]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
HinzugefĆ¼gt:
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 #
3 # IPCop CGIs
4 #
5 # This code is distributed under the terms of the GPL
6 #
7 # $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $
8 #
9
10 use strict;
11
12 # enable only the following on debugging purpose
13 #use warnings;
14 #use CGI::Carp 'fatalsToBrowser';
15
16 use IO::Socket;
17
18 require '/var/ipfire/general-functions.pl';
19 require "${General::swroot}/lang.pl";
20 require "${General::swroot}/header.pl";
21
22 my %proxysettings=();
23 my %netsettings=();
24 my %filtersettings=();
25 my %updaccsettings=();
26 my %stdproxysettings=();
27 my %mainsettings=();
28 my $urlfilter_addon=0;
29 my $updacclrtr_addon=0;
30
31 my %checked=();
32 my %selected=();
33
34 my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
35 my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
36 my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
37 my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
38
39 my @useragent=();
40 my @useragentlist=();
41
42 my $hintcolour='#FFFFCC';
43 my $ncsa_buttontext='';
44 my $language='';
45 my $i=0;
46 my $n=0;
47 my $id=0;
48 my $line='';
49 my $user='';
50 my @userlist=();
51 my @grouplist=();
52 my @temp=();
53 my @templist=();
54
55 my $cachemem=0;
56 my $proxy1='';
57 my $proxy2='';
58 my $replybodymaxsize=0;
59 my $browser_regexp='';
60 my $needhup = 0;
61 my $errormessage='';
62
63 my $acldir = "${General::swroot}/proxy/advanced/acls";
64 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
65 my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
66 my $raddir = "${General::swroot}/proxy/advanced/radius";
67 my $identdir = "${General::swroot}/proxy/advanced/ident";
68 my $credir = "${General::swroot}/proxy/advanced/cre";
69
70 my $userdb = "$ncsadir/passwd";
71 my $stdgrp = "$ncsadir/standard.grp";
72 my $extgrp = "$ncsadir/extended.grp";
73 my $disgrp = "$ncsadir/disabled.grp";
74
75 my $browserdb = "${General::swroot}/proxy/advanced/useragents";
76 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
77 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
78
79 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
80 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
81 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
82
83 my $identhosts = "$identdir/hosts";
84
85 my $libexecdir = "/usr/lib/squid";
86
87 my $acl_src_subnets = "$acldir/src_subnets.acl";
88 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
89 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
90 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
91 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
92 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
93 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
94 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
95 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
96 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
97 my $acl_include = "$acldir/include.acl";
98
99 unless (-d "$acldir") { mkdir("$acldir"); }
100 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
101 unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
102 unless (-d "$raddir") { mkdir("$raddir"); }
103 unless (-d "$identdir") { mkdir("$identdir"); }
104 unless (-d "$credir") { mkdir("$credir"); }
105
106 unless (-e $cre_groups) { system("touch $cre_groups"); }
107 unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
108
109 unless (-e $userdb) { system("touch $userdb"); }
110 unless (-e $stdgrp) { system("touch $stdgrp"); }
111 unless (-e $extgrp) { system("touch $extgrp"); }
112 unless (-e $disgrp) { system("touch $disgrp"); }
113
114 unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
115 unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
116 unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
117 unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
118 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
119 unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
120 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
121 unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
122 unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
123 unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
124 unless (-e $acl_include) { system("touch $acl_include"); }
125
126 unless (-e $browserdb) { system("touch $browserdb"); }
127 unless (-e $mimetypes) { system("touch $mimetypes"); }
128
129 open FILE, $browserdb;
130 @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
131 close(FILE);
132
133 my %filtersettings=();
134 $filtersettings{'CHILDREN'} = '5';
135 if (-e "${General::swroot}/urlfilter/settings") {
136 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
137 }
138
139 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
140 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
141
142 if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; }
143 if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; }
144
145 if ($urlfilter_addon) {
146 $filtersettings{'CHILDREN'} = '5';
147 if (-e "${General::swroot}/urlfilter/settings") {
148 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
149 }
150 }
151
152 if ($updacclrtr_addon) {
153 $updaccsettings{'ACCELERATORS'} = '10';
154 if (-e "${General::swroot}/updacclrtr/settings") {
155 &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings);
156 }
157 }
158
159 &Header::showhttpheaders();
160
161 $proxysettings{'ENABLE_FILTER'} = 'off';
162 $proxysettings{'ACTION'} = '';
163 $proxysettings{'VALID'} = '';
164
165 $proxysettings{'ENABLE'} = 'off';
166 $proxysettings{'ENABLE_BLUE'} = 'off';
167 $proxysettings{'TRANSPARENT'} = 'off';
168 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
169 $proxysettings{'PROXY_PORT'} = '800';
170 $proxysettings{'VISIBLE_HOSTNAME'} = '';
171 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
172 $proxysettings{'ERR_LANGUAGE'} = 'English';
173 $proxysettings{'FORWARD_VIA'} = 'off';
174 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
175 $proxysettings{'FORWARD_USERNAME'} = 'off';
176 $proxysettings{'UPSTREAM_PROXY'} = '';
177 $proxysettings{'UPSTREAM_USER'} = '';
178 $proxysettings{'UPSTREAM_PASSWORD'} = '';
179 $proxysettings{'LOGGING'} = 'off';
180 $proxysettings{'LOGQUERY'} = 'off';
181 $proxysettings{'LOGUSERAGENT'} = 'off';
182 $proxysettings{'CACHE_MEM'} = '2';
183 $proxysettings{'CACHE_SIZE'} = '50';
184 $proxysettings{'MAX_SIZE'} = '4096';
185 $proxysettings{'MIN_SIZE'} = '0';
186 $proxysettings{'MEM_POLICY'} = 'LRU';
187 $proxysettings{'CACHE_POLICY'} = 'LRU';
188 $proxysettings{'L1_DIRS'} = '16';
189 $proxysettings{'OFFLINE_MODE'} = 'off';
190 $proxysettings{'CLASSROOM_EXT'} = 'off';
191 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
192 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
193 $proxysettings{'TIME_FROM_HOUR'} = '00';
194 $proxysettings{'TIME_FROM_MINUTE'} = '00';
195 $proxysettings{'TIME_TO_HOUR'} = '24';
196 $proxysettings{'TIME_TO_MINUTE'} = '00';
197 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
198 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
199 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
200 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
201 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
202 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
203 $proxysettings{'THROTTLE_BINARY'} = 'off';
204 $proxysettings{'THROTTLE_DSKIMG'} = 'off';
205 $proxysettings{'THROTTLE_MMEDIA'} = 'off';
206 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
207 $proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
208 $proxysettings{'FAKE_USERAGENT'} = '';
209 $proxysettings{'FAKE_REFERER'} = '';
210 $proxysettings{'AUTH_METHOD'} = 'none';
211 $proxysettings{'AUTH_REALM'} = '';
212 $proxysettings{'AUTH_MAX_USERIP'} = '';
213 $proxysettings{'AUTH_CACHE_TTL'} = '60';
214 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
215 $proxysettings{'AUTH_CHILDREN'} = '5';
216 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
217 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
218 $proxysettings{'NCSA_USERNAME'} = '';
219 $proxysettings{'NCSA_GROUP'} = '';
220 $proxysettings{'NCSA_PASS'} = '';
221 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
222 $proxysettings{'LDAP_BASEDN'} = '';
223 $proxysettings{'LDAP_TYPE'} = 'ADS';
224 $proxysettings{'LDAP_SERVER'} = '';
225 $proxysettings{'LDAP_PORT'} = '389';
226 $proxysettings{'LDAP_BINDDN_USER'} = '';
227 $proxysettings{'LDAP_BINDDN_PASS'} = '';
228 $proxysettings{'LDAP_GROUP'} = '';
229 $proxysettings{'NTLM_DOMAIN'} = '';
230 $proxysettings{'NTLM_PDC'} = '';
231 $proxysettings{'NTLM_BDC'} = '';
232 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
233 $proxysettings{'NTLM_USER_ACL'} = 'positive';
234 $proxysettings{'RADIUS_SERVER'} = '';
235 $proxysettings{'RADIUS_PORT'} = '1645';
236 $proxysettings{'RADIUS_IDENTIFIER'} = '';
237 $proxysettings{'RADIUS_SECRET'} = '';
238 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
239 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
240 $proxysettings{'IDENT_REQUIRED'} = 'off';
241 $proxysettings{'IDENT_TIMEOUT'} = '10';
242 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
243 $proxysettings{'IDENT_USER_ACL'} = 'positive';
244
245 if ($urlfilter_addon) {
246 $proxysettings{'ENABLE_FILTER'} = 'off';
247 }
248
249 if ($updacclrtr_addon) {
250 $proxysettings{'ENABLE_UPDACCEL'} = 'off';
251 }
252
253 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
254
255 &Header::getcgihash(\%proxysettings);
256
257 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
258 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
259 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
260 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
261
262 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
263 {
264 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
265 }
266
267 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
268 {
269 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
270 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
271 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
272 }
273 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
274 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
275 }
276 if ($proxysettings{'NCSA_USERNAME'} eq '') {
277 $errormessage = $Lang::tr{'advproxy errmsg no username'};
278 }
279 if (!$errormessage) {
280 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
281 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
282 }
283 $proxysettings{'NCSA_USERNAME'} = '';
284 $proxysettings{'NCSA_GROUP'} = '';
285 $proxysettings{'NCSA_PASS'} = '';
286 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
287 }
288
289 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
290 {
291 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
292 &deluser($proxysettings{'ID'});
293 }
294
295 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
296 {
297 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
298 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
299 @temp = split(/:/,$proxysettings{'ID'});
300 $proxysettings{'NCSA_USERNAME'} = $temp[0];
301 $proxysettings{'NCSA_GROUP'} = $temp[1];
302 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
303 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
304 }
305
306 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
307 {
308 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
309 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
310 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
311 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
312 $errormessage = $Lang::tr{'invalid input'};
313 goto ERROR;
314 }
315 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
316 ($proxysettings{'CACHE_SIZE'} < 10))
317 {
318 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
319 goto ERROR;
320 }
321 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
322 ($proxysettings{'CACHE_MEM'} < 1))
323 {
324 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
325 goto ERROR;
326 }
327 my @free = `/usr/bin/free`;
328 $free[1] =~ m/(\d+)/;
329 $cachemem = int $1 / 2048;
330 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
331 $proxysettings{'CACHE_MEM'} = $cachemem;
332 }
333 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
334 {
335 $errormessage = $Lang::tr{'invalid maximum object size'};
336 goto ERROR;
337 }
338 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
339 {
340 $errormessage = $Lang::tr{'invalid minimum object size'};
341 goto ERROR;
342 }
343 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
344 {
345 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
346 goto ERROR;
347 }
348 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
349 {
350 print FILE <<END
351 redirect_program /usr/bin/squidGuard
352 redirect_children $filtersettings{'CHILDREN'}
353
354 END
355 ;
356 }
357 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
358 {
359 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
360 goto ERROR;
361 }
362 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
363 {
364 $errormessage = $Lang::tr{'invalid maximum incoming size'};
365 goto ERROR;
366 }
367 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
368 {
369 $browser_regexp = '';
370 foreach (@useragentlist)
371 {
372 chomp;
373 @useragent = split(/,/);
374 if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
375 }
376 chop($browser_regexp);
377 if (!$browser_regexp)
378 {
379 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
380 goto ERROR;
381 }
382 }
383 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
384 {
385 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
386 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
387 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
388 {
389 if ($netsettings{'BLUE_DEV'})
390 {
391 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
392 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
393 {
394 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
395 goto ERROR;
396 }
397 } else {
398 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
399 {
400 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
401 goto ERROR;
402 }
403 }
404 }
405 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
406 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
407 {
408 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
409 goto ERROR;
410 }
411 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
412 {
413 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
414 goto ERROR;
415 }
416 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
417 {
418 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
419 goto ERROR;
420 }
421 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
422 {
423 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
424 goto ERROR;
425 }
426 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
427 {
428 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
429 goto ERROR;
430 }
431 }
432 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
433 {
434 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
435 {
436 $errormessage = $Lang::tr{'advproxy errmsg password length'};
437 goto ERROR;
438 }
439 }
440 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
441 {
442 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
443 {
444 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
445 goto ERROR;
446 }
447 }
448 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
449 {
450 if ($proxysettings{'LDAP_BASEDN'} eq '')
451 {
452 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
453 goto ERROR;
454 }
455 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
456 {
457 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
458 goto ERROR;
459 }
460 if (!&General::validport($proxysettings{'LDAP_PORT'}))
461 {
462 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
463 goto ERROR;
464 }
465 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
466 {
467 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
468 {
469 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
470 goto ERROR;
471 }
472 }
473 }
474 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
475 {
476 if ($proxysettings{'NTLM_DOMAIN'} eq '')
477 {
478 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
479 goto ERROR;
480 }
481 if ($proxysettings{'NTLM_PDC'} eq '')
482 {
483 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
484 goto ERROR;
485 }
486 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
487 {
488 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
489 goto ERROR;
490 }
491 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
492 {
493 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
494 goto ERROR;
495 }
496 }
497 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
498 {
499 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
500 {
501 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
502 goto ERROR;
503 }
504 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
505 {
506 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
507 goto ERROR;
508 }
509 if ($proxysettings{'RADIUS_SECRET'} eq '')
510 {
511 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
512 goto ERROR;
513 }
514 }
515
516 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
517 $proxy1 = 'YES';
518 $proxy2 = 'YES';
519 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
520 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
521 if (($proxy1 ne $proxy2))
522 {
523 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
524 goto ERROR;
525 }
526
527 ERROR:
528 &check_acls;
529
530 if ($errormessage) {
531 $proxysettings{'VALID'} = 'no'; }
532 else {
533 $proxysettings{'VALID'} = 'yes'; }
534
535 if ($proxysettings{'VALID'} eq 'yes')
536 {
537 &write_acls;
538
539 delete $proxysettings{'SRC_SUBNETS'};
540 delete $proxysettings{'SRC_BANNED_IP'};
541 delete $proxysettings{'SRC_BANNED_MAC'};
542 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
543 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
544 delete $proxysettings{'DST_NOCACHE'};
545 delete $proxysettings{'DST_NOAUTH'};
546 delete $proxysettings{'MIME_TYPES'};
547 delete $proxysettings{'NTLM_ALLOW_USERS'};
548 delete $proxysettings{'NTLM_DENY_USERS'};
549 delete $proxysettings{'RADIUS_ALLOW_USERS'};
550 delete $proxysettings{'RADIUS_DENY_USERS'};
551 delete $proxysettings{'IDENT_HOSTS'};
552 delete $proxysettings{'IDENT_ALLOW_USERS'};
553 delete $proxysettings{'IDENT_DENY_USERS'};
554
555 delete $proxysettings{'CRE_GROUPS'};
556 delete $proxysettings{'CRE_SVHOSTS'};
557
558 delete $proxysettings{'NCSA_USERNAME'};
559 delete $proxysettings{'NCSA_GROUP'};
560 delete $proxysettings{'NCSA_PASS'};
561 delete $proxysettings{'NCSA_PASS_CONFIRM'};
562
563 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
564 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
565 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
566 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
567 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
568 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
569 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
570
571 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
572 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
573
574 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
575
576 if ($urlfilter_addon)
577 {
578 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
579 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
580 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
581 }
582
583 if ($updacclrtr_addon)
584 {
585 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
586 $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'};
587 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
588 }
589
590 &writeconfig;
591 &writepacfile;
592
593 unlink "${General::swroot}/proxy/enable";
594 unlink "${General::swroot}/proxy/transparent";
595 unlink "${General::swroot}/proxy/enable_blue";
596 unlink "${General::swroot}/proxy/transparent_blue";
597
598 if ($proxysettings{'ENABLE'} eq 'on') {
599 system ('/bin/touch', "${General::swroot}/proxy/enable"); }
600 if ($proxysettings{'TRANSPARENT'} eq 'on') {
601 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }
602 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
603 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }
604 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
605 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
606
607 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
608 }
609 }
610
611 if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})
612 {
613 system('/usr/local/bin/restartsquid','-f');
614 }
615
616 if (!$errormessage)
617 {
618 if (-e "${General::swroot}/proxy/advanced/settings") {
619 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
620 } elsif (-e "${General::swroot}/proxy/settings") {
621 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
622 }
623 &read_acls;
624 }
625
626 $checked{'ENABLE'}{'off'} = '';
627 $checked{'ENABLE'}{'on'} = '';
628 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
629
630 $checked{'TRANSPARENT'}{'off'} = '';
631 $checked{'TRANSPARENT'}{'on'} = '';
632 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
633
634 $checked{'ENABLE_BLUE'}{'off'} = '';
635 $checked{'ENABLE_BLUE'}{'on'} = '';
636 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
637
638 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
639 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
640 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
641
642 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
643 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
644 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
645 $checked{'FORWARD_USERNAME'}{'off'} = '';
646 $checked{'FORWARD_USERNAME'}{'on'} = '';
647 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
648 $checked{'FORWARD_VIA'}{'off'} = '';
649 $checked{'FORWARD_VIA'}{'on'} = '';
650 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
651
652 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
653 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
654 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
655 $checked{'OFFLINE_MODE'}{'off'} = '';
656 $checked{'OFFLINE_MODE'}{'on'} = '';
657 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
658
659 $checked{'LOGGING'}{'off'} = '';
660 $checked{'LOGGING'}{'on'} = '';
661 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
662 $checked{'LOGQUERY'}{'off'} = '';
663 $checked{'LOGQUERY'}{'on'} = '';
664 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
665 $checked{'LOGUSERAGENT'}{'off'} = '';
666 $checked{'LOGUSERAGENT'}{'on'} = '';
667 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
668
669 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
670
671 $checked{'CLASSROOM_EXT'}{'off'} = '';
672 $checked{'CLASSROOM_EXT'}{'on'} = '';
673 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
674
675 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
676 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
677 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
678 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
679 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
680
681 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
682 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
683 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
684 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
685 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
686 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
687 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
688
689 $checked{'TIME_MON'}{'off'} = '';
690 $checked{'TIME_MON'}{'on'} = '';
691 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
692 $checked{'TIME_TUE'}{'off'} = '';
693 $checked{'TIME_TUE'}{'on'} = '';
694 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
695 $checked{'TIME_WED'}{'off'} = '';
696 $checked{'TIME_WED'}{'on'} = '';
697 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
698 $checked{'TIME_THU'}{'off'} = '';
699 $checked{'TIME_THU'}{'on'} = '';
700 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
701 $checked{'TIME_FRI'}{'off'} = '';
702 $checked{'TIME_FRI'}{'on'} = '';
703 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
704 $checked{'TIME_SAT'}{'off'} = '';
705 $checked{'TIME_SAT'}{'on'} = '';
706 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
707 $checked{'TIME_SUN'}{'off'} = '';
708 $checked{'TIME_SUN'}{'on'} = '';
709 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
710
711 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
712 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
713 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
714 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
715
716 $checked{'THROTTLE_BINARY'}{'off'} = '';
717 $checked{'THROTTLE_BINARY'}{'on'} = '';
718 $checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
719 $checked{'THROTTLE_DSKIMG'}{'off'} = '';
720 $checked{'THROTTLE_DSKIMG'}{'on'} = '';
721 $checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
722 $checked{'THROTTLE_MMEDIA'}{'off'} = '';
723 $checked{'THROTTLE_MMEDIA'}{'on'} = '';
724 $checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
725
726 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
727 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
728 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
729
730 $checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
731 $checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
732 $checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
733
734 $checked{'ENABLE_FILTER'}{'off'} = '';
735 $checked{'ENABLE_FILTER'}{'on'} = '';
736 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
737
738 foreach (@useragentlist) {
739 @useragent = split(/,/);
740 $checked{'UA_'.@useragent[0]}{'off'} = '';
741 $checked{'UA_'.@useragent[0]}{'on'} = '';
742 $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
743 }
744
745 $checked{'AUTH_METHOD'}{'none'} = '';
746 $checked{'AUTH_METHOD'}{'ncsa'} = '';
747 $checked{'AUTH_METHOD'}{'ident'} = '';
748 $checked{'AUTH_METHOD'}{'ldap'} = '';
749 $checked{'AUTH_METHOD'}{'ntlm'} = '';
750 $checked{'AUTH_METHOD'}{'radius'} = '';
751 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
752
753 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
754
755 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
756 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
757 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
758
759 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
760 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
761 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
762
763 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
764
765 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
766
767 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
768
769 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
770 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
771 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
772
773 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
774 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
775 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
776
777 $checked{'NTLM_USER_ACL'}{'positive'} = '';
778 $checked{'NTLM_USER_ACL'}{'negative'} = '';
779 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
780
781 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
782 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
783 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
784
785 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
786 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
787 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
788
789 $checked{'IDENT_REQUIRED'}{'off'} = '';
790 $checked{'IDENT_REQUIRED'}{'on'} = '';
791 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
792
793 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
794 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
795 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
796
797 $checked{'IDENT_USER_ACL'}{'positive'} = '';
798 $checked{'IDENT_USER_ACL'}{'negative'} = '';
799 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
800
801 if ($urlfilter_addon) {
802 $checked{'ENABLE_FILTER'}{'off'} = '';
803 $checked{'ENABLE_FILTER'}{'on'} = '';
804 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
805 }
806
807 if ($updacclrtr_addon) {
808 $checked{'ENABLE_UPDACCEL'}{'off'} = '';
809 $checked{'ENABLE_UPDACCEL'}{'on'} = '';
810 $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'";
811 }
812
813 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
814
815 &Header::openbigbox('100%', 'left', '', $errormessage);
816
817 if ($errormessage) {
818 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
819 print "<font class='base'>$errormessage&nbsp;</font>\n";
820 &Header::closebox();
821 }
822
823 # ===================================================================
824 # Main settings
825 # ===================================================================
826
827 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
828
829 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
830
831 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
832
833 print <<END
834 <table width='100%'>
835 <tr>
836 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
837 </tr>
838 <tr>
839 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
840 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
841 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:</td>
842 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
843 </tr>
844 <tr>
845 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
846 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
847 <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
848 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
849 </tr>
850 <tr>
851 END
852 ;
853 if ($netsettings{'BLUE_DEV'}) {
854 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
855 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
856 } else {
857 print "<td colspan='2'>&nbsp;</td>";
858 }
859 print <<END
860 <td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
861 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
862 </tr>
863 <tr>
864 END
865 ;
866 if ($netsettings{'BLUE_DEV'}) {
867 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
868 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
869 } else {
870 print "<td colspan='2'>&nbsp;</td>";
871 }
872 print <<END
873 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
874 <td class='base'>
875 <select name='ERR_LANGUAGE'>
876 END
877 ;
878 foreach (</usr/lib/squid/errors/*>) {
879 if (-d) {
880 $language = substr($_,rindex($_,"/")+1);
881 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
882 }
883 }
884 print <<END
885 </select>
886 </td>
887 </tr>
888 <tr>
889 <td colspan='4'><hr /><b>$Lang::tr{'urlfilter url filter'}</b></td>
890 </tr>
891 <tr>
892 <td width='25%' class='base'>$Lang::tr{'urlfilter enabled'}</td>
893 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
894 <td colspan='2'>&nbsp;</td>
895 </tr>
896 </table>
897 <hr size='1'>
898 <table width='100%'>
899 <tr>
900 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
901 </tr>
902 <tr>
903 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}</font>:</td>
904 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
905 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
906 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
907 </tr>
908 <tr>
909 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}</font>:</td>
910 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
911 <td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
912 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
913 </tr>
914 <tr>
915 <td class='base'>$Lang::tr{'advproxy username forwarding'}</font>:</td>
916 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
917 <td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
918 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
919 </tr>
920 </table>
921 <hr size='1'>
922 <table width='100%'>
923 <tr>
924 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
925 </tr>
926 <tr>
927 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
928 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
929 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
930 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
931 </tr>
932 <tr>
933 <td>&nbsp;</td>
934 <td>&nbsp;</td>
935 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
936 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
937 </tr>
938 </table>
939 <hr size='1'>
940 <table width='100%'>
941 <tr>
942 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
943 </tr>
944 <tr>
945 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
946 </tr>
947 <tr>
948 <td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
949 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
950 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:</td>
951 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
952 </tr>
953 <tr>
954 <td class='base'>$Lang::tr{'advproxy min size'}:</td>
955 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
956 <td class='base'>$Lang::tr{'advproxy max size'}:</td>
957 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
958 </tr>
959 <tr>
960 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
961 <td class='base'><select name='L1_DIRS'>
962 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
963 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
964 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
965 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
966 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
967 </select></td>
968 <td colspan='2' rowspan= '5' valign='top' class='base'>
969 <table cellpadding='0' cellspacing='0'>
970 <tr>
971 <!-- intentionally left empty -->
972 </tr>
973 <tr>
974 <td>$Lang::tr{'advproxy no cache sites'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
975 </tr>
976 <tr>
977 <!-- intentionally left empty -->
978 </tr>
979 <tr>
980 <!-- intentionally left empty -->
981 </tr>
982 <tr>
983 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
984 END
985 ;
986
987 print $proxysettings{'DST_NOCACHE'};
988
989 print <<END
990 </textarea></td>
991 </tr>
992 </table>
993 </td>
994 </tr>
995 <tr>
996 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
997 <td class='base'><select name='MEM_POLICY'>
998 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
999 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1000 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
1001 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
1002 </select></td>
1003 </tr>
1004 <tr>
1005 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
1006 <td class='base'><select name='CACHE_POLICY'>
1007 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
1008 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
1009 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
1010 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
1011 </select></td>
1012 </tr>
1013 <tr>
1014 <td colspan='2'>&nbsp;</td>
1015 </tr>
1016 <tr>
1017 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
1018 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
1019 </tr>
1020 </table>
1021 <hr size='1'>
1022 <table width='100%'>
1023 <tr>
1024 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
1025 </tr>
1026 <tr>
1027 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1028 </tr>
1029 <tr>
1030 <td colspan='2' class='base'>$Lang::tr{'advproxy allowed subnets'}:</td>
1031 <td colspan='2'>&nbsp;</td>
1032 </tr>
1033 <tr>
1034 <td colspan='2'><textarea name='SRC_SUBNETS' cols='32' rows='6' wrap='off'>
1035 END
1036 ;
1037
1038 if (!$proxysettings{'SRC_SUBNETS'}) {
1039 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1040 if ($netsettings{'BLUE_DEV'}) {
1041 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1042 }
1043 } else {
1044 print $proxysettings{'SRC_SUBNETS'};
1045 }
1046
1047 print <<END
1048 </textarea></td>
1049 <td colspan='2'>&nbsp;</td>
1050 </tr>
1051 </table>
1052 <table width='100%'>
1053 <tr>
1054 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1055 </tr>
1056 <tr>
1057 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1058 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1059 </tr>
1060 <tr>
1061 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='6' wrap='off'>
1062 END
1063 ;
1064
1065 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1066
1067 print <<END
1068 </textarea></td>
1069 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='6' wrap='off'>
1070 END
1071 ;
1072
1073 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1074
1075 print <<END
1076 </textarea></td>
1077 </tr>
1078 </table>
1079 <table width='100%'>
1080 <tr>
1081 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1082 </tr>
1083 <tr>
1084 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1085 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1086 </tr>
1087 <tr>
1088 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='6' wrap='off'>
1089 END
1090 ;
1091
1092 print $proxysettings{'SRC_BANNED_IP'};
1093
1094 print <<END
1095 </textarea></td>
1096 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='6' wrap='off'>
1097 END
1098 ;
1099
1100 print $proxysettings{'SRC_BANNED_MAC'};
1101
1102 print <<END
1103 </textarea></td>
1104 </tr>
1105 </table>
1106
1107 <hr size='1'>
1108
1109 END
1110 ;
1111 # -------------------------------------------------------------------
1112 # CRE GUI - optional
1113 # -------------------------------------------------------------------
1114
1115 if (-e $cre_enabled) { print <<END
1116 <table width='100%'>
1117
1118 <tr>
1119 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b></td>
1120 </tr>
1121 <tr>
1122 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1123 </tr>
1124 <tr>
1125 <td class='base'>$Lang::tr{'advproxy enabled'}:</td>
1126 <td><input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1127 <td class='base'>$Lang::tr{'advproxy supervisor password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1128 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1129 </tr>
1130 <tr>
1131 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1132 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1133 </tr>
1134 <tr>
1135 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1136 END
1137 ;
1138
1139 print $proxysettings{'CRE_GROUPS'};
1140
1141 print <<END
1142 </textarea></td>
1143 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1144 END
1145 ;
1146 print $proxysettings{'CRE_SVHOSTS'};
1147
1148 print <<END
1149 </textarea></td>
1150 </tr>
1151
1152 </table>
1153
1154 <hr size='1'>
1155 END
1156 ;
1157 } else {
1158 print <<END
1159 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1160 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1161 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1162 END
1163 ;
1164 }
1165 # -------------------------------------------------------------------
1166
1167 print <<END
1168
1169 <table width='100%'>
1170 <tr>
1171 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1172 </tr>
1173 <table width='100%'>
1174 <tr>
1175 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1176 <td width='1%'>&nbsp;</td>
1177 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1178 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1179 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1180 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1181 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1182 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1183 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1184 <td width='1%'>&nbsp;&nbsp;</td>
1185 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1186 <td width='1%'>&nbsp;</td>
1187 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1188 <td>&nbsp;</td>
1189 </tr>
1190 <tr>
1191 <td class='base'>
1192 <select name='TIME_ACCESS_MODE'>
1193 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1194 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1195 </select>
1196 </td>
1197 <td>&nbsp;</td>
1198 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1199 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1200 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1201 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1202 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1203 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1204 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1205 <td>&nbsp;</td>
1206 <td class='base'>
1207 <select name='TIME_FROM_HOUR'>
1208 END
1209 ;
1210 for ($i=0;$i<=24;$i++) {
1211 $_ = sprintf("%02s",$i);
1212 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1213 }
1214 print <<END
1215 </select>
1216 </td>
1217 <td>:</td>
1218 <td class='base'>
1219 <select name='TIME_FROM_MINUTE'>
1220 END
1221 ;
1222 for ($i=0;$i<=45;$i+=15) {
1223 $_ = sprintf("%02s",$i);
1224 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1225 }
1226 print <<END
1227 </select>
1228 <td> - </td>
1229 </td>
1230 <td class='base'>
1231 <select name='TIME_TO_HOUR'>
1232 END
1233 ;
1234 for ($i=0;$i<=24;$i++) {
1235 $_ = sprintf("%02s",$i);
1236 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1237 }
1238 print <<END
1239 </select>
1240 </td>
1241 <td>:</td>
1242 <td class='base'>
1243 <select name='TIME_TO_MINUTE'>
1244 END
1245 ;
1246 for ($i=0;$i<=45;$i+=15) {
1247 $_ = sprintf("%02s",$i);
1248 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1249 }
1250 print <<END
1251 </select>
1252 </td>
1253 </tr>
1254 </table>
1255 <hr size='1'>
1256 <table width='100%'>
1257 <tr>
1258 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1259 </tr>
1260 <tr>
1261 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:</td>
1262 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1263 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:</td>
1264 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1265 </tr>
1266 </table>
1267 <hr size='1'>
1268 <table width='100%'>
1269 <tr>
1270 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1271 </tr>
1272 <tr>
1273 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1274 <td width='20%' class='base'>
1275 <select name='THROTTLING_GREEN_TOTAL'>
1276 END
1277 ;
1278
1279 foreach (@throttle_limits) {
1280 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
1281 }
1282
1283 print <<END
1284 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1285 </select>
1286 </td>
1287 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1288 <td width='30%' class='base'>
1289 <select name='THROTTLING_GREEN_HOST'>
1290 END
1291 ;
1292
1293 foreach (@throttle_limits) {
1294 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
1295 }
1296
1297 print <<END
1298 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1299 </select>
1300 </td>
1301 </tr>
1302 END
1303 ;
1304
1305 if ($netsettings{'BLUE_DEV'}) {
1306 print <<END
1307 <tr>
1308 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1309 <td class='base'>
1310 <select name='THROTTLING_BLUE_TOTAL'>
1311 END
1312 ;
1313
1314 foreach (@throttle_limits) {
1315 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
1316 }
1317
1318 print <<END
1319 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1320 </select>
1321 </td>
1322 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1323 <td class='base'>
1324 <select name='THROTTLING_BLUE_HOST'>
1325 END
1326 ;
1327
1328 foreach (@throttle_limits) {
1329 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
1330 }
1331
1332 print <<END
1333 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1334 </select>
1335 </td>
1336 </tr>
1337 END
1338 ;
1339 }
1340
1341 print <<END
1342 </table>
1343 <table width='100%'>
1344 <tr>
1345 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1346 </tr>
1347 <tr>
1348 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1349 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1350 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1351 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1352 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1353 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1354 <td width='15%'>&nbsp;</td>
1355 <td width='10%'>&nbsp;</td>
1356 </tr>
1357 </table>
1358 <hr size='1'>
1359 <table width='100%'>
1360 <tr>
1361 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b></td>
1362 </tr>
1363 <tr>
1364 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1365 <td width='20%'><input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1366 </tr>
1367 <tr>
1368 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1369 <td>&nbsp;</td>
1370 <td>&nbsp;</td>
1371 </tr>
1372 <tr>
1373 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1374 END
1375 ;
1376
1377 print $proxysettings{'MIME_TYPES'};
1378
1379 print <<END
1380 </textarea></td>
1381 <td>&nbsp;</td>
1382 <td>&nbsp;</td>
1383 </tr>
1384 </table>
1385 <hr size='1'>
1386 <table width='100%'>
1387 <tr>
1388 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b></td>
1389 </tr>
1390 <tr>
1391 <td width='25%' class='base'>$Lang::tr{'advproxy UA enable filter'}:</td>
1392 <td width='20%'><input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1393 <td>&nbsp;</td>
1394 <td>&nbsp;</td>
1395 </tr>
1396 <tr>
1397 <td colspan='4'><i>
1398 END
1399 ;
1400 if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1401 print <<END
1402 </i></td>
1403 </tr>
1404 </table>
1405 <table width='100%'>
1406 END
1407 ;
1408
1409 for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1410 for ($i=0; $i<=3; $i++) {
1411 if ($i eq 0) { print "<tr>\n"; }
1412 if (($n+$i) < @useragentlist) {
1413 @useragent = split(/,/,@useragentlist[$n+$i]);
1414 print "<td width='15%'>@useragent[1]:<\/td>\n";
1415 print "<td width='10%'><input type='checkbox' name='UA_@useragent[0]' $checked{'UA_'.@useragent[0]}{'on'} /></td>\n";
1416 }
1417 if ($i eq 3) { print "<\/tr>\n"; }
1418 }
1419 }
1420
1421 print <<END
1422 </table>
1423 <hr size='1'>
1424 <table width='100%'>
1425 <tr>
1426 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1427 </tr>
1428 <tr>
1429 <td class='base'>$Lang::tr{'advproxy fake useragent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1430 </tr>
1431 <tr>
1432 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
1433 </tr>
1434 <tr>
1435 <td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1436 </tr>
1437 <tr>
1438 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
1439 </tr>
1440 </table>
1441 <hr size='1'>
1442 END
1443 ;
1444
1445 if ($urlfilter_addon) {
1446 print <<END
1447 <table width='100%'>
1448 <tr>
1449 <td colspan='4'><b>$Lang::tr{'advproxy url filter'}</b></td>
1450 </tr>
1451 <tr>
1452 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1453 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
1454 <td>&nbsp;</td>
1455 <td>&nbsp;</td>
1456 </tr>
1457 </table>
1458 <hr size='1'>
1459 END
1460 ; }
1461
1462 if (($updacclrtr_addon) && (!($urlfilter_addon))) {
1463 print <<END
1464 <table width='100%'>
1465 <tr>
1466 <td colspan='4'><b>$Lang::tr{'advproxy update accelerator'}</b></td>
1467 </tr>
1468 <tr>
1469 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1470 <td><input type='checkbox' name='ENABLE_UPDACCEL' $checked{'ENABLE_UPDACCEL'}{'on'} /></td>
1471 <td>&nbsp;</td>
1472 <td>&nbsp;</td>
1473 </tr>
1474 </table>
1475 <hr size='1'>
1476 END
1477 ; }
1478
1479 print <<END
1480 <table width='100%'>
1481 <tr>
1482 <td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1483 </tr>
1484 <tr>
1485 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1486 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1487 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1488 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1489 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1490 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1491 </tr>
1492 </table>
1493 END
1494 ;
1495
1496 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1497 <hr size='1'>
1498 <table width='100%'>
1499 <tr>
1500 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1501 </tr>
1502 <tr>
1503 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1504 </tr>
1505 <tr>
1506 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1507 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1508 <td colspan='2' rowspan= '6' valign='top' class='base'>
1509 <table cellpadding='0' cellspacing='0'>
1510 <tr>
1511 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1512 </tr>
1513 <tr>
1514 <!-- intentionally left empty -->
1515 </tr>
1516 <tr>
1517 <!-- intentionally left empty -->
1518 </tr>
1519 <tr>
1520 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1521 </tr>
1522 <tr>
1523 <!-- intentionally left empty -->
1524 </tr>
1525 <tr>
1526 <!-- intentionally left empty -->
1527 </tr>
1528 <tr>
1529 <td>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1530 </tr>
1531 <tr>
1532 <!-- intentionally left empty -->
1533 </tr>
1534 <tr>
1535 <!-- intentionally left empty -->
1536 </tr>
1537 <tr>
1538 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1539 END
1540 ;
1541
1542 print $proxysettings{'DST_NOAUTH'};
1543
1544 print <<END
1545 </textarea></td>
1546 </tr>
1547 </table>
1548 </td>
1549 </tr>
1550 <tr>
1551 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1552 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1553 </tr>
1554 <tr>
1555 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1556 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1557 </tr>
1558 <tr>
1559 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1560 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1561 </tr>
1562 <tr>
1563 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1564 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1565 </tr>
1566 <tr>
1567 <td colspan='2'>&nbsp;</td>
1568 </tr>
1569 </table>
1570 END
1571 ;
1572 }
1573
1574 # ===================================================================
1575 # NCSA auth settings
1576 # ===================================================================
1577
1578 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1579 print <<END
1580 <hr size='1'>
1581 <table width='100%'>
1582 <tr>
1583 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1584 </tr>
1585 <tr>
1586 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1587 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1588 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1589 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1590 </tr>
1591 <tr>
1592 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1593 <td>&nbsp;</td>
1594 <td>&nbsp;</td>
1595 </tr>
1596 </table>
1597 END
1598 ; }
1599
1600 # ===================================================================
1601 # IDENTD auth settings
1602 # ===================================================================
1603
1604 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1605 print <<END
1606 <hr size ='1'>
1607 <table width='100%'>
1608 <tr>
1609 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1610 </tr>
1611 <tr>
1612 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1613 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1614 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1615 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1616 </tr>
1617 <tr>
1618 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1619 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1620 <td>&nbsp;</td>
1621 <td>&nbsp;</td>
1622 </tr>
1623 <tr>
1624 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1625 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1626 </tr>
1627 <tr>
1628 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1629 END
1630 ;
1631 if (!$proxysettings{'IDENT_HOSTS'}) {
1632 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1633 if ($netsettings{'BLUE_DEV'}) {
1634 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1635 }
1636 } else {
1637 print $proxysettings{'IDENT_HOSTS'};
1638 }
1639
1640 print <<END
1641 </textarea></td>
1642 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1643 END
1644 ;
1645
1646 print $proxysettings{'DST_NOAUTH'};
1647
1648 print <<END
1649 </textarea></td>
1650 </tr>
1651 </table>
1652 <hr size ='1'>
1653 <table width='100%'>
1654 <tr>
1655 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1656 </tr>
1657 <tr>
1658 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1659 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1660 <td width='25%'>&nbsp;</td>
1661 <td width='30%'>&nbsp;</td>
1662 </tr>
1663 <tr>
1664 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1665 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1666 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1667 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1668 </tr>
1669 <tr>
1670 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1671 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1672 </tr>
1673 <tr>
1674 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1675 END
1676 ; }
1677
1678 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1679
1680 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1681 </textarea></td>
1682 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1683 END
1684 ; }
1685
1686 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1687
1688 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1689 </textarea></td>
1690 </tr>
1691 </table>
1692 END
1693 ; }
1694
1695 # ===================================================================
1696 # NTLM auth settings
1697 # ===================================================================
1698
1699 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1700 print <<END
1701 <hr size='1'>
1702 <table width='100%'>
1703 <tr>
1704 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1705 </tr>
1706 <tr>
1707 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1708 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1709 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1710 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1711 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1712 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1713 </tr>
1714 </table>
1715 <hr size ='1'>
1716 <table width='100%'>
1717 <tr>
1718 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1719 </tr>
1720 <tr>
1721 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1722 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1723 <td>&nbsp;</td>
1724 </tr>
1725 </table>
1726 <hr size ='1'>
1727 <table width='100%'>
1728 <tr>
1729 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1730 </tr>
1731 <tr>
1732 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1733 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1734 <td width='25%'>&nbsp;</td>
1735 <td width='30%'>&nbsp;</td>
1736 </tr>
1737 <tr>
1738 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1739 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1740 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1741 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1742 </tr>
1743 <tr>
1744 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1745 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1746 </tr>
1747 <tr>
1748 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1749 END
1750 ; }
1751
1752 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1753
1754 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1755 </textarea></td>
1756 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1757 END
1758 ; }
1759
1760 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1761
1762 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1763 </textarea></td>
1764 </tr>
1765 </table>
1766 END
1767 ; }
1768
1769 # ===================================================================
1770 # LDAP auth settings
1771 # ===================================================================
1772
1773 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1774 print <<END
1775 <hr size='1'>
1776 <table width='100%'>
1777 <tr>
1778 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1779 </tr>
1780 <tr>
1781 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1782 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1783 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1784 <td class='base'><select name='LDAP_TYPE'>
1785 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1786 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1787 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1788 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1789 </select></td>
1790 </tr>
1791 <tr>
1792 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1793 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1794 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1795 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1796 </tr>
1797 </table>
1798 <hr size ='1'>
1799 <table width='100%'>
1800 <tr>
1801 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1802 </tr>
1803 <tr>
1804 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1805 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1806 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1807 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1808 </tr>
1809 </table>
1810 <hr size ='1'>
1811 <table width='100%'>
1812 <tr>
1813 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1814 </tr>
1815 <tr>
1816 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1817 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1818 <td>&nbsp;</td>
1819 <td>&nbsp;</td>
1820 </tr>
1821 </table>
1822 END
1823 ; }
1824
1825 # ===================================================================
1826 # RADIUS auth settings
1827 # ===================================================================
1828
1829 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1830 print <<END
1831 <hr size='1'>
1832 <table width='100%'>
1833 <tr>
1834 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1835 </tr>
1836 <tr>
1837 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1838 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1839 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1840 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1841 </tr>
1842 <tr>
1843 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1844 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1845 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1846 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1847 </tr>
1848 </table>
1849 <hr size ='1'>
1850 <table width='100%'>
1851 <tr>
1852 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1853 </tr>
1854 <tr>
1855 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1856 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1857 <td width='25%'>&nbsp;</td>
1858 <td width='30%'>&nbsp;</td>
1859 </tr>
1860 <tr>
1861 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1862 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1863 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1864 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1865 </tr>
1866 <tr>
1867 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1868 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1869 </tr>
1870 <tr>
1871 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1872 END
1873 ; }
1874
1875 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
1876
1877 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1878 </textarea></td>
1879 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
1880 END
1881 ; }
1882
1883 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
1884
1885 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1886 </textarea></td>
1887 </tr>
1888 </table>
1889 END
1890 ; }
1891
1892 # ===================================================================
1893
1894 }
1895
1896 print "<table>\n";
1897
1898 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
1899 print <<END
1900 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1901 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1902 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1903 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1904 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
1905 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1906 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
1907 END
1908 ; }
1909
1910 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1911 print <<END
1912 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1913 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1914 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1915 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1916 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1917 END
1918 ; }
1919
1920 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
1921 print <<END
1922 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
1923 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
1924 END
1925 ; }
1926
1927 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
1928 print <<END
1929 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
1930 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
1931 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
1932 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
1933 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
1934 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
1935 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
1936 END
1937 ; }
1938
1939 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
1940 print <<END
1941 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
1942 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
1943 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
1944 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
1945 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
1946 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
1947 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
1948 END
1949 ; }
1950
1951 if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
1952 print <<END
1953 <td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
1954 <td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
1955 <td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
1956 <td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
1957 <td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
1958 <td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
1959 <td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
1960 <td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
1961 END
1962 ; }
1963
1964 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
1965 print <<END
1966 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
1967 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
1968 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
1969 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
1970 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
1971 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
1972 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
1973 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
1974 END
1975 ; }
1976
1977 print "</table>\n";
1978
1979 print <<END
1980 <hr size='1'>
1981 END
1982 ;
1983
1984 print <<END
1985 <table width='100%'>
1986 <tr>
1987 <td>&nbsp;</td>
1988 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
1989 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
1990 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>
1991 <td>&nbsp;</td>
1992 </tr>
1993
1994 </table>
1995 <br />
1996 <table width='100%'>
1997 <tr>
1998 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;
1999 <font class='base'>$Lang::tr{'this field may be blank'}</font>
2000 </td>
2001 <td align='right'>
2002 &nbsp;
2003 </td>
2004 </tr>
2005 </table>
2006 </form>
2007 END
2008 ;
2009
2010 &Header::closebox();
2011
2012 } else {
2013
2014 # ===================================================================
2015 # NCSA user management
2016 # ===================================================================
2017
2018 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
2019 print <<END
2020 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
2021 <table width='100%'>
2022 <tr>
2023 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
2024 </tr>
2025 <tr>
2026 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
2027 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2028 END
2029 ;
2030 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
2031 print <<END
2032 /></td>
2033 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2034 <td class='base'>
2035 <select name='NCSA_GROUP'>
2036 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2037 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2038 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2039 </select>
2040 </td>
2041
2042 </tr>
2043 <tr>
2044 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2045 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2046 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2047 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2048 </tr>
2049 </table>
2050 <br>
2051 <table>
2052 <tr>
2053 <td>&nbsp;</td>
2054 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2055 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2056 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2057 END
2058 ;
2059 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2060 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2061 }
2062
2063 print <<END
2064 <td>&nbsp;</td>
2065 <td>&nbsp;</td>
2066 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2067 </tr>
2068 </table>
2069 </form>
2070 <hr size='1'>
2071 <table width='100%'>
2072 <tr>
2073 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2074 </tr>
2075 </table>
2076 <table width='100%' align='center'>
2077 END
2078 ;
2079
2080 if (-e $extgrp)
2081 {
2082 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2083 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2084 }
2085 if (-e $stdgrp)
2086 {
2087 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2088 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2089 }
2090 if (-e $disgrp)
2091 {
2092 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2093 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2094 }
2095
2096 @userlist = sort(@userlist);
2097
2098 # If the password file contains entries, print entries and action icons
2099
2100 if (! -z "$userdb") {
2101 print <<END
2102 <tr>
2103 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2104 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2105 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2106 </tr>
2107 END
2108 ;
2109 $id = 0;
2110 foreach $line (@userlist)
2111 {
2112 $id++;
2113 chomp($line);
2114 @temp = split(/:/,$line);
2115 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2116 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2117 elsif ($id % 2) {
2118 print "<tr bgcolor='$Header::table1colour'>\n"; }
2119 else {
2120 print "<tr bgcolor='$Header::table2colour'>\n"; }
2121
2122 print <<END
2123 <td align='center'>$temp[0]</td>
2124 <td align='center'>
2125 END
2126 ;
2127 if ($temp[1] eq 'standard') {
2128 print $Lang::tr{'advproxy NCSA grp standard'};
2129 } elsif ($temp[1] eq 'extended') {
2130 print $Lang::tr{'advproxy NCSA grp extended'};
2131 } elsif ($temp[1] eq 'disabled') {
2132 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2133 print <<END
2134 </td>
2135 <td width='8%' align='center'>
2136 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2137 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2138 <input type='hidden' name='ID' value='$line' />
2139 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2140 </form>
2141 </td>
2142
2143 <td width='8%' align='center'>
2144 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2145 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2146 <input type='hidden' name='ID' value='$temp[0]' />
2147 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2148 </form>
2149 </td>
2150 </tr>
2151 END
2152 ;
2153 }
2154
2155 print <<END
2156 </table>
2157 <br>
2158 <table witdh='100%'>
2159 <tr>
2160 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2161 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2162 <td class='base'>$Lang::tr{'edit'}</td>
2163 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2164 <td class='base'>$Lang::tr{'remove'}</td>
2165 </tr>
2166 END
2167 ;
2168 } else {
2169 print <<END
2170 <tr>
2171 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2172 </tr>
2173 END
2174 ;
2175 }
2176
2177 print <<END
2178 </table>
2179 END
2180 ;
2181
2182 &Header::closebox();
2183
2184 }
2185
2186 # ===================================================================
2187
2188 &Header::closebigbox();
2189
2190 &Header::closepage();
2191
2192 # -------------------------------------------------------------------
2193
2194 sub read_acls
2195 {
2196 if (-e "$acl_src_subnets") {
2197 open(FILE,"$acl_src_subnets");
2198 delete $proxysettings{'SRC_SUBNETS'};
2199 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2200 close(FILE);
2201 }
2202 if (-e "$acl_src_banned_ip") {
2203 open(FILE,"$acl_src_banned_ip");
2204 delete $proxysettings{'SRC_BANNED_IP'};
2205 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2206 close(FILE);
2207 }
2208 if (-e "$acl_src_banned_mac") {
2209 open(FILE,"$acl_src_banned_mac");
2210 delete $proxysettings{'SRC_BANNED_MAC'};
2211 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2212 close(FILE);
2213 }
2214 if (-e "$acl_src_unrestricted_ip") {
2215 open(FILE,"$acl_src_unrestricted_ip");
2216 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2217 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2218 close(FILE);
2219 }
2220 if (-e "$acl_src_unrestricted_mac") {
2221 open(FILE,"$acl_src_unrestricted_mac");
2222 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2223 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2224 close(FILE);
2225 }
2226 if (-e "$acl_dst_nocache") {
2227 open(FILE,"$acl_dst_nocache");
2228 delete $proxysettings{'DST_NOCACHE'};
2229 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2230 close(FILE);
2231 }
2232 if (-e "$acl_dst_noauth") {
2233 open(FILE,"$acl_dst_noauth");
2234 delete $proxysettings{'DST_NOAUTH'};
2235 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2236 close(FILE);
2237 }
2238 if (-e "$mimetypes") {
2239 open(FILE,"$mimetypes");
2240 delete $proxysettings{'MIME_TYPES'};
2241 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2242 close(FILE);
2243 }
2244 if (-e "$ntlmdir/msntauth.allowusers") {
2245 open(FILE,"$ntlmdir/msntauth.allowusers");
2246 delete $proxysettings{'NTLM_ALLOW_USERS'};
2247 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2248 close(FILE);
2249 }
2250 if (-e "$ntlmdir/msntauth.denyusers") {
2251 open(FILE,"$ntlmdir/msntauth.denyusers");
2252 delete $proxysettings{'NTLM_DENY_USERS'};
2253 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2254 close(FILE);
2255 }
2256 if (-e "$raddir/radauth.allowusers") {
2257 open(FILE,"$raddir/radauth.allowusers");
2258 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2259 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2260 close(FILE);
2261 }
2262 if (-e "$raddir/radauth.denyusers") {
2263 open(FILE,"$raddir/radauth.denyusers");
2264 delete $proxysettings{'RADIUS_DENY_USERS'};
2265 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2266 close(FILE);
2267 }
2268 if (-e "$identdir/identauth.allowusers") {
2269 open(FILE,"$identdir/identauth.allowusers");
2270 delete $proxysettings{'IDENT_ALLOW_USERS'};
2271 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2272 close(FILE);
2273 }
2274 if (-e "$identdir/identauth.denyusers") {
2275 open(FILE,"$identdir/identauth.denyusers");
2276 delete $proxysettings{'IDENT_DENY_USERS'};
2277 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2278 close(FILE);
2279 }
2280 if (-e "$identhosts") {
2281 open(FILE,"$identhosts");
2282 delete $proxysettings{'IDENT_HOSTS'};
2283 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2284 close(FILE);
2285 }
2286 if (-e "$cre_groups") {
2287 open(FILE,"$cre_groups");
2288 delete $proxysettings{'CRE_GROUPS'};
2289 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2290 close(FILE);
2291 }
2292 if (-e "$cre_svhosts") {
2293 open(FILE,"$cre_svhosts");
2294 delete $proxysettings{'CRE_SVHOSTS'};
2295 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2296 close(FILE);
2297 }
2298 }
2299
2300 # -------------------------------------------------------------------
2301
2302 sub check_acls
2303 {
2304 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2305 undef $proxysettings{'SRC_SUBNETS'};
2306 foreach (@temp)
2307 {
2308 s/^\s+//g; s/\s+$//g;
2309 if ($_)
2310 {
2311 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2312 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2313 }
2314 }
2315
2316 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2317 undef $proxysettings{'SRC_BANNED_IP'};
2318 foreach (@temp)
2319 {
2320 s/^\s+//g; s/\s+$//g;
2321 if ($_)
2322 {
2323 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2324 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2325 }
2326 }
2327
2328 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2329 undef $proxysettings{'SRC_BANNED_MAC'};
2330 foreach (@temp)
2331 {
2332 s/^\s+//g; s/\s+$//g; s/-/:/g;
2333 if ($_)
2334 {
2335 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2336 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2337 }
2338 }
2339
2340 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2341 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2342 foreach (@temp)
2343 {
2344 s/^\s+//g; s/\s+$//g;
2345 if ($_)
2346 {
2347 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2348 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2349 }
2350 }
2351
2352 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2353 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2354 foreach (@temp)
2355 {
2356 s/^\s+//g; s/\s+$//g; s/-/:/g;
2357 if ($_)
2358 {
2359 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2360 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2361 }
2362 }
2363
2364 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2365 {
2366 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2367 undef $proxysettings{'NTLM_ALLOW_USERS'};
2368 foreach (@temp)
2369 {
2370 s/^\s+//g; s/\s+$//g;
2371 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2372 }
2373 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2374 }
2375
2376 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2377 {
2378 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2379 undef $proxysettings{'NTLM_DENY_USERS'};
2380 foreach (@temp)
2381 {
2382 s/^\s+//g; s/\s+$//g;
2383 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2384 }
2385 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2386 }
2387
2388 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2389 {
2390 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2391 undef $proxysettings{'IDENT_ALLOW_USERS'};
2392 foreach (@temp)
2393 {
2394 s/^\s+//g; s/\s+$//g;
2395 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2396 }
2397 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2398 }
2399
2400 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2401 {
2402 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2403 undef $proxysettings{'IDENT_DENY_USERS'};
2404 foreach (@temp)
2405 {
2406 s/^\s+//g; s/\s+$//g;
2407 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2408 }
2409 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2410 }
2411
2412 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2413 {
2414 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2415 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2416 foreach (@temp)
2417 {
2418 s/^\s+//g; s/\s+$//g;
2419 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2420 }
2421 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2422 }
2423
2424 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2425 {
2426 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2427 undef $proxysettings{'RADIUS_DENY_USERS'};
2428 foreach (@temp)
2429 {
2430 s/^\s+//g; s/\s+$//g;
2431 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2432 }
2433 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2434 }
2435
2436 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2437 undef $proxysettings{'IDENT_HOSTS'};
2438 foreach (@temp)
2439 {
2440 s/^\s+//g; s/\s+$//g;
2441 if ($_)
2442 {
2443 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2444 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2445 }
2446 }
2447
2448 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2449 undef $proxysettings{'CRE_SVHOSTS'};
2450 foreach (@temp)
2451 {
2452 s/^\s+//g; s/\s+$//g;
2453 if ($_)
2454 {
2455 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2456 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2457 }
2458 }
2459 }
2460
2461
2462 # -------------------------------------------------------------------
2463
2464 sub write_acls
2465 {
2466 open(FILE, ">$acl_src_subnets");
2467 flock(FILE, 2);
2468 print FILE $proxysettings{'SRC_SUBNETS'};
2469 close(FILE);
2470
2471 open(FILE, ">$acl_src_banned_ip");
2472 flock(FILE, 2);
2473 print FILE $proxysettings{'SRC_BANNED_IP'};
2474 close(FILE);
2475
2476 open(FILE, ">$acl_src_banned_mac");
2477 flock(FILE, 2);
2478 print FILE $proxysettings{'SRC_BANNED_MAC'};
2479 close(FILE);
2480
2481 open(FILE, ">$acl_src_unrestricted_ip");
2482 flock(FILE, 2);
2483 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2484 close(FILE);
2485
2486 open(FILE, ">$acl_src_unrestricted_mac");
2487 flock(FILE, 2);
2488 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2489 close(FILE);
2490
2491 open(FILE, ">$acl_dst_nocache");
2492 flock(FILE, 2);
2493 print FILE $proxysettings{'DST_NOCACHE'};
2494 close(FILE);
2495
2496 open(FILE, ">$acl_dst_noauth");
2497 flock(FILE, 2);
2498 print FILE $proxysettings{'DST_NOAUTH'};
2499 close(FILE);
2500
2501 open(FILE, ">$acl_dst_throttle");
2502 flock(FILE, 2);
2503 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2504 {
2505 @temp = split(/\|/,$throttle_binary);
2506 foreach (@temp) { print FILE "\\.$_\$\n"; }
2507 }
2508 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2509 {
2510 @temp = split(/\|/,$throttle_dskimg);
2511 foreach (@temp) { print FILE "\\.$_\$\n"; }
2512 }
2513 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2514 {
2515 @temp = split(/\|/,$throttle_mmedia);
2516 foreach (@temp) { print FILE "\\.$_\$\n"; }
2517 }
2518 if (-s $throttled_urls)
2519 {
2520 open(URLFILE, $throttled_urls);
2521 @temp = <URLFILE>;
2522 close(URLFILE);
2523 foreach (@temp) { print FILE; }
2524 }
2525 close(FILE);
2526
2527 open(FILE, ">$mimetypes");
2528 flock(FILE, 2);
2529 print FILE $proxysettings{'MIME_TYPES'};
2530 close(FILE);
2531
2532 open(FILE, ">$ntlmdir/msntauth.allowusers");
2533 flock(FILE, 2);
2534 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2535 close(FILE);
2536
2537 open(FILE, ">$ntlmdir/msntauth.denyusers");
2538 flock(FILE, 2);
2539 print FILE $proxysettings{'NTLM_DENY_USERS'};
2540 close(FILE);
2541
2542 open(FILE, ">$raddir/radauth.allowusers");
2543 flock(FILE, 2);
2544 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2545 close(FILE);
2546
2547 open(FILE, ">$raddir/radauth.denyusers");
2548 flock(FILE, 2);
2549 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2550 close(FILE);
2551
2552 open(FILE, ">$identdir/identauth.allowusers");
2553 flock(FILE, 2);
2554 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2555 close(FILE);
2556
2557 open(FILE, ">$identdir/identauth.denyusers");
2558 flock(FILE, 2);
2559 print FILE $proxysettings{'IDENT_DENY_USERS'};
2560 close(FILE);
2561
2562 open(FILE, ">$identhosts");
2563 flock(FILE, 2);
2564 print FILE $proxysettings{'IDENT_HOSTS'};
2565 close(FILE);
2566
2567 open(FILE, ">$cre_groups");
2568 flock(FILE, 2);
2569 print FILE $proxysettings{'CRE_GROUPS'};
2570 close(FILE);
2571
2572 open(FILE, ">$cre_svhosts");
2573 flock(FILE, 2);
2574 print FILE $proxysettings{'CRE_SVHOSTS'};
2575 close(FILE);
2576 }
2577
2578 # -------------------------------------------------------------------
2579
2580 sub writepacfile
2581 {
2582 open(FILE, ">/home/httpd/html/proxy.pac");
2583 flock(FILE, 2);
2584 print FILE "function FindProxyForURL(url, host)\n";
2585 print FILE "{\n";
2586 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2587 {
2588 print FILE <<END
2589 if (
2590 (isPlainHostName(host)) ||
2591 (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
2592 (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
2593 (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
2594 (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
2595 (isInNet(host, "192.168.0.0", "255.255.0.0"))
2596 )
2597 return "DIRECT";
2598
2599 else
2600
2601 END
2602 ;
2603 if ($proxysettings{'ENABLE'} eq 'on')
2604 {
2605 print FILE <<END
2606 if (
2607 (isInNet(myIpAddress(), "$netsettings{'GREEN_NETADDRESS'}", "$netsettings{'GREEN_NETMASK'}"))
2608 )
2609 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2610 END
2611 ;
2612 }
2613 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2614 {
2615 print FILE "\n else\n\n";
2616 }
2617 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2618 {
2619 print FILE <<END
2620 if (
2621 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2622 )
2623 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2624 END
2625 ;
2626 }
2627 }
2628 print FILE "}\n";
2629 close(FILE);
2630 }
2631
2632 # -------------------------------------------------------------------
2633
2634 sub writeconfig
2635 {
2636 my $authrealm;
2637 my $delaypools;
2638
2639 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2640 $proxysettings{'THROTTLING_GREEN_HOST'} +
2641 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2642 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2643 {
2644 $delaypools = 1; } else { $delaypools = 0;
2645 }
2646
2647 if ($proxysettings{'AUTH_REALM'} eq '')
2648 {
2649 $authrealm = "IPFire Advanced Proxy Server";
2650 } else {
2651 $authrealm = $proxysettings{'AUTH_REALM'};
2652 }
2653
2654 $_ = $proxysettings{'UPSTREAM_PROXY'};
2655 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
2656
2657 if ($remoteport eq '') { $remoteport = 80; }
2658
2659 open(FILE, ">${General::swroot}/proxy/squid.conf");
2660 flock(FILE, 2);
2661 print FILE <<END
2662 shutdown_lifetime 5 seconds
2663 icp_port 0
2664
2665 http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}
2666 END
2667 ;
2668 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2669 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
2670 }
2671
2672 print FILE <<END
2673
2674 acl QUERY urlpath_regex cgi-bin \\?
2675 no_cache deny QUERY
2676 END
2677 ;
2678 if (!-z $acl_dst_nocache) {
2679 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
2680 print FILE "no_cache deny no_cache_domains\n";
2681 }
2682
2683 print FILE <<END
2684
2685 cache_effective_user squid
2686 cache_effective_group squid
2687
2688 pid_filename /var/run/squid.pid
2689
2690 cache_mem $proxysettings{'CACHE_MEM'} MB
2691 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
2692
2693 error_directory /usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}
2694
2695 END
2696 ;
2697
2698 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
2699
2700 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
2701 {
2702 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
2703 {
2704 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
2705 }
2706 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
2707 {
2708 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
2709 }
2710 print FILE "\n";
2711 }
2712
2713 if ($proxysettings{'LOGGING'} eq 'on')
2714 {
2715 print FILE <<END
2716 cache_access_log /var/log/squid/access.log
2717 cache_log /var/log/squid/cache.log
2718 cache_store_log none
2719 END
2720 ;
2721 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
2722 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
2723 } else {
2724 print FILE <<END
2725 cache_access_log /dev/null
2726 cache_log /dev/null
2727 cache_store_log none
2728 END
2729 ;}
2730 print FILE <<END
2731
2732 log_mime_hdrs off
2733 END
2734 ;
2735
2736 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
2737 {
2738 print FILE "forwarded_for on\n\n";
2739 } else {
2740 print FILE "forwarded_for off\n\n";
2741 }
2742
2743 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
2744 {
2745 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2746 {
2747 print FILE "auth_param basic program $libexecdir/ncsa_auth $userdb\n";
2748 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2749 print FILE "auth_param basic realm $authrealm\n";
2750 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2751 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2752 }
2753
2754 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
2755 {
2756 print FILE "auth_param basic program $libexecdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
2757 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
2758 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
2759 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
2760 {
2761 if ($proxysettings{'LDAP_GROUP'} eq '')
2762 {
2763 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
2764 } else {
2765 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2766 }
2767 print FILE " -u sAMAccountName -P";
2768 }
2769 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
2770 {
2771 if ($proxysettings{'LDAP_GROUP'} eq '')
2772 {
2773 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
2774 } else {
2775 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
2776 }
2777 print FILE " -u cn -P";
2778 }
2779 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
2780 {
2781 if ($proxysettings{'LDAP_GROUP'} eq '')
2782 {
2783 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
2784 } else {
2785 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2786 }
2787 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
2788 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
2789 print FILE " -u uid -P";
2790 }
2791 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
2792 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2793 print FILE "auth_param basic realm $authrealm\n";
2794 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2795 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2796 }
2797
2798 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
2799 {
2800 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
2801 {
2802 print FILE "auth_param ntlm program $libexecdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
2803 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
2804 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
2805 print FILE "auth_param ntlm max_challenge_reuses 0\n";
2806 print FILE "auth_param ntlm max_challenge_lifetime 2 minutes\n";
2807 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2808 } else {
2809 print FILE "auth_param basic program $libexecdir/msnt_auth\n";
2810 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2811 print FILE "auth_param basic realm $authrealm\n";
2812 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2813 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2814
2815 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
2816 flock(MSNTCONF,2);
2817 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
2818 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
2819 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
2820 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
2821 {
2822 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
2823 {
2824 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
2825 } else {
2826 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
2827 }
2828 }
2829 close(MSNTCONF);
2830 }
2831 }
2832
2833 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
2834 {
2835 print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
2836 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
2837 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
2838 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2839 print FILE "auth_param basic realm $authrealm\n";
2840 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2841 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2842 }
2843
2844 print FILE "\n";
2845 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
2846 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
2847 {
2848 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2849 {
2850 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
2851 }
2852 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2853 {
2854 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
2855 }
2856 }
2857 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
2858 {
2859 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2860 {
2861 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
2862 }
2863 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2864 {
2865 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
2866 }
2867 }
2868 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2869 {
2870 print FILE "\n";
2871 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
2872 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
2873 }
2874 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
2875 print FILE "\n";
2876
2877 if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; }
2878 }
2879
2880 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2881 {
2882 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
2883 {
2884 print FILE "acl for_inetusers ident REQUIRED\n";
2885 }
2886 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
2887 {
2888 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2889 {
2890 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
2891 }
2892 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2893 {
2894 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
2895 }
2896 }
2897 }
2898
2899 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
2900
2901 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
2902
2903 print FILE "acl within_timeframe time ";
2904 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
2905 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
2906 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
2907 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
2908 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
2909 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
2910 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
2911 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
2912 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
2913 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
2914 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
2915
2916 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
2917 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
2918 }
2919
2920 print FILE <<END
2921 acl all src 0.0.0.0/0.0.0.0
2922 acl localhost src 127.0.0.1/255.255.255.255
2923 acl SSL_ports port 443 563
2924 acl Safe_ports port 80 # http
2925 acl Safe_ports port 21 # ftp
2926 acl Safe_ports port 443 563 # https, snews
2927 acl Safe_ports port 70 # gopher
2928 acl Safe_ports port 210 # wais
2929 acl Safe_ports port 1025-65535 # unregistered ports
2930 acl Safe_ports port 280 # http-mgmt
2931 acl Safe_ports port 488 # gss-http
2932 acl Safe_ports port 591 # filemaker
2933 acl Safe_ports port 777 # multiling http
2934 acl Safe_ports port 800 # Squids port (for icons)
2935
2936 acl IPCop_http port 81
2937 acl IPCop_https port 445
2938 acl IPCop_ips dst $netsettings{'GREEN_ADDRESS'}
2939 acl IPCop_networks src "$acl_src_subnets"
2940 acl IPCop_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
2941 END
2942 ;
2943 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
2944 if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips src \"$acl_src_banned_ip\"\n"; }
2945 if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac arp \"$acl_src_banned_mac\"\n"; }
2946 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
2947 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
2948 print FILE <<END
2949 acl CONNECT method CONNECT
2950 END
2951 ;
2952
2953 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
2954 print FILE <<END
2955
2956 #Classroom extensions
2957 acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
2958 acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
2959 END
2960 ;
2961 print FILE "deny_info ";
2962 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2963 print FILE "ERR_ACCESS_DISABLED";
2964 } else { print FILE "ERR_ACCESS_DENIED"; }
2965 print FILE " IPCop_no_access_ips\n";
2966 print FILE "deny_info ";
2967 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2968 print FILE "ERR_ACCESS_DISABLED";
2969 } else { print FILE "ERR_ACCESS_DENIED"; }
2970 print FILE " IPCop_no_access_mac\n";
2971
2972 print FILE <<END
2973 http_access deny IPCop_no_access_ips
2974 http_access deny IPCop_no_access_mac
2975 END
2976 ;
2977 }
2978
2979 #Insert acl file and replace __VAR__ with correct values
2980 my $blue_net = ''; #BLUE empty by default
2981 my $blue_ip = '';
2982 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2983 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
2984 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
2985 }
2986 if (!-z $acl_include)
2987 {
2988 open (ACL, "$acl_include");
2989 print FILE "\n#Start of custom includes\n";
2990 while (<ACL>) {
2991 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
2992 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
2993 $_ =~ s/__BLUE_IP__/$blue_ip/;
2994 $_ =~ s/__BLUE_NET__/$blue_net/;
2995 print FILE $_;
2996 }
2997 print FILE "#End of custom includes\n";
2998 close (ACL);
2999 }
3000 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
3001 print FILE <<END
3002
3003 #Access to squid:
3004 #local machine, no restriction
3005 http_access allow localhost
3006
3007 #GUI admin if local machine connects
3008 http_access allow IPCop_ips IPCop_networks IPCop_http
3009 http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
3010
3011 #Deny not web services
3012 http_access deny !Safe_ports
3013 http_access deny CONNECT !SSL_ports
3014
3015 END
3016 ;
3017
3018 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
3019 {
3020 print FILE "#Set ident ACLs\n";
3021 if (!-z $identhosts)
3022 {
3023 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
3024 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
3025 print FILE "ident_lookup_access deny all\n";
3026 } else {
3027 print FILE "ident_lookup_access allow all\n";
3028 }
3029 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3030 }
3031
3032 if ($delaypools) {
3033 print FILE "#Set download throttling\n";
3034
3035 if ($netsettings{'BLUE_DEV'})
3036 {
3037 print FILE "delay_pools 2\n";
3038 } else {
3039 print FILE "delay_pools 1\n";
3040 }
3041
3042 print FILE "delay_class 1 3\n";
3043 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3044
3045 print FILE "delay_parameters 1 ";
3046 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3047 {
3048 print FILE "-1/-1";
3049 } else {
3050 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3051 print FILE "/";
3052 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3053 }
3054
3055 print FILE " -1/-1 ";
3056 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3057 {
3058 print FILE "-1/-1";
3059 } else {
3060 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3061 print FILE "/";
3062 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3063 }
3064 print FILE "\n";
3065
3066 if ($netsettings{'BLUE_DEV'})
3067 {
3068 print FILE "delay_parameters 2 ";
3069 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3070 {
3071 print FILE "-1/-1";
3072 } else {
3073 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3074 print FILE "/";
3075 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3076 }
3077 print FILE " -1/-1 ";
3078 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3079 {
3080 print FILE "-1/-1";
3081 } else {
3082 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3083 print FILE "/";
3084 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3085 }
3086 print FILE "\n";
3087 }
3088
3089 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
3090 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
3091 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3092
3093 if ($netsettings{'BLUE_DEV'})
3094 {
3095 print FILE "delay_access 1 allow IPCop_green_network";
3096 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3097 print FILE "\n";
3098 print FILE "delay_access 1 deny all\n";
3099 } else {
3100 print FILE "delay_access 1 allow all";
3101 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3102 print FILE "\n";
3103 }
3104
3105 if ($netsettings{'BLUE_DEV'})
3106 {
3107 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
3108 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
3109 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3110 print FILE "delay_access 2 allow IPCop_blue_network";
3111 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3112 print FILE "\n";
3113 print FILE "delay_access 2 deny all\n";
3114 }
3115
3116 print FILE "delay_initial_bucket_level 100%\n";
3117 print FILE "\n";
3118 }
3119 print FILE <<END
3120 #Set custom configured ACLs
3121 END
3122 ;
3123 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPCop_banned_ips\n"; }
3124 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPCop_banned_mac\n"; }
3125
3126 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3127 {
3128 if (!-z $acl_src_unrestricted_ip)
3129 {
3130 print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
3131 }
3132 if (!-z $acl_src_unrestricted_mac)
3133 {
3134 print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
3135 }
3136 print FILE "http_access allow IPCop_networks";
3137 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3138 print FILE " !within_timeframe";
3139 } else {
3140 print FILE " within_timeframe"; }
3141 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3142 print FILE " to_domains_without_auth\n";
3143 }
3144
3145 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3146 {
3147 print FILE "http_access deny !for_inetusers";
3148 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3149 print FILE "\n";
3150 }
3151
3152 if (
3153 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3154 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3155 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3156 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3157 (!-z "$identdir/identauth.denyusers")
3158 )
3159 {
3160 print FILE "http_access deny for_acl_users";
3161 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3162 print FILE "\n";
3163 }
3164
3165 if (!-z $acl_src_unrestricted_ip)
3166 {
3167 print FILE "http_access allow IPCop_unrestricted_ips";
3168 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3169 {
3170 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3171 {
3172 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3173 }
3174 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3175 {
3176 print FILE " for_inetusers";
3177 }
3178 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3179 {
3180 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3181 {
3182 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3183 {
3184 print FILE " for_acl_users";
3185 }
3186 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3187 {
3188 print FILE " !for_acl_users";
3189 }
3190 } else { print FILE " for_inetusers"; }
3191 }
3192 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3193 {
3194 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3195 {
3196 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3197 {
3198 print FILE " for_acl_users";
3199 }
3200 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3201 {
3202 print FILE " !for_acl_users";
3203 }
3204 } else { print FILE " for_inetusers"; }
3205 }
3206 }
3207 print FILE "\n";
3208 }
3209
3210 if (!-z $acl_src_unrestricted_mac)
3211 {
3212 print FILE "http_access allow IPCop_unrestricted_mac";
3213 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3214 {
3215 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3216 {
3217 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3218 }
3219 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3220 {
3221 print FILE " for_inetusers";
3222 }
3223 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3224 {
3225 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3226 {
3227 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3228 {
3229 print FILE " for_acl_users";
3230 }
3231 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3232 {
3233 print FILE " !for_acl_users";
3234 }
3235 } else { print FILE " for_inetusers"; }
3236 }
3237 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3238 {
3239 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3240 {
3241 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3242 {
3243 print FILE " for_acl_users";
3244 }
3245 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3246 {
3247 print FILE " !for_acl_users";
3248 }
3249 } else { print FILE " for_inetusers"; }
3250 }
3251 }
3252 print FILE "\n";
3253 }
3254
3255 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3256 {
3257 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3258 if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
3259 }
3260
3261 if (
3262 (
3263 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3264 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3265 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3266 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3267 (!-z "$ntlmdir/msntauth.denyusers")
3268 )
3269 ||
3270 (
3271 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3272 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3273 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3274 (!-z "$raddir/radauth.denyusers")
3275 )
3276 ||
3277 (
3278 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3279 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3280 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3281 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3282 (!-z "$identdir/identauth.denyusers")
3283 )
3284 )
3285 {
3286 print FILE "http_access deny for_acl_users";
3287 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3288 print FILE "\n";
3289 }
3290
3291 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3292 {
3293 print FILE "http_access allow";
3294 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3295 print FILE " !within_timeframe";
3296 } else {
3297 print FILE " within_timeframe"; }
3298 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3299 print FILE " !on_ident_aware_hosts\n";
3300 }
3301
3302 print FILE "http_access allow IPCop_networks";
3303 if (
3304 (
3305 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3306 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3307 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3308 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3309 (!-z "$ntlmdir/msntauth.allowusers")
3310 )
3311 ||
3312 (
3313 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3314 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3315 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3316 (!-z "$raddir/radauth.allowusers")
3317 )
3318 ||
3319 (
3320 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3321 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3322 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3323 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3324 (!-z "$identdir/identauth.allowusers")
3325 )
3326 )
3327 {
3328 print FILE " for_acl_users";
3329 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3330 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3331 print FILE " for_inetusers";
3332 }
3333 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3334 {
3335 print FILE " !concurrent";
3336 }
3337 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3338 print FILE " !within_timeframe";
3339 } else {
3340 print FILE " within_timeframe"; }
3341 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3342 print FILE "\n";
3343
3344 print FILE "http_access deny all\n\n";
3345
3346 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3347 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3348 {
3349 print FILE "#Strip HTTP Header\n";
3350
3351 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3352 {
3353 print FILE "header_access X-Forwarded-For deny all\n";
3354 }
3355 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3356 {
3357 print FILE "header_access Via deny all\n";
3358 }
3359 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3360 {
3361 print FILE "header_access User-Agent deny all\n";
3362 }
3363 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3364 {
3365 print FILE "header_access Referer deny all\n";
3366 }
3367
3368 print FILE "\n";
3369
3370 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3371 {
3372 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3373 {
3374 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3375 }
3376 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3377 {
3378 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3379 }
3380 print FILE "\n";
3381 }
3382 }
3383
3384 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3385 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
3386 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
3387 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3388 {
3389 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3390 }
3391 print FILE "http_reply_access deny blocked_mimetypes\n";
3392 print FILE "http_reply_access allow all\n\n";
3393 }
3394
3395 print FILE <<END
3396 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3397 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3398
3399 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3400 END
3401 ;
3402 $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
3403 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3404 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
3405 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
3406 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3407 {
3408 if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
3409 }
3410 }
3411 print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
3412
3413 print FILE "visible_hostname";
3414 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3415 {
3416 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3417 } else {
3418 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3419 }
3420
3421 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
3422
3423 # Write the parent proxy info, if needed.
3424 if ($remotehost ne '')
3425 {
3426 # Enter authentication for the parent cache (format is login=user:password)
3427 if ($proxy1 eq 'YES') {
3428 print FILE <<END
3429 cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query
3430
3431 END
3432 ;
3433 } else {
3434 # Not using authentication with the parent cache
3435 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3436 if ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3437 print FILE "\n";
3438 }
3439 print FILE "never_direct allow all\n\n";
3440 }
3441 if ($urlfilter_addon) {
3442 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
3443 {
3444 print FILE <<END
3445 redirect_program /usr/bin/squidGuard
3446 redirect_children $filtersettings{'CHILDREN'}
3447
3448 END
3449 ;
3450 }
3451 }
3452 if ($updacclrtr_addon) {
3453 if ($proxysettings{'ENABLE_UPDACCEL'} eq 'on')
3454 {
3455 print FILE <<END
3456 redirect_program /usr/local/bin/updacclrtr
3457 redirect_children $updaccsettings{'ACCELERATORS'}
3458
3459 END
3460 ;
3461 }
3462 }
3463 if (($proxysettings{'TRANSPARENT'} eq 'on') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))
3464 {
3465 print FILE <<END
3466 httpd_accel_host virtual
3467 httpd_accel_port 80
3468 httpd_accel_with_proxy on
3469 httpd_accel_uses_host_header on
3470 END
3471 ;
3472 }
3473 close FILE;
3474 }
3475
3476 # -------------------------------------------------------------------
3477
3478 sub adduser
3479 {
3480 my ($str_user, $str_pass, $str_group) = @_;
3481 my @groupmembers=();
3482
3483 if ($str_pass eq 'lEaVeAlOnE')
3484 {
3485 open(FILE, "$userdb");
3486 @groupmembers = <FILE>;
3487 close(FILE);
3488 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3489 &deluser($str_user);
3490 open(FILE, ">>$userdb");
3491 flock FILE,2;
3492 print FILE "$str_user$str_pass";
3493 close(FILE);
3494 } else {
3495 &deluser($str_user);
3496 system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
3497 }
3498
3499 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3500 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3501 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3502 flock FILE, 2;
3503 print FILE "$str_user\n";
3504 close(FILE);
3505
3506 return;
3507 }
3508
3509 # -------------------------------------------------------------------
3510
3511 sub deluser
3512 {
3513 my ($str_user) = @_;
3514 my $groupfile='';
3515 my @groupmembers=();
3516 my @templist=();
3517
3518 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3519 {
3520 undef @templist;
3521 open(FILE, "$groupfile");
3522 @groupmembers = <FILE>;
3523 close(FILE);
3524 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3525 open(FILE, ">$groupfile");
3526 flock FILE, 2;
3527 print FILE @templist;
3528 close(FILE);
3529 }
3530
3531 undef @templist;
3532 open(FILE, "$userdb");
3533 @groupmembers = <FILE>;
3534 close(FILE);
3535 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3536 open(FILE, ">$userdb");
3537 flock FILE, 2;
3538 print FILE @templist;
3539 close(FILE);
3540
3541 return;
3542 }
3543
3544 # -------------------------------------------------------------------
Peter's tree of IPFire 2.x