]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/proxy.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Hinzugefuegt:
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / proxy.cgi
1 #!/usr/bin/perl
2 #
3 # IPCop CGIs
4 #
5 # This code is distributed under the terms of the GPL
6 #
7 # $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $
8 #
9
10 use strict;
11
12 # enable only the following on debugging purpose
13 #use warnings;
14 #use CGI::Carp 'fatalsToBrowser';
15
16 use IO::Socket;
17
18 require '/var/ipfire/general-functions.pl';
19 require "${General::swroot}/lang.pl";
20 require "${General::swroot}/header.pl";
21
22 my %proxysettings=();
23 my %netsettings=();
24 my %filtersettings=();
25 my %updaccsettings=();
26 my %stdproxysettings=();
27 my %mainsettings=();
28 my $urlfilter_addon=0;
29 my $updacclrtr_addon=0;
30
31 my %checked=();
32 my %selected=();
33
34 my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
35 my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
36 my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
37 my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
38
39 my @useragent=();
40 my @useragentlist=();
41
42 my $hintcolour='#FFFFCC';
43 my $ncsa_buttontext='';
44 my $language='';
45 my $i=0;
46 my $n=0;
47 my $id=0;
48 my $line='';
49 my $user='';
50 my @userlist=();
51 my @grouplist=();
52 my @temp=();
53 my @templist=();
54
55 my $cachemem=0;
56 my $proxy1='';
57 my $proxy2='';
58 my $replybodymaxsize=0;
59 my $browser_regexp='';
60 my $needhup = 0;
61 my $errormessage='';
62
63 my $acldir = "${General::swroot}/proxy/advanced/acls";
64 my $ncsadir = "${General::swroot}/proxy/advanced/ncsa";
65 my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm";
66 my $raddir = "${General::swroot}/proxy/advanced/radius";
67 my $identdir = "${General::swroot}/proxy/advanced/ident";
68 my $credir = "${General::swroot}/proxy/advanced/cre";
69
70 my $userdb = "$ncsadir/passwd";
71 my $stdgrp = "$ncsadir/standard.grp";
72 my $extgrp = "$ncsadir/extended.grp";
73 my $disgrp = "$ncsadir/disabled.grp";
74
75 my $browserdb = "${General::swroot}/proxy/advanced/useragents";
76 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
77 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
78
79 my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable";
80 my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms";
81 my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
82
83 my $identhosts = "$identdir/hosts";
84
85 my $libexecdir = "/usr/lib/squid";
86
87 my $acl_src_subnets = "$acldir/src_subnets.acl";
88 my $acl_src_banned_ip = "$acldir/src_banned_ip.acl";
89 my $acl_src_banned_mac = "$acldir/src_banned_mac.acl";
90 my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
91 my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
92 my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
93 my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
94 my $acl_dst_nocache = "$acldir/dst_nocache.acl";
95 my $acl_dst_noauth = "$acldir/dst_noauth.acl";
96 my $acl_dst_throttle = "$acldir/dst_throttle.acl";
97 my $acl_include = "$acldir/include.acl";
98
99 unless (-d "$acldir") { mkdir("$acldir"); }
100 unless (-d "$ncsadir") { mkdir("$ncsadir"); }
101 unless (-d "$ntlmdir") { mkdir("$ntlmdir"); }
102 unless (-d "$raddir") { mkdir("$raddir"); }
103 unless (-d "$identdir") { mkdir("$identdir"); }
104 unless (-d "$credir") { mkdir("$credir"); }
105
106 unless (-e $cre_groups) { system("touch $cre_groups"); }
107 unless (-e $cre_svhosts) { system("touch $cre_svhosts"); }
108
109 unless (-e $userdb) { system("touch $userdb"); }
110 unless (-e $stdgrp) { system("touch $stdgrp"); }
111 unless (-e $extgrp) { system("touch $extgrp"); }
112 unless (-e $disgrp) { system("touch $disgrp"); }
113
114 unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); }
115 unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); }
116 unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); }
117 unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); }
118 unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
119 unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
120 unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
121 unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
122 unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
123 unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
124 unless (-e $acl_include) { system("touch $acl_include"); }
125
126 unless (-e $browserdb) { system("touch $browserdb"); }
127 unless (-e $mimetypes) { system("touch $mimetypes"); }
128
129 open FILE, $browserdb;
130 @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
131 close(FILE);
132
133 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
134 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
135
136 if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; }
137 if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; }
138
139 if ($urlfilter_addon) {
140 $filtersettings{'CHILDREN'} = '5';
141 if (-e "${General::swroot}/urlfilter/settings") {
142 &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
143 }
144 }
145
146 if ($updacclrtr_addon) {
147 $updaccsettings{'ACCELERATORS'} = '10';
148 if (-e "${General::swroot}/updacclrtr/settings") {
149 &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings);
150 }
151 }
152
153 &Header::showhttpheaders();
154
155 $proxysettings{'ACTION'} = '';
156 $proxysettings{'VALID'} = '';
157
158 $proxysettings{'ENABLE'} = 'off';
159 $proxysettings{'ENABLE_BLUE'} = 'off';
160 $proxysettings{'TRANSPARENT'} = 'off';
161 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
162 $proxysettings{'PROXY_PORT'} = '800';
163 $proxysettings{'VISIBLE_HOSTNAME'} = '';
164 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
165 $proxysettings{'ERR_LANGUAGE'} = 'English';
166 $proxysettings{'FORWARD_VIA'} = 'off';
167 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
168 $proxysettings{'FORWARD_USERNAME'} = 'off';
169 $proxysettings{'UPSTREAM_PROXY'} = '';
170 $proxysettings{'UPSTREAM_USER'} = '';
171 $proxysettings{'UPSTREAM_PASSWORD'} = '';
172 $proxysettings{'LOGGING'} = 'off';
173 $proxysettings{'LOGQUERY'} = 'off';
174 $proxysettings{'LOGUSERAGENT'} = 'off';
175 $proxysettings{'CACHE_MEM'} = '2';
176 $proxysettings{'CACHE_SIZE'} = '50';
177 $proxysettings{'MAX_SIZE'} = '4096';
178 $proxysettings{'MIN_SIZE'} = '0';
179 $proxysettings{'MEM_POLICY'} = 'LRU';
180 $proxysettings{'CACHE_POLICY'} = 'LRU';
181 $proxysettings{'L1_DIRS'} = '16';
182 $proxysettings{'OFFLINE_MODE'} = 'off';
183 $proxysettings{'CLASSROOM_EXT'} = 'off';
184 $proxysettings{'SUPERVISOR_PASSWORD'} = '';
185 $proxysettings{'TIME_ACCESS_MODE'} = 'allow';
186 $proxysettings{'TIME_FROM_HOUR'} = '00';
187 $proxysettings{'TIME_FROM_MINUTE'} = '00';
188 $proxysettings{'TIME_TO_HOUR'} = '24';
189 $proxysettings{'TIME_TO_MINUTE'} = '00';
190 $proxysettings{'MAX_OUTGOING_SIZE'} = '0';
191 $proxysettings{'MAX_INCOMING_SIZE'} = '0';
192 $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';
193 $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
194 $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
195 $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
196 $proxysettings{'THROTTLE_BINARY'} = 'off';
197 $proxysettings{'THROTTLE_DSKIMG'} = 'off';
198 $proxysettings{'THROTTLE_MMEDIA'} = 'off';
199 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
200 $proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
201 $proxysettings{'FAKE_USERAGENT'} = '';
202 $proxysettings{'FAKE_REFERER'} = '';
203 $proxysettings{'AUTH_METHOD'} = 'none';
204 $proxysettings{'AUTH_REALM'} = '';
205 $proxysettings{'AUTH_MAX_USERIP'} = '';
206 $proxysettings{'AUTH_CACHE_TTL'} = '60';
207 $proxysettings{'AUTH_IPCACHE_TTL'} = '0';
208 $proxysettings{'AUTH_CHILDREN'} = '5';
209 $proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
210 $proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
211 $proxysettings{'NCSA_USERNAME'} = '';
212 $proxysettings{'NCSA_GROUP'} = '';
213 $proxysettings{'NCSA_PASS'} = '';
214 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
215 $proxysettings{'LDAP_BASEDN'} = '';
216 $proxysettings{'LDAP_TYPE'} = 'ADS';
217 $proxysettings{'LDAP_SERVER'} = '';
218 $proxysettings{'LDAP_PORT'} = '389';
219 $proxysettings{'LDAP_BINDDN_USER'} = '';
220 $proxysettings{'LDAP_BINDDN_PASS'} = '';
221 $proxysettings{'LDAP_GROUP'} = '';
222 $proxysettings{'NTLM_DOMAIN'} = '';
223 $proxysettings{'NTLM_PDC'} = '';
224 $proxysettings{'NTLM_BDC'} = '';
225 $proxysettings{'NTLM_ENABLE_ACL'} = 'off';
226 $proxysettings{'NTLM_USER_ACL'} = 'positive';
227 $proxysettings{'RADIUS_SERVER'} = '';
228 $proxysettings{'RADIUS_PORT'} = '1645';
229 $proxysettings{'RADIUS_IDENTIFIER'} = '';
230 $proxysettings{'RADIUS_SECRET'} = '';
231 $proxysettings{'RADIUS_ENABLE_ACL'} = 'off';
232 $proxysettings{'RADIUS_USER_ACL'} = 'positive';
233 $proxysettings{'IDENT_REQUIRED'} = 'off';
234 $proxysettings{'IDENT_TIMEOUT'} = '10';
235 $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
236 $proxysettings{'IDENT_USER_ACL'} = 'positive';
237
238 if ($urlfilter_addon) {
239 $proxysettings{'ENABLE_FILTER'} = 'off';
240 }
241
242 if ($updacclrtr_addon) {
243 $proxysettings{'ENABLE_UPDACCEL'} = 'off';
244 }
245
246 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
247
248 &Header::getcgihash(\%proxysettings);
249
250 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';}
251 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';}
252 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';}
253 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';}
254
255 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'})
256 {
257 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
258 }
259
260 if ($proxysettings{'ACTION'} eq $Lang::tr{'add'})
261 {
262 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
263 if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) {
264 $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'};
265 }
266 if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) {
267 $errormessage = $Lang::tr{'advproxy errmsg passwords different'};
268 }
269 if ($proxysettings{'NCSA_USERNAME'} eq '') {
270 $errormessage = $Lang::tr{'advproxy errmsg no username'};
271 }
272 if (!$errormessage) {
273 $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/;
274 &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'});
275 }
276 $proxysettings{'NCSA_USERNAME'} = '';
277 $proxysettings{'NCSA_GROUP'} = '';
278 $proxysettings{'NCSA_PASS'} = '';
279 $proxysettings{'NCSA_PASS_CONFIRM'} = '';
280 }
281
282 if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'})
283 {
284 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
285 &deluser($proxysettings{'ID'});
286 }
287
288 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
289 {
290 $proxysettings{'NCSA_EDIT_MODE'} = 'yes';
291 $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'};
292 @temp = split(/:/,$proxysettings{'ID'});
293 $proxysettings{'NCSA_USERNAME'} = $temp[0];
294 $proxysettings{'NCSA_GROUP'} = $temp[1];
295 $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE";
296 $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
297 }
298
299 if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
300 {
301 if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
302 $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
303 $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
304 $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
305 $errormessage = $Lang::tr{'invalid input'};
306 goto ERROR;
307 }
308 if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
309 ($proxysettings{'CACHE_SIZE'} < 10))
310 {
311 $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
312 goto ERROR;
313 }
314 if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
315 ($proxysettings{'CACHE_MEM'} < 1))
316 {
317 $errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
318 goto ERROR;
319 }
320 my @free = `/usr/bin/free`;
321 $free[1] =~ m/(\d+)/;
322 $cachemem = int $1 / 2048;
323 if ($proxysettings{'CACHE_MEM'} > $cachemem) {
324 $proxysettings{'CACHE_MEM'} = $cachemem;
325 }
326 if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))
327 {
328 $errormessage = $Lang::tr{'invalid maximum object size'};
329 goto ERROR;
330 }
331 if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))
332 {
333 $errormessage = $Lang::tr{'invalid minimum object size'};
334 goto ERROR;
335 }
336 if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))
337 {
338 $errormessage = $Lang::tr{'invalid maximum outgoing size'};
339 goto ERROR;
340 }
341 if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'}))
342 {
343 $errormessage = $Lang::tr{'advproxy errmsg time restriction'};
344 goto ERROR;
345 }
346 if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))
347 {
348 $errormessage = $Lang::tr{'invalid maximum incoming size'};
349 goto ERROR;
350 }
351 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
352 {
353 $browser_regexp = '';
354 foreach (@useragentlist)
355 {
356 chomp;
357 @useragent = split(/,/);
358 if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
359 }
360 chop($browser_regexp);
361 if (!$browser_regexp)
362 {
363 $errormessage = $Lang::tr{'advproxy errmsg no browser'};
364 goto ERROR;
365 }
366 }
367 if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
368 {
369 unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
370 ($proxysettings{'IDENT_REQUIRED'} eq 'off') &&
371 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off'))
372 {
373 if ($netsettings{'BLUE_DEV'})
374 {
375 if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) &&
376 (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on')))
377 {
378 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
379 goto ERROR;
380 }
381 } else {
382 if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on'))
383 {
384 $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'};
385 goto ERROR;
386 }
387 }
388 }
389 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
390 ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
391 {
392 $errormessage = $Lang::tr{'advproxy errmsg max userip'};
393 goto ERROR;
394 }
395 if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
396 {
397 $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
398 goto ERROR;
399 }
400 if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
401 {
402 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
403 goto ERROR;
404 }
405 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
406 {
407 $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
408 goto ERROR;
409 }
410 if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255))
411 {
412 $errormessage = $Lang::tr{'advproxy errmsg auth children'};
413 goto ERROR;
414 }
415 }
416 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
417 {
418 if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255))
419 {
420 $errormessage = $Lang::tr{'advproxy errmsg password length'};
421 goto ERROR;
422 }
423 }
424 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
425 {
426 if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1))
427 {
428 $errormessage = $Lang::tr{'advproxy errmsg ident timeout'};
429 goto ERROR;
430 }
431 }
432 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
433 {
434 if ($proxysettings{'LDAP_BASEDN'} eq '')
435 {
436 $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'};
437 goto ERROR;
438 }
439 if (!&General::validip($proxysettings{'LDAP_SERVER'}))
440 {
441 $errormessage = $Lang::tr{'advproxy errmsg ldap server'};
442 goto ERROR;
443 }
444 if (!&General::validport($proxysettings{'LDAP_PORT'}))
445 {
446 $errormessage = $Lang::tr{'advproxy errmsg ldap port'};
447 goto ERROR;
448 }
449 if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS'))
450 {
451 if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq ''))
452 {
453 $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'};
454 goto ERROR;
455 }
456 }
457 }
458 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
459 {
460 if ($proxysettings{'NTLM_DOMAIN'} eq '')
461 {
462 $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'};
463 goto ERROR;
464 }
465 if ($proxysettings{'NTLM_PDC'} eq '')
466 {
467 $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'};
468 goto ERROR;
469 }
470 if (!&General::validhostname($proxysettings{'NTLM_PDC'}))
471 {
472 $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'};
473 goto ERROR;
474 }
475 if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'})))
476 {
477 $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
478 goto ERROR;
479 }
480 }
481 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
482 {
483 if (!&General::validip($proxysettings{'RADIUS_SERVER'}))
484 {
485 $errormessage = $Lang::tr{'advproxy errmsg radius server'};
486 goto ERROR;
487 }
488 if (!&General::validport($proxysettings{'RADIUS_PORT'}))
489 {
490 $errormessage = $Lang::tr{'advproxy errmsg radius port'};
491 goto ERROR;
492 }
493 if ($proxysettings{'RADIUS_SECRET'} eq '')
494 {
495 $errormessage = $Lang::tr{'advproxy errmsg radius secret'};
496 goto ERROR;
497 }
498 }
499
500 # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.
501 $proxy1 = 'YES';
502 $proxy2 = 'YES';
503 if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}
504 if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}
505 if (($proxy1 ne $proxy2))
506 {
507 $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'};
508 goto ERROR;
509 }
510
511 ERROR:
512 &check_acls;
513
514 if ($errormessage) {
515 $proxysettings{'VALID'} = 'no'; }
516 else {
517 $proxysettings{'VALID'} = 'yes'; }
518
519 if ($proxysettings{'VALID'} eq 'yes')
520 {
521 &write_acls;
522
523 delete $proxysettings{'SRC_SUBNETS'};
524 delete $proxysettings{'SRC_BANNED_IP'};
525 delete $proxysettings{'SRC_BANNED_MAC'};
526 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
527 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
528 delete $proxysettings{'DST_NOCACHE'};
529 delete $proxysettings{'DST_NOAUTH'};
530 delete $proxysettings{'MIME_TYPES'};
531 delete $proxysettings{'NTLM_ALLOW_USERS'};
532 delete $proxysettings{'NTLM_DENY_USERS'};
533 delete $proxysettings{'RADIUS_ALLOW_USERS'};
534 delete $proxysettings{'RADIUS_DENY_USERS'};
535 delete $proxysettings{'IDENT_HOSTS'};
536 delete $proxysettings{'IDENT_ALLOW_USERS'};
537 delete $proxysettings{'IDENT_DENY_USERS'};
538
539 delete $proxysettings{'CRE_GROUPS'};
540 delete $proxysettings{'CRE_SVHOSTS'};
541
542 delete $proxysettings{'NCSA_USERNAME'};
543 delete $proxysettings{'NCSA_GROUP'};
544 delete $proxysettings{'NCSA_PASS'};
545 delete $proxysettings{'NCSA_PASS_CONFIRM'};
546
547 $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'};
548 $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'};
549 $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'};
550 $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'};
551 $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'};
552 $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'};
553 $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'};
554
555 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
556 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
557
558 &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
559
560 if ($urlfilter_addon)
561 {
562 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
563 $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
564 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
565 }
566
567 if ($updacclrtr_addon)
568 {
569 if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
570 $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'};
571 &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
572 }
573
574 &writeconfig;
575 &writepacfile;
576
577 unlink "${General::swroot}/proxy/enable";
578 unlink "${General::swroot}/proxy/transparent";
579 unlink "${General::swroot}/proxy/enable_blue";
580 unlink "${General::swroot}/proxy/transparent_blue";
581
582 if ($proxysettings{'ENABLE'} eq 'on') {
583 system ('/bin/touch', "${General::swroot}/proxy/enable"); }
584 if ($proxysettings{'TRANSPARENT'} eq 'on') {
585 system ('/bin/touch', "${General::swroot}/proxy/transparent"); }
586 if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
587 system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }
588 if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
589 system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
590
591 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
592 }
593 }
594
595 if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})
596 {
597 system('/usr/local/bin/restartsquid','-f');
598 }
599
600 if (!$errormessage)
601 {
602 if (-e "${General::swroot}/proxy/advanced/settings") {
603 &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
604 } elsif (-e "${General::swroot}/proxy/settings") {
605 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
606 }
607 &read_acls;
608 }
609
610 $checked{'ENABLE'}{'off'} = '';
611 $checked{'ENABLE'}{'on'} = '';
612 $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
613
614 $checked{'TRANSPARENT'}{'off'} = '';
615 $checked{'TRANSPARENT'}{'on'} = '';
616 $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";
617
618 $checked{'ENABLE_BLUE'}{'off'} = '';
619 $checked{'ENABLE_BLUE'}{'on'} = '';
620 $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";
621
622 $checked{'TRANSPARENT_BLUE'}{'off'} = '';
623 $checked{'TRANSPARENT_BLUE'}{'on'} = '';
624 $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";
625
626 $checked{'FORWARD_IPADDRESS'}{'off'} = '';
627 $checked{'FORWARD_IPADDRESS'}{'on'} = '';
628 $checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'";
629 $checked{'FORWARD_USERNAME'}{'off'} = '';
630 $checked{'FORWARD_USERNAME'}{'on'} = '';
631 $checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'";
632 $checked{'FORWARD_VIA'}{'off'} = '';
633 $checked{'FORWARD_VIA'}{'on'} = '';
634 $checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'";
635
636 $selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'";
637 $selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'";
638 $selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'";
639 $checked{'OFFLINE_MODE'}{'off'} = '';
640 $checked{'OFFLINE_MODE'}{'on'} = '';
641 $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
642
643 $checked{'LOGGING'}{'off'} = '';
644 $checked{'LOGGING'}{'on'} = '';
645 $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
646 $checked{'LOGQUERY'}{'off'} = '';
647 $checked{'LOGQUERY'}{'on'} = '';
648 $checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
649 $checked{'LOGUSERAGENT'}{'off'} = '';
650 $checked{'LOGUSERAGENT'}{'on'} = '';
651 $checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'";
652
653 $selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'";
654
655 $checked{'CLASSROOM_EXT'}{'off'} = '';
656 $checked{'CLASSROOM_EXT'}{'on'} = '';
657 $checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'";
658
659 $selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'";
660 $selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'";
661 $selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'";
662 $selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'";
663 $selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'";
664
665 $proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'};
666 $proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'};
667 $proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'};
668 $proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'};
669 $proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'};
670 $proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'};
671 $proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'};
672
673 $checked{'TIME_MON'}{'off'} = '';
674 $checked{'TIME_MON'}{'on'} = '';
675 $checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'";
676 $checked{'TIME_TUE'}{'off'} = '';
677 $checked{'TIME_TUE'}{'on'} = '';
678 $checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'";
679 $checked{'TIME_WED'}{'off'} = '';
680 $checked{'TIME_WED'}{'on'} = '';
681 $checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'";
682 $checked{'TIME_THU'}{'off'} = '';
683 $checked{'TIME_THU'}{'on'} = '';
684 $checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'";
685 $checked{'TIME_FRI'}{'off'} = '';
686 $checked{'TIME_FRI'}{'on'} = '';
687 $checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'";
688 $checked{'TIME_SAT'}{'off'} = '';
689 $checked{'TIME_SAT'}{'on'} = '';
690 $checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'";
691 $checked{'TIME_SUN'}{'off'} = '';
692 $checked{'TIME_SUN'}{'on'} = '';
693 $checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'";
694
695 $selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'";
696 $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'";
697 $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
698 $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
699
700 $checked{'THROTTLE_BINARY'}{'off'} = '';
701 $checked{'THROTTLE_BINARY'}{'on'} = '';
702 $checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
703 $checked{'THROTTLE_DSKIMG'}{'off'} = '';
704 $checked{'THROTTLE_DSKIMG'}{'on'} = '';
705 $checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
706 $checked{'THROTTLE_MMEDIA'}{'off'} = '';
707 $checked{'THROTTLE_MMEDIA'}{'on'} = '';
708 $checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
709
710 $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
711 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
712 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
713
714 $checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
715 $checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
716 $checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
717
718 foreach (@useragentlist) {
719 @useragent = split(/,/);
720 $checked{'UA_'.@useragent[0]}{'off'} = '';
721 $checked{'UA_'.@useragent[0]}{'on'} = '';
722 $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
723 }
724
725 $checked{'AUTH_METHOD'}{'none'} = '';
726 $checked{'AUTH_METHOD'}{'ncsa'} = '';
727 $checked{'AUTH_METHOD'}{'ident'} = '';
728 $checked{'AUTH_METHOD'}{'ldap'} = '';
729 $checked{'AUTH_METHOD'}{'ntlm'} = '';
730 $checked{'AUTH_METHOD'}{'radius'} = '';
731 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";
732
733 $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'};
734
735 $checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = '';
736 $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = '';
737 $checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'";
738
739 $checked{'NCSA_BYPASS_REDIR'}{'off'} = '';
740 $checked{'NCSA_BYPASS_REDIR'}{'on'} = '';
741 $checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'";
742
743 $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
744
745 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
746
747 $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
748
749 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
750 $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = '';
751 $checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'";
752
753 $checked{'NTLM_ENABLE_ACL'}{'off'} = '';
754 $checked{'NTLM_ENABLE_ACL'}{'on'} = '';
755 $checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'";
756
757 $checked{'NTLM_USER_ACL'}{'positive'} = '';
758 $checked{'NTLM_USER_ACL'}{'negative'} = '';
759 $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
760
761 $checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
762 $checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
763 $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
764
765 $checked{'RADIUS_USER_ACL'}{'positive'} = '';
766 $checked{'RADIUS_USER_ACL'}{'negative'} = '';
767 $checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'";
768
769 $checked{'IDENT_REQUIRED'}{'off'} = '';
770 $checked{'IDENT_REQUIRED'}{'on'} = '';
771 $checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'";
772
773 $checked{'IDENT_ENABLE_ACL'}{'off'} = '';
774 $checked{'IDENT_ENABLE_ACL'}{'on'} = '';
775 $checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'";
776
777 $checked{'IDENT_USER_ACL'}{'positive'} = '';
778 $checked{'IDENT_USER_ACL'}{'negative'} = '';
779 $checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'";
780
781 if ($urlfilter_addon) {
782 $checked{'ENABLE_FILTER'}{'off'} = '';
783 $checked{'ENABLE_FILTER'}{'on'} = '';
784 $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'";
785 }
786
787 if ($updacclrtr_addon) {
788 $checked{'ENABLE_UPDACCEL'}{'off'} = '';
789 $checked{'ENABLE_UPDACCEL'}{'on'} = '';
790 $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'";
791 }
792
793 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
794
795 &Header::openbigbox('100%', 'left', '', $errormessage);
796
797 if ($errormessage) {
798 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
799 print "<font class='base'>$errormessage&nbsp;</font>\n";
800 &Header::closebox();
801 }
802
803 # ===================================================================
804 # Main settings
805 # ===================================================================
806
807 unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') {
808
809 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
810
811 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}");
812
813 print <<END
814 <table width='100%'>
815 <tr>
816 <td colspan='4' class='base'><b>$Lang::tr{'advproxy common settings'}</b></td>
817 </tr>
818 <tr>
819 <td width='25%' class='base'>$Lang::tr{'advproxy enabled on'} <font color="$Header::colourgreen">Green</font>:</td>
820 <td width='20%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>
821 <td width='25%' class='base'>$Lang::tr{'advproxy proxy port'}:</td>
822 <td width='30%'><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>
823 </tr>
824 <tr>
825 <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
826 <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
827 <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
828 <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
829 </tr>
830 <tr>
831 END
832 ;
833 if ($netsettings{'BLUE_DEV'}) {
834 print "<td class='base'>$Lang::tr{'advproxy enabled on'} <font color='$Header::colourblue'>Blue</font>:</td>";
835 print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";
836 } else {
837 print "<td colspan='2'>&nbsp;</td>";
838 }
839 print <<END
840 <td class='base'>$Lang::tr{'advproxy admin mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
841 <td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
842 </tr>
843 <tr>
844 END
845 ;
846 if ($netsettings{'BLUE_DEV'}) {
847 print "<td class='base'>$Lang::tr{'advproxy transparent on'} <font color='$Header::colourblue'>Blue</font>:</td>";
848 print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";
849 } else {
850 print "<td colspan='2'>&nbsp;</td>";
851 }
852 print <<END
853 <td class='base'>$Lang::tr{'advproxy error language'}:</td>
854 <td class='base'>
855 <select name='ERR_LANGUAGE'>
856 END
857 ;
858 foreach (</usr/lib/squid/errors/*>) {
859 if (-d) {
860 $language = substr($_,rindex($_,"/")+1);
861 print "<option value='$language' $selected{'ERR_LANGUAGE'}{$language}>$language</option>\n";
862 }
863 }
864 print <<END
865 </select>
866 </td>
867 </tr>
868 </table>
869 <hr size='1'>
870 <table width='100%'>
871 <tr>
872 <td colspan='4' class='base'><b>$Lang::tr{'advproxy upstream proxy'}</b></td>
873 </tr>
874 <tr>
875 <td width='25%' class='base'>$Lang::tr{'advproxy via forwarding'}</font>:</td>
876 <td width='20%'><input type='checkbox' name='FORWARD_VIA' $checked{'FORWARD_VIA'}{'on'} /></td>
877 <td width='25%' class='base'>$Lang::tr{'advproxy upstream proxy host:port'}&nbsp;<img src='/blob.gif' alt='*' /></td>
878 <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>
879 </tr>
880 <tr>
881 <td class='base'>$Lang::tr{'advproxy client IP forwarding'}</font>:</td>
882 <td><input type='checkbox' name='FORWARD_IPADDRESS' $checked{'FORWARD_IPADDRESS'}{'on'} /></td>
883 <td class='base'>$Lang::tr{'advproxy upstream username'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
884 <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>
885 </tr>
886 <tr>
887 <td class='base'>$Lang::tr{'advproxy username forwarding'}</font>:</td>
888 <td><input type='checkbox' name='FORWARD_USERNAME' $checked{'FORWARD_USERNAME'}{'on'} /></td>
889 <td class='base'>$Lang::tr{'advproxy upstream password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
890 <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>
891 </tr>
892 </table>
893 <hr size='1'>
894 <table width='100%'>
895 <tr>
896 <td colspan='4' class='base'><b>$Lang::tr{'advproxy log settings'}</b></td>
897 </tr>
898 <tr>
899 <td width='25%' class='base'>$Lang::tr{'advproxy log enabled'}:</td>
900 <td width='20%'><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>
901 <td width='25%'class='base'>$Lang::tr{'advproxy log query'}:</td>
902 <td width='30%'><input type='checkbox' name='LOGQUERY' $checked{'LOGQUERY'}{'on'} /></td>
903 </tr>
904 <tr>
905 <td>&nbsp;</td>
906 <td>&nbsp;</td>
907 <td class='base'>$Lang::tr{'advproxy log useragent'}:</td>
908 <td><input type='checkbox' name='LOGUSERAGENT' $checked{'LOGUSERAGENT'}{'on'} /></td>
909 </tr>
910 </table>
911 <hr size='1'>
912 <table width='100%'>
913 <tr>
914 <td colspan='4'><b>$Lang::tr{'advproxy cache management'}</b></td>
915 </tr>
916 <tr>
917 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
918 </tr>
919 <tr>
920 <td class='base'>$Lang::tr{'advproxy ram cache size'}:</td>
921 <td><input type='text' name='CACHE_MEM' value='$proxysettings{'CACHE_MEM'}' size='5' /></td>
922 <td class='base'>$Lang::tr{'advproxy hdd cache size'}:</td>
923 <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>
924 </tr>
925 <tr>
926 <td class='base'>$Lang::tr{'advproxy min size'}:</td>
927 <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>
928 <td class='base'>$Lang::tr{'advproxy max size'}:</td>
929 <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>
930 </tr>
931 <tr>
932 <td class='base'>$Lang::tr{'advproxy number of L1 dirs'}:</td>
933 <td class='base'><select name='L1_DIRS'>
934 <option value='16' $selected{'L1_DIRS'}{'16'}>16</option>
935 <option value='32' $selected{'L1_DIRS'}{'32'}>32</option>
936 <option value='64' $selected{'L1_DIRS'}{'64'}>64</option>
937 <option value='128' $selected{'L1_DIRS'}{'128'}>128</option>
938 <option value='256' $selected{'L1_DIRS'}{'256'}>256</option>
939 </select></td>
940 <td colspan='2' rowspan= '5' valign='top' class='base'>
941 <table cellpadding='0' cellspacing='0'>
942 <tr>
943 <!-- intentionally left empty -->
944 </tr>
945 <tr>
946 <td>$Lang::tr{'advproxy no cache sites'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
947 </tr>
948 <tr>
949 <!-- intentionally left empty -->
950 </tr>
951 <tr>
952 <!-- intentionally left empty -->
953 </tr>
954 <tr>
955 <td><textarea name='DST_NOCACHE' cols='32' rows='6' wrap='off'>
956 END
957 ;
958
959 print $proxysettings{'DST_NOCACHE'};
960
961 print <<END
962 </textarea></td>
963 </tr>
964 </table>
965 </td>
966 </tr>
967 <tr>
968 <td class='base'>$Lang::tr{'advproxy memory replacement policy'}:</td>
969 <td class='base'><select name='MEM_POLICY'>
970 <option value='LRU' $selected{'MEM_POLICY'}{'LRU'}>LRU</option>
971 <option value='heap LFUDA' $selected{'MEM_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
972 <option value='heap GDSF' $selected{'MEM_POLICY'}{'heap GDSF'}>heap GDSF</option>
973 <option value='heap LRU' $selected{'MEM_POLICY'}{'heap LRU'}>heap LRU</option>
974 </select></td>
975 </tr>
976 <tr>
977 <td class='base'>$Lang::tr{'advproxy cache replacement policy'}:</td>
978 <td class='base'><select name='CACHE_POLICY'>
979 <option value='LRU' $selected{'CACHE_POLICY'}{'LRU'}>LRU</option>
980 <option value='heap LFUDA' $selected{'CACHE_POLICY'}{'heap LFUDA'}>heap LFUDA</option>
981 <option value='heap GDSF' $selected{'CACHE_POLICY'}{'heap GDSF'}>heap GDSF</option>
982 <option value='heap LRU' $selected{'CACHE_POLICY'}{'heap LRU'}>heap LRU</option>
983 </select></td>
984 </tr>
985 <tr>
986 <td colspan='2'>&nbsp;</td>
987 </tr>
988 <tr>
989 <td class='base'>$Lang::tr{'advproxy offline mode'}:</td>
990 <td><input type='checkbox' name='OFFLINE_MODE' $checked{'OFFLINE_MODE'}{'on'} /></td>
991 </tr>
992 </table>
993 <hr size='1'>
994 <table width='100%'>
995 <tr>
996 <td colspan='4'><b>$Lang::tr{'advproxy network based access'}</b></td>
997 </tr>
998 <tr>
999 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1000 </tr>
1001 <tr>
1002 <td colspan='2' class='base'>$Lang::tr{'advproxy allowed subnets'}:</td>
1003 <td colspan='2'>&nbsp;</td>
1004 </tr>
1005 <tr>
1006 <td colspan='2'><textarea name='SRC_SUBNETS' cols='32' rows='6' wrap='off'>
1007 END
1008 ;
1009
1010 if (!$proxysettings{'SRC_SUBNETS'}) {
1011 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1012 if ($netsettings{'BLUE_DEV'}) {
1013 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1014 }
1015 } else {
1016 print $proxysettings{'SRC_SUBNETS'};
1017 }
1018
1019 print <<END
1020 </textarea></td>
1021 <td colspan='2'>&nbsp;</td>
1022 </tr>
1023 </table>
1024 <table width='100%'>
1025 <tr>
1026 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1027 </tr>
1028 <tr>
1029 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1030 <td colspan='2' class='base'>$Lang::tr{'advproxy unrestricted mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1031 </tr>
1032 <tr>
1033 <td colspan='2'><textarea name='SRC_UNRESTRICTED_IP' cols='32' rows='6' wrap='off'>
1034 END
1035 ;
1036
1037 print $proxysettings{'SRC_UNRESTRICTED_IP'};
1038
1039 print <<END
1040 </textarea></td>
1041 <td colspan='2'><textarea name='SRC_UNRESTRICTED_MAC' cols='32' rows='6' wrap='off'>
1042 END
1043 ;
1044
1045 print $proxysettings{'SRC_UNRESTRICTED_MAC'};
1046
1047 print <<END
1048 </textarea></td>
1049 </tr>
1050 </table>
1051 <table width='100%'>
1052 <tr>
1053 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1054 </tr>
1055 <tr>
1056 <td colspan='2' class='base'>$Lang::tr{'advproxy banned ip clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1057 <td colspan='2' class='base'>$Lang::tr{'advproxy banned mac clients'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1058 </tr>
1059 <tr>
1060 <td colspan='2'><textarea name='SRC_BANNED_IP' cols='32' rows='6' wrap='off'>
1061 END
1062 ;
1063
1064 print $proxysettings{'SRC_BANNED_IP'};
1065
1066 print <<END
1067 </textarea></td>
1068 <td colspan='2'><textarea name='SRC_BANNED_MAC' cols='32' rows='6' wrap='off'>
1069 END
1070 ;
1071
1072 print $proxysettings{'SRC_BANNED_MAC'};
1073
1074 print <<END
1075 </textarea></td>
1076 </tr>
1077 </table>
1078
1079 <hr size='1'>
1080
1081 END
1082 ;
1083 # -------------------------------------------------------------------
1084 # CRE GUI - optional
1085 # -------------------------------------------------------------------
1086
1087 if (-e $cre_enabled) { print <<END
1088 <table width='100%'>
1089
1090 <tr>
1091 <td colspan='4'><b>$Lang::tr{'advproxy classroom extensions'}</b></td>
1092 </tr>
1093 <tr>
1094 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1095 </tr>
1096 <tr>
1097 <td class='base'>$Lang::tr{'advproxy enabled'}:</td>
1098 <td><input type='checkbox' name='CLASSROOM_EXT' $checked{'CLASSROOM_EXT'}{'on'} /></td>
1099 <td class='base'>$Lang::tr{'advproxy supervisor password'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1100 <td><input type='password' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' size='12' /></td>
1101 </tr>
1102 <tr>
1103 <td colspan='2' class='base'>$Lang::tr{'advproxy cre group definitions'}:</td>
1104 <td colspan='2' class='base'>$Lang::tr{'advproxy cre supervisors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1105 </tr>
1106 <tr>
1107 <td colspan='2'><textarea name='CRE_GROUPS' cols='32' rows='6' wrap='off'>
1108 END
1109 ;
1110
1111 print $proxysettings{'CRE_GROUPS'};
1112
1113 print <<END
1114 </textarea></td>
1115 <td colspan='2'><textarea name='CRE_SVHOSTS' cols='32' rows='6' wrap='off'>
1116 END
1117 ;
1118 print $proxysettings{'CRE_SVHOSTS'};
1119
1120 print <<END
1121 </textarea></td>
1122 </tr>
1123
1124 </table>
1125
1126 <hr size='1'>
1127 END
1128 ;
1129 } else {
1130 print <<END
1131 <input type='hidden' name='SUPERVISOR_PASSWORD' value='$proxysettings{'SUPERVISOR_PASSWORD'}' />
1132 <input type='hidden' name='CRE_GROUPS' value='$proxysettings{'CRE_GROUPS'}' />
1133 <input type='hidden' name='CRE_SVHOSTS' value='$proxysettings{'CRE_SVHOSTS'}' />
1134 END
1135 ;
1136 }
1137 # -------------------------------------------------------------------
1138
1139 print <<END
1140
1141 <table width='100%'>
1142 <tr>
1143 <td colspan='4'><b>$Lang::tr{'advproxy time restrictions'}</b></td>
1144 </tr>
1145 <table width='100%'>
1146 <tr>
1147 <td width='2%'>$Lang::tr{'advproxy access'}</td>
1148 <td width='1%'>&nbsp;</td>
1149 <td width='2%' align='center'>$Lang::tr{'advproxy monday'}</td>
1150 <td width='2%' align='center'>$Lang::tr{'advproxy tuesday'}</td>
1151 <td width='2%' align='center'>$Lang::tr{'advproxy wednesday'}</td>
1152 <td width='2%' align='center'>$Lang::tr{'advproxy thursday'}</td>
1153 <td width='2%' align='center'>$Lang::tr{'advproxy friday'}</td>
1154 <td width='2%' align='center'>$Lang::tr{'advproxy saturday'}</td>
1155 <td width='2%' align='center'>$Lang::tr{'advproxy sunday'}</td>
1156 <td width='1%'>&nbsp;&nbsp;</td>
1157 <td width='7%' colspan=3>$Lang::tr{'advproxy from'}</td>
1158 <td width='1%'>&nbsp;</td>
1159 <td width='7%' colspan=3>$Lang::tr{'advproxy to'}</td>
1160 <td>&nbsp;</td>
1161 </tr>
1162 <tr>
1163 <td class='base'>
1164 <select name='TIME_ACCESS_MODE'>
1165 <option value='allow' $selected{'TIME_ACCESS_MODE'}{'allow'}>$Lang::tr{'advproxy mode allow'}</option>
1166 <option value='deny' $selected{'TIME_ACCESS_MODE'}{'deny'}>$Lang::tr{'advproxy mode deny'}</option>
1167 </select>
1168 </td>
1169 <td>&nbsp;</td>
1170 <td class='base'><input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} /></td>
1171 <td class='base'><input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} /></td>
1172 <td class='base'><input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} /></td>
1173 <td class='base'><input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} /></td>
1174 <td class='base'><input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} /></td>
1175 <td class='base'><input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} /></td>
1176 <td class='base'><input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} /></td>
1177 <td>&nbsp;</td>
1178 <td class='base'>
1179 <select name='TIME_FROM_HOUR'>
1180 END
1181 ;
1182 for ($i=0;$i<=24;$i++) {
1183 $_ = sprintf("%02s",$i);
1184 print "<option $selected{'TIME_FROM_HOUR'}{$_}>$_</option>\n";
1185 }
1186 print <<END
1187 </select>
1188 </td>
1189 <td>:</td>
1190 <td class='base'>
1191 <select name='TIME_FROM_MINUTE'>
1192 END
1193 ;
1194 for ($i=0;$i<=45;$i+=15) {
1195 $_ = sprintf("%02s",$i);
1196 print "<option $selected{'TIME_FROM_MINUTE'}{$_}>$_</option>\n";
1197 }
1198 print <<END
1199 </select>
1200 <td> - </td>
1201 </td>
1202 <td class='base'>
1203 <select name='TIME_TO_HOUR'>
1204 END
1205 ;
1206 for ($i=0;$i<=24;$i++) {
1207 $_ = sprintf("%02s",$i);
1208 print "<option $selected{'TIME_TO_HOUR'}{$_}>$_</option>\n";
1209 }
1210 print <<END
1211 </select>
1212 </td>
1213 <td>:</td>
1214 <td class='base'>
1215 <select name='TIME_TO_MINUTE'>
1216 END
1217 ;
1218 for ($i=0;$i<=45;$i+=15) {
1219 $_ = sprintf("%02s",$i);
1220 print "<option $selected{'TIME_TO_MINUTE'}{$_}>$_</option>\n";
1221 }
1222 print <<END
1223 </select>
1224 </td>
1225 </tr>
1226 </table>
1227 <hr size='1'>
1228 <table width='100%'>
1229 <tr>
1230 <td colspan='4'><b>$Lang::tr{'advproxy transfer limits'}</b></td>
1231 </tr>
1232 <tr>
1233 <td width='25%' class='base'>$Lang::tr{'advproxy max download size'}:</td>
1234 <td width='20%'><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>
1235 <td width='25%' class='base'>$Lang::tr{'advproxy max upload size'}:</td>
1236 <td width='30%'><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>
1237 </tr>
1238 </table>
1239 <hr size='1'>
1240 <table width='100%'>
1241 <tr>
1242 <td colspan='4'><b>$Lang::tr{'advproxy download throttling'}</b></td>
1243 </tr>
1244 <tr>
1245 <td width='25%' class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourgreen">Green</font>:</td>
1246 <td width='20%' class='base'>
1247 <select name='THROTTLING_GREEN_TOTAL'>
1248 END
1249 ;
1250
1251 foreach (@throttle_limits) {
1252 print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
1253 }
1254
1255 print <<END
1256 <option value='0' $selected{'THROTTLING_GREEN_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1257 </select>
1258 </td>
1259 <td width='25%' class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourgreen">Green</font>:</td>
1260 <td width='30%' class='base'>
1261 <select name='THROTTLING_GREEN_HOST'>
1262 END
1263 ;
1264
1265 foreach (@throttle_limits) {
1266 print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
1267 }
1268
1269 print <<END
1270 <option value='0' $selected{'THROTTLING_GREEN_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1271 </select>
1272 </td>
1273 </tr>
1274 END
1275 ;
1276
1277 if ($netsettings{'BLUE_DEV'}) {
1278 print <<END
1279 <tr>
1280 <td class='base'>$Lang::tr{'advproxy throttling total on'} <font color="$Header::colourblue">Blue</font>:</td>
1281 <td class='base'>
1282 <select name='THROTTLING_BLUE_TOTAL'>
1283 END
1284 ;
1285
1286 foreach (@throttle_limits) {
1287 print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
1288 }
1289
1290 print <<END
1291 <option value='0' $selected{'THROTTLING_BLUE_TOTAL'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1292 </select>
1293 </td>
1294 <td class='base'>$Lang::tr{'advproxy throttling per host on'} <font color="$Header::colourblue">Blue</font>:</td>
1295 <td class='base'>
1296 <select name='THROTTLING_BLUE_HOST'>
1297 END
1298 ;
1299
1300 foreach (@throttle_limits) {
1301 print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
1302 }
1303
1304 print <<END
1305 <option value='0' $selected{'THROTTLING_BLUE_HOST'}{'unlimited'}>$Lang::tr{'advproxy throttling unlimited'}</option>\n";
1306 </select>
1307 </td>
1308 </tr>
1309 END
1310 ;
1311 }
1312
1313 print <<END
1314 </table>
1315 <table width='100%'>
1316 <tr>
1317 <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
1318 </tr>
1319 <tr>
1320 <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
1321 <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
1322 <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
1323 <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
1324 <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
1325 <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
1326 <td width='15%'>&nbsp;</td>
1327 <td width='10%'>&nbsp;</td>
1328 </tr>
1329 </table>
1330 <hr size='1'>
1331 <table width='100%'>
1332 <tr>
1333 <td colspan='4'><b>$Lang::tr{'advproxy MIME filter'}</b></td>
1334 </tr>
1335 <tr>
1336 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1337 <td width='20%'><input type='checkbox' name='ENABLE_MIME_FILTER' $checked{'ENABLE_MIME_FILTER'}{'on'} /></td>
1338 </tr>
1339 <tr>
1340 <td colspan='2' class='base'>$Lang::tr{'advproxy MIME block types'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1341 <td>&nbsp;</td>
1342 <td>&nbsp;</td>
1343 </tr>
1344 <tr>
1345 <td colspan='2'><textarea name='MIME_TYPES' cols='32' rows='6' wrap='off'>
1346 END
1347 ;
1348
1349 print $proxysettings{'MIME_TYPES'};
1350
1351 print <<END
1352 </textarea></td>
1353 <td>&nbsp;</td>
1354 <td>&nbsp;</td>
1355 </tr>
1356 </table>
1357 <hr size='1'>
1358 <table width='100%'>
1359 <tr>
1360 <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b></td>
1361 </tr>
1362 <tr>
1363 <td width='25%' class='base'>$Lang::tr{'advproxy UA enable filter'}:</td>
1364 <td width='20%'><input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
1365 <td>&nbsp;</td>
1366 <td>&nbsp;</td>
1367 </tr>
1368 <tr>
1369 <td colspan='4'><i>
1370 END
1371 ;
1372 if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
1373 print <<END
1374 </i></td>
1375 </tr>
1376 </table>
1377 <table width='100%'>
1378 END
1379 ;
1380
1381 for ($n=0; $n<=@useragentlist; $n = $n + $i) {
1382 for ($i=0; $i<=3; $i++) {
1383 if ($i eq 0) { print "<tr>\n"; }
1384 if (($n+$i) < @useragentlist) {
1385 @useragent = split(/,/,@useragentlist[$n+$i]);
1386 print "<td width='15%'>@useragent[1]:<\/td>\n";
1387 print "<td width='10%'><input type='checkbox' name='UA_@useragent[0]' $checked{'UA_'.@useragent[0]}{'on'} /></td>\n";
1388 }
1389 if ($i eq 3) { print "<\/tr>\n"; }
1390 }
1391 }
1392
1393 print <<END
1394 </table>
1395 <hr size='1'>
1396 <table width='100%'>
1397 <tr>
1398 <td><b>$Lang::tr{'advproxy privacy'}</b></td>
1399 </tr>
1400 <tr>
1401 <td class='base'>$Lang::tr{'advproxy fake useragent'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1402 </tr>
1403 <tr>
1404 <td><input type='text' name='FAKE_USERAGENT' value='$proxysettings{'FAKE_USERAGENT'}' size='56' /></td>
1405 </tr>
1406 <tr>
1407 <td class='base'>$Lang::tr{'advproxy fake referer'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1408 </tr>
1409 <tr>
1410 <td><input type='text' name='FAKE_REFERER' value='$proxysettings{'FAKE_REFERER'}' size='56' /></td>
1411 </tr>
1412 </table>
1413 <hr size='1'>
1414 END
1415 ;
1416
1417 if ($urlfilter_addon) {
1418 print <<END
1419 <table width='100%'>
1420 <tr>
1421 <td colspan='4'><b>$Lang::tr{'advproxy url filter'}</b></td>
1422 </tr>
1423 <tr>
1424 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1425 <td><input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
1426 <td>&nbsp;</td>
1427 <td>&nbsp;</td>
1428 </tr>
1429 </table>
1430 <hr size='1'>
1431 END
1432 ; }
1433
1434 if (($updacclrtr_addon) && (!($urlfilter_addon))) {
1435 print <<END
1436 <table width='100%'>
1437 <tr>
1438 <td colspan='4'><b>$Lang::tr{'advproxy update accelerator'}</b></td>
1439 </tr>
1440 <tr>
1441 <td class='base' width='25%'>$Lang::tr{'advproxy enabled'}:</td>
1442 <td><input type='checkbox' name='ENABLE_UPDACCEL' $checked{'ENABLE_UPDACCEL'}{'on'} /></td>
1443 <td>&nbsp;</td>
1444 <td>&nbsp;</td>
1445 </tr>
1446 </table>
1447 <hr size='1'>
1448 END
1449 ; }
1450
1451 print <<END
1452 <table width='100%'>
1453 <tr>
1454 <td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
1455 </tr>
1456 <tr>
1457 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
1458 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
1459 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
1460 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
1461 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
1462 <td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
1463 </tr>
1464 </table>
1465 END
1466 ;
1467
1468 if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print <<END
1469 <hr size='1'>
1470 <table width='100%'>
1471 <tr>
1472 <td colspan='4'><b>$Lang::tr{'advproxy AUTH global settings'}</b></td>
1473 </tr>
1474 <tr>
1475 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1476 </tr>
1477 <tr>
1478 <td class='base'>$Lang::tr{'advproxy AUTH number of auth processes'}:</td>
1479 <td><input type='text' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}' size='5' /></td>
1480 <td colspan='2' rowspan= '6' valign='top' class='base'>
1481 <table cellpadding='0' cellspacing='0'>
1482 <tr>
1483 <td class='base'>$Lang::tr{'advproxy AUTH realm'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1484 </tr>
1485 <tr>
1486 <!-- intentionally left empty -->
1487 </tr>
1488 <tr>
1489 <!-- intentionally left empty -->
1490 </tr>
1491 <tr>
1492 <td><input type='text' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}' size='40' /></td>
1493 </tr>
1494 <tr>
1495 <!-- intentionally left empty -->
1496 </tr>
1497 <tr>
1498 <!-- intentionally left empty -->
1499 </tr>
1500 <tr>
1501 <td>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1502 </tr>
1503 <tr>
1504 <!-- intentionally left empty -->
1505 </tr>
1506 <tr>
1507 <!-- intentionally left empty -->
1508 </tr>
1509 <tr>
1510 <td><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1511 END
1512 ;
1513
1514 print $proxysettings{'DST_NOAUTH'};
1515
1516 print <<END
1517 </textarea></td>
1518 </tr>
1519 </table>
1520 </td>
1521 </tr>
1522 <tr>
1523 <td class='base'>$Lang::tr{'advproxy AUTH auth cache TTL'}:</td>
1524 <td><input type='text' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1525 </tr>
1526 <tr>
1527 <td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1528 <td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1529 </tr>
1530 <tr>
1531 <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
1532 <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1533 </tr>
1534 <tr>
1535 <td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1536 <td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1537 </tr>
1538 <tr>
1539 <td colspan='2'>&nbsp;</td>
1540 </tr>
1541 </table>
1542 END
1543 ;
1544 }
1545
1546 # ===================================================================
1547 # NCSA auth settings
1548 # ===================================================================
1549
1550 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') {
1551 print <<END
1552 <hr size='1'>
1553 <table width='100%'>
1554 <tr>
1555 <td colspan='4'><b>$Lang::tr{'advproxy NCSA auth'}</b></td>
1556 </tr>
1557 <tr>
1558 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA min password length'}:</td>
1559 <td width='20%'><input type='text' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}' size='5' /></td>
1560 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':</td>
1561 <td width='20%'><input type='checkbox' name='NCSA_BYPASS_REDIR' $checked{'NCSA_BYPASS_REDIR'}{'on'} /></td>
1562 </tr>
1563 <tr>
1564 <td colspan='2'><br>&nbsp;<input type='submit' name='ACTION' value='$Lang::tr{'advproxy NCSA user management'}'></td>
1565 <td>&nbsp;</td>
1566 <td>&nbsp;</td>
1567 </tr>
1568 </table>
1569 END
1570 ; }
1571
1572 # ===================================================================
1573 # IDENTD auth settings
1574 # ===================================================================
1575
1576 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1577 print <<END
1578 <hr size ='1'>
1579 <table width='100%'>
1580 <tr>
1581 <td colspan='4'><b>$Lang::tr{'advproxy IDENT identd settings'}</b></td>
1582 </tr>
1583 <tr>
1584 <td width='25%' class='base'>$Lang::tr{'advproxy IDENT required'}:</td>
1585 <td width='20%'><input type='checkbox' name='IDENT_REQUIRED' $checked{'IDENT_REQUIRED'}{'on'} /></td>
1586 <td width='25%' class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
1587 <td width='30%'><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
1588 </tr>
1589 <tr>
1590 <td class='base'>$Lang::tr{'advproxy IDENT timeout'}:</td>
1591 <td><input type='text' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}' size='5' /></td>
1592 <td>&nbsp;</td>
1593 <td>&nbsp;</td>
1594 </tr>
1595 <tr>
1596 <td colspan='2' class='base'>$Lang::tr{'advproxy IDENT aware hosts'}:</td>
1597 <td colspan='2' class='base'>$Lang::tr{'advproxy AUTH no auth'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1598 </tr>
1599 <tr>
1600 <td colspan='2'><textarea name='IDENT_HOSTS' cols='32' rows='6' wrap='off'>
1601 END
1602 ;
1603 if (!$proxysettings{'IDENT_HOSTS'}) {
1604 print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
1605 if ($netsettings{'BLUE_DEV'}) {
1606 print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
1607 }
1608 } else {
1609 print $proxysettings{'IDENT_HOSTS'};
1610 }
1611
1612 print <<END
1613 </textarea></td>
1614 <td colspan='2'><textarea name='DST_NOAUTH' cols='32' rows='6' wrap='off'>
1615 END
1616 ;
1617
1618 print $proxysettings{'DST_NOAUTH'};
1619
1620 print <<END
1621 </textarea></td>
1622 </tr>
1623 </table>
1624 <hr size ='1'>
1625 <table width='100%'>
1626 <tr>
1627 <td colspan='4'><b>$Lang::tr{'advproxy IDENT user based access restrictions'}</b></td>
1628 </tr>
1629 <tr>
1630 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1631 <td width='20%'><input type='checkbox' name='IDENT_ENABLE_ACL' $checked{'IDENT_ENABLE_ACL'}{'on'} /></td>
1632 <td width='25%'>&nbsp;</td>
1633 <td width='30%'>&nbsp;</td>
1634 </tr>
1635 <tr>
1636 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='positive' $checked{'IDENT_USER_ACL'}{'positive'} />
1637 $Lang::tr{'advproxy IDENT use positive access list'}:</td>
1638 <td colspan='2'><input type='radio' name='IDENT_USER_ACL' value='negative' $checked{'IDENT_USER_ACL'}{'negative'} />
1639 $Lang::tr{'advproxy IDENT use negative access list'}:</td>
1640 </tr>
1641 <tr>
1642 <td colspan='2'>$Lang::tr{'advproxy IDENT authorized users'}</td>
1643 <td colspan='2'>$Lang::tr{'advproxy IDENT unauthorized users'}</td>
1644 </tr>
1645 <tr>
1646 <td colspan='2'><textarea name='IDENT_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1647 END
1648 ; }
1649
1650 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_ALLOW_USERS'}; }
1651
1652 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1653 </textarea></td>
1654 <td colspan='2'><textarea name='IDENT_DENY_USERS' cols='32' rows='6' wrap='off'>
1655 END
1656 ; }
1657
1658 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print $proxysettings{'IDENT_DENY_USERS'}; }
1659
1660 if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print <<END
1661 </textarea></td>
1662 </tr>
1663 </table>
1664 END
1665 ; }
1666
1667 # ===================================================================
1668 # NTLM auth settings
1669 # ===================================================================
1670
1671 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') {
1672 print <<END
1673 <hr size='1'>
1674 <table width='100%'>
1675 <tr>
1676 <td colspan='6'><b>$Lang::tr{'advproxy NTLM domain settings'}</b></td>
1677 </tr>
1678 <tr>
1679 <td class='base'>$Lang::tr{'advproxy NTLM domain'}:</td>
1680 <td><input type='text' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}' size='15' /></td>
1681 <td class='base'>$Lang::tr{'advproxy NTLM PDC hostname'}:</td>
1682 <td><input type='text' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}' size='14' /></td>
1683 <td class='base'>$Lang::tr{'advproxy NTLM BDC hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1684 <td><input type='text' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}' size='14' /></td>
1685 </tr>
1686 </table>
1687 <hr size ='1'>
1688 <table width='100%'>
1689 <tr>
1690 <td colspan='3'><b>$Lang::tr{'advproxy NTLM auth mode'}</b></td>
1691 </tr>
1692 <tr>
1693 <td width='25%' class='base' width='25%'>$Lang::tr{'advproxy NTLM use integrated auth'}:</td>
1694 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_INT_AUTH' $checked{'NTLM_ENABLE_INT_AUTH'}{'on'} /></td>
1695 <td>&nbsp;</td>
1696 </tr>
1697 </table>
1698 <hr size ='1'>
1699 <table width='100%'>
1700 <tr>
1701 <td colspan='4'><b>$Lang::tr{'advproxy NTLM user based access restrictions'}</b></td>
1702 </tr>
1703 <tr>
1704 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1705 <td width='20%'><input type='checkbox' name='NTLM_ENABLE_ACL' $checked{'NTLM_ENABLE_ACL'}{'on'} /></td>
1706 <td width='25%'>&nbsp;</td>
1707 <td width='30%'>&nbsp;</td>
1708 </tr>
1709 <tr>
1710 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='positive' $checked{'NTLM_USER_ACL'}{'positive'} />
1711 $Lang::tr{'advproxy NTLM use positive access list'}:</td>
1712 <td colspan='2'><input type='radio' name='NTLM_USER_ACL' value='negative' $checked{'NTLM_USER_ACL'}{'negative'} />
1713 $Lang::tr{'advproxy NTLM use negative access list'}:</td>
1714 </tr>
1715 <tr>
1716 <td colspan='2'>$Lang::tr{'advproxy NTLM authorized users'}</td>
1717 <td colspan='2'>$Lang::tr{'advproxy NTLM unauthorized users'}</td>
1718 </tr>
1719 <tr>
1720 <td colspan='2'><textarea name='NTLM_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1721 END
1722 ; }
1723
1724 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_ALLOW_USERS'}; }
1725
1726 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1727 </textarea></td>
1728 <td colspan='2'><textarea name='NTLM_DENY_USERS' cols='32' rows='6' wrap='off'>
1729 END
1730 ; }
1731
1732 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print $proxysettings{'NTLM_DENY_USERS'}; }
1733
1734 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
1735 </textarea></td>
1736 </tr>
1737 </table>
1738 END
1739 ; }
1740
1741 # ===================================================================
1742 # LDAP auth settings
1743 # ===================================================================
1744
1745 if ($proxysettings{'AUTH_METHOD'} eq 'ldap') {
1746 print <<END
1747 <hr size='1'>
1748 <table width='100%'>
1749 <tr>
1750 <td colspan='4'><b>$Lang::tr{'advproxy LDAP common settings'}</b></td>
1751 </tr>
1752 <tr>
1753 <td class='base'>$Lang::tr{'advproxy LDAP basedn'}:</td>
1754 <td><input type='text' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}' size='37' /></td>
1755 <td class='base'>$Lang::tr{'advproxy LDAP type'}:</td>
1756 <td class='base'><select name='LDAP_TYPE'>
1757 <option value='ADS' $selected{'LDAP_TYPE'}{'ADS'}>$Lang::tr{'advproxy LDAP ADS'}</option>
1758 <option value='NDS' $selected{'LDAP_TYPE'}{'NDS'}>$Lang::tr{'advproxy LDAP NDS'}</option>
1759 <option value='V2' $selected{'LDAP_TYPE'}{'V2'}>$Lang::tr{'advproxy LDAP V2'}</option>
1760 <option value='V3' $selected{'LDAP_TYPE'}{'V3'}>$Lang::tr{'advproxy LDAP V3'}</option>
1761 </select></td>
1762 </tr>
1763 <tr>
1764 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP server'}:</td>
1765 <td width='40%'><input type='text' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}' size='14' /></td>
1766 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
1767 <td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
1768 </tr>
1769 </table>
1770 <hr size ='1'>
1771 <table width='100%'>
1772 <tr>
1773 <td colspan='4'><b>$Lang::tr{'advproxy LDAP binddn settings'}</b></td>
1774 </tr>
1775 <tr>
1776 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn username'}:</td>
1777 <td width='40%'><input type='text' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}' size='37' /></td>
1778 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP binddn password'}:</td>
1779 <td><input type='password' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}' size='14' /></td>
1780 </tr>
1781 </table>
1782 <hr size ='1'>
1783 <table width='100%'>
1784 <tr>
1785 <td colspan='4'><b>$Lang::tr{'advproxy LDAP group access control'}</b></td>
1786 </tr>
1787 <tr>
1788 <td width='20%' class='base'>$Lang::tr{'advproxy LDAP group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1789 <td width='40%'><input type='text' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}' size='37' /></td>
1790 <td>&nbsp;</td>
1791 <td>&nbsp;</td>
1792 </tr>
1793 </table>
1794 END
1795 ; }
1796
1797 # ===================================================================
1798 # RADIUS auth settings
1799 # ===================================================================
1800
1801 if ($proxysettings{'AUTH_METHOD'} eq 'radius') {
1802 print <<END
1803 <hr size='1'>
1804 <table width='100%'>
1805 <tr>
1806 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS radius settings'}</b></td>
1807 </tr>
1808 <tr>
1809 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS server'}:</td>
1810 <td width='20%'><input type='text' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}' size='14' /></td>
1811 <td width='25%' class='base'>$Lang::tr{'advproxy RADIUS port'}:</td>
1812 <td width='30%'><input type='text' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}' size='3' /></td>
1813 </tr>
1814 <tr>
1815 <td class='base'>$Lang::tr{'advproxy RADIUS identifier'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
1816 <td><input type='text' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}' size='14' /></td>
1817 <td class='base'>$Lang::tr{'advproxy RADIUS secret'}:</td>
1818 <td><input type='password' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}' size='14' /></td>
1819 </tr>
1820 </table>
1821 <hr size ='1'>
1822 <table width='100%'>
1823 <tr>
1824 <td colspan='4'><b>$Lang::tr{'advproxy RADIUS user based access restrictions'}</b></td>
1825 </tr>
1826 <tr>
1827 <td width='25%' class='base'>$Lang::tr{'advproxy enabled'}:</td>
1828 <td width='20%'><input type='checkbox' name='RADIUS_ENABLE_ACL' $checked{'RADIUS_ENABLE_ACL'}{'on'} /></td>
1829 <td width='25%'>&nbsp;</td>
1830 <td width='30%'>&nbsp;</td>
1831 </tr>
1832 <tr>
1833 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='positive' $checked{'RADIUS_USER_ACL'}{'positive'} />
1834 $Lang::tr{'advproxy RADIUS use positive access list'}:</td>
1835 <td colspan='2'><input type='radio' name='RADIUS_USER_ACL' value='negative' $checked{'RADIUS_USER_ACL'}{'negative'} />
1836 $Lang::tr{'advproxy RADIUS use negative access list'}:</td>
1837 </tr>
1838 <tr>
1839 <td colspan='2'>$Lang::tr{'advproxy RADIUS authorized users'}</td>
1840 <td colspan='2'>$Lang::tr{'advproxy RADIUS unauthorized users'}</td>
1841 </tr>
1842 <tr>
1843 <td colspan='2'><textarea name='RADIUS_ALLOW_USERS' cols='32' rows='6' wrap='off'>
1844 END
1845 ; }
1846
1847 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_ALLOW_USERS'}; }
1848
1849 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1850 </textarea></td>
1851 <td colspan='2'><textarea name='RADIUS_DENY_USERS' cols='32' rows='6' wrap='off'>
1852 END
1853 ; }
1854
1855 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print $proxysettings{'RADIUS_DENY_USERS'}; }
1856
1857 if ($proxysettings{'AUTH_METHOD'} eq 'radius') { print <<END
1858 </textarea></td>
1859 </tr>
1860 </table>
1861 END
1862 ; }
1863
1864 # ===================================================================
1865
1866 }
1867
1868 print "<table>\n";
1869
1870 if ($proxysettings{'AUTH_METHOD'} eq 'none') {
1871 print <<END
1872 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1873 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1874 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1875 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1876 <td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
1877 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1878 <td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
1879 END
1880 ; }
1881
1882 if ($proxysettings{'AUTH_METHOD'} eq 'ident') {
1883 print <<END
1884 <td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
1885 <td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
1886 <td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
1887 <td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
1888 <td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
1889 END
1890 ; }
1891
1892 if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) {
1893 print <<END
1894 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
1895 <td><input type='hidden' name='NCSA_BYPASS_REDIR' value='$proxysettings{'NCSA_BYPASS_REDIR'}'></td>
1896 END
1897 ; }
1898
1899 if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) {
1900 print <<END
1901 <td><input type='hidden' name='IDENT_REQUIRED' value='$proxysettings{'IDENT_REQUIRED'}'></td>
1902 <td><input type='hidden' name='IDENT_TIMEOUT' value='$proxysettings{'IDENT_TIMEOUT'}'></td>
1903 <td><input type='hidden' name='IDENT_HOSTS' value='$proxysettings{'IDENT_HOSTS'}'></td>
1904 <td><input type='hidden' name='IDENT_ENABLE_ACL' value='$proxysettings{'IDENT_ENABLE_ACL'}'></td>
1905 <td><input type='hidden' name='IDENT_USER_ACL' value='$proxysettings{'IDENT_USER_ACL'}'></td>
1906 <td><input type='hidden' name='IDENT_ALLOW_USERS' value='$proxysettings{'IDENT_ALLOW_USERS'}'></td>
1907 <td><input type='hidden' name='IDENT_DENY_USERS' value='$proxysettings{'IDENT_DENY_USERS'}'></td>
1908 END
1909 ; }
1910
1911 if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) {
1912 print <<END
1913 <td><input type='hidden' name='LDAP_BASEDN' value='$proxysettings{'LDAP_BASEDN'}'></td>
1914 <td><input type='hidden' name='LDAP_TYPE' value='$proxysettings{'LDAP_TYPE'}'></td>
1915 <td><input type='hidden' name='LDAP_SERVER' value='$proxysettings{'LDAP_SERVER'}'></td>
1916 <td><input type='hidden' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}'></td>
1917 <td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
1918 <td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
1919 <td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
1920 END
1921 ; }
1922
1923 if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) {
1924 print <<END
1925 <td><input type='hidden' name='NTLM_DOMAIN' value='$proxysettings{'NTLM_DOMAIN'}'></td>
1926 <td><input type='hidden' name='NTLM_PDC' value='$proxysettings{'NTLM_PDC'}'></td>
1927 <td><input type='hidden' name='NTLM_BDC' value='$proxysettings{'NTLM_BDC'}'></td>
1928 <td><input type='hidden' name='NTLM_ENABLE_INT_AUTH' value='$proxysettings{'NTLM_ENABLE_INT_AUTH'}'></td>
1929 <td><input type='hidden' name='NTLM_ENABLE_ACL' value='$proxysettings{'NTLM_ENABLE_ACL'}'></td>
1930 <td><input type='hidden' name='NTLM_USER_ACL' value='$proxysettings{'NTLM_USER_ACL'}'></td>
1931 <td><input type='hidden' name='NTLM_ALLOW_USERS' value='$proxysettings{'NTLM_ALLOW_USERS'}'></td>
1932 <td><input type='hidden' name='NTLM_DENY_USERS' value='$proxysettings{'NTLM_DENY_USERS'}'></td>
1933 END
1934 ; }
1935
1936 if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) {
1937 print <<END
1938 <td><input type='hidden' name='RADIUS_SERVER' value='$proxysettings{'RADIUS_SERVER'}'></td>
1939 <td><input type='hidden' name='RADIUS_PORT' value='$proxysettings{'RADIUS_PORT'}'></td>
1940 <td><input type='hidden' name='RADIUS_IDENTIFIER' value='$proxysettings{'RADIUS_IDENTIFIER'}'></td>
1941 <td><input type='hidden' name='RADIUS_SECRET' value='$proxysettings{'RADIUS_SECRET'}'></td>
1942 <td><input type='hidden' name='RADIUS_ENABLE_ACL' value='$proxysettings{'RADIUS_ENABLE_ACL'}'></td>
1943 <td><input type='hidden' name='RADIUS_USER_ACL' value='$proxysettings{'RADIUS_USER_ACL'}'></td>
1944 <td><input type='hidden' name='RADIUS_ALLOW_USERS' value='$proxysettings{'RADIUS_ALLOW_USERS'}'></td>
1945 <td><input type='hidden' name='RADIUS_DENY_USERS' value='$proxysettings{'RADIUS_DENY_USERS'}'></td>
1946 END
1947 ; }
1948
1949 print "</table>\n";
1950
1951 print <<END
1952 <hr size='1'>
1953 END
1954 ;
1955
1956 print <<END
1957 <table width='100%'>
1958 <tr>
1959 <td>&nbsp;</td>
1960 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
1961 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'advproxy save and restart'}' /></td>
1962 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>
1963 <td>&nbsp;</td>
1964 </tr>
1965
1966 </table>
1967 <br />
1968 <table width='100%'>
1969 <tr>
1970 <td><img src='/blob.gif' align='top' alt='*' />&nbsp;
1971 <font class='base'>$Lang::tr{'this field may be blank'}</font>
1972 </td>
1973 <td align='right'>
1974 &nbsp;
1975 </td>
1976 </tr>
1977 </table>
1978 </form>
1979 END
1980 ;
1981
1982 &Header::closebox();
1983
1984 } else {
1985
1986 # ===================================================================
1987 # NCSA user management
1988 # ===================================================================
1989
1990 &Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
1991 print <<END
1992 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
1993 <table width='100%'>
1994 <tr>
1995 <td colspan='4'><b>$Lang::tr{'advproxy NCSA user management'}</b></td>
1996 </tr>
1997 <tr>
1998 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA username'}:</td>
1999 <td width='25%'><input type='text' name='NCSA_USERNAME' value='$proxysettings{'NCSA_USERNAME'}' size='12'
2000 END
2001 ;
2002 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { print " readonly "; }
2003 print <<END
2004 /></td>
2005 <td width='25%' class='base'>$Lang::tr{'advproxy NCSA group'}:</td>
2006 <td class='base'>
2007 <select name='NCSA_GROUP'>
2008 <option value='standard' $selected{'NCSA_GROUP'}{'standard'}>$Lang::tr{'advproxy NCSA grp standard'}</option>
2009 <option value='extended' $selected{'NCSA_GROUP'}{'extended'}>$Lang::tr{'advproxy NCSA grp extended'}</option>
2010 <option value='disabled' $selected{'NCSA_GROUP'}{'disabled'}>$Lang::tr{'advproxy NCSA grp disabled'}</option>
2011 </select>
2012 </td>
2013
2014 </tr>
2015 <tr>
2016 <td class='base'>$Lang::tr{'advproxy NCSA password'}:</td>
2017 <td><input type='password' name='NCSA_PASS' value='$proxysettings{'NCSA_PASS'}' size='14' /></td>
2018 <td class='base'>$Lang::tr{'advproxy NCSA password confirm'}:</td>
2019 <td><input type='password' name='NCSA_PASS_CONFIRM' value='$proxysettings{'NCSA_PASS_CONFIRM'}' size='14' /></td>
2020 </tr>
2021 </table>
2022 <br>
2023 <table>
2024 <tr>
2025 <td>&nbsp;</td>
2026 <td><input type='submit' name='SUBMIT' value='$ncsa_buttontext' /></td>
2027 <td><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /></td>
2028 <td><input type='hidden' name='NCSA_MIN_PASS_LEN' value='$proxysettings{'NCSA_MIN_PASS_LEN'}'></td>
2029 END
2030 ;
2031 if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) {
2032 print "<td><input type='reset' name='ACTION' value='$Lang::tr{'advproxy reset'}' /></td>\n";
2033 }
2034
2035 print <<END
2036 <td>&nbsp;</td>
2037 <td>&nbsp;</td>
2038 <td><input type='button' name='return2main' value='$Lang::tr{'advproxy back to main page'}' onClick='self.location.href="$ENV{'SCRIPT_NAME'}"'></td>
2039 </tr>
2040 </table>
2041 </form>
2042 <hr size='1'>
2043 <table width='100%'>
2044 <tr>
2045 <td><b>$Lang::tr{'advproxy NCSA user accounts'}:</b></td>
2046 </tr>
2047 </table>
2048 <table width='100%' align='center'>
2049 END
2050 ;
2051
2052 if (-e $extgrp)
2053 {
2054 open(FILE, $extgrp); @grouplist = <FILE>; close(FILE);
2055 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
2056 }
2057 if (-e $stdgrp)
2058 {
2059 open(FILE, $stdgrp); @grouplist = <FILE>; close(FILE);
2060 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
2061 }
2062 if (-e $disgrp)
2063 {
2064 open(FILE, $disgrp); @grouplist = <FILE>; close(FILE);
2065 foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
2066 }
2067
2068 @userlist = sort(@userlist);
2069
2070 # If the password file contains entries, print entries and action icons
2071
2072 if (! -z "$userdb") {
2073 print <<END
2074 <tr>
2075 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA username'}</i></b></td>
2076 <td width='30%' class='boldbase' align='center'><b><i>$Lang::tr{'advproxy NCSA group membership'}</i></b></td>
2077 <td class='boldbase' colspan='2' align='center'>&nbsp;</td>
2078 </tr>
2079 END
2080 ;
2081 $id = 0;
2082 foreach $line (@userlist)
2083 {
2084 $id++;
2085 chomp($line);
2086 @temp = split(/:/,$line);
2087 if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
2088 print "<tr bgcolor='$Header::colouryellow'>\n"; }
2089 elsif ($id % 2) {
2090 print "<tr bgcolor='$Header::table1colour'>\n"; }
2091 else {
2092 print "<tr bgcolor='$Header::table2colour'>\n"; }
2093
2094 print <<END
2095 <td align='center'>$temp[0]</td>
2096 <td align='center'>
2097 END
2098 ;
2099 if ($temp[1] eq 'standard') {
2100 print $Lang::tr{'advproxy NCSA grp standard'};
2101 } elsif ($temp[1] eq 'extended') {
2102 print $Lang::tr{'advproxy NCSA grp extended'};
2103 } elsif ($temp[1] eq 'disabled') {
2104 print $Lang::tr{'advproxy NCSA grp disabled'}; }
2105 print <<END
2106 </td>
2107 <td width='8%' align='center'>
2108 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
2109 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
2110 <input type='hidden' name='ID' value='$line' />
2111 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2112 </form>
2113 </td>
2114
2115 <td width='8%' align='center'>
2116 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
2117 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
2118 <input type='hidden' name='ID' value='$temp[0]' />
2119 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2120 </form>
2121 </td>
2122 </tr>
2123 END
2124 ;
2125 }
2126
2127 print <<END
2128 </table>
2129 <br>
2130 <table witdh='100%'>
2131 <tr>
2132 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2133 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2134 <td class='base'>$Lang::tr{'edit'}</td>
2135 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2136 <td class='base'>$Lang::tr{'remove'}</td>
2137 </tr>
2138 END
2139 ;
2140 } else {
2141 print <<END
2142 <tr>
2143 <td><i>$Lang::tr{'advproxy NCSA no accounts'}</i></td>
2144 </tr>
2145 END
2146 ;
2147 }
2148
2149 print <<END
2150 </table>
2151 END
2152 ;
2153
2154 &Header::closebox();
2155
2156 }
2157
2158 # ===================================================================
2159
2160 &Header::closebigbox();
2161
2162 &Header::closepage();
2163
2164 # -------------------------------------------------------------------
2165
2166 sub read_acls
2167 {
2168 if (-e "$acl_src_subnets") {
2169 open(FILE,"$acl_src_subnets");
2170 delete $proxysettings{'SRC_SUBNETS'};
2171 while (<FILE>) { $proxysettings{'SRC_SUBNETS'} .= $_ };
2172 close(FILE);
2173 }
2174 if (-e "$acl_src_banned_ip") {
2175 open(FILE,"$acl_src_banned_ip");
2176 delete $proxysettings{'SRC_BANNED_IP'};
2177 while (<FILE>) { $proxysettings{'SRC_BANNED_IP'} .= $_ };
2178 close(FILE);
2179 }
2180 if (-e "$acl_src_banned_mac") {
2181 open(FILE,"$acl_src_banned_mac");
2182 delete $proxysettings{'SRC_BANNED_MAC'};
2183 while (<FILE>) { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
2184 close(FILE);
2185 }
2186 if (-e "$acl_src_unrestricted_ip") {
2187 open(FILE,"$acl_src_unrestricted_ip");
2188 delete $proxysettings{'SRC_UNRESTRICTED_IP'};
2189 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
2190 close(FILE);
2191 }
2192 if (-e "$acl_src_unrestricted_mac") {
2193 open(FILE,"$acl_src_unrestricted_mac");
2194 delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
2195 while (<FILE>) { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
2196 close(FILE);
2197 }
2198 if (-e "$acl_dst_nocache") {
2199 open(FILE,"$acl_dst_nocache");
2200 delete $proxysettings{'DST_NOCACHE'};
2201 while (<FILE>) { $proxysettings{'DST_NOCACHE'} .= $_ };
2202 close(FILE);
2203 }
2204 if (-e "$acl_dst_noauth") {
2205 open(FILE,"$acl_dst_noauth");
2206 delete $proxysettings{'DST_NOAUTH'};
2207 while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
2208 close(FILE);
2209 }
2210 if (-e "$mimetypes") {
2211 open(FILE,"$mimetypes");
2212 delete $proxysettings{'MIME_TYPES'};
2213 while (<FILE>) { $proxysettings{'MIME_TYPES'} .= $_ };
2214 close(FILE);
2215 }
2216 if (-e "$ntlmdir/msntauth.allowusers") {
2217 open(FILE,"$ntlmdir/msntauth.allowusers");
2218 delete $proxysettings{'NTLM_ALLOW_USERS'};
2219 while (<FILE>) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
2220 close(FILE);
2221 }
2222 if (-e "$ntlmdir/msntauth.denyusers") {
2223 open(FILE,"$ntlmdir/msntauth.denyusers");
2224 delete $proxysettings{'NTLM_DENY_USERS'};
2225 while (<FILE>) { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
2226 close(FILE);
2227 }
2228 if (-e "$raddir/radauth.allowusers") {
2229 open(FILE,"$raddir/radauth.allowusers");
2230 delete $proxysettings{'RADIUS_ALLOW_USERS'};
2231 while (<FILE>) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
2232 close(FILE);
2233 }
2234 if (-e "$raddir/radauth.denyusers") {
2235 open(FILE,"$raddir/radauth.denyusers");
2236 delete $proxysettings{'RADIUS_DENY_USERS'};
2237 while (<FILE>) { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
2238 close(FILE);
2239 }
2240 if (-e "$identdir/identauth.allowusers") {
2241 open(FILE,"$identdir/identauth.allowusers");
2242 delete $proxysettings{'IDENT_ALLOW_USERS'};
2243 while (<FILE>) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
2244 close(FILE);
2245 }
2246 if (-e "$identdir/identauth.denyusers") {
2247 open(FILE,"$identdir/identauth.denyusers");
2248 delete $proxysettings{'IDENT_DENY_USERS'};
2249 while (<FILE>) { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
2250 close(FILE);
2251 }
2252 if (-e "$identhosts") {
2253 open(FILE,"$identhosts");
2254 delete $proxysettings{'IDENT_HOSTS'};
2255 while (<FILE>) { $proxysettings{'IDENT_HOSTS'} .= $_ };
2256 close(FILE);
2257 }
2258 if (-e "$cre_groups") {
2259 open(FILE,"$cre_groups");
2260 delete $proxysettings{'CRE_GROUPS'};
2261 while (<FILE>) { $proxysettings{'CRE_GROUPS'} .= $_ };
2262 close(FILE);
2263 }
2264 if (-e "$cre_svhosts") {
2265 open(FILE,"$cre_svhosts");
2266 delete $proxysettings{'CRE_SVHOSTS'};
2267 while (<FILE>) { $proxysettings{'CRE_SVHOSTS'} .= $_ };
2268 close(FILE);
2269 }
2270 }
2271
2272 # -------------------------------------------------------------------
2273
2274 sub check_acls
2275 {
2276 @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
2277 undef $proxysettings{'SRC_SUBNETS'};
2278 foreach (@temp)
2279 {
2280 s/^\s+//g; s/\s+$//g;
2281 if ($_)
2282 {
2283 unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2284 $proxysettings{'SRC_SUBNETS'} .= $_."\n";
2285 }
2286 }
2287
2288 @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
2289 undef $proxysettings{'SRC_BANNED_IP'};
2290 foreach (@temp)
2291 {
2292 s/^\s+//g; s/\s+$//g;
2293 if ($_)
2294 {
2295 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2296 $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
2297 }
2298 }
2299
2300 @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
2301 undef $proxysettings{'SRC_BANNED_MAC'};
2302 foreach (@temp)
2303 {
2304 s/^\s+//g; s/\s+$//g; s/-/:/g;
2305 if ($_)
2306 {
2307 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2308 $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
2309 }
2310 }
2311
2312 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
2313 undef $proxysettings{'SRC_UNRESTRICTED_IP'};
2314 foreach (@temp)
2315 {
2316 s/^\s+//g; s/\s+$//g;
2317 if ($_)
2318 {
2319 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2320 $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
2321 }
2322 }
2323
2324 @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
2325 undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
2326 foreach (@temp)
2327 {
2328 s/^\s+//g; s/\s+$//g; s/-/:/g;
2329 if ($_)
2330 {
2331 unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
2332 $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
2333 }
2334 }
2335
2336 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2337 {
2338 @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
2339 undef $proxysettings{'NTLM_ALLOW_USERS'};
2340 foreach (@temp)
2341 {
2342 s/^\s+//g; s/\s+$//g;
2343 if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
2344 }
2345 if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2346 }
2347
2348 if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2349 {
2350 @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
2351 undef $proxysettings{'NTLM_DENY_USERS'};
2352 foreach (@temp)
2353 {
2354 s/^\s+//g; s/\s+$//g;
2355 if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
2356 }
2357 if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2358 }
2359
2360 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2361 {
2362 @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
2363 undef $proxysettings{'IDENT_ALLOW_USERS'};
2364 foreach (@temp)
2365 {
2366 s/^\s+//g; s/\s+$//g;
2367 if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
2368 }
2369 if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2370 }
2371
2372 if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2373 {
2374 @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
2375 undef $proxysettings{'IDENT_DENY_USERS'};
2376 foreach (@temp)
2377 {
2378 s/^\s+//g; s/\s+$//g;
2379 if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
2380 }
2381 if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2382 }
2383
2384 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2385 {
2386 @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
2387 undef $proxysettings{'RADIUS_ALLOW_USERS'};
2388 foreach (@temp)
2389 {
2390 s/^\s+//g; s/\s+$//g;
2391 if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
2392 }
2393 if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2394 }
2395
2396 if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2397 {
2398 @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
2399 undef $proxysettings{'RADIUS_DENY_USERS'};
2400 foreach (@temp)
2401 {
2402 s/^\s+//g; s/\s+$//g;
2403 if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
2404 }
2405 if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
2406 }
2407
2408 @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
2409 undef $proxysettings{'IDENT_HOSTS'};
2410 foreach (@temp)
2411 {
2412 s/^\s+//g; s/\s+$//g;
2413 if ($_)
2414 {
2415 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2416 $proxysettings{'IDENT_HOSTS'} .= $_."\n";
2417 }
2418 }
2419
2420 @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
2421 undef $proxysettings{'CRE_SVHOSTS'};
2422 foreach (@temp)
2423 {
2424 s/^\s+//g; s/\s+$//g;
2425 if ($_)
2426 {
2427 unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
2428 $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
2429 }
2430 }
2431 }
2432
2433
2434 # -------------------------------------------------------------------
2435
2436 sub write_acls
2437 {
2438 open(FILE, ">$acl_src_subnets");
2439 flock(FILE, 2);
2440 print FILE $proxysettings{'SRC_SUBNETS'};
2441 close(FILE);
2442
2443 open(FILE, ">$acl_src_banned_ip");
2444 flock(FILE, 2);
2445 print FILE $proxysettings{'SRC_BANNED_IP'};
2446 close(FILE);
2447
2448 open(FILE, ">$acl_src_banned_mac");
2449 flock(FILE, 2);
2450 print FILE $proxysettings{'SRC_BANNED_MAC'};
2451 close(FILE);
2452
2453 open(FILE, ">$acl_src_unrestricted_ip");
2454 flock(FILE, 2);
2455 print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
2456 close(FILE);
2457
2458 open(FILE, ">$acl_src_unrestricted_mac");
2459 flock(FILE, 2);
2460 print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
2461 close(FILE);
2462
2463 open(FILE, ">$acl_dst_nocache");
2464 flock(FILE, 2);
2465 print FILE $proxysettings{'DST_NOCACHE'};
2466 close(FILE);
2467
2468 open(FILE, ">$acl_dst_noauth");
2469 flock(FILE, 2);
2470 print FILE $proxysettings{'DST_NOAUTH'};
2471 close(FILE);
2472
2473 open(FILE, ">$acl_dst_throttle");
2474 flock(FILE, 2);
2475 if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
2476 {
2477 @temp = split(/\|/,$throttle_binary);
2478 foreach (@temp) { print FILE "\\.$_\$\n"; }
2479 }
2480 if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
2481 {
2482 @temp = split(/\|/,$throttle_dskimg);
2483 foreach (@temp) { print FILE "\\.$_\$\n"; }
2484 }
2485 if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
2486 {
2487 @temp = split(/\|/,$throttle_mmedia);
2488 foreach (@temp) { print FILE "\\.$_\$\n"; }
2489 }
2490 if (-s $throttled_urls)
2491 {
2492 open(URLFILE, $throttled_urls);
2493 @temp = <URLFILE>;
2494 close(URLFILE);
2495 foreach (@temp) { print FILE; }
2496 }
2497 close(FILE);
2498
2499 open(FILE, ">$mimetypes");
2500 flock(FILE, 2);
2501 print FILE $proxysettings{'MIME_TYPES'};
2502 close(FILE);
2503
2504 open(FILE, ">$ntlmdir/msntauth.allowusers");
2505 flock(FILE, 2);
2506 print FILE $proxysettings{'NTLM_ALLOW_USERS'};
2507 close(FILE);
2508
2509 open(FILE, ">$ntlmdir/msntauth.denyusers");
2510 flock(FILE, 2);
2511 print FILE $proxysettings{'NTLM_DENY_USERS'};
2512 close(FILE);
2513
2514 open(FILE, ">$raddir/radauth.allowusers");
2515 flock(FILE, 2);
2516 print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
2517 close(FILE);
2518
2519 open(FILE, ">$raddir/radauth.denyusers");
2520 flock(FILE, 2);
2521 print FILE $proxysettings{'RADIUS_DENY_USERS'};
2522 close(FILE);
2523
2524 open(FILE, ">$identdir/identauth.allowusers");
2525 flock(FILE, 2);
2526 print FILE $proxysettings{'IDENT_ALLOW_USERS'};
2527 close(FILE);
2528
2529 open(FILE, ">$identdir/identauth.denyusers");
2530 flock(FILE, 2);
2531 print FILE $proxysettings{'IDENT_DENY_USERS'};
2532 close(FILE);
2533
2534 open(FILE, ">$identhosts");
2535 flock(FILE, 2);
2536 print FILE $proxysettings{'IDENT_HOSTS'};
2537 close(FILE);
2538
2539 open(FILE, ">$cre_groups");
2540 flock(FILE, 2);
2541 print FILE $proxysettings{'CRE_GROUPS'};
2542 close(FILE);
2543
2544 open(FILE, ">$cre_svhosts");
2545 flock(FILE, 2);
2546 print FILE $proxysettings{'CRE_SVHOSTS'};
2547 close(FILE);
2548 }
2549
2550 # -------------------------------------------------------------------
2551
2552 sub writepacfile
2553 {
2554 open(FILE, ">/home/httpd/html/proxy.pac");
2555 flock(FILE, 2);
2556 print FILE "function FindProxyForURL(url, host)\n";
2557 print FILE "{\n";
2558 if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2559 {
2560 print FILE <<END
2561 if (
2562 (isPlainHostName(host)) ||
2563 (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
2564 (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
2565 (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
2566 (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
2567 (isInNet(host, "192.168.0.0", "255.255.0.0"))
2568 )
2569 return "DIRECT";
2570
2571 else
2572
2573 END
2574 ;
2575 if ($proxysettings{'ENABLE'} eq 'on')
2576 {
2577 print FILE <<END
2578 if (
2579 (isInNet(myIpAddress(), "$netsettings{'GREEN_NETADDRESS'}", "$netsettings{'GREEN_NETMASK'}"))
2580 )
2581 return "PROXY $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2582 END
2583 ;
2584 }
2585 if (($proxysettings{'ENABLE'} eq 'on') && ($proxysettings{'ENABLE_BLUE'} eq 'on') && ($netsettings{'BLUE_DEV'}))
2586 {
2587 print FILE "\n else\n\n";
2588 }
2589 if (($netsettings{'BLUE_DEV'}) && ($proxysettings{'ENABLE_BLUE'} eq 'on'))
2590 {
2591 print FILE <<END
2592 if (
2593 (isInNet(myIpAddress(), "$netsettings{'BLUE_NETADDRESS'}", "$netsettings{'BLUE_NETMASK'}"))
2594 )
2595 return "PROXY $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
2596 END
2597 ;
2598 }
2599 }
2600 print FILE "}\n";
2601 close(FILE);
2602 }
2603
2604 # -------------------------------------------------------------------
2605
2606 sub writeconfig
2607 {
2608 my $authrealm;
2609 my $delaypools;
2610
2611 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} +
2612 $proxysettings{'THROTTLING_GREEN_HOST'} +
2613 $proxysettings{'THROTTLING_BLUE_TOTAL'} +
2614 $proxysettings{'THROTTLING_BLUE_HOST'} gt 0)
2615 {
2616 $delaypools = 1; } else { $delaypools = 0;
2617 }
2618
2619 if ($proxysettings{'AUTH_REALM'} eq '')
2620 {
2621 $authrealm = "IPFire Advanced Proxy Server";
2622 } else {
2623 $authrealm = $proxysettings{'AUTH_REALM'};
2624 }
2625
2626 $_ = $proxysettings{'UPSTREAM_PROXY'};
2627 my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
2628
2629 if ($remoteport eq '') { $remoteport = 80; }
2630
2631 open(FILE, ">${General::swroot}/proxy/squid.conf");
2632 flock(FILE, 2);
2633 print FILE <<END
2634 shutdown_lifetime 5 seconds
2635 icp_port 0
2636
2637 http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}
2638 END
2639 ;
2640 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2641 print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
2642 }
2643
2644 print FILE <<END
2645
2646 acl QUERY urlpath_regex cgi-bin \\?
2647 no_cache deny QUERY
2648 END
2649 ;
2650 if (!-z $acl_dst_nocache) {
2651 print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
2652 print FILE "no_cache deny no_cache_domains\n";
2653 }
2654
2655 print FILE <<END
2656
2657 cache_effective_user squid
2658 cache_effective_group squid
2659
2660 pid_filename /var/run/squid.pid
2661
2662 cache_mem $proxysettings{'CACHE_MEM'} MB
2663 cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DIRS'} 256
2664
2665 error_directory /usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}
2666
2667 END
2668 ;
2669
2670 if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; }
2671
2672 if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU')))
2673 {
2674 if (!($proxysettings{'MEM_POLICY'} eq 'LRU'))
2675 {
2676 print FILE "memory_replacement_policy $proxysettings{'MEM_POLICY'}\n";
2677 }
2678 if (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))
2679 {
2680 print FILE "cache_replacement_policy $proxysettings{'CACHE_POLICY'}\n";
2681 }
2682 print FILE "\n";
2683 }
2684
2685 if ($proxysettings{'LOGGING'} eq 'on')
2686 {
2687 print FILE <<END
2688 cache_access_log /var/log/squid/access.log
2689 cache_log /var/log/squid/cache.log
2690 cache_store_log none
2691 END
2692 ;
2693 if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
2694 if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
2695 } else {
2696 print FILE <<END
2697 cache_access_log /dev/null
2698 cache_log /dev/null
2699 cache_store_log none
2700 END
2701 ;}
2702 print FILE <<END
2703
2704 log_mime_hdrs off
2705 END
2706 ;
2707
2708 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'on')
2709 {
2710 print FILE "forwarded_for on\n\n";
2711 } else {
2712 print FILE "forwarded_for off\n\n";
2713 }
2714
2715 if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
2716 {
2717 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2718 {
2719 print FILE "auth_param basic program $libexecdir/ncsa_auth $userdb\n";
2720 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2721 print FILE "auth_param basic realm $authrealm\n";
2722 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2723 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2724 }
2725
2726 if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
2727 {
2728 print FILE "auth_param basic program $libexecdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
2729 if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
2730 if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
2731 if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
2732 {
2733 if ($proxysettings{'LDAP_GROUP'} eq '')
2734 {
2735 print FILE " -f \"(\&(objectClass=person)(sAMAccountName=\%s))\"";
2736 } else {
2737 print FILE " -f \"(\&(\&(objectClass=person)(sAMAccountName=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2738 }
2739 print FILE " -u sAMAccountName -P";
2740 }
2741 if ($proxysettings{'LDAP_TYPE'} eq 'NDS')
2742 {
2743 if ($proxysettings{'LDAP_GROUP'} eq '')
2744 {
2745 print FILE " -f \"(\&(objectClass=person)(cn=\%s))\"";
2746 } else {
2747 print FILE " -f \"(\&(\&(objectClass=person)(cn=\%s))(groupMembership=$proxysettings{'LDAP_GROUP'}))\"";
2748 }
2749 print FILE " -u cn -P";
2750 }
2751 if (($proxysettings{'LDAP_TYPE'} eq 'V2') || ($proxysettings{'LDAP_TYPE'} eq 'V3'))
2752 {
2753 if ($proxysettings{'LDAP_GROUP'} eq '')
2754 {
2755 print FILE " -f \"(\&(objectClass=person)(uid=\%s))\"";
2756 } else {
2757 print FILE " -f \"(\&(\&(objectClass=person)(uid=\%s))(memberOf=$proxysettings{'LDAP_GROUP'}))\"";
2758 }
2759 if ($proxysettings{'LDAP_TYPE'} eq 'V2') { print FILE " -v 2"; }
2760 if ($proxysettings{'LDAP_TYPE'} eq 'V3') { print FILE " -v 3"; }
2761 print FILE " -u uid -P";
2762 }
2763 print FILE " $proxysettings{'LDAP_SERVER'}:$proxysettings{'LDAP_PORT'}\n";
2764 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2765 print FILE "auth_param basic realm $authrealm\n";
2766 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2767 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2768 }
2769
2770 if ($proxysettings{'AUTH_METHOD'} eq 'ntlm')
2771 {
2772 if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
2773 {
2774 print FILE "auth_param ntlm program $libexecdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
2775 if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
2776 print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
2777 print FILE "auth_param ntlm max_challenge_reuses 0\n";
2778 print FILE "auth_param ntlm max_challenge_lifetime 2 minutes\n";
2779 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2780 } else {
2781 print FILE "auth_param basic program $libexecdir/msnt_auth\n";
2782 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2783 print FILE "auth_param basic realm $authrealm\n";
2784 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2785 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2786
2787 open(MSNTCONF, ">$ntlmdir/msntauth.conf");
2788 flock(MSNTCONF,2);
2789 print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
2790 if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
2791 print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
2792 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
2793 {
2794 if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
2795 {
2796 print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
2797 } else {
2798 print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
2799 }
2800 }
2801 close(MSNTCONF);
2802 }
2803 }
2804
2805 if ($proxysettings{'AUTH_METHOD'} eq 'radius')
2806 {
2807 print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
2808 if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
2809 print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
2810 print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
2811 print FILE "auth_param basic realm $authrealm\n";
2812 print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
2813 if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
2814 }
2815
2816 print FILE "\n";
2817 print FILE "acl for_inetusers proxy_auth REQUIRED\n";
2818 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
2819 {
2820 if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
2821 {
2822 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
2823 }
2824 if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
2825 {
2826 print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
2827 }
2828 }
2829 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
2830 {
2831 if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
2832 {
2833 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
2834 }
2835 if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
2836 {
2837 print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
2838 }
2839 }
2840 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
2841 {
2842 print FILE "\n";
2843 if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
2844 if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
2845 }
2846 if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
2847 print FILE "\n";
2848
2849 if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; }
2850 }
2851
2852 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2853 {
2854 if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
2855 {
2856 print FILE "acl for_inetusers ident REQUIRED\n";
2857 }
2858 if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
2859 {
2860 if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
2861 {
2862 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
2863 }
2864 if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
2865 {
2866 print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
2867 }
2868 }
2869 }
2870
2871 if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
2872
2873 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
2874
2875 print FILE "acl within_timeframe time ";
2876 if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
2877 if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
2878 if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
2879 if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
2880 if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
2881 if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
2882 if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
2883 print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
2884 print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
2885 print FILE "$proxysettings{'TIME_TO_HOUR'}:";
2886 print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
2887
2888 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
2889 print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
2890 }
2891
2892 print FILE <<END
2893 acl all src 0.0.0.0/0.0.0.0
2894 acl localhost src 127.0.0.1/255.255.255.255
2895 acl SSL_ports port 443 563
2896 acl Safe_ports port 80 # http
2897 acl Safe_ports port 21 # ftp
2898 acl Safe_ports port 443 563 # https, snews
2899 acl Safe_ports port 70 # gopher
2900 acl Safe_ports port 210 # wais
2901 acl Safe_ports port 1025-65535 # unregistered ports
2902 acl Safe_ports port 280 # http-mgmt
2903 acl Safe_ports port 488 # gss-http
2904 acl Safe_ports port 591 # filemaker
2905 acl Safe_ports port 777 # multiling http
2906 acl Safe_ports port 800 # Squids port (for icons)
2907
2908 acl IPCop_http port 81
2909 acl IPCop_https port 445
2910 acl IPCop_ips dst $netsettings{'GREEN_ADDRESS'}
2911 acl IPCop_networks src "$acl_src_subnets"
2912 acl IPCop_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
2913 END
2914 ;
2915 if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPCop_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
2916 if (!-z $acl_src_banned_ip) { print FILE "acl IPCop_banned_ips src \"$acl_src_banned_ip\"\n"; }
2917 if (!-z $acl_src_banned_mac) { print FILE "acl IPCop_banned_mac arp \"$acl_src_banned_mac\"\n"; }
2918 if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPCop_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
2919 if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPCop_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
2920 print FILE <<END
2921 acl CONNECT method CONNECT
2922 END
2923 ;
2924
2925 if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
2926 print FILE <<END
2927
2928 #Classroom extensions
2929 acl IPCop_no_access_ips src "$acl_src_noaccess_ip"
2930 acl IPCop_no_access_mac arp "$acl_src_noaccess_mac"
2931 END
2932 ;
2933 print FILE "deny_info ";
2934 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2935 print FILE "ERR_ACCESS_DISABLED";
2936 } else { print FILE "ERR_ACCESS_DENIED"; }
2937 print FILE " IPCop_no_access_ips\n";
2938 print FILE "deny_info ";
2939 if (-e "/usr/lib/squid/errors/$proxysettings{'ERR_LANGUAGE'}/ERR_ACCESS_DISABLED") {
2940 print FILE "ERR_ACCESS_DISABLED";
2941 } else { print FILE "ERR_ACCESS_DENIED"; }
2942 print FILE " IPCop_no_access_mac\n";
2943
2944 print FILE <<END
2945 http_access deny IPCop_no_access_ips
2946 http_access deny IPCop_no_access_mac
2947 END
2948 ;
2949 }
2950
2951 #Insert acl file and replace __VAR__ with correct values
2952 my $blue_net = ''; #BLUE empty by default
2953 my $blue_ip = '';
2954 if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
2955 $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
2956 $blue_ip = "$netsettings{'BLUE_ADDRESS'}";
2957 }
2958 if (!-z $acl_include)
2959 {
2960 open (ACL, "$acl_include");
2961 print FILE "\n#Start of custom includes\n";
2962 while (<ACL>) {
2963 $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
2964 $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
2965 $_ =~ s/__BLUE_IP__/$blue_ip/;
2966 $_ =~ s/__BLUE_NET__/$blue_net/;
2967 print FILE $_;
2968 }
2969 print FILE "#End of custom includes\n";
2970 close (ACL);
2971 }
2972 if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
2973 print FILE <<END
2974
2975 #Access to squid:
2976 #local machine, no restriction
2977 http_access allow localhost
2978
2979 #GUI admin if local machine connects
2980 http_access allow IPCop_ips IPCop_networks IPCop_http
2981 http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
2982
2983 #Deny not web services
2984 http_access deny !Safe_ports
2985 http_access deny CONNECT !SSL_ports
2986
2987 END
2988 ;
2989
2990 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
2991 {
2992 print FILE "#Set ident ACLs\n";
2993 if (!-z $identhosts)
2994 {
2995 print FILE "acl on_ident_aware_hosts src \"$identhosts\"\n";
2996 print FILE "ident_lookup_access allow on_ident_aware_hosts\n";
2997 print FILE "ident_lookup_access deny all\n";
2998 } else {
2999 print FILE "ident_lookup_access allow all\n";
3000 }
3001 print FILE "ident_timeout $proxysettings{'IDENT_TIMEOUT'} seconds\n\n";
3002 }
3003
3004 if ($delaypools) {
3005 print FILE "#Set download throttling\n";
3006
3007 if ($netsettings{'BLUE_DEV'})
3008 {
3009 print FILE "delay_pools 2\n";
3010 } else {
3011 print FILE "delay_pools 1\n";
3012 }
3013
3014 print FILE "delay_class 1 3\n";
3015 if ($netsettings{'BLUE_DEV'}) { print FILE "delay_class 2 3\n"; }
3016
3017 print FILE "delay_parameters 1 ";
3018 if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 'unlimited')
3019 {
3020 print FILE "-1/-1";
3021 } else {
3022 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 125;
3023 print FILE "/";
3024 print FILE $proxysettings{'THROTTLING_GREEN_TOTAL'} * 250;
3025 }
3026
3027 print FILE " -1/-1 ";
3028 if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 'unlimited')
3029 {
3030 print FILE "-1/-1";
3031 } else {
3032 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 125;
3033 print FILE "/";
3034 print FILE $proxysettings{'THROTTLING_GREEN_HOST'} * 250;
3035 }
3036 print FILE "\n";
3037
3038 if ($netsettings{'BLUE_DEV'})
3039 {
3040 print FILE "delay_parameters 2 ";
3041 if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 'unlimited')
3042 {
3043 print FILE "-1/-1";
3044 } else {
3045 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 125;
3046 print FILE "/";
3047 print FILE $proxysettings{'THROTTLING_BLUE_TOTAL'} * 250;
3048 }
3049 print FILE " -1/-1 ";
3050 if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 'unlimited')
3051 {
3052 print FILE "-1/-1";
3053 } else {
3054 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 125;
3055 print FILE "/";
3056 print FILE $proxysettings{'THROTTLING_BLUE_HOST'} * 250;
3057 }
3058 print FILE "\n";
3059 }
3060
3061 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
3062 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
3063 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
3064
3065 if ($netsettings{'BLUE_DEV'})
3066 {
3067 print FILE "delay_access 1 allow IPCop_green_network";
3068 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3069 print FILE "\n";
3070 print FILE "delay_access 1 deny all\n";
3071 } else {
3072 print FILE "delay_access 1 allow all";
3073 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3074 print FILE "\n";
3075 }
3076
3077 if ($netsettings{'BLUE_DEV'})
3078 {
3079 if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
3080 if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
3081 if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
3082 print FILE "delay_access 2 allow IPCop_blue_network";
3083 if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
3084 print FILE "\n";
3085 print FILE "delay_access 2 deny all\n";
3086 }
3087
3088 print FILE "delay_initial_bucket_level 100%\n";
3089 print FILE "\n";
3090 }
3091 print FILE <<END
3092 #Set custom configured ACLs
3093 END
3094 ;
3095 if (!-z $acl_src_banned_ip) { print FILE "http_access deny IPCop_banned_ips\n"; }
3096 if (!-z $acl_src_banned_mac) { print FILE "http_access deny IPCop_banned_mac\n"; }
3097
3098 if ((!-z $acl_dst_noauth) && (!($proxysettings{'AUTH_METHOD'} eq 'none')))
3099 {
3100 if (!-z $acl_src_unrestricted_ip)
3101 {
3102 print FILE "http_access allow IPCop_unrestricted_ips to_domains_without_auth\n";
3103 }
3104 if (!-z $acl_src_unrestricted_mac)
3105 {
3106 print FILE "http_access allow IPCop_unrestricted_mac to_domains_without_auth\n";
3107 }
3108 print FILE "http_access allow IPCop_networks";
3109 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3110 print FILE " !within_timeframe";
3111 } else {
3112 print FILE " within_timeframe"; }
3113 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3114 print FILE " to_domains_without_auth\n";
3115 }
3116
3117 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on'))
3118 {
3119 print FILE "http_access deny !for_inetusers";
3120 if (!-z $identhosts) { print FILE " on_ident_aware_hosts"; }
3121 print FILE "\n";
3122 }
3123
3124 if (
3125 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3126 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on') &&
3127 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3128 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3129 (!-z "$identdir/identauth.denyusers")
3130 )
3131 {
3132 print FILE "http_access deny for_acl_users";
3133 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3134 print FILE "\n";
3135 }
3136
3137 if (!-z $acl_src_unrestricted_ip)
3138 {
3139 print FILE "http_access allow IPCop_unrestricted_ips";
3140 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3141 {
3142 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3143 {
3144 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3145 }
3146 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3147 {
3148 print FILE " for_inetusers";
3149 }
3150 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3151 {
3152 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3153 {
3154 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3155 {
3156 print FILE " for_acl_users";
3157 }
3158 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3159 {
3160 print FILE " !for_acl_users";
3161 }
3162 } else { print FILE " for_inetusers"; }
3163 }
3164 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3165 {
3166 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3167 {
3168 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3169 {
3170 print FILE " for_acl_users";
3171 }
3172 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3173 {
3174 print FILE " !for_acl_users";
3175 }
3176 } else { print FILE " for_inetusers"; }
3177 }
3178 }
3179 print FILE "\n";
3180 }
3181
3182 if (!-z $acl_src_unrestricted_mac)
3183 {
3184 print FILE "http_access allow IPCop_unrestricted_mac";
3185 if ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'on')
3186 {
3187 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3188 {
3189 if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; }
3190 }
3191 if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius'))
3192 {
3193 print FILE " for_inetusers";
3194 }
3195 if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on'))
3196 {
3197 if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
3198 {
3199 if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers"))
3200 {
3201 print FILE " for_acl_users";
3202 }
3203 if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers"))
3204 {
3205 print FILE " !for_acl_users";
3206 }
3207 } else { print FILE " for_inetusers"; }
3208 }
3209 if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
3210 {
3211 if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')
3212 {
3213 if (($proxysettings{'RADIUS_USER_ACL'} eq 'positive') && (!-z "$raddir/radauth.allowusers"))
3214 {
3215 print FILE " for_acl_users";
3216 }
3217 if (($proxysettings{'RADIUS_USER_ACL'} eq 'negative') && (!-z "$raddir/radauth.denyusers"))
3218 {
3219 print FILE " !for_acl_users";
3220 }
3221 } else { print FILE " for_inetusers"; }
3222 }
3223 }
3224 print FILE "\n";
3225 }
3226
3227 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3228 {
3229 if (!-z $disgrp) { print FILE "http_access deny for_disabled_users\n"; }
3230 if (!-z $extgrp) { print FILE "http_access allow IPCop_networks for_extended_users\n"; }
3231 }
3232
3233 if (
3234 (
3235 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3236 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3237 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3238 ($proxysettings{'NTLM_USER_ACL'} eq 'negative') &&
3239 (!-z "$ntlmdir/msntauth.denyusers")
3240 )
3241 ||
3242 (
3243 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3244 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3245 ($proxysettings{'RADIUS_USER_ACL'} eq 'negative') &&
3246 (!-z "$raddir/radauth.denyusers")
3247 )
3248 ||
3249 (
3250 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3251 ($proxysettings{'AUTH_ALWAYS_REQUIRED'} eq 'off') &&
3252 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3253 ($proxysettings{'IDENT_USER_ACL'} eq 'negative') &&
3254 (!-z "$identdir/identauth.denyusers")
3255 )
3256 )
3257 {
3258 print FILE "http_access deny for_acl_users";
3259 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && (!-z "$identdir/hosts")) { print FILE " on_ident_aware_hosts"; }
3260 print FILE "\n";
3261 }
3262
3263 if (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on') && (!-z "$identhosts"))
3264 {
3265 print FILE "http_access allow";
3266 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3267 print FILE " !within_timeframe";
3268 } else {
3269 print FILE " within_timeframe"; }
3270 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3271 print FILE " !on_ident_aware_hosts\n";
3272 }
3273
3274 print FILE "http_access allow IPCop_networks";
3275 if (
3276 (
3277 ($proxysettings{'AUTH_METHOD'} eq 'ntlm') &&
3278 ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') &&
3279 ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') &&
3280 ($proxysettings{'NTLM_USER_ACL'} eq 'positive') &&
3281 (!-z "$ntlmdir/msntauth.allowusers")
3282 )
3283 ||
3284 (
3285 ($proxysettings{'AUTH_METHOD'} eq 'radius') &&
3286 ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&
3287 ($proxysettings{'RADIUS_USER_ACL'} eq 'positive') &&
3288 (!-z "$raddir/radauth.allowusers")
3289 )
3290 ||
3291 (
3292 ($proxysettings{'AUTH_METHOD'} eq 'ident') &&
3293 ($proxysettings{'IDENT_REQUIRED'} eq 'on') &&
3294 ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') &&
3295 ($proxysettings{'IDENT_USER_ACL'} eq 'positive') &&
3296 (!-z "$identdir/identauth.allowusers")
3297 )
3298 )
3299 {
3300 print FILE " for_acl_users";
3301 } elsif (((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident'))) ||
3302 (($proxysettings{'AUTH_METHOD'} eq 'ident') && ($proxysettings{'IDENT_REQUIRED'} eq 'on'))) {
3303 print FILE " for_inetusers";
3304 }
3305 if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && (!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
3306 {
3307 print FILE " !concurrent";
3308 }
3309 if ($proxysettings{'TIME_ACCESS_MODE'} eq 'deny') {
3310 print FILE " !within_timeframe";
3311 } else {
3312 print FILE " within_timeframe"; }
3313 if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
3314 print FILE "\n";
3315
3316 print FILE "http_access deny all\n\n";
3317
3318 if (($proxysettings{'FORWARD_IPADDRESS'} eq 'off') || ($proxysettings{'FORWARD_VIA'} eq 'off') ||
3319 (!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3320 {
3321 print FILE "#Strip HTTP Header\n";
3322
3323 if ($proxysettings{'FORWARD_IPADDRESS'} eq 'off')
3324 {
3325 print FILE "header_access X-Forwarded-For deny all\n";
3326 }
3327 if ($proxysettings{'FORWARD_VIA'} eq 'off')
3328 {
3329 print FILE "header_access Via deny all\n";
3330 }
3331 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3332 {
3333 print FILE "header_access User-Agent deny all\n";
3334 }
3335 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3336 {
3337 print FILE "header_access Referer deny all\n";
3338 }
3339
3340 print FILE "\n";
3341
3342 if ((!($proxysettings{'FAKE_USERAGENT'} eq '')) || (!($proxysettings{'FAKE_REFERER'} eq '')))
3343 {
3344 if (!($proxysettings{'FAKE_USERAGENT'} eq ''))
3345 {
3346 print FILE "header_replace User-Agent $proxysettings{'FAKE_USERAGENT'}\n";
3347 }
3348 if (!($proxysettings{'FAKE_REFERER'} eq ''))
3349 {
3350 print FILE "header_replace Referer $proxysettings{'FAKE_REFERER'}\n";
3351 }
3352 print FILE "\n";
3353 }
3354 }
3355
3356 if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
3357 if (!-z $acl_src_unrestricted_ip) { print FILE "http_reply_access allow IPCop_unrestricted_ips\n"; }
3358 if (!-z $acl_src_unrestricted_mac) { print FILE "http_reply_access allow IPCop_unrestricted_mac\n"; }
3359 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3360 {
3361 if (!-z $extgrp) { print FILE "http_reply_access allow for_extended_users\n"; }
3362 }
3363 print FILE "http_reply_access deny blocked_mimetypes\n";
3364 print FILE "http_reply_access allow all\n\n";
3365 }
3366
3367 print FILE <<END
3368 maximum_object_size $proxysettings{'MAX_SIZE'} KB
3369 minimum_object_size $proxysettings{'MIN_SIZE'} KB
3370
3371 request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
3372 END
3373 ;
3374 $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
3375 if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
3376 if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
3377 if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
3378 if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
3379 {
3380 if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
3381 }
3382 }
3383 print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
3384
3385 print FILE "visible_hostname";
3386 if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
3387 {
3388 print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
3389 } else {
3390 print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
3391 }
3392
3393 if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
3394
3395 # Write the parent proxy info, if needed.
3396 if ($remotehost ne '')
3397 {
3398 # Enter authentication for the parent cache (format is login=user:password)
3399 if ($proxy1 eq 'YES') {
3400 print FILE <<END
3401 cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query
3402
3403 END
3404 ;
3405 } else {
3406 # Not using authentication with the parent cache
3407 print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
3408 if ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
3409 print FILE "\n";
3410 }
3411 print FILE "never_direct allow all\n\n";
3412 }
3413 if ($urlfilter_addon) {
3414 if ($proxysettings{'ENABLE_FILTER'} eq 'on')
3415 {
3416 print FILE <<END
3417 redirect_program /usr/sbin/squidGuard
3418 redirect_children $filtersettings{'CHILDREN'}
3419
3420 END
3421 ;
3422 }
3423 }
3424 if ($updacclrtr_addon) {
3425 if ($proxysettings{'ENABLE_UPDACCEL'} eq 'on')
3426 {
3427 print FILE <<END
3428 redirect_program /usr/local/bin/updacclrtr
3429 redirect_children $updaccsettings{'ACCELERATORS'}
3430
3431 END
3432 ;
3433 }
3434 }
3435 if (($proxysettings{'TRANSPARENT'} eq 'on') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))
3436 {
3437 print FILE <<END
3438 httpd_accel_host virtual
3439 httpd_accel_port 80
3440 httpd_accel_with_proxy on
3441 httpd_accel_uses_host_header on
3442 END
3443 ;
3444 }
3445 close FILE;
3446 }
3447
3448 # -------------------------------------------------------------------
3449
3450 sub adduser
3451 {
3452 my ($str_user, $str_pass, $str_group) = @_;
3453 my @groupmembers=();
3454
3455 if ($str_pass eq 'lEaVeAlOnE')
3456 {
3457 open(FILE, "$userdb");
3458 @groupmembers = <FILE>;
3459 close(FILE);
3460 foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
3461 &deluser($str_user);
3462 open(FILE, ">>$userdb");
3463 flock FILE,2;
3464 print FILE "$str_user$str_pass";
3465 close(FILE);
3466 } else {
3467 &deluser($str_user);
3468 system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
3469 }
3470
3471 if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
3472 } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
3473 } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
3474 flock FILE, 2;
3475 print FILE "$str_user\n";
3476 close(FILE);
3477
3478 return;
3479 }
3480
3481 # -------------------------------------------------------------------
3482
3483 sub deluser
3484 {
3485 my ($str_user) = @_;
3486 my $groupfile='';
3487 my @groupmembers=();
3488 my @templist=();
3489
3490 foreach $groupfile ($stdgrp, $extgrp, $disgrp)
3491 {
3492 undef @templist;
3493 open(FILE, "$groupfile");
3494 @groupmembers = <FILE>;
3495 close(FILE);
3496 foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
3497 open(FILE, ">$groupfile");
3498 flock FILE, 2;
3499 print FILE @templist;
3500 close(FILE);
3501 }
3502
3503 undef @templist;
3504 open(FILE, "$userdb");
3505 @groupmembers = <FILE>;
3506 close(FILE);
3507 foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
3508 open(FILE, ">$userdb");
3509 flock FILE, 2;
3510 print FILE @templist;
3511 close(FILE);
3512
3513 return;
3514 }
3515
3516 # -------------------------------------------------------------------
Peter's tree of IPFire 2.x