent";\r
258 unlink "${General::swroot}/proxy/enable_blue";\r
259 unlink "${General::swroot}/proxy/transparent_blue";\r
260 &DoHTML;\r
261\r
262 if (!$configerror)\r
263 {\r
264 if ($proxysettings{'ENABLE'} eq 'on') {\r
265 system ('/bin/touch', "${General::swroot}/proxy/enable"); }\r
266 if ($proxysettings{'TRANSPARENT'} eq 'on') {\r
267 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }\r
268 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {\r
269 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }\r
270 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {\r
271 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }\r
272 system('/usr/local/bin/restartsquid');\r
273 }\r
274}\r
275\r
276if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})\r
277{\r
278 &DoHTML;\r
279 system('/usr/local/bin/restartsquid','-f');\r
280}\r
281\r
282&DoHTML if $NeedDoHTML;\r
283\r
284\r
285sub DoHTML {\r
286\r
287$NeedDoHTML = 0;\r
288&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);\r
289\r
290my %checked=();\r
291\r
292$checked{'ENABLE'}{'off'} = '';\r
293$checked{'ENABLE'}{'on'} = '';\r
294$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";\r
295\r
296$checked{'TRANSPARENT'}{'off'} = '';\r
297$checked{'TRANSPARENT'}{'on'} = '';\r
298$checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";\r
299\r
300$checked{'ENABLE_BLUE'}{'off'} = '';\r
301$checked{'ENABLE_BLUE'}{'on'} = '';\r
302$checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";\r
303\r
304$checked{'TRANSPARENT_BLUE'}{'off'} = '';\r
305$checked{'TRANSPARENT_BLUE'}{'on'} = '';\r
306$checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";\r
307\r
308$checked{'LOGGING'}{'off'} = '';\r
309$checked{'LOGGING'}{'on'} = '';\r
310$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";\r
311\r
312&Header::openpage($Lang::tr{'web proxy configuration'}, 1, '');\r
313\r
314&Header::openbigbox('100%', 'left', '', $errormessage);\r
315\r
316if ($errormessage) {\r
317 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});\r
318 print "<font class='base'>$errormessage&nbsp;</font>\n";\r
319 &Header::closebox();\r
320}\r
321\r
322print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";\r
323\r
324&Header::openbox('100%', 'left', "$Lang::tr{'web proxy'}:");\r
325print <<END\r
326<table width='100%'>\r
327<tr>\r
328 <td width='25%' class='base'>$Lang::tr{'enabled on'} <font color="${Header::colourgreen}">Green</font>:</td>\r
329 <td width='15%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>\r
330 <td width='30%' class='base'>$Lang::tr{'upstream proxy host:port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>\r
331 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>\r
332</tr>\r
333<tr>\r
334 <td class='base'>$Lang::tr{'transparent on'} <font color="${Header::colourgreen}">Green</font>:</td>\r
335 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>\r
336 <td class='base'>$Lang::tr{'upstream username'}&nbsp;<img src='/blob.gif' alt='*' /></td>\r
337 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>\r
338</tr>\r
339<tr>\r
340END\r
341;\r
342if ($netsettings{'BLUE_DEV'}) {\r
343 print "<td class='base'>$Lang::tr{'enabled on'} <font color='${Header::colourblue}'>Blue</font>:</td>";\r
344 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";\r
345} else {\r
346 print "<td colspan='2'>&nbsp;</td>";\r
347}\r
348print <<END\r
349 <td class='base'>$Lang::tr{'upstream password'}&nbsp;<img src='/blob.gif' alt='*' /></td>\r
350 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>\r
351</tr>\r
352<tr>\r
353END\r
354;\r
355if ($netsettings{'BLUE_DEV'}) {\r
356 print "<td class='base'>$Lang::tr{'transparent on'} <font color='${Header::colourblue}'>Blue</font>:</td>";\r
357 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";\r
358} else {\r
359 print "<td colspan='2'>&nbsp;</td>";\r
360}\r
361print <<END\r
362 <td class='base'>$Lang::tr{'proxy port'}:</td>\r
363 <td><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>\r
364</tr>\r
365<tr>\r
366 <td class='base'>$Lang::tr{'log enabled'}:</td>\r
367 <td><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>\r
368 <td>$Lang::tr{'squid extension methods'}:&nbsp;<img src='/blob.gif' alt='*' /></td>\r
369 <td><input type='text' name='EXTENSION_METHODS' value='$proxysettings{'EXTENSION_METHODS'}' /></td>\r
370</tr>\r
371<!--TAG FOR ADDONS-->\r
372<tr>\r
373 <td colspan='4'><hr /><b>$Lang::tr{'cache management'}</b></td>\r
374</tr>\r
375<tr>\r
376 <td width='25%' class='base'>$Lang::tr{'cache size'}</td>\r
377 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>\r
378</tr>\r
379<tr>\r
380 <td class='base'>$Lang::tr{'min size'}</td>\r
381 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>\r
382 <td class='base'>$Lang::tr{'max size'}</td>\r
383 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>\r
384</tr>\r
385<tr>\r
386 <td colspan='4'><hr /><b>$Lang::tr{'transfer limits'}</b></td>\r
387</tr>\r
388<tr>\r
389 <td class='base'>$Lang::tr{'max incoming size'}</td>\r
390 <td><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>\r
391 <td class='base'>$Lang::tr{'max outgoing size'}</td>\r
392 <td><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>\r
393</tr>\r
394</table>\r
395<table width='100%'>\r
396<hr />\r
397<tr>\r
398 <td width='28%'>\r
399 <img src='/blob.gif' align='top' alt='*' />&nbsp;\r
400 <font class='base'>$Lang::tr{'this field may be blank'}</font>\r
401 </td>\r
402 <td width='33%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>\r
403 <td width=33%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>\r
404 <td width='5%' align='right'>\r
405 <a href='${General::adminmanualurl}/services.html#services_webproxy' target='_blank'>\r
406 <img src='/images/web-support.png' title='$Lang::tr{'online help en'}' /></a></td>\r
407</tr>\r
408\r
409</table>\r
410END\r
411;\r
412&Header::closebox();\r
413\r
414print "</form>\n";\r
415\r
416&Header::closebigbox();\r
417\r
418&Header::closepage();\r
419\r
420} # end sub DoHTML\r
4211\r