]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
suricata: Change midstream policy to "pass-flow"
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use Apache::Htpasswd;
24
25 # enable only the following on debugging purpose
26 #use warnings;
27 #use CGI::Carp 'fatalsToBrowser';
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/lang.pl";
31 require "${General::swroot}/header.pl";
32
33 require "${General::swroot}/ids-functions.pl";
34
35 my @squidversion = &General::system_output("/usr/sbin/squid", "-v");
36 my $http_port='81';
37 my $https_port='444';
38
39 my %color = ();
40 my %mainsettings = ();
41 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
42 &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
43
44 my %proxysettings=();
45 my %netsettings=();
46 my %filtersettings=();
47 my %xlratorsettings=();
48 my %stdproxysettings=();
49 my %mainsettings=();
50
51 my %checked=();
52 my %selected=();
53
54 my @throttle_limits=(64,128,256,512,1024,1536,2048,3072,4096,5120,6144,7168,8192,10240,16384,20480,51200,102400);
55
56 my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
57 my $def_ports_ssl="443 # https\n563 # snews\n";
58
59 my $hintcolour='#FFFFCC';
60 my $ncsa_buttontext='';
61 my $language='';
62 my $i=0;
63 my $n=0;
64 my $id=0;
65 my $line='';
66 my $user='';
67 my @userlist=();
68 my @grouplist=();
69 my @temp=();
70 my @templist=();
71
72 my $cachemem=0;
73 my $proxy1='';
74 my $proxy2='';
75 my $browser_regexp='';
76 my $needhup = 0;
77 my $errormessage='';
78
79 my $acldir = "${General::swroot}/proxy/advanced/acls";
80 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
81 my $raddir = "${General::swroot}/proxy/advanced/radius";
82 my $identdir = "${General::swroot}/proxy/advanced/ident";
83 my $credir = "${General::swroot}/proxy/advanced/cre";
84
85 my $userdb = "$ncsadir/passwd";
86 my $stdgrp = "$ncsadir/standard.grp";
87 my $extgrp = "$ncsadir/extended.grp";
88 my $disgrp = "$ncsadir/disabled.grp";
89
90 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
91 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
92
93 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
94 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
95 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
96
97 my $identhosts = "$identdir/hosts";
98
99 my $authdir = "/usr/lib/squid";
100 my $errordir = "/usr/lib/squid/errors";
101
102 my $acl_src_subnets = "$acldir/src_subnets.acl";
103 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
104 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
105 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
106 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
107 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
108 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
109 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
110 my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
111 my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
112 my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
113 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
114 my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
115 my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
116 my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
117 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
118 my $acl_ports_safe = "$acldir/ports_safe.acl";
119 my $acl_ports_ssl = "$acldir/ports_ssl.acl";
120 my $acl_include = "$acldir/include.acl";
121
122 my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl";
123 my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
124
125 my $updaccelversion = 'n/a';
126 my $urlfilterversion = 'n/a';
127
128 unless (-d "$acldir") { mkdir("$acldir"); }
129 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
130 unless (-d "$raddir") { mkdir("$raddir"); }
131 unless (-d "$identdir") { mkdir("$identdir"); }
132 unless (-d "$credir") { mkdir("$credir"); }
133
134 unless (-e $cre_groups) { &General::system("touch", "$cre_groups"); }
135 unless (-e $cre_svhosts) { &General::system("touch $cre_svhosts"); }
136
137 unless (-e $userdb) { &General::system("touch", "$userdb"); }
138 unless (-e $stdgrp) { &General::system("touch", "$stdgrp"); }
139 unless (-e $extgrp) { &General::system("touch", "$extgrp"); }
140 unless (-e $disgrp) { &General::system("touch", "$disgrp"); }
141
142 unless (-e $acl_src_subnets) { &General::system("touch", "$acl_src_subnets"); }
143 unless (-e $acl_src_banned_ip) { &General::system("touch", "$acl_src_banned_ip"); }
144 unless (-e $acl_src_banned_mac) { &General::system("touch", "$acl_src_banned_mac"); }
145 unless (-e $acl_src_unrestricted_ip) { &General::system("touch", "$acl_src_unrestricted_ip"); }
146 unless (-e $acl_src_unrestricted_mac) { &General::system("touch", "$acl_src_unrestricted_mac"); }
147 unless (-e $acl_src_noaccess_ip) { &General::system("touch", "$acl_src_noaccess_ip"); }
148 unless (-e $acl_src_noaccess_mac) { &General::system("touch", "$acl_src_noaccess_mac"); }
149 unless (-e $acl_dst_noauth) { &General::system("touch", "$acl_dst_noauth"); }
150 unless (-e $acl_dst_noauth_dom) { &General::system("touch", "$acl_dst_noauth_dom"); }
151 unless (-e $acl_dst_noauth_net) { &General::system("touch", "$acl_dst_noauth_net"); }
152 unless (-e $acl_dst_noauth_url) { &General::system("touch", "$acl_dst_noauth_url"); }
153 unless (-e $acl_dst_nocache) { &General::system("touch", "$acl_dst_nocache"); }
154 unless (-e $acl_dst_nocache_dom) { &General::system("touch", "$acl_dst_nocache_dom"); }
155 unless (-e $acl_dst_nocache_net) { &General::system("touch", "$acl_dst_nocache_net"); }
156 unless (-e $acl_dst_nocache_url) { &General::system("touch", "$acl_dst_nocache_url"); }
157 unless (-e $acl_dst_throttle) { &General::system("touch", "$acl_dst_throttle"); }
158 unless (-e $acl_ports_safe) { &General::system("touch", "$acl_ports_safe"); }
159 unless (-e $acl_ports_ssl) { &General::system("touch", "$acl_ports_ssl"); }
160 unless (-e $acl_include) { &General::system("touch", "$acl_include"); }
161
162 unless (-e $mimetypes) { &General::system("touch", "$mimetypes"); }
163
164 my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
165
166 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
167 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
168
169 my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
170 my $blue_cidr = "";
171 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
172 $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
173 }
174
175 &Header::showhttpheaders();
176
177 $proxysettings{'ACTION'} = '';
178 $proxysettings{'VALID'} = '';
179
180 $proxysettings{'ENABLE'} = 'off';
181 $proxysettings{'ENABLE_BLUE'} = 'off';
182 $proxysettings{'TRANSPARENT'} = 'off';
183 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
184 $proxysettings{'PROXY_PORT'} = '800';
185 $proxysettings{'TRANSPARENT_PORT'} = '3128';
186 $proxysettings{'VISIBLE_HOSTNAME'} = '';
187 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
188 $proxysettings{'ADMIN_PASSWORD'} = '';
189 $proxysettings{'ERR_LANGUAGE'} = 'en';
190 $proxysettings{'ERR_DESIGN'} = 'ipfire';
191 $proxysettings{'SUPPRESS_VERSION'} = 'on';
192 $proxysettings{'FORWARD_VIA'} = 'off';
193 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
194 $proxysettings{'FORWARD_USERNAME'} = 'off';
195 $proxysettings{'NO_CONNECTION_AUTH'} = 'off';
196 $proxysettings{'UPSTREAM_PROXY'} = '';
197 $proxysettings{'UPSTREAM_USER'} = '';
198 $proxysettings{'UPSTREAM_PASSWORD'} = '';
199 $proxysettings{'LOGGING'} = 'off';
200 $proxysettings{'CACHEMGR'} = 'off';
201 $proxysettings{'LOGQUERY'} = 'off';
202 $proxysettings{'LOGUSERAGENT'} = 'off';
203 $proxysettings{'FILEDESCRIPTORS'} = '16384';
204 $proxysettings{'CACHE_MEM'} = '128';
205 $proxysettings{'CACHE_SIZE'} = '0';
206 $proxysettings{'MAX_SIZE'} = '4096';
207 $proxysettings{'MIN_SIZE'} = '0';
208 $proxysettings{'MEM_POLICY'} = 'LRU';
209 $proxysettings{'CACHE_POLICY'} = 'LRU';
210 $proxysettings{'L1_DIRS'} = '16';
211 $proxysettings{'OFFLINE_MODE'} = 'off';
212 $proxysettings{'CACHE_DIGESTS'} = 'off';
213 $proxysettings{'CLASSROOM_EXT'} = 'off';
214 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
215 $proxysettings{'NO_PROXY_LOCAL'} = 'off';
216 $proxysettings{'NO_PROXY_LOCAL_BLUE'} = 'off';
217 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
218 $proxysettings{'TIME_FROM_HOUR'} = '00';
219 $proxysettings{'TIME_FROM_MINUTE'} = '00';
220 $proxysettings{'TIME_TO_HOUR'} = '24';
221 $proxysettings{'TIME_TO_MINUTE'} = '00';
222 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
223 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
224 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
225 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
226 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
227 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
228 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
229 $proxysettings{'AUTH_METHOD'} = 'none';
230 $proxysettings{'AUTH_REALM'} = '';
231 $proxysettings{'AUTH_MAX_USERIP'} = '';
232 $proxysettings{'AUTH_CACHE_TTL'} = '60';
233 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
234 $proxysettings{'AUTH_CHILDREN'} = '5';
235 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
236 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
237 $proxysettings{'NCSA_USERNAME'} = '';
238 $proxysettings{'NCSA_GROUP'} = '';
239 $proxysettings{'NCSA_PASS'} = '';
240 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
241 $proxysettings{'LDAP_BASEDN'} = '';
242 $proxysettings{'LDAP_TYPE'} = 'ADS';
243 $proxysettings{'LDAP_SERVER'} = '';
244 $proxysettings{'LDAP_PORT'} = '389';
245 $proxysettings{'LDAP_BINDDN_USER'} = '';
246 $proxysettings{'LDAP_BINDDN_PASS'} = '';
247 $proxysettings{'LDAP_GROUP'} = '';
248 $proxysettings{'NTLM_AUTH_GROUP'} = '';
249 $proxysettings{'NTLM_AUTH_BASIC'} = 'off';
250 $proxysettings{'NTLM_DOMAIN'} = '';
251 $proxysettings{'NTLM_PDC'} = '';
252 $proxysettings{'NTLM_BDC'} = '';
253 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
254 $proxysettings{'NTLM_USER_ACL'} = 'positive';
255 $proxysettings{'RADIUS_SERVER'} = '';
256 $proxysettings{'RADIUS_PORT'} = '1812';
257 $proxysettings{'RADIUS_IDENTIFIER'} = '';
258 $proxysettings{'RADIUS_SECRET'} = '';
259 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
260 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
261 $proxysettings{'IDENT_REQUIRED'} = 'off';
262 $proxysettings{'IDENT_TIMEOUT'} = '10';
263 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
264 $proxysettings{'IDENT_USER_ACL'} = 'positive';
265 $proxysettings{'ENABLE_FILTER'} = 'off';
266 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
267 $proxysettings{'ENABLE_CLAMAV'} = 'off';
268
269 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
270
271 &Header::getcgihash(\%proxysettings);
272
273 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
274 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
275 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
276 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
277
278 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
279 {
280 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
281 }
282
283 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
284 {
285 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
286 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
287 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
288 }
289 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
290 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
291 }
292 if ($proxysettings{'NCSA_USERNAME'} eq '') {
293 $errormessage = $Lang::tr{'advproxy errmsg no username'};
294 }
295 if (!$errormessage) {
296 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
297 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
298 }
299 $proxysettings{'NCSA_USERNAME'} = '';
300 $proxysettings{'NCSA_GROUP'} = '';
301 $proxysettings{'NCSA_PASS'} = '';
302 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
303 }
304
305 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
306 {
307 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
308 &deluser($proxysettings{'ID'});
309 }
310
311 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
312 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
313 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
314
315 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
316 {
317 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
318 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
319 @temp = split(/:/,$proxysettings{'ID'});
320 $proxysettings{'NCSA_USERNAME'} = $temp[0];
321 $proxysettings{'NCSA_GROUP'} = $temp[1];
322 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
323 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
324 }
325
326 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
327 {
328 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
329 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
330 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
331 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
332 $errormessage = $Lang::tr{'invalid input'};
333 goto ERROR;
334 }
335 if($proxysettings{'CACHE_MEM'} > $proxysettings{'CACHE_SIZE'} && $proxysettings{'CACHE_SIZE'} > 0){
336 $errormessage = $Lang::tr{'advproxy errmsg cache'}." ".$proxysettings{'CACHE_MEM'}." > ".$proxysettings{'CACHE_SIZE'};
337 goto ERROR;
338 }
339
340 if (!(&General::validport($proxysettings{'PROXY_PORT'})))
341 {
342 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
343 goto ERROR;
344 }
345 if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
346 {
347 $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
348 goto ERROR;
349 }
350 if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
351 $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
352 goto ERROR;
353 }
354 if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
355 {
356 my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
357 if (!(&General::validip($temp[0])))
358 {
359 if (!(&General::validdomainname($temp[0])))
360 {
361 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
362 goto ERROR;
363 }
364 }
365 }
366 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
367 ($proxysettings{'CACHE_SIZE'} < 10))
368 {
369 if (!($proxysettings{'CACHE_SIZE'} eq '0'))
370 {
371 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
372 goto ERROR;
373 }
374 }
375 if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
376 ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576))
377 {
378 $errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
379 goto ERROR;
380 }
381 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/))
382 {
383 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
384 goto ERROR;
385 }
386 my @free = &General::system_output("/usr/bin/free");
387 $free[1] =~ m/(\d+)/;
388 $cachemem = int $1 / 2048;
389 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
390 $proxysettings{'CACHE_MEM'} = $cachemem;
391 }
392 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
393 {
394 $errormessage = $Lang::tr{'invalid maximum object size'};
395 goto ERROR;
396 }
397 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
398 {
399 $errormessage = $Lang::tr{'invalid minimum object size'};
400 goto ERROR;
401 }
402 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
403 {
404 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
405 goto ERROR;
406 }
407 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
408 {
409 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
410 goto ERROR;
411 }
412 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
413 {
414 $errormessage = $Lang::tr{'invalid maximum incoming size'};
415 goto ERROR;
416 }
417 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
418 {
419 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
420 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
421 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
422 {
423 if ($netsettings{'BLUE_DEV'})
424 {
425 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
426 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
427 {
428 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
429 goto ERROR;
430 }
431 } else {
432 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
433 {
434 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
435 goto ERROR;
436 }
437 }
438 }
439 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
440 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
441 {
442 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
443 goto ERROR;
444 }
445 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
446 {
447 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
448 goto ERROR;
449 }
450 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
451 {
452 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
453 goto ERROR;
454 }
455 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
456 {
457 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
458 goto ERROR;
459 }
460 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
461 {
462 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
463 goto ERROR;
464 }
465 }
466 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
467 {
468 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
469 {
470 $errormessage = $Lang::tr{'advproxy errmsg password length'};
471 goto ERROR;
472 }
473 }
474 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
475 {
476 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
477 {
478 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
479 goto ERROR;
480 }
481 }
482 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
483 {
484 if ($proxysettings{'LDAP_BASEDN'} eq '')
485 {
486 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
487 goto ERROR;
488 }
489 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
490 {
491 if (!&General::validdomainname($proxysettings{'LDAP_SERVER'}))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
494 goto ERROR;
495 }
496 }
497 if (!&General::validport($proxysettings{'LDAP_PORT'}))
498 {
499 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
500 goto ERROR;
501 }
502 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
503 {
504 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
505 {
506 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
507 goto ERROR;
508 }
509 }
510 }
511 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
512 {
513 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
514 {
515 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
516 goto ERROR;
517 }
518 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
519 {
520 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
521 goto ERROR;
522 }
523 if ($proxysettings{'RADIUS_SECRET'} eq '')
524 {
525 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
526 goto ERROR;
527 }
528 }
529
530 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
531 $proxy1 = 'YES';
532 $proxy2 = 'YES';
533 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
534 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
535 if ($proxysettings{'UPSTREAM_USER'} eq 'PASS') {$proxy1=$proxy2='PASS'; $proxysettings{'UPSTREAM_PASSWORD'} = '';}
536 if (($proxy1 ne $proxy2))
537 {
538 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
539 goto ERROR;
540 }
541
542 ERROR:
543 &check_acls;
544
545 if ($errormessage) {
546 $proxysettings{'VALID'} = 'no'; }
547 else {
548 $proxysettings{'VALID'} = 'yes'; }
549
550 if ($proxysettings{'VALID'} eq 'yes')
551 {
552 # Determine if suricata may needs to be restarted.
553 my $suricata_proxy_ports_changed;
554
555 # Check if the IDS is running
556 if(&IDS::ids_is_running()) {
557 my %oldproxysettings;
558
559 # Read-in current proxy settings and store them as oldsettings hash.
560 &General::readhash("${General::swroot}/proxy/advanced/settings", \%oldproxysettings);
561
562 # Check if the proxy port has been changed.
563 unless ($proxysettings{'PROXY_PORT'} eq $oldproxysettings{'PROXY_PORT'}) {
564 # Port has changed, suricata needs to be adjusted.
565 $suricata_proxy_ports_changed = 1;
566 }
567
568 # Check if the transparent port has been changed.
569 unless ($proxysettings{'TRANSPARENT_PORT'} eq $oldproxysettings{'TRANSPARENT_PORT'}) {
570 # Transparent port has changed, suricata needs to be adjusted.
571 $suricata_proxy_ports_changed = 1;
572 }
573 }
574
575 &write_acls;
576
577 delete $proxysettings{'SRC_SUBNETS'};
578 delete $proxysettings{'SRC_BANNED_IP'};
579 delete $proxysettings{'SRC_BANNED_MAC'};
580 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
581 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
582 delete $proxysettings{'DST_NOCACHE'};
583 delete $proxysettings{'DST_NOAUTH'};
584 delete $proxysettings{'DST_NOPROXY_IP'};
585 delete $proxysettings{'DST_NOPROXY_URL'};
586 delete $proxysettings{'PORTS_SAFE'};
587 delete $proxysettings{'PORTS_SSL'};
588 delete $proxysettings{'MIME_TYPES'};
589 delete $proxysettings{'NTLM_ALLOW_USERS'};
590 delete $proxysettings{'NTLM_DENY_USERS'};
591 delete $proxysettings{'RADIUS_ALLOW_USERS'};
592 delete $proxysettings{'RADIUS_DENY_USERS'};
593 delete $proxysettings{'IDENT_HOSTS'};
594 delete $proxysettings{'IDENT_ALLOW_USERS'};
595 delete $proxysettings{'IDENT_DENY_USERS'};
596
597 delete $proxysettings{'CRE_GROUPS'};
598 delete $proxysettings{'CRE_SVHOSTS'};
599
600 delete $proxysettings{'NCSA_USERNAME'};
601 delete $proxysettings{'NCSA_GROUP'};
602 delete $proxysettings{'NCSA_PASS'};
603 delete $proxysettings{'NCSA_PASS_CONFIRM'};
604
605 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
606 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
607 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
608 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
609 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
610 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
611 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
612
613 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
614 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
615
616 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
617
618 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
619 $stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
620 $stdproxysettings{'UPSTREAM_PROXY'} = $proxysettings{'UPSTREAM_PROXY'};
621 $stdproxysettings{'UPSTREAM_USER'} = $proxysettings{'UPSTREAM_USER'};
622 $stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
623 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
624 $stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
625 $stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
626 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
627
628 &writeconfig;
629 &writepacfile;
630
631 if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
632
633 &General::system ('/usr/local/bin/squidctrl', 'disable');
634 unlink "${General::swroot}/proxy/enable";
635 unlink "${General::swroot}/proxy/transparent";
636 unlink "${General::swroot}/proxy/enable_blue";
637 unlink "${General::swroot}/proxy/transparent_blue";
638
639 if ($proxysettings{'ENABLE'} eq 'on') {
640 &General::system('/usr/bin/touch', "${General::swroot}/proxy/enable");
641 &General::system('/usr/local/bin/squidctrl', 'enable'); }
642 if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
643 &General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
644 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
645 &General::system('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
646 &General::system('/usr/local/bin/squidctrl', 'enable'); }
647 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
648 &General::system('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
649
650 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { &General::system('/usr/local/bin/squidctrl', 'restart'); }
651 if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { &General::system('/usr/local/bin/squidctrl', 'reconfigure'); }
652
653 # Check if the suricata_proxy_ports_changed flag has been set.
654 if ($suricata_proxy_ports_changed) {
655 # Re-generate HTTP ports file.
656 &IDS::generate_http_ports_file();
657
658 # Restart suricata.
659 &IDS::call_suricatactrl("restart");
660 }
661 }
662 }
663
664 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
665 {
666 &General::system('/usr/local/bin/squidctrl', 'flush');
667 }
668
669 if (!$errormessage)
670 {
671 if (-e "${General::swroot}/proxy/advanced/settings") {
672 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
673 } elsif (-e "${General::swroot}/proxy/settings") {
674 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
675 }
676 &read_acls;
677 }
678
679 # ------------------------------------------------------------------
680
681 # Hook to regenerate the configuration files, if cgi got called from command line.
682 if ($ENV{"REMOTE_ADDR"} eq "") {
683 writeconfig();
684 exit(0);
685 }
686
687 # -------------------------------------------------------------------
688
689 $checked{'ENABLE'}{'off'} = '';
690 $checked{'ENABLE'}{'on'} = '';
691 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
692
693 $checked{'TRANSPARENT'}{'off'} = '';
694 $checked{'TRANSPARENT'}{'on'} = '';
695 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
696
697 $checked{'ENABLE_BLUE'}{'off'} = '';
698 $checked{'ENABLE_BLUE'}{'on'} = '';
699 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
700
701 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
702 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
703 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
704
705 $checked{'SUPPRESS_VERSION'}{'off'} = '';
706 $checked{'SUPPRESS_VERSION'}{'on'} = '';
707 $checked{'SUPPRESS_VERSION'}{$proxysettings{'SUPPRESS_VERSION'}} = "checked='checked'";
708
709 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
710 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
711 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
712 $checked{'FORWARD_USERNAME'}{'off'} = '';
713 $checked{'FORWARD_USERNAME'}{'on'} = '';
714 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
715 $checked{'FORWARD_VIA'}{'off'} = '';
716 $checked{'FORWARD_VIA'}{'on'} = '';
717 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
718 $checked{'NO_CONNECTION_AUTH'}{'off'} = '';
719 $checked{'NO_CONNECTION_AUTH'}{'on'} = '';
720 $checked{'NO_CONNECTION_AUTH'}{$proxysettings{'NO_CONNECTION_AUTH'}} = "checked='checked'";
721
722 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
723 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
724 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
725 $checked{'OFFLINE_MODE'}{'off'} = '';
726 $checked{'OFFLINE_MODE'}{'on'} = '';
727 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
728 $checked{'CACHE_DIGESTS'}{'off'} = '';
729 $checked{'CACHE_DIGESTS'}{'on'} = '';
730 $checked{'CACHE_DIGESTS'}{$proxysettings{'CACHE_DIGESTS'}} = "checked='checked'";
731
732 $checked{'LOGGING'}{'off'} = '';
733 $checked{'LOGGING'}{'on'} = '';
734 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
735 $checked{'CACHEMGR'}{'off'} = '';
736 $checked{'CACHEMGR'}{'on'} = '';
737 $checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
738 $checked{'LOGQUERY'}{'off'} = '';
739 $checked{'LOGQUERY'}{'on'} = '';
740 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
741 $checked{'LOGUSERAGENT'}{'off'} = '';
742 $checked{'LOGUSERAGENT'}{'on'} = '';
743 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
744
745 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
746 $selected{'ERR_DESIGN'}{$proxysettings{'ERR_DESIGN'}} = "selected='selected'";
747
748 $checked{'NO_PROXY_LOCAL'}{'off'} = '';
749 $checked{'NO_PROXY_LOCAL'}{'on'} = '';
750 $checked{'NO_PROXY_LOCAL'}{$proxysettings{'NO_PROXY_LOCAL'}} = "checked='checked'";
751 $checked{'NO_PROXY_LOCAL_BLUE'}{'off'} = '';
752 $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} = '';
753 $checked{'NO_PROXY_LOCAL_BLUE'}{$proxysettings{'NO_PROXY_LOCAL_BLUE'}} = "checked='checked'";
754
755 $checked{'CLASSROOM_EXT'}{'off'} = '';
756 $checked{'CLASSROOM_EXT'}{'on'} = '';
757 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
758
759 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
760 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
761 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
762 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
763 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
764
765 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
766 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
767 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
768 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
769 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
770 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
771 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
772
773 $checked{'TIME_MON'}{'off'} = '';
774 $checked{'TIME_MON'}{'on'} = '';
775 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
776 $checked{'TIME_TUE'}{'off'} = '';
777 $checked{'TIME_TUE'}{'on'} = '';
778 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
779 $checked{'TIME_WED'}{'off'} = '';
780 $checked{'TIME_WED'}{'on'} = '';
781 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
782 $checked{'TIME_THU'}{'off'} = '';
783 $checked{'TIME_THU'}{'on'} = '';
784 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
785 $checked{'TIME_FRI'}{'off'} = '';
786 $checked{'TIME_FRI'}{'on'} = '';
787 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
788 $checked{'TIME_SAT'}{'off'} = '';
789 $checked{'TIME_SAT'}{'on'} = '';
790 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
791 $checked{'TIME_SUN'}{'off'} = '';
792 $checked{'TIME_SUN'}{'on'} = '';
793 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
794
795 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
796 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
797 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
798 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
799
800 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
801 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
802 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
803
804 $checked{'AUTH_METHOD'}{'none'} = '';
805 $checked{'AUTH_METHOD'}{'ncsa'} = '';
806 $checked{'AUTH_METHOD'}{'ident'} = '';
807 $checked{'AUTH_METHOD'}{'ldap'} = '';
808 $checked{'AUTH_METHOD'}{'ntlm-auth'} = '';
809 $checked{'AUTH_METHOD'}{'radius'} = '';
810 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
811
812 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
813
814 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
815 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
816 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
817
818 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
819 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
820 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
821
822 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
823
824 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
825
826 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
827
828 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
829 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
830 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
831
832 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
833 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
834 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
835
836 $checked{'NTLM_USER_ACL'}{'positive'} = '';
837 $checked{'NTLM_USER_ACL'}{'negative'} = '';
838 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
839
840 $checked{'NTLM_AUTH_BASIC'}{'on'} = '';
841 $checked{'NTLM_AUTH_BASIC'}{'off'} = '';
842 $checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'";
843
844 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
845 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
846 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
847
848 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
849 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
850 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
851
852 $checked{'IDENT_REQUIRED'}{'off'} = '';
853 $checked{'IDENT_REQUIRED'}{'on'} = '';
854 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
855
856 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
857 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
858 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
859
860 $checked{'IDENT_USER_ACL'}{'positive'} = '';
861 $checked{'IDENT_USER_ACL'}{'negative'} = '';
862 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
863
864 $checked{'ENABLE_FILTER'}{'off'} = '';
865 $checked{'ENABLE_FILTER'}{'on'} = '';
866 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
867
868 $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
869 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
870 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
871
872 $checked{'ENABLE_CLAMAV'}{'off'} = '';
873 $checked{'ENABLE_CLAMAV'}{'on'} = '';
874 $checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
875
876 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
877
878 &Header::openbigbox('100%', 'left', '', $errormessage);
879
880 if ($errormessage) {
881 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
882 print "<font class='base'>$errormessage&nbsp;</font>\n";
883 &Header::closebox();
884 }
885
886 if ($squidversion[0] =~ /^Squid\sCache:\sVersion\s/i)
887 {
888 $squidversion[0] =~ s/^Squid\sCache:\sVersion//i;
889 $squidversion[0] =~ s/^\s+//g;
890 $squidversion[0] =~ s/\s+$//g;
891 } else {
892 $squidversion[0] = $Lang::tr{'advproxy unknown'};
893 }
894
895 # ===================================================================
896 # Main settings
897 # ===================================================================
898
899 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
900
901 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
902
903 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
904
905 print <<END
906 <table width='100%'>
907 <tr>
908 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
909 </tr>
910 <tr>
911 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
912 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
913 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
914 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
915 </tr>
916 <tr>
917 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
918 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
919 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
920 <td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
921 </tr>
922 <tr>
923 END
924 ;
925 if ($netsettings{'BLUE_DEV'}) {
926 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
927 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
928 } else {
929 print "<td colspan='2'>&nbsp;</td>";
930 }
931 print <<END
932 <td class='base'>$Lang::tr{'advproxy visible hostname'}:</td>
933 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
934 </tr>
935 <tr>
936 END
937 ;
938 if ($netsettings{'BLUE_DEV'}) {
939 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
940 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
941 } else {
942 print "<td colspan='2'>&nbsp;</td>";
943 }
944 print <<END
945 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
946 <td class='base'>
947 <select name='ERR_LANGUAGE'>
948 END
949 ;
950 foreach (<$errordir/*>) {
951 if (-d) {
952 $language = substr($_,rindex($_,"/")+1);
953 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
954 }
955 }
956 print <<END
957 </select>
958 </td>
959 </tr>
960 <tr>
961 <td class='base'>$Lang::tr{'advproxy suppress version'}:</td>
962 <td><input type='checkbox' name='SUPPRESS_VERSION' $checked{'SUPPRESS_VERSION'}{'on'} /></td>
963 <td class='base'>$Lang::tr{'advproxy error design'}:</td>
964 <td class='base'><select name='ERR_DESIGN'>
965 <option value='ipfire' $selected{'ERR_DESIGN'}{'ipfire'}>IPFire</option>
966 <option value='squid' $selected{'ERR_DESIGN'}{'squid'}>$Lang::tr{'advproxy standard'}</option>
967 </select></td>
968 </tr>
969 <tr>
970 <td class='base'>$Lang::tr{'advproxy squid version'}:</td>
971 <td class='base'>&nbsp;[<font color='$Header::colourred'> $squidversion[0] </font>]</td>
972 <td>&nbsp;</td>
973 <td>&nbsp;</td>
974 </tr>
975 </table>
976 <hr size='1'>
977 <table width='100%'>
978 END
979 ;
980 if ( -e "/usr/bin/squidclamav" ) {
981 print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
982 if ( ! -e "/var/run/clamav/clamd.pid" ){
983 print "<font color='red'>clamav not running</font><br /><br />";
984 $proxysettings{'ENABLE_CLAMAV'} = 'off';
985 }
986 else {
987 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_CLAMAV' ".$checked{'ENABLE_CLAMAV'}{'on'}." /><br />";
988 }
989 print "</td>";
990 } else {
991 print "<td></td>";
992 }
993 print "<td class='base'><a href='/cgi-bin/urlfilter.cgi'><b>".$Lang::tr{'advproxy url filter'}."</a></b><br />";
994 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_FILTER' ".$checked{'ENABLE_FILTER'}{'on'}." /><br />";
995 print "</td>";
996 print "<td class='base'><a href='/cgi-bin/updatexlrator.cgi'><b>".$Lang::tr{'advproxy update accelerator'}."</a></b><br />";
997 print $Lang::tr{'advproxy enabled'}."<input type='checkbox' name='ENABLE_UPDXLRATOR' ".$checked{'ENABLE_UPDXLRATOR'}{'on'}." /><br />";
998 print "</td></tr>";
999 print <<END
1000 </table>
1001 <hr size='1'>
1002 <table width='100%'>
1003 <tr>
1004 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
1005 </tr>
1006 <tr>
1007 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}:</td>
1008 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
1009 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}:</td>
1010 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
1011 </tr>
1012 <tr>
1013 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}:</td>
1014 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
1015 <td class='base'>$Lang::tr{'advproxy upstream username'}:</td>
1016 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
1017 </tr>
1018 <tr>
1019 <td class='base'>$Lang::tr{'advproxy username forwarding'}:</td>
1020 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
1021 <td class='base'>$Lang::tr{'advproxy upstream password'}:</td>
1022 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
1023 </tr>
1024 <tr>
1025 <td class='base'>$Lang::tr{'advproxy no connection auth'}:</td>
1026 <td><input type='checkbox' name='NO_CONNECTION_AUTH' $checked{'NO_CONNECTION_AUTH'}{'on'} /></td>
1027 <td>&nbsp;</td>
1028 <td>&nbsp;</td>
1029 </tr>
1030 </table>
1031 <hr size='1'>
1032 <table width='100%'>
1033 <tr>
1034 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
1035 </tr>
1036 <tr>
1037 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
1038 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
1039 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
1040 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
1041 </tr>
1042 <tr>
1043 <td>&nbsp;</td>
1044 <td>&nbsp;</td>
1045 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
1046 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
1047 </tr>
1048 </table>
1049 <hr size='1'>
1050 <table width='100%'>
1051 <tr>
1052 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
1053 </tr>
1054 <tr>
1055 <td class='base'><a href='/cgi-bin/cachemgr.cgi' target='_blank'>$Lang::tr{'proxy cachemgr'}:</td>
1056 <td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
1057 <td class='base'>$Lang::tr{'advproxy admin mail'}:</td>
1058 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
1059 </tr>
1060 <tr>
1061 <td class='base'>$Lang::tr{'proxy filedescriptors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1062 <td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
1063 <td class='base'>$Lang::tr{'proxy admin password'}:</td>
1064 <td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
1065 </tr>
1066 <tr>
1067 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1068 </tr>
1069 <tr>
1070 <td class='base'>$Lang::tr{'advproxy ram cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1071 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
1072 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1073 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
1074 </tr>
1075 <tr>
1076 <td class='base'>$Lang::tr{'advproxy min size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1077 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
1078 <td class='base'>$Lang::tr{'advproxy max size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1079 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
1080 </tr>
1081 <tr>
1082 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
1083 <td class='base'><select name='L1_DIRS'>
1084 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
1085 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
1086 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
1087 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
1088 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
1089 </select></td>
1090 <td colspan='2' rowspan= '5' valign='top' class='base'>
1091 <table cellspacing='0' cellpadding='0'>
1092 <tr>
1093 <!-- intentionally left empty -->
1094 </tr>
1095 <tr>
1096 <td>$Lang::tr{'advproxy no cache sites'}:</td>
1097 </tr>
1098 <tr>
1099 <!-- intentionally left empty -->
1100 </tr>
1101 <tr>
1102 <!-- intentionally left empty -->
1103 </tr>
1104 <tr>
1105 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
1106 END
1107 ;
1108
1109 print $proxysettings{'DST_NOCACHE'};
1110
1111 print <<END
1112 </textarea></td>
1113 </tr>
1114 </table>
1115 </td>
1116 </tr>
1117 <tr>
1118 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
1119 <td class='base'><select name='MEM_POLICY'>
1120 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
1121 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1122 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
1123 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
1124 </select></td>
1125 </tr>
1126 <tr>
1127 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1128 <td class='base'><select name='CACHE_POLICY'>
1129 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1130 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1131 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1132 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1133 </select></td>
1134 </tr>
1135 <tr>
1136 <td colspan='2'>&nbsp;</td>
1137 </tr>
1138 <tr>
1139 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1140 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1141 </tr>
1142 <tr>
1143 <td class='base'>$Lang::tr{'advproxy cache-digest'}:</td>
1144 <td><input type='checkbox' name='CACHE_DIGESTS' $checked{'CACHE_DIGESTS'}{'on'} /></td>
1145 </tr>
1146 </table>
1147 <hr size='1'>
1148 <table width='100%'>
1149 <tr>
1150 <td colspan='4'><b>$Lang::tr{'advproxy destination ports'}</b></td>
1151 </tr>
1152 <tr>
1153 <td width='25%' align='center'></td> <td width='20%' align='center'></td><td width='25%' align='center'></td><td width='30%' align='center'></td>
1154 </tr>
1155 <tr>
1156 <td colspan='2' class='base'>$Lang::tr{'advproxy standard ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1157 <td colspan='2' class='base'>$Lang::tr{'advproxy ssl ports'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1158 </tr>
1159 <tr>
1160 <td colspan='2'><textarea name='PORTS_SAFE' cols='32' rows='6' wrap='off'>
1161 END
1162 ;
1163 if (!$proxysettings{'PORTS_SAFE'}) { print $def_ports_safe; } else { print $proxysettings{'PORTS_SAFE'}; }
1164
1165 print <<END
1166 </textarea></td>
1167 <td colspan='2'><textarea name='PORTS_SSL' cols='32' rows='6' wrap='off'>
1168 END
1169 ;
1170 if (!$proxysettings{'PORTS_SSL'}) { print $def_ports_ssl; } else { print $proxysettings{'PORTS_SSL'}; }
1171
1172 print <<END
1173 </textarea></td>
1174 </tr>
1175 </table>
1176 <hr size='1'>
1177 <table width='100%'>
1178 <tr>
1179 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1180 </tr>
1181 <tr>
1182 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1183 </tr>
1184 <tr>
1185 <td colspan='4' class='base'>$Lang::tr{'advproxy allowed subnets'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1186 </tr>
1187 <tr>
1188 <td colspan='2' rowspan='4'><textarea name='SRC_SUBNETS' cols='32' rows='3' wrap='off'>
1189 END
1190 ;
1191
1192 if (!$proxysettings{'SRC_SUBNETS'})
1193 {
1194 print "$green_cidr\n";
1195 if ($netsettings{'BLUE_DEV'})
1196 {
1197 print "$blue_cidr\n";
1198 }
1199 } else { print $proxysettings{'SRC_SUBNETS'}; }
1200
1201 print <<END
1202 </textarea></td>
1203 END
1204 ;
1205
1206 $line = $Lang::tr{'advproxy no internal proxy on green'};
1207 $line =~ s/Green/<font color="$Header::colourgreen">Green<\/font>/i;
1208 print "<td class='base'>$line:</td>\n";
1209 print <<END
1210 <td><input type='checkbox' name='NO_PROXY_LOCAL' $checked{'NO_PROXY_LOCAL'}{'on'} /></td>
1211 </tr>
1212 END
1213 ;
1214 if ($netsettings{'BLUE_DEV'}) {
1215 $line = $Lang::tr{'advproxy no internal proxy on blue'};
1216 $line =~ s/Blue/<font color="$Header::colourblue">Blue<\/font>/i;
1217 print "<tr>\n";
1218 print "<td class='base'>$line:</td>\n";
1219 print <<END
1220 <td><input type='checkbox' name='NO_PROXY_LOCAL_BLUE' $checked{'NO_PROXY_LOCAL_BLUE'}{'on'} /></td>
1221 </tr>
1222 END
1223 ;
1224 }
1225 print <<END
1226 <tr>
1227 <td colspan='2'>&nbsp;</td>
1228 </tr>
1229 <tr>
1230 <td colspan='2'>&nbsp;</td>
1231 </tr>
1232 </table>
1233 <table width='100%'>
1234 <tr>
1235 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1236 </tr>
1237 <tr>
1238 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:</td>
1239 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:</td>
1240 </tr>
1241 <tr>
1242 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='3' wrap='off'>
1243 END
1244 ;
1245
1246 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1247
1248 print <<END
1249 </textarea></td>
1250 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='3' wrap='off'>
1251 END
1252 ;
1253
1254 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1255
1256 print <<END
1257 </textarea></td>
1258 </tr>
1259 </table>
1260 <table width='100%'>
1261 <tr>
1262 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1263 </tr>
1264 <tr>
1265 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:</td>
1266 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:</td>
1267 </tr>
1268 <tr>
1269 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='3' wrap='off'>
1270 END
1271 ;
1272
1273 print $proxysettings{'SRC_BANNED_IP'};
1274
1275 print <<END
1276 </textarea></td>
1277 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='3' wrap='off'>
1278 END
1279 ;
1280
1281 print $proxysettings{'SRC_BANNED_MAC'};
1282
1283 print <<END
1284 </textarea></td>
1285 </tr>
1286 </table>
1287
1288 <hr size='1'>
1289
1290 END
1291 ;
1292 # -------------------------------------------------------------------
1293 # CRE GUI - optional
1294 # -------------------------------------------------------------------
1295
1296 if (-e $cre_enabled) { print <<END
1297 <table width='100%'>
1298
1299 <tr>
1300 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1301 </tr>
1302 <tr>
1303 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1304 </tr>
1305 <tr>
1306
1307 END
1308 ;
1309 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1310 print <<END
1311 <td class='base'>$Lang::tr{'advproxy supervisor password'}:</td>
1312 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1313 </tr>
1314 <tr>
1315 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1316 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:</td>
1317 END
1318 ;
1319 }
1320 print "</tr>";
1321 if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
1322 print <<END
1323 <tr>
1324 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1325 END
1326 ;
1327
1328 print $proxysettings{'CRE_GROUPS'};
1329
1330 print <<END
1331 </textarea></td>
1332 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1333 END
1334 ;
1335 print $proxysettings{'CRE_SVHOSTS'};
1336
1337 print <<END
1338 </textarea></td>
1339 </tr>
1340 END
1341 ;
1342 }
1343 print "</table><hr size='1'>";
1344
1345 } else {
1346 print <<END
1347 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1348 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1349 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1350 END
1351 ;
1352 }
1353
1354 # ===================================================================
1355 # WPAD settings
1356 # ===================================================================
1357
1358 print <<END
1359 <table width='100%'>
1360 <tr>
1361 <td colspan='4'><b>$Lang::tr{'advproxy wpad title'}</b></td>
1362 </tr>
1363 <tr>
1364 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1365 </tr>
1366 <tr>
1367 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_ip'}:</td>
1368 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_url'}:</td>
1369 </tr>
1370 <tr>
1371 <td colspan='2'><textarea name='DST_NOPROXY_IP' cols='32' rows='3' wrap='off'>
1372 END
1373 ;
1374
1375 print $proxysettings{'DST_NOPROXY_IP'};
1376
1377 print <<END
1378 </textarea></td>
1379
1380 <td colspan='2'><textarea name='DST_NOPROXY_URL' cols='32' rows='3' wrap='off'>
1381 END
1382 ;
1383
1384 print $proxysettings{'DST_NOPROXY_URL'};
1385
1386 print <<END
1387 </textarea></td>
1388 </tr>
1389 <tr>
1390 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_ip'}</td>
1391 <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_url'}</td>
1392 </tr>
1393 <tr>
1394 <td colspan="4">&nbsp;</td>
1395 </tr>
1396 <tr>
1397 <td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td>
1398 </tr>
1399 <tr>
1400 <td colspan="4">&nbsp;</td>
1401 </tr>
1402 <tr>
1403 <td colspan="4">$Lang::tr{'advproxy wpad notice'}</td>
1404 </tr>
1405 </table>
1406
1407 <hr size='1'>
1408
1409 END
1410 ;
1411
1412 # -------------------------------------------------------------------
1413
1414 print <<END
1415
1416 <table width='100%'>
1417 <tr>
1418 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1419 </tr>
1420 <table width='100%'>
1421 <tr>
1422 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1423 <td width='1%'>&nbsp;</td>
1424 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1425 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1426 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1427 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1428 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1429 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1430 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1431 <td width='1%'>&nbsp;&nbsp;</td>
1432 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1433 <td width='1%'>&nbsp;</td>
1434 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1435 <td>&nbsp;</td>
1436 </tr>
1437 <tr>
1438 <td class='base'>
1439 <select name='TIME_ACCESS_MODE'>
1440 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1441 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1442 </select>
1443 </td>
1444 <td>&nbsp;</td>
1445 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1446 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1447 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1448 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1449 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1450 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1451 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1452 <td>&nbsp;</td>
1453 <td class='base'>
1454 <select name='TIME_FROM_HOUR'>
1455 END
1456 ;
1457 for ($i=0;$i<=24;$i++) {
1458 $_ = sprintf("%02s",$i);
1459 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1460 }
1461 print <<END
1462 </select>
1463 </td>
1464 <td>:</td>
1465 <td class='base'>
1466 <select name='TIME_FROM_MINUTE'>
1467 END
1468 ;
1469 for ($i=0;$i<=45;$i+=15) {
1470 $_ = sprintf("%02s",$i);
1471 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1472 }
1473 print <<END
1474 </select>
1475 <td> - </td>
1476 </td>
1477 <td class='base'>
1478 <select name='TIME_TO_HOUR'>
1479 END
1480 ;
1481 for ($i=0;$i<=24;$i++) {
1482 $_ = sprintf("%02s",$i);
1483 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1484 }
1485 print <<END
1486 </select>
1487 </td>
1488 <td>:</td>
1489 <td class='base'>
1490 <select name='TIME_TO_MINUTE'>
1491 END
1492 ;
1493 for ($i=0;$i<=45;$i+=15) {
1494 $_ = sprintf("%02s",$i);
1495 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1496 }
1497 print <<END
1498 </select>
1499 </td>
1500 </tr>
1501 </table>
1502 <hr size='1'>
1503 <table width='100%'>
1504 <tr>
1505 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1506 </tr>
1507 <tr>
1508 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1509 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1510 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1511 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1512 </tr>
1513 </table>
1514 <hr size='1'>
1515 <table width='100%'>
1516 <tr>
1517 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1518 </tr>
1519 <tr>
1520 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1521 <td width='20%' class='base'>
1522 <select name='THROTTLING_GREEN_TOTAL'>
1523 END
1524 ;
1525
1526 foreach (@throttle_limits) {
1527 my $val = $_;
1528 my $unit = "kbit/s";
1529
1530 if ($val >= 1024) {
1531 $unit = "Mbit/s";
1532 $val /= 1024;
1533 }
1534
1535 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$val $unit</option>\n";
1536 }
1537
1538 print <<END
1539 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1540 </select>
1541 </td>
1542 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1543 <td width='30%' class='base'>
1544 <select name='THROTTLING_GREEN_HOST'>
1545 END
1546 ;
1547
1548 foreach (@throttle_limits) {
1549 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kbit/s</option>\n";
1550 }
1551
1552 print <<END
1553 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1554 </select>
1555 </td>
1556 </tr>
1557 END
1558 ;
1559
1560 if ($netsettings{'BLUE_DEV'}) {
1561 print <<END
1562 <tr>
1563 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1564 <td class='base'>
1565 <select name='THROTTLING_BLUE_TOTAL'>
1566 END
1567 ;
1568
1569 foreach (@throttle_limits) {
1570 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kbit/s</option>\n";
1571 }
1572
1573 print <<END
1574 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1575 </select>
1576 </td>
1577 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1578 <td class='base'>
1579 <select name='THROTTLING_BLUE_HOST'>
1580 END
1581 ;
1582
1583 foreach (@throttle_limits) {
1584 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kbit/s</option>\n";
1585 }
1586
1587 print <<END
1588 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1589 </select>
1590 </td>
1591 </tr>
1592 END
1593 ;
1594 }
1595
1596 print <<END
1597 </table>
1598 <hr size='1'>
1599 <table width='100%'>
1600 <tr>
1601 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b> $Lang::tr{'advproxy enabled'}:<input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1602 </tr>
1603 END
1604 ;
1605 if ( $proxysettings{'ENABLE_MIME_FILTER'} eq 'on' ){
1606 print <<END
1607 <tr>
1608 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:</td>
1609 <td>&nbsp;</td>
1610 <td>&nbsp;</td>
1611 </tr>
1612 <tr>
1613 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1614 END
1615 ;
1616
1617 print $proxysettings{'MIME_TYPES'};
1618
1619 print <<END
1620 </textarea></td>
1621 <td>&nbsp;</td>
1622 <td>&nbsp;</td>
1623 </tr>
1624 END
1625 ;
1626 }
1627 print <<END
1628 </table>
1629
1630 <hr size='1'>
1631 END
1632 ;
1633
1634 my $auth_columns = 5;
1635 if ($HAVE_NTLM_AUTH) {
1636 $auth_columns++;
1637 }
1638 my $auth_column_width = 100 / $auth_columns;
1639
1640 print <<END;
1641 <table width='100%'>
1642 <tr>
1643 <td colspan='$auth_columns'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1644 </tr>
1645 <tr>
1646 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1647 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1648 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1649 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1650 END
1651
1652 if ($HAVE_NTLM_AUTH) {
1653 print <<END;
1654 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm-auth' $checked{'AUTH_METHOD'}{'ntlm-auth'} />$Lang::tr{'advproxy AUTH method ntlm auth'}</td>
1655 END
1656 }
1657
1658 print <<END
1659 <td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1660 </tr>
1661 </table>
1662 END
1663 ;
1664
1665 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1666 <hr size='1'>
1667 <table width='100%'>
1668 <tr>
1669 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1670 </tr>
1671 <tr>
1672 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1673 </tr>
1674 <tr>
1675 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1676 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1677 <td colspan='2' rowspan= '6' valign='top' class='base'>
1678 <table cellpadding='0' cellspacing='0'>
1679 <tr>
1680 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:</td>
1681 </tr>
1682 <tr>
1683 <!-- intentionally left empty -->
1684 </tr>
1685 <tr>
1686 <!-- intentionally left empty -->
1687 </tr>
1688 <tr>
1689 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1690 </tr>
1691 <tr>
1692 <!-- intentionally left empty -->
1693 </tr>
1694 <tr>
1695 <!-- intentionally left empty -->
1696 </tr>
1697 <tr>
1698 <td>$Lang::tr{'advproxy AUTH no auth'}:</td>
1699 </tr>
1700 <tr>
1701 <!-- intentionally left empty -->
1702 </tr>
1703 <tr>
1704 <!-- intentionally left empty -->
1705 </tr>
1706 <tr>
1707 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1708 END
1709 ;
1710
1711 print $proxysettings{'DST_NOAUTH'};
1712
1713 print <<END
1714 </textarea></td>
1715 </tr>
1716 </table>
1717 </td>
1718 </tr>
1719 <tr>
1720 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1721 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1722 </tr>
1723 <tr>
1724 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
1725 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1726 </tr>
1727 <tr>
1728 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1729 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1730 </tr>
1731 <tr>
1732 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1733 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1734 </tr>
1735 <tr>
1736 <td colspan='2'>&nbsp;</td>
1737 </tr>
1738 </table>
1739 END
1740 ;
1741 }
1742
1743 # ===================================================================
1744 # NCSA auth settings
1745 # ===================================================================
1746
1747 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1748 print <<END
1749 <hr size='1'>
1750 <table width='100%'>
1751 <tr>
1752 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1753 </tr>
1754 <tr>
1755 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1756 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1757 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1758 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1759 </tr>
1760 <tr>
1761 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1762 <td>&nbsp;</td>
1763 <td>&nbsp;</td>
1764 </tr>
1765 </table>
1766 END
1767 ; }
1768
1769 # ===================================================================
1770 # IDENTD auth settings
1771 # ===================================================================
1772
1773 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1774 print <<END
1775 <hr size ='1'>
1776 <table width='100%'>
1777 <tr>
1778 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1779 </tr>
1780 <tr>
1781 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1782 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1783 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1784 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1785 </tr>
1786 <tr>
1787 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1788 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1789 <td>&nbsp;</td>
1790 <td>&nbsp;</td>
1791 </tr>
1792 <tr>
1793 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1794 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:</td>
1795 </tr>
1796 <tr>
1797 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1798 END
1799 ;
1800 if (!$proxysettings{'IDENT_HOSTS'}) {
1801 print "$green_cidr\n";
1802 if ($netsettings{'BLUE_DEV'}) {
1803 print "$blue_cidr\n";
1804 }
1805 } else {
1806 print $proxysettings{'IDENT_HOSTS'};
1807 }
1808
1809 print <<END
1810 </textarea></td>
1811 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1812 END
1813 ;
1814
1815 print $proxysettings{'DST_NOAUTH'};
1816
1817 print <<END
1818 </textarea></td>
1819 </tr>
1820 </table>
1821 <hr size ='1'>
1822 <table width='100%'>
1823 <tr>
1824 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1825 </tr>
1826 <tr>
1827 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1828 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1829 <td width='25%'>&nbsp;</td>
1830 <td width='30%'>&nbsp;</td>
1831 </tr>
1832 <tr>
1833 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1834 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1835 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1836 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1837 </tr>
1838 <tr>
1839 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1840 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1841 </tr>
1842 <tr>
1843 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1844 END
1845 ; }
1846
1847 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1848
1849 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1850 </textarea></td>
1851 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1852 END
1853 ; }
1854
1855 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1856
1857 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1858 </textarea></td>
1859 </tr>
1860 </table>
1861 END
1862 ; }
1863
1864 # ===================================================================
1865 # NTLM-AUTH settings
1866 # ===================================================================
1867
1868 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
1869 print <<END;
1870 <hr size ='1'>
1871 <table width='100%'>
1872 <td width='20%' class='base'>$Lang::tr{'advproxy basic authentication'}:</td>
1873 <td width='40%'><input type='checkbox' name='NTLM_AUTH_BASIC' $checked{'NTLM_AUTH_BASIC'}{'on'} /></td>
1874 <td colspan='2'>&nbsp;</td>
1875 </table>
1876
1877 <hr size='1' />
1878
1879 <table width='100%'>
1880 <tr>
1881 <td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
1882 </tr>
1883 <tr>
1884 <td width='20%' class='base'>$Lang::tr{'advproxy group required'}:</td>
1885 <td width='40%'><input type='text' name='NTLM_AUTH_GROUP' value='$proxysettings{'NTLM_AUTH_GROUP'}' size='37' /></td>
1886 <td>&nbsp;</td>
1887 <td>&nbsp;</td>
1888 </tr>
1889 </table>
1890 END
1891 }
1892
1893 # ===================================================================
1894 # LDAP auth settings
1895 # ===================================================================
1896
1897 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1898 print <<END
1899 <hr size='1'>
1900 <table width='100%'>
1901 <tr>
1902 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1903 </tr>
1904 <tr>
1905 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1906 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1907 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1908 <td class='base'><select name='LDAP_TYPE'>
1909 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1910 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1911 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1912 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1913 </select></td>
1914 </tr>
1915 <tr>
1916 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1917 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1918 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1919 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1920 </tr>
1921 </table>
1922 <hr size ='1'>
1923 <table width='100%'>
1924 <tr>
1925 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1926 </tr>
1927 <tr>
1928 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1929 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1930 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1931 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1932 </tr>
1933 </table>
1934 <hr size ='1'>
1935 <table width='100%'>
1936 <tr>
1937 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1938 </tr>
1939 <tr>
1940 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:</td>
1941 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1942 <td>&nbsp;</td>
1943 <td>&nbsp;</td>
1944 </tr>
1945 </table>
1946 END
1947 ; }
1948
1949 # ===================================================================
1950 # RADIUS auth settings
1951 # ===================================================================
1952
1953 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1954 print <<END
1955 <hr size='1'>
1956 <table width='100%'>
1957 <tr>
1958 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1959 </tr>
1960 <tr>
1961 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1962 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1963 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1964 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1965 </tr>
1966 <tr>
1967 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:</td>
1968 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1969 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1970 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1971 </tr>
1972 </table>
1973 <hr size ='1'>
1974 <table width='100%'>
1975 <tr>
1976 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1977 </tr>
1978 <tr>
1979 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1980 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1981 <td width='25%'>&nbsp;</td>
1982 <td width='30%'>&nbsp;</td>
1983 </tr>
1984 <tr>
1985 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1986 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1987 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1988 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1989 </tr>
1990 <tr>
1991 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1992 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1993 </tr>
1994 <tr>
1995 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1996 END
1997 ; }
1998
1999 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
2000
2001 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2002 </textarea></td>
2003 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
2004 END
2005 ; }
2006
2007 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
2008
2009 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
2010 </textarea></td>
2011 </tr>
2012 </table>
2013 END
2014 ; }
2015
2016 # ===================================================================
2017
2018 }
2019
2020 print "<table>\n";
2021
2022 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
2023 print <<END
2024 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2025 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2026 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2027 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2028 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
2029 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2030 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
2031 END
2032 ; }
2033
2034 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
2035 print <<END
2036 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
2037 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
2038 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
2039 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
2040 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
2041 END
2042 ; }
2043
2044 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
2045 print <<END
2046 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2047 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
2048 END
2049 ; }
2050
2051 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
2052 print <<END
2053 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
2054 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
2055 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
2056 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
2057 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
2058 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
2059 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
2060 END
2061 ; }
2062
2063 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
2064 print <<END
2065 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
2066 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
2067 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
2068 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
2069 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
2070 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
2071 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
2072 END
2073 ; }
2074
2075 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
2076 print <<END
2077 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
2078 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
2079 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
2080 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
2081 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
2082 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
2083 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
2084 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
2085 END
2086 ; }
2087
2088 print "</table>\n";
2089
2090 print <<END
2091 <hr size='1'>
2092 END
2093 ;
2094
2095 print <<END
2096 <table width='100%'>
2097 <tr>
2098 <td>&nbsp;</td>
2099 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
2100 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'proxy reconfigure'}' /></td>
2101 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
2102 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy clear cache'}' /></td>
2103 <td>&nbsp;</td>
2104 </tr>
2105
2106 </table>
2107 <br />
2108 <table width='100%'>
2109 <tr>
2110 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'required field'}</font></td>
2111 <td align='right'>&nbsp;</td>
2112 </tr>
2113 </table>
2114 </form>
2115 END
2116 ;
2117
2118 &Header::closebox();
2119
2120 } else {
2121
2122 # ===================================================================
2123 # NCSA user management
2124 # ===================================================================
2125
2126 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2127 print <<END
2128 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2129 <table width='100%'>
2130 <tr>
2131 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2132 </tr>
2133 <tr>
2134 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2135 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2136 END
2137 ;
2138 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly='readonly' "; }
2139 print <<END
2140 /></td>
2141 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2142 <td class='base'>
2143 <select name='NCSA_GROUP'>
2144 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2145 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2146 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2147 </select>
2148 </td>
2149
2150 </tr>
2151 <tr>
2152 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2153 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2154 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2155 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2156 </tr>
2157 </table>
2158 <br>
2159 <table>
2160 <tr>
2161 <td>&nbsp;</td>
2162 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2163 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2164 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2165 END
2166 ;
2167 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2168 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2169 }
2170
2171 print <<END
2172 <td>&nbsp;</td>
2173 <td>&nbsp;</td>
2174 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2175 </tr>
2176 </table>
2177 </form>
2178 <hr size='1'>
2179 <table width='100%'>
2180 <tr>
2181 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2182 </tr>
2183 </table>
2184 <table width='100%' align='center'>
2185 END
2186 ;
2187
2188 if (-e $extgrp)
2189 {
2190 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2191 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2192 }
2193 if (-e $stdgrp)
2194 {
2195 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2196 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2197 }
2198 if (-e $disgrp)
2199 {
2200 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2201 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2202 }
2203
2204 @userlist = sort(@userlist);
2205
2206 # If the password file contains entries, print entries and action icons
2207
2208 if ( ! -z "$userdb" ) {
2209 print <<END
2210 <tr>
2211 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2212 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2213 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2214 </tr>
2215 END
2216 ;
2217 $id = 0;
2218 foreach $line (@userlist)
2219 {
2220 $id++;
2221 chomp($line);
2222 @temp = split(/:/,$line);
2223 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2224 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2225 elsif ($id % 2) {
2226 print "<tr bgcolor='$color{'color20'}'>\n"; }
2227 else {
2228 print "<tr bgcolor='$color{'color22'}'>\n"; }
2229
2230 print <<END
2231 <td align='center'>$temp[0]</td>
2232 <td align='center'>
2233 END
2234 ;
2235 if ($temp[1] eq 'standard') {
2236 print $Lang::tr{'advproxy NCSA grp standard'};
2237 } elsif ($temp[1] eq 'extended') {
2238 print $Lang::tr{'advproxy NCSA grp extended'};
2239 } elsif ($temp[1] eq 'disabled') {
2240 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2241 print <<END
2242 </td>
2243 <td width='8%' align='center'>
2244 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2245 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2246 <input type='hidden' name='ID' value='$line' />
2247 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2248 </form>
2249 </td>
2250
2251 <td width='8%' align='center'>
2252 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2253 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2254 <input type='hidden' name='ID' value='$temp[0]' />
2255 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2256 </form>
2257 </td>
2258 </tr>
2259 END
2260 ;
2261 }
2262
2263 print <<END
2264 </table>
2265 <br>
2266 <table>
2267 <tr>
2268 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2269 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2270 <td class='base'>$Lang::tr{'edit'}</td>
2271 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2272 <td class='base'>$Lang::tr{'remove'}</td>
2273 </tr>
2274 END
2275 ;
2276 } else {
2277 print <<END
2278 <tr>
2279 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2280 </tr>
2281 END
2282 ;
2283 }
2284
2285 print <<END
2286 </table>
2287 END
2288 ;
2289
2290 &Header::closebox();
2291
2292 }
2293
2294 # ===================================================================
2295
2296 &Header::closebigbox();
2297
2298 &Header::closepage();
2299
2300 # -------------------------------------------------------------------
2301
2302 sub read_acls
2303 {
2304 if (-e "$acl_src_subnets") {
2305 open(FILE,"$acl_src_subnets");
2306 delete $proxysettings{'SRC_SUBNETS'};
2307 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2308 close(FILE);
2309 }
2310 if (-e "$acl_src_banned_ip") {
2311 open(FILE,"$acl_src_banned_ip");
2312 delete $proxysettings{'SRC_BANNED_IP'};
2313 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2314 close(FILE);
2315 }
2316 if (-e "$acl_src_banned_mac") {
2317 open(FILE,"$acl_src_banned_mac");
2318 delete $proxysettings{'SRC_BANNED_MAC'};
2319 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2320 close(FILE);
2321 }
2322 if (-e "$acl_src_unrestricted_ip") {
2323 open(FILE,"$acl_src_unrestricted_ip");
2324 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2325 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2326 close(FILE);
2327 }
2328 if (-e "$acl_src_unrestricted_mac") {
2329 open(FILE,"$acl_src_unrestricted_mac");
2330 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2331 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2332 close(FILE);
2333 }
2334 if (-e "$acl_dst_nocache") {
2335 open(FILE,"$acl_dst_nocache");
2336 delete $proxysettings{'DST_NOCACHE'};
2337 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2338 close(FILE);
2339 }
2340 if (-e "$acl_dst_noauth") {
2341 open(FILE,"$acl_dst_noauth");
2342 delete $proxysettings{'DST_NOAUTH'};
2343 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2344 close(FILE);
2345 }
2346 if (-e "$acl_dst_noproxy_ip") {
2347 open(FILE,"$acl_dst_noproxy_ip");
2348 delete $proxysettings{'DST_NOPROXY_IP'};
2349 while (<FILE>) { $proxysettings{'DST_NOPROXY_IP'} .= $_ };
2350 close(FILE);
2351 }
2352 if (-e "$acl_dst_noproxy_url") {
2353 open(FILE,"$acl_dst_noproxy_url");
2354 delete $proxysettings{'DST_NOPROXY_URL'};
2355 while (<FILE>) { $proxysettings{'DST_NOPROXY_URL'} .= $_ };
2356 close(FILE);
2357 }
2358 if (-e "$acl_ports_safe") {
2359 open(FILE,"$acl_ports_safe");
2360 delete $proxysettings{'PORTS_SAFE'};
2361 while (<FILE>) { $proxysettings{'PORTS_SAFE'} .= $_ };
2362 close(FILE);
2363 }
2364 if (-e "$acl_ports_ssl") {
2365 open(FILE,"$acl_ports_ssl");
2366 delete $proxysettings{'PORTS_SSL'};
2367 while (<FILE>) { $proxysettings{'PORTS_SSL'} .= $_ };
2368 close(FILE);
2369 }
2370 if (-e "$mimetypes") {
2371 open(FILE,"$mimetypes");
2372 delete $proxysettings{'MIME_TYPES'};
2373 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2374 close(FILE);
2375 }
2376 if (-e "$raddir/radauth.allowusers") {
2377 open(FILE,"$raddir/radauth.allowusers");
2378 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2379 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2380 close(FILE);
2381 }
2382 if (-e "$raddir/radauth.denyusers") {
2383 open(FILE,"$raddir/radauth.denyusers");
2384 delete $proxysettings{'RADIUS_DENY_USERS'};
2385 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2386 close(FILE);
2387 }
2388 if (-e "$identdir/identauth.allowusers") {
2389 open(FILE,"$identdir/identauth.allowusers");
2390 delete $proxysettings{'IDENT_ALLOW_USERS'};
2391 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2392 close(FILE);
2393 }
2394 if (-e "$identdir/identauth.denyusers") {
2395 open(FILE,"$identdir/identauth.denyusers");
2396 delete $proxysettings{'IDENT_DENY_USERS'};
2397 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2398 close(FILE);
2399 }
2400 if (-e "$identhosts") {
2401 open(FILE,"$identhosts");
2402 delete $proxysettings{'IDENT_HOSTS'};
2403 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2404 close(FILE);
2405 }
2406 if (-e "$cre_groups") {
2407 open(FILE,"$cre_groups");
2408 delete $proxysettings{'CRE_GROUPS'};
2409 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2410 close(FILE);
2411 }
2412 if (-e "$cre_svhosts") {
2413 open(FILE,"$cre_svhosts");
2414 delete $proxysettings{'CRE_SVHOSTS'};
2415 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2416 close(FILE);
2417 }
2418 }
2419
2420 # -------------------------------------------------------------------
2421
2422 sub check_acls
2423 {
2424 @temp = split(/\n/,$proxysettings{'PORTS_SAFE'});
2425 undef $proxysettings{'PORTS_SAFE'};
2426 foreach (@temp)
2427 {
2428 s/^\s+//g; s/\s+$//g;
2429 if ($_)
2430 {
2431 $line = $_;
2432 if (/^[^#]+\s+#\sSquids\sport/) { s/(^[^#]+)(\s+#\sSquids\sport)/$proxysettings{'PROXY_PORT'}\2/; $line=$_; }
2433 s/#.*//g; s/\s+//g;
2434 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2435 @templist = split(/-/);
2436 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2437 $proxysettings{'PORTS_SAFE'} .= $line."\n";
2438 }
2439 }
2440
2441 @temp = split(/\n/,$proxysettings{'PORTS_SSL'});
2442 undef $proxysettings{'PORTS_SSL'};
2443 foreach (@temp)
2444 {
2445 s/^\s+//g; s/\s+$//g;
2446 if ($_)
2447 {
2448 $line = $_;
2449 s/#.*//g; s/\s+//g;
2450 if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
2451 @templist = split(/-/);
2452 foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
2453 $proxysettings{'PORTS_SSL'} .= $line."\n";
2454 }
2455 }
2456
2457 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2458 undef $proxysettings{'DST_NOCACHE'};
2459 foreach (@temp)
2460 {
2461 s/^\s+//g;
2462 unless (/^#/) { s/\s+//g; }
2463 if ($_)
2464 {
2465 if (/^\./) { $_ = '*'.$_; }
2466 $proxysettings{'DST_NOCACHE'} .= $_."\n";
2467 }
2468 }
2469
2470 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2471 undef $proxysettings{'SRC_SUBNETS'};
2472 foreach (@temp)
2473 {
2474 s/^\s+//g; s/\s+$//g;
2475 if ($_)
2476 {
2477 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2478 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2479 }
2480 }
2481
2482 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2483 undef $proxysettings{'SRC_BANNED_IP'};
2484 foreach (@temp)
2485 {
2486 s/^\s+//g; s/\s+$//g;
2487 if ($_)
2488 {
2489 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2490 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2491 }
2492 }
2493
2494 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2495 undef $proxysettings{'SRC_BANNED_MAC'};
2496 foreach (@temp)
2497 {
2498 s/^\s+//g; s/\s+$//g; s/-/:/g;
2499 if ($_)
2500 {
2501 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2502 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2503 }
2504 }
2505
2506 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2507 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2508 foreach (@temp)
2509 {
2510 s/^\s+//g; s/\s+$//g;
2511 if ($_)
2512 {
2513 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2514 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2515 }
2516 }
2517
2518 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2519 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2520 foreach (@temp)
2521 {
2522 s/^\s+//g; s/\s+$//g; s/-/:/g;
2523 if ($_)
2524 {
2525 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2526 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2527 }
2528 }
2529
2530 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2531 undef $proxysettings{'DST_NOAUTH'};
2532 foreach (@temp)
2533 {
2534 s/^\s+//g;
2535 unless (/^#/) { s/\s+//g; }
2536 if ($_)
2537 {
2538 if (/^\./) { $_ = '*'.$_; }
2539 $proxysettings{'DST_NOAUTH'} .= $_."\n";
2540 }
2541 }
2542
2543 @temp = split(/\n/,$proxysettings{'DST_NOPROXY_IP'});
2544 undef $proxysettings{'DST_NOPROXY_IP'};
2545 foreach (@temp)
2546 {
2547 s/^\s+//g; s/\s+$//g;
2548 if ($_)
2549 {
2550 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg wpad invalid ip or mask'}; }
2551 $proxysettings{'DST_NOPROXY_IP'} .= $_."\n";
2552 }
2553 }
2554
2555 @temp = split(/\n/,$proxysettings{'DST_NOPROXY_URL'});
2556 undef $proxysettings{'DST_NOPROXY_URL'};
2557 foreach (@temp)
2558 {
2559 s/^\s+//g;
2560 unless (/^#/) { s/\s+//g; }
2561 if ($_)
2562 {
2563 if (/^\./) { $_ = '*'.$_; }
2564 $proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
2565 }
2566 }
2567
2568 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2569 {
2570 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2571 undef $proxysettings{'NTLM_ALLOW_USERS'};
2572 foreach (@temp)
2573 {
2574 s/^\s+//g; s/\s+$//g;
2575 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2576 }
2577 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2578 }
2579
2580 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2581 {
2582 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2583 undef $proxysettings{'NTLM_DENY_USERS'};
2584 foreach (@temp)
2585 {
2586 s/^\s+//g; s/\s+$//g;
2587 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2588 }
2589 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2590 }
2591
2592 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2593 {
2594 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2595 undef $proxysettings{'IDENT_ALLOW_USERS'};
2596 foreach (@temp)
2597 {
2598 s/^\s+//g; s/\s+$//g;
2599 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2600 }
2601 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2602 }
2603
2604 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2605 {
2606 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2607 undef $proxysettings{'IDENT_DENY_USERS'};
2608 foreach (@temp)
2609 {
2610 s/^\s+//g; s/\s+$//g;
2611 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2612 }
2613 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2614 }
2615
2616 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2617 {
2618 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2619 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2620 foreach (@temp)
2621 {
2622 s/^\s+//g; s/\s+$//g;
2623 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2624 }
2625 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2626 }
2627
2628 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2629 {
2630 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2631 undef $proxysettings{'RADIUS_DENY_USERS'};
2632 foreach (@temp)
2633 {
2634 s/^\s+//g; s/\s+$//g;
2635 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2636 }
2637 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2638 }
2639
2640 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2641 undef $proxysettings{'IDENT_HOSTS'};
2642 foreach (@temp)
2643 {
2644 s/^\s+//g; s/\s+$//g;
2645 if ($_)
2646 {
2647 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2648 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2649 }
2650 }
2651
2652 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2653 undef $proxysettings{'CRE_SVHOSTS'};
2654 foreach (@temp)
2655 {
2656 s/^\s+//g; s/\s+$//g;
2657 if ($_)
2658 {
2659 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2660 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2661 }
2662 }
2663 }
2664
2665 # -------------------------------------------------------------------
2666
2667 sub write_acls
2668 {
2669 open(FILE, ">$acl_src_subnets");
2670 flock(FILE, 2);
2671 if (!$proxysettings{'SRC_SUBNETS'})
2672 {
2673 print FILE "$green_cidr\n";
2674 if ($netsettings{'BLUE_DEV'})
2675 {
2676 print FILE "$blue_cidr\n";
2677 }
2678 } else { print FILE $proxysettings{'SRC_SUBNETS'}; }
2679 close(FILE);
2680
2681 open(FILE, ">$acl_src_banned_ip");
2682 flock(FILE, 2);
2683 print FILE $proxysettings{'SRC_BANNED_IP'};
2684 close(FILE);
2685
2686 open(FILE, ">$acl_src_banned_mac");
2687 flock(FILE, 2);
2688 print FILE $proxysettings{'SRC_BANNED_MAC'};
2689 close(FILE);
2690
2691 open(FILE, ">$acl_src_unrestricted_ip");
2692 flock(FILE, 2);
2693 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2694 close(FILE);
2695
2696 open(FILE, ">$acl_src_unrestricted_mac");
2697 flock(FILE, 2);
2698 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2699 close(FILE);
2700
2701 open(FILE, ">$acl_dst_noauth");
2702 flock(FILE, 2);
2703 print FILE $proxysettings{'DST_NOAUTH'};
2704 close(FILE);
2705
2706 open(FILE, ">$acl_dst_noproxy_ip");
2707 flock(FILE, 2);
2708 print FILE $proxysettings{'DST_NOPROXY_IP'};
2709 close(FILE);
2710
2711 open(FILE, ">$acl_dst_noproxy_url");
2712 flock(FILE, 2);
2713 print FILE $proxysettings{'DST_NOPROXY_URL'};
2714 close(FILE);
2715
2716 open(FILE, ">$acl_dst_noauth_net");
2717 close(FILE);
2718 open(FILE, ">$acl_dst_noauth_dom");
2719 close(FILE);
2720 open(FILE, ">$acl_dst_noauth_url");
2721 close(FILE);
2722
2723 @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
2724 foreach(@temp)
2725 {
2726 unless (/^#/)
2727 {
2728 if (/^\*\.\w/)
2729 {
2730 s/^\*//;
2731 open(FILE, ">>$acl_dst_noauth_dom");
2732 flock(FILE, 2);
2733 print FILE "$_\n";
2734 close(FILE);
2735 }
2736 elsif (&General::validipormask($_))
2737 {
2738 open(FILE, ">>$acl_dst_noauth_net");
2739 flock(FILE, 2);
2740 print FILE "$_\n";
2741 close(FILE);
2742 }
2743 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2744 {
2745 open(FILE, ">>$acl_dst_noauth_net");
2746 flock(FILE, 2);
2747 print FILE "$_\n";
2748 close(FILE);
2749 }
2750 else
2751 {
2752 open(FILE, ">>$acl_dst_noauth_url");
2753 flock(FILE, 2);
2754 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2755 close(FILE);
2756 }
2757 }
2758 }
2759
2760 open(FILE, ">$acl_dst_nocache");
2761 flock(FILE, 2);
2762 print FILE $proxysettings{'DST_NOCACHE'};
2763 close(FILE);
2764
2765 open(FILE, ">$acl_dst_nocache_net");
2766 close(FILE);
2767 open(FILE, ">$acl_dst_nocache_dom");
2768 close(FILE);
2769 open(FILE, ">$acl_dst_nocache_url");
2770 close(FILE);
2771
2772 @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
2773 foreach(@temp)
2774 {
2775 unless (/^#/)
2776 {
2777 if (/^\*\.\w/)
2778 {
2779 s/^\*//;
2780 open(FILE, ">>$acl_dst_nocache_dom");
2781 flock(FILE, 2);
2782 print FILE "$_\n";
2783 close(FILE);
2784 }
2785 elsif (&General::validipormask($_))
2786 {
2787 open(FILE, ">>$acl_dst_nocache_net");
2788 flock(FILE, 2);
2789 print FILE "$_\n";
2790 close(FILE);
2791 }
2792 elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
2793 {
2794 open(FILE, ">>$acl_dst_nocache_net");
2795 flock(FILE, 2);
2796 print FILE "$_\n";
2797 close(FILE);
2798 }
2799 else
2800 {
2801 open(FILE, ">>$acl_dst_nocache_url");
2802 flock(FILE, 2);
2803 if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
2804 close(FILE);
2805 }
2806 }
2807 }
2808
2809 open(FILE, ">$acl_ports_safe");
2810 flock(FILE, 2);
2811 if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; }
2812 close(FILE);
2813
2814 open(FILE, ">$acl_ports_ssl");
2815 flock(FILE, 2);
2816 if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; }
2817 close(FILE);
2818
2819 if (-s $throttled_urls)
2820 {
2821 open(URLFILE, $throttled_urls);
2822 @temp = <URLFILE>;
2823 close(URLFILE);
2824 foreach (@temp) { print FILE; }
2825 }
2826 close(FILE);
2827
2828 open(FILE, ">$mimetypes");
2829 flock(FILE, 2);
2830 print FILE $proxysettings{'MIME_TYPES'};
2831 close(FILE);
2832
2833 open(FILE, ">$raddir/radauth.allowusers");
2834 flock(FILE, 2);
2835 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2836 close(FILE);
2837
2838 open(FILE, ">$raddir/radauth.denyusers");
2839 flock(FILE, 2);
2840 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2841 close(FILE);
2842
2843 open(FILE, ">$identdir/identauth.allowusers");
2844 flock(FILE, 2);
2845 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2846 close(FILE);
2847
2848 open(FILE, ">$identdir/identauth.denyusers");
2849 flock(FILE, 2);
2850 print FILE $proxysettings{'IDENT_DENY_USERS'};
2851 close(FILE);
2852
2853 open(FILE, ">$identhosts");
2854 flock(FILE, 2);
2855 print FILE $proxysettings{'IDENT_HOSTS'};
2856 close(FILE);
2857
2858 open(FILE, ">$cre_groups");
2859 flock(FILE, 2);
2860 print FILE $proxysettings{'CRE_GROUPS'};
2861 close(FILE);
2862
2863 open(FILE, ">$cre_svhosts");
2864 flock(FILE, 2);
2865 print FILE $proxysettings{'CRE_SVHOSTS'};
2866 close(FILE);
2867 }
2868
2869 # -------------------------------------------------------------------
2870
2871 sub writepacfile
2872 {
2873 my %vpnconfig=();
2874 my %ovpnconfig=();
2875 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
2876 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig);
2877 open(FILE, ">/srv/web/ipfire/html/proxy.pac");
2878 flock(FILE, 2);
2879 print FILE "function FindProxyForURL(url, host)\n";
2880 print FILE "{\n";
2881 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2882 {
2883 print FILE <<END
2884 if (
2885 (isPlainHostName(host)) ||
2886 (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
2887 END
2888 ;
2889
2890 if ($netsettings{'GREEN_DEV'}) {
2891 print FILE " (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
2892 }
2893
2894 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
2895 print FILE " (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
2896 }
2897
2898 if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
2899 print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
2900 }
2901
2902 # Additional exceptions for URLs
2903 # The file has to be created by the user and should contain one entry per line
2904 # Line-Format: <URL incl. wildcards>
2905 # e.g. *.ipfire.org*
2906 if (-s "$acl_dst_noproxy_url") {
2907 undef @templist;
2908
2909 open(NOPROXY,"$acl_dst_noproxy_url");
2910 @templist = <NOPROXY>;
2911 close(NOPROXY);
2912 chomp (@templist);
2913
2914 foreach (@templist)
2915 {
2916 print FILE " (shExpMatch(url, \"$_\")) ||\n";
2917 }
2918 }
2919
2920 # Additional exceptions for Subnets
2921 # The file has to be created by the user and should contain one entry per line
2922 # Line-Format: <IP>/<SUBNET MASK>
2923 # e.g. 192.168.0.0/255.255.255.0
2924 if (-s "$acl_dst_noproxy_ip") {
2925 undef @templist;
2926
2927 open(NOPROXY,"$acl_dst_noproxy_ip");
2928 @templist = <NOPROXY>;
2929 close(NOPROXY);
2930 chomp (@templist);
2931
2932 foreach (@templist)
2933 {
2934 @temp = split(/\//);
2935 print FILE " (isInNet(host, \"$temp[0]\", \"$temp[1]\")) ||\n";
2936 }
2937 }
2938
2939 foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
2940 if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {
2941 my @networks = split(/\|/, $vpnconfig{$key}[11]);
2942 foreach my $network (@networks) {
2943 my ($vpnip, $vpnsub) = split("/", $network);
2944 $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
2945 print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
2946 }
2947 }
2948 }
2949
2950 foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
2951 if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {
2952 my @networks = split(/\|/, $ovpnconfig{$key}[11]);
2953 foreach my $network (@networks) {
2954 my ($vpnip, $vpnsub) = split("/", $network);
2955 print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
2956 }
2957 }
2958 }
2959
2960 print FILE <<END
2961 (isInNet(host, "169.254.0.0", "255.255.0.0"))
2962 )
2963 return "DIRECT";
2964
2965 else
2966
2967 END
2968 ;
2969 if ($proxysettings{'ENABLE'} eq 'on')
2970 {
2971 print FILE "if (\n";
2972 print FILE " (isInNet(myIpAddress(), \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\"))";
2973
2974 undef @templist;
2975 if (-e "$acl_src_subnets") {
2976 open(SUBNETS,"$acl_src_subnets");
2977 @templist = <SUBNETS>;
2978 close(SUBNETS);
2979 }
2980
2981 foreach (@templist)
2982 {
2983 @temp = split(/\//);
2984 if (
2985 ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
2986 ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
2987 )
2988 {
2989 chomp $temp[1];
2990 my $tempmask = &Network::convert_prefix2netmask($temp[1]);
2991 print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$tempmask\"))";
2992 }
2993 }
2994
2995 print FILE "\n";
2996
2997 print FILE <<END
2998 )
2999 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3000 END
3001 ;
3002 }
3003 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
3004 {
3005 print FILE "\n else\n\n";
3006 }
3007 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
3008 {
3009 print FILE <<END
3010 if (
3011 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
3012 )
3013 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3014 END
3015 ;
3016 }
3017 }
3018 print FILE "}\n";
3019 close(FILE);
3020 }
3021
3022 # -------------------------------------------------------------------
3023
3024 sub writeconfig
3025 {
3026 my $authrealm;
3027 my $delaypools;
3028
3029 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
3030 $proxysettings{'THROTTLING_GREEN_HOST'} +
3031 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
3032 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
3033 {
3034 $delaypools = 1; } else { $delaypools = 0;
3035 }
3036
3037 if ($proxysettings{'AUTH_REALM'} eq '')
3038 {
3039 $authrealm = "IPFire Advanced Proxy Server";
3040 } else {
3041 $authrealm = $proxysettings{'AUTH_REALM'};
3042 }
3043
3044 $_ = $proxysettings{'UPSTREAM_PROXY'};
3045 my ($remotehost, $remoteport) = split(/:/,$_);
3046
3047 if ($remoteport eq '') { $remoteport = 80; }
3048
3049 open(FILE, ">${General::swroot}/proxy/squid.conf");
3050 flock(FILE, 2);
3051 print FILE <<END
3052 # Do not modify '${General::swroot}/proxy/squid.conf' directly since any changes
3053 # you make will be overwritten whenever you resave proxy settings using the
3054 # web interface!
3055 #
3056 # Instead, modify the file '$acl_include' and
3057 # then restart the proxy service using the web interface. Changes made to the
3058 # 'include.acl' file will propagate to the 'squid.conf' file at that time.
3059
3060 shutdown_lifetime 5 seconds
3061 icp_port 0
3062
3063 END
3064 ;
3065
3066 # Include file with user defined settings.
3067 if (-e "/etc/squid/squid.conf.pre.local") {
3068 print FILE "include /etc/squid/squid.conf.pre.local\n\n";
3069 }
3070
3071 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3072 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3073 print FILE "\n";
3074
3075 if ($proxysettings{'TRANSPARENT'} eq 'on') {
3076 print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3077 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3078 print FILE "\n";
3079 }
3080
3081 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3082 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
3083 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3084 print FILE "\n";
3085
3086 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
3087 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
3088 if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
3089 print FILE "\n";
3090 }
3091 }
3092
3093 if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0))
3094 {
3095 print FILE "\n";
3096
3097 if (!-z $acl_dst_nocache_dom) {
3098 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
3099 print FILE "cache deny no_cache_domains\n";
3100 }
3101 if (!-z $acl_dst_nocache_net) {
3102 print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
3103 print FILE "cache deny no_cache_ipaddr\n";
3104 }
3105 if (!-z $acl_dst_nocache_url) {
3106 print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
3107 print FILE "cache deny no_cache_hosts\n";
3108 }
3109 }
3110
3111 print FILE <<END
3112
3113 cache_effective_user squid
3114 umask 022
3115
3116 pid_filename /var/run/squid.pid
3117
3118 cache_mem $proxysettings{'CACHE_MEM'} MB
3119 END
3120 ;
3121 print FILE "error_directory $errordir/$proxysettings{'ERR_LANGUAGE'}\n\n";
3122
3123 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
3124 if ($proxysettings{'CACHE_DIGESTS'} eq 'on') { print FILE "digest_generation on\n\n"; } else { print FILE "digest_generation off\n\n"; }
3125
3126 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
3127 {
3128 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
3129 {
3130 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
3131 }
3132 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
3133 {
3134 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
3135 }
3136 print FILE "\n";
3137 }
3138
3139 open (PORTS,"$acl_ports_ssl");
3140 my @ssl_ports = <PORTS>;
3141 close PORTS;
3142
3143 if (@ssl_ports) {
3144 foreach (@ssl_ports) {
3145 print FILE "acl SSL_ports port $_";
3146 }
3147 }
3148
3149 open (PORTS,"$acl_ports_safe");
3150 my @safe_ports = <PORTS>;
3151 close PORTS;
3152
3153 if (@safe_ports) {
3154 foreach (@safe_ports) {
3155 print FILE "acl Safe_ports port $_";
3156 }
3157 }
3158
3159 print FILE <<END
3160
3161 acl IPFire_http port $http_port
3162 acl IPFire_https port $https_port
3163 acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
3164 acl IPFire_networks src "$acl_src_subnets"
3165 acl IPFire_servers dst "$acl_src_subnets"
3166 acl IPFire_green_network src $green_cidr
3167 acl IPFire_green_servers dst $green_cidr
3168 END
3169 ;
3170 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
3171 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
3172 if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
3173 if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
3174 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
3175 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
3176 print FILE <<END
3177 acl CONNECT method CONNECT
3178 END
3179 ;
3180
3181 if ($proxysettings{'CACHE_SIZE'} > 0) {
3182 print FILE <<END
3183 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3184 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3185
3186 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
3187 END
3188 ;
3189 } else {
3190 if ($proxysettings{'CACHE_MEM'} > 0) {
3191 # always 2% of CACHE_MEM defined as max object size
3192 print FILE "maximum_object_size_in_memory " . int($proxysettings{'CACHE_MEM'} * 1024 * 0.02) . " KB\n\n";
3193 } else {
3194 print FILE "cache deny all\n\n";
3195 }
3196 }
3197
3198 print FILE <<END
3199 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3200 END
3201 ;
3202
3203 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3204 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
3205 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
3206 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3207 {
3208 if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
3209 }
3210 }
3211
3212 if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
3213 {
3214 print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
3215 }
3216
3217 if ($proxysettings{'LOGGING'} eq 'on')
3218 {
3219 print FILE <<END
3220 access_log stdio:/var/log/squid/access.log
3221 cache_log /var/log/squid/cache.log
3222 cache_store_log none
3223 END
3224 ;
3225 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "access_log stdio:\/var\/log\/squid\/user_agent.log useragent\n"; }
3226 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
3227 } else {
3228 print FILE <<END
3229 access_log /dev/null
3230 cache_log /dev/null
3231 cache_store_log none
3232 END
3233 ;}
3234 print FILE <<END
3235
3236 log_mime_hdrs off
3237 END
3238 ;
3239
3240 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
3241 {
3242 print FILE "forwarded_for on\n";
3243 } else {
3244 print FILE "forwarded_for off\n";
3245 }
3246 if ($proxysettings{'FORWARD_VIA'} eq 'on')
3247 {
3248 print FILE "via on\n";
3249 } else {
3250 print FILE "via off\n";
3251 }
3252 print FILE "\n";
3253
3254 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3255 {
3256 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3257 {
3258 print FILE "auth_param basic program $authdir/basic_ncsa_auth $userdb\n";
3259 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3260 print FILE "auth_param basic realm $authrealm\n";
3261 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3262 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3263 }
3264
3265 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
3266 {
3267 print FILE "auth_param basic utf8 on\n";
3268 print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
3269 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
3270 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
3271 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
3272 {
3273 if ($proxysettings{'LDAP_GROUP'} eq '')
3274 {
3275 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
3276 } else {
3277 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3278 }
3279 print FILE " -u sAMAccountName -P";
3280 }
3281 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
3282 {
3283 if ($proxysettings{'LDAP_GROUP'} eq '')
3284 {
3285 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
3286 } else {
3287 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
3288 }
3289 print FILE " -u cn -P";
3290 }
3291 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
3292 {
3293 if ($proxysettings{'LDAP_GROUP'} eq '')
3294 {
3295 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
3296 } else {
3297 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
3298 }
3299 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
3300 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
3301 print FILE " -u uid -P";
3302 }
3303 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
3304 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3305 print FILE "auth_param basic realm $authrealm\n";
3306 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3307 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3308 }
3309
3310 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
3311 {
3312 print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp";
3313 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3314 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3315 $ntlm_auth_group =~ s/\\/\+/;
3316
3317 print FILE " --require-membership-of=$ntlm_auth_group";
3318 }
3319 print FILE "\n";
3320
3321 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
3322 print FILE "auth_param ntlm credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
3323
3324 # BASIC authentication
3325 if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
3326 print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic";
3327 if ($proxysettings{'NTLM_AUTH_GROUP'}) {
3328 my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
3329 $ntlm_auth_group =~ s/\\/\+/;
3330
3331 print FILE " --require-membership-of=$ntlm_auth_group";
3332 }
3333 print FILE "\n";
3334 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3335 print FILE "auth_param basic realm $authrealm\n";
3336 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
3337 }
3338 }
3339
3340 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
3341 {
3342 print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
3343 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
3344 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
3345 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
3346 print FILE "auth_param basic realm $authrealm\n";
3347 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
3348 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
3349 }
3350
3351 print FILE "\n";
3352 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
3353 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3354 {
3355 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
3356 {
3357 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
3358 }
3359 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
3360 {
3361 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
3362 }
3363 }
3364 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3365 {
3366 print FILE "\n";
3367 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
3368 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
3369 }
3370 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
3371 print FILE "\n";
3372
3373 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3374 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3375 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3376 print FILE "\n";
3377
3378 }
3379
3380 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3381 {
3382 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
3383 {
3384 print FILE "acl for_inetusers ident REQUIRED\n";
3385 }
3386 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
3387 {
3388 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
3389 {
3390 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
3391 }
3392 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
3393 {
3394 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
3395 }
3396 }
3397 if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
3398 if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
3399 if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
3400 print FILE "\n";
3401 }
3402
3403 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
3404
3405 print FILE "acl within_timeframe time ";
3406 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
3407 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
3408 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
3409 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
3410 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
3411 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
3412 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
3413 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
3414 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
3415 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
3416 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
3417
3418 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3419 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
3420 }
3421
3422 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
3423 print FILE <<END
3424
3425 #Classroom extensions
3426 acl IPFire_no_access_ips src "$acl_src_noaccess_ip"
3427 acl IPFire_no_access_mac arp "$acl_src_noaccess_mac"
3428 END
3429 ;
3430 print FILE "deny_info ";
3431 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3432 {
3433 print FILE "ERR_ACCESS_DISABLED";
3434 } else {
3435 print FILE "ERR_ACCESS_DENIED";
3436 }
3437 print FILE " IPFire_no_access_ips\n";
3438 print FILE "deny_info ";
3439 if (($proxysettings{'ERR_DESIGN'} eq 'squid') && (-e "$errordir/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED"))
3440 {
3441 print FILE "ERR_ACCESS_DISABLED";
3442 } else {
3443 print FILE "ERR_ACCESS_DENIED";
3444 }
3445 print FILE " IPFire_no_access_mac\n";
3446
3447 print FILE <<END
3448 http_access deny IPFire_no_access_ips
3449 http_access deny IPFire_no_access_mac
3450 END
3451 ;
3452 }
3453
3454 #Insert acl file and replace __VAR__ with correct values
3455 my $blue_net = ''; #BLUE empty by default
3456 my $blue_ip = '';
3457 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
3458 $blue_net = "$blue_cidr";
3459 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
3460 }
3461 if (!-z $acl_include)
3462 {
3463 open (ACL, "$acl_include");
3464 print FILE "\n#Start of custom includes\n\n";
3465 while (<ACL>) {
3466 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
3467 $_ =~ s/__GREEN_NET__/$green_cidr/;
3468 $_ =~ s/__BLUE_IP__/$blue_ip/;
3469 $_ =~ s/__BLUE_NET__/$blue_net/;
3470 $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
3471 print FILE $_;
3472 }
3473 print FILE "\n#End of custom includes\n";
3474 close (ACL);
3475 }
3476 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
3477
3478 # Check if squidclamav is enabled.
3479 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3480 print FILE "\n#Settings for squidclamav:\n";
3481 print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
3482 print FILE "acl purge method PURGE\n";
3483 print FILE "http_access deny to_localhost\n";
3484 print FILE "http_access allow localhost\n";
3485 print FILE "http_access allow purge localhost\n";
3486 print FILE "http_access deny purge\n";
3487 print FILE "url_rewrite_access deny localhost\n";
3488 }
3489 print FILE <<END;
3490
3491 #Access to squid:
3492 #local machine, no restriction
3493 http_access allow localhost
3494
3495 #GUI admin if local machine connects
3496 http_access allow IPFire_ips IPFire_networks IPFire_http
3497 http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
3498
3499 #Deny not web services
3500 END
3501
3502 if (@safe_ports) {
3503 print FILE "http_access deny !Safe_ports\n";
3504 }
3505
3506 if (@ssl_ports) {
3507 print FILE "http_access deny CONNECT !SSL_ports\n";
3508 }
3509
3510 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3511 {
3512 print FILE "#Set ident ACLs\n";
3513 if (!-z $identhosts)
3514 {
3515 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3516 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3517 print FILE "ident_lookup_access deny all\n";
3518 } else {
3519 print FILE "ident_lookup_access allow all\n";
3520 }
3521 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3522 }
3523
3524 if ($delaypools) {
3525 print FILE "#Set download throttling\n";
3526
3527 if ($netsettings{'BLUE_DEV'})
3528 {
3529 print FILE "delay_pools 2\n";
3530 } else {
3531 print FILE "delay_pools 1\n";
3532 }
3533
3534 print FILE "delay_class 1 3\n";
3535 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3536
3537 print FILE "delay_parameters 1 ";
3538 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3539 {
3540 print FILE "-1/-1";
3541 } else {
3542 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3543 print FILE "/";
3544 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3545 }
3546
3547 print FILE " -1/-1 ";
3548 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3549 {
3550 print FILE "-1/-1";
3551 } else {
3552 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3553 print FILE "/";
3554 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3555 }
3556 print FILE "\n";
3557
3558 if ($netsettings{'BLUE_DEV'})
3559 {
3560 print FILE "delay_parameters 2 ";
3561 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3562 {
3563 print FILE "-1/-1";
3564 } else {
3565 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3566 print FILE "/";
3567 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3568 }
3569 print FILE " -1/-1 ";
3570 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3571 {
3572 print FILE "-1/-1";
3573 } else {
3574 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3575 print FILE "/";
3576 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3577 }
3578 print FILE "\n";
3579 }
3580
3581 print FILE "delay_access 1 deny IPFire_ips\n";
3582 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPFire_unrestricted_ips\n"; }
3583 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPFire_unrestricted_mac\n"; }
3584 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3585
3586 if ($netsettings{'BLUE_DEV'})
3587 {
3588 print FILE "delay_access 1 allow IPFire_green_network";
3589 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3590 print FILE "\n";
3591 print FILE "delay_access 1 deny all\n";
3592 } else {
3593 print FILE "delay_access 1 allow all";
3594 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3595 print FILE "\n";
3596 }
3597
3598 if ($netsettings{'BLUE_DEV'})
3599 {
3600 print FILE "delay_access 2 deny IPFire_ips\n";
3601 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPFire_unrestricted_ips\n"; }
3602 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPFire_unrestricted_mac\n"; }
3603 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3604 print FILE "delay_access 2 allow IPFire_blue_network";
3605 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3606 print FILE "\n";
3607 print FILE "delay_access 2 deny all\n";
3608 }
3609
3610 print FILE "delay_initial_bucket_level 100\n";
3611 print FILE "\n";
3612 }
3613
3614 if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
3615 {
3616 print FILE "#Prevent internal proxy access to Green except IPFire itself\n";
3617 print FILE "http_access deny IPFire_green_servers !IPFire_ips !IPFire_green_network\n\n";
3618 }
3619
3620 if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
3621 {
3622 print FILE "#Prevent internal proxy access from Blue except IPFire itself\n";
3623 print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
3624 print FILE "http_access deny IPFire_blue_network !IPFire_ips IPFire_servers\n\n";
3625 }
3626
3627 print FILE <<END
3628 #Set custom configured ACLs
3629 END
3630 ;
3631 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPFire_banned_ips\n"; }
3632 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPFire_banned_mac\n"; }
3633
3634 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3635 {
3636 if (!-z $acl_src_unrestricted_ip)
3637 {
3638 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_ips to_ipaddr_without_auth\n"; }
3639 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_ips to_domains_without_auth\n"; }
3640 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_ips to_hosts_without_auth\n"; }
3641 }
3642 if (!-z $acl_src_unrestricted_mac)
3643 {
3644 if (!-z $acl_dst_noauth_net) { print FILE "http_access allow IPFire_unrestricted_mac to_ipaddr_without_auth\n"; }
3645 if (!-z $acl_dst_noauth_dom) { print FILE "http_access allow IPFire_unrestricted_mac to_domains_without_auth\n"; }
3646 if (!-z $acl_dst_noauth_url) { print FILE "http_access allow IPFire_unrestricted_mac to_hosts_without_auth\n"; }
3647 }
3648 if (!-z $acl_dst_noauth_net)
3649 {
3650 print FILE "http_access allow IPFire_networks";
3651 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3652 print FILE " !within_timeframe";
3653 } else {
3654 print FILE " within_timeframe"; }
3655 print FILE " to_ipaddr_without_auth\n";
3656 }
3657 if (!-z $acl_dst_noauth_dom)
3658 {
3659 print FILE "http_access allow IPFire_networks";
3660 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3661 print FILE " !within_timeframe";
3662 } else {
3663 print FILE " within_timeframe"; }
3664 print FILE " to_domains_without_auth\n";
3665 }
3666 if (!-z $acl_dst_noauth_url)
3667 {
3668 print FILE "http_access allow IPFire_networks";
3669 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3670 print FILE " !within_timeframe";
3671 } else {
3672 print FILE " within_timeframe"; }
3673 print FILE " to_hosts_without_auth\n";
3674 }
3675 }
3676
3677 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3678 {
3679 print FILE "http_access deny !for_inetusers";
3680 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3681 print FILE "\n";
3682 }
3683
3684 if (
3685 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3686 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3687 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3688 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3689 (!-z "$identdir/identauth.denyusers")
3690 )
3691 {
3692 print FILE "http_access deny for_acl_users";
3693 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3694 print FILE "\n";
3695 }
3696
3697 if (!-z $acl_src_unrestricted_ip)
3698 {
3699 print FILE "http_access allow IPFire_unrestricted_ips";
3700 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3701 {
3702 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3703 {
3704 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3705 }
3706 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3707 {
3708 print FILE " for_inetusers";
3709 }
3710 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3711 {
3712 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3713 {
3714 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3715 {
3716 print FILE " for_acl_users";
3717 }
3718 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3719 {
3720 print FILE " !for_acl_users";
3721 }
3722 } else { print FILE " for_inetusers"; }
3723 }
3724 }
3725 print FILE "\n";
3726 }
3727
3728 if (!-z $acl_src_unrestricted_mac)
3729 {
3730 print FILE "http_access allow IPFire_unrestricted_mac";
3731 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3732 {
3733 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3734 {
3735 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3736 }
3737 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3738 {
3739 print FILE " for_inetusers";
3740 }
3741 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3742 {
3743 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3744 {
3745 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3746 {
3747 print FILE " for_acl_users";
3748 }
3749 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3750 {
3751 print FILE " !for_acl_users";
3752 }
3753 } else { print FILE " for_inetusers"; }
3754 }
3755 }
3756 print FILE "\n";
3757 }
3758
3759 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3760 {
3761 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3762 if (!-z $extgrp) { print FILE "http_access allow IPFire_networks for_extended_users\n"; }
3763 }
3764
3765 if (
3766 (
3767 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3768 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3769 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3770 (!-z "$raddir/radauth.denyusers")
3771 )
3772 ||
3773 (
3774 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3775 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3776 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3777 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3778 (!-z "$identdir/identauth.denyusers")
3779 )
3780 )
3781 {
3782 print FILE "http_access deny for_acl_users";
3783 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3784 print FILE "\n";
3785 }
3786
3787 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3788 {
3789 print FILE "http_access allow";
3790 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3791 print FILE " !within_timeframe";
3792 } else {
3793 print FILE " within_timeframe"; }
3794 print FILE " !on_ident_aware_hosts\n";
3795 }
3796
3797 print FILE "http_access allow IPFire_networks";
3798 if (
3799 (
3800 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3801 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3802 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3803 (!-z "$raddir/radauth.allowusers")
3804 )
3805 ||
3806 (
3807 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3808 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3809 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3810 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3811 (!-z "$identdir/identauth.allowusers")
3812 )
3813 )
3814 {
3815 print FILE " for_acl_users";
3816 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3817 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3818 print FILE " for_inetusers";
3819 }
3820 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3821 {
3822 print FILE " !concurrent";
3823 }
3824 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3825 print FILE " !within_timeframe";
3826 } else {
3827 print FILE " within_timeframe"; }
3828 print FILE "\n";
3829
3830 print FILE "http_access deny all\n\n";
3831
3832 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off'))
3833 {
3834 print FILE "#Strip HTTP Header\n";
3835
3836 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3837 {
3838 print FILE "request_header_access X-Forwarded-For deny all\n";
3839 print FILE "reply_header_access X-Forwarded-For deny all\n";
3840 }
3841 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3842 {
3843 print FILE "request_header_access Via deny all\n";
3844 print FILE "reply_header_access Via deny all\n";
3845 }
3846
3847 print FILE "\n";
3848
3849 }
3850
3851 if ($proxysettings{'SUPPRESS_VERSION'} eq 'on') { print FILE "httpd_suppress_version_string on\n\n" }
3852
3853 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3854 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPFire_unrestricted_ips\n"; }
3855 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPFire_unrestricted_mac\n"; }
3856 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3857 {
3858 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3859 }
3860 print FILE "http_reply_access deny blocked_mimetypes\n";
3861 print FILE "http_reply_access allow all\n\n";
3862 }
3863
3864 print FILE "visible_hostname";
3865 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3866 {
3867 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3868 } else {
3869 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3870 }
3871
3872 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
3873 if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
3874 print FILE "\n";
3875
3876 print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
3877
3878 # Write the parent proxy info, if needed.
3879 if ($remotehost ne '')
3880 {
3881 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3882
3883 # Enter authentication for the parent cache. Option format is
3884 # login=user:password ($proxy1='YES')
3885 # login=PASS ($proxy1='PASS')
3886 # login=*:password ($proxysettings{'FORWARD_USERNAME'} eq 'on')
3887 if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS'))
3888 {
3889 print FILE " login=$proxysettings{'UPSTREAM_USER'}";
3890 if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; }
3891 }
3892 elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3893
3894 print FILE "\nalways_direct allow IPFire_ips\n";
3895 print FILE "never_direct allow all\n\n";
3896 }
3897 if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
3898 {
3899 print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
3900 print FILE "url_rewrite_children ", &General::number_cpu_cores();
3901 print FILE " startup=", &General::number_cpu_cores();
3902 print FILE " idle=", &General::number_cpu_cores();
3903 print FILE " queue-size=", &General::number_cpu_cores() * 32, "\n\n";
3904 }
3905
3906 # Include file with user defined settings.
3907 if (-e "/etc/squid/squid.conf.local") {
3908 print FILE "include /etc/squid/squid.conf.local\n";
3909 }
3910 close FILE;
3911
3912 # Proxy settings for squidclamav - if installed.
3913 #
3914 # Check if squidclamav is enabled.
3915 if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
3916
3917 my $configfile='/etc/squidclamav.conf';
3918
3919 my $data = &General::read_file_utf8($configfile);
3920 $data =~ s/squid_port [0-9]+/squid_port $proxysettings{'PROXY_PORT'}/g;
3921 &General::write_file_utf8($configfile, $data);
3922 }
3923 }
3924
3925 # -------------------------------------------------------------------
3926
3927 sub adduser
3928 {
3929 my ($str_user, $str_pass, $str_group) = @_;
3930 my @groupmembers=();
3931
3932 if ($str_pass eq 'lEaVeAlOnE')
3933 {
3934 open(FILE, "$userdb");
3935 @groupmembers = <FILE>;
3936 close(FILE);
3937 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3938 &deluser($str_user);
3939 open(FILE, ">>$userdb");
3940 flock FILE,2;
3941 print FILE "$str_user$str_pass";
3942 close(FILE);
3943 } else {
3944 &deluser($str_user);
3945
3946 my %htpasswd_options = (
3947 passwdFile => "$userdb",
3948 UseMD5 => 1,
3949 );
3950
3951 my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);
3952
3953 $htpasswd->htpasswd($str_user, $str_pass);
3954 }
3955
3956 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3957 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3958 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3959 flock FILE, 2;
3960 print FILE "$str_user\n";
3961 close(FILE);
3962
3963 return;
3964 }
3965
3966 # -------------------------------------------------------------------
3967
3968 sub deluser
3969 {
3970 my ($str_user) = @_;
3971 my $groupfile='';
3972 my @groupmembers=();
3973 my @templist=();
3974
3975 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3976 {
3977 undef @templist;
3978 open(FILE, "$groupfile");
3979 @groupmembers = <FILE>;
3980 close(FILE);
3981 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3982 open(FILE, ">$groupfile");
3983 flock FILE, 2;
3984 print FILE @templist;
3985 close(FILE);
3986 }
3987
3988 undef @templist;
3989 open(FILE, "$userdb");
3990 @groupmembers = <FILE>;
3991 close(FILE);
3992 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3993 open(FILE, ">$userdb");
3994 flock FILE, 2;
3995 print FILE @templist;
3996 close(FILE);
3997
3998 return;
3999 }
4000
4001 # -------------------------------------------------------------------
4002
4003 sub writecachemgr
4004 {
4005 open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
4006 flock(FILE, 2);
4007 print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
4008 print FILE "localhost";
4009 close(FILE);
4010 return;
4011 }
4012
4013 # -------------------------------------------------------------------
Peter's tree of IPFire 2.x