my %checked=();
my %selected=();
-my @throttle_limits=(64,128,256,384,512,768,1024,1280,1536,1792,2048,2560,3072,3584,4096,5120,6144,7168,8192,10240,12288,16384,20480);
-my $throttle_binary="7z|arj|bin|bz2|cab|exe|gz|lzh|rar|sea|tar|tgz|xz|zip";
-my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi|vmdk";
-my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|ogg|qt|ra?m|ts|vob";
+my @throttle_limits=(64,128,256,512,1024,1536,2048,3072,4096,5120,6144,7168,8192,10240,16384,20480,51200,102400);
my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
my $def_ports_ssl="443 # https\n563 # snews\n";
-my @useragent=();
-my @useragentlist=();
-
my $hintcolour='#FFFFCC';
my $ncsa_buttontext='';
my $language='';
my $extgrp = "$ncsadir/extended.grp";
my $disgrp = "$ncsadir/disabled.grp";
-my $browserdb = "${General::swroot}/proxy/advanced/useragents";
my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
my $identhosts = "$identdir/hosts";
-my $authdir = "/usr/lib/squid/";
+my $authdir = "/usr/lib/squid";
my $errordir = "/usr/lib/squid/errors";
my $acl_src_subnets = "$acldir/src_subnets.acl";
unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); }
unless (-e $acl_include) { system("touch $acl_include"); }
-unless (-e $browserdb) { system("touch $browserdb"); }
unless (-e $mimetypes) { system("touch $mimetypes"); }
my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
-open FILE, $browserdb;
-@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
-close(FILE);
-
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
$proxysettings{'VISIBLE_HOSTNAME'} = '';
$proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
$proxysettings{'ADMIN_PASSWORD'} = '';
-$proxysettings{'ERR_LANGUAGE'} = 'German';
+$proxysettings{'ERR_LANGUAGE'} = 'en';
$proxysettings{'ERR_DESIGN'} = 'ipfire';
$proxysettings{'SUPPRESS_VERSION'} = 'off';
$proxysettings{'FORWARD_VIA'} = 'off';
$proxysettings{'LOGQUERY'} = 'off';
$proxysettings{'LOGUSERAGENT'} = 'off';
$proxysettings{'FILEDESCRIPTORS'} = '16384';
-$proxysettings{'CACHE_MEM'} = '2';
-$proxysettings{'CACHE_SIZE'} = '50';
+$proxysettings{'CACHE_MEM'} = '128';
+$proxysettings{'CACHE_SIZE'} = '0';
$proxysettings{'MAX_SIZE'} = '4096';
$proxysettings{'MIN_SIZE'} = '0';
$proxysettings{'MEM_POLICY'} = 'LRU';
$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';
$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';
$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';
-$proxysettings{'THROTTLE_BINARY'} = 'off';
-$proxysettings{'THROTTLE_DSKIMG'} = 'off';
-$proxysettings{'THROTTLE_MMEDIA'} = 'off';
$proxysettings{'ENABLE_MIME_FILTER'} = 'off';
-$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
$proxysettings{'FAKE_USERAGENT'} = '';
$proxysettings{'FAKE_REFERER'} = '';
$proxysettings{'AUTH_METHOD'} = 'none';
$proxysettings{'AUTH_REALM'} = '';
$proxysettings{'AUTH_MAX_USERIP'} = '';
$proxysettings{'AUTH_CACHE_TTL'} = '60';
-$proxysettings{'AUTH_IPCACHE_TTL'} = '0';
$proxysettings{'AUTH_CHILDREN'} = '5';
$proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
$proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
$errormessage = $Lang::tr{'invalid maximum incoming size'};
goto ERROR;
}
- if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
- {
- $browser_regexp = '';
- foreach (@useragentlist)
- {
- chomp;
- @useragent = split(/,/);
- if ($proxysettings{'UA_'.$useragent[0]} eq 'on') { $browser_regexp .= "$useragent[2]|"; }
- }
- chop($browser_regexp);
- if (!$browser_regexp)
- {
- $errormessage = $Lang::tr{'advproxy errmsg no browser'};
- goto ERROR;
- }
- }
if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
{
unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
}
}
}
- if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
- ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
- {
- $errormessage = $Lang::tr{'advproxy errmsg max userip'};
- goto ERROR;
- }
if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
{
$errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
goto ERROR;
}
- if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
+ if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
+ ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
{
- $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
+ $errormessage = $Lang::tr{'advproxy errmsg max userip'};
goto ERROR;
}
- if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
+ if (!($proxysettings{'AUTH_MAX_USERIP'} eq ''))
{
$errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
goto ERROR;
$selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'";
$selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'";
-$checked{'THROTTLE_BINARY'}{'off'} = '';
-$checked{'THROTTLE_BINARY'}{'on'} = '';
-$checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'";
-$checked{'THROTTLE_DSKIMG'}{'off'} = '';
-$checked{'THROTTLE_DSKIMG'}{'on'} = '';
-$checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'";
-$checked{'THROTTLE_MMEDIA'}{'off'} = '';
-$checked{'THROTTLE_MMEDIA'}{'on'} = '';
-$checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'";
-
$checked{'ENABLE_MIME_FILTER'}{'off'} = '';
$checked{'ENABLE_MIME_FILTER'}{'on'} = '';
$checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
-$checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
-$checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
-$checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
-
-foreach (@useragentlist) {
- @useragent = split(/,/);
- $checked{'UA_'.$useragent[0]}{'off'} = '';
- $checked{'UA_'.$useragent[0]}{'on'} = '';
- $checked{'UA_'.$useragent[0]}{$proxysettings{'UA_'.$useragent[0]}} = "checked='checked'";
-}
-
$checked{'AUTH_METHOD'}{'none'} = '';
$checked{'AUTH_METHOD'}{'ncsa'} = '';
$checked{'AUTH_METHOD'}{'ident'} = '';
;
foreach (@throttle_limits) {
- print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kbit/s</option>\n";
+ my $val = $_;
+ my $unit = "kbit/s";
+
+ if ($val >= 1024) {
+ $unit = "Mbit/s";
+ $val /= 1024;
+ }
+
+ print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$val $unit</option>\n";
}
print <<END
print <<END
</table>
-<table width='100%'>
-<tr>
- <td colspan='4'><i>$Lang::tr{'advproxy content based throttling'}:</i></td>
-</tr>
-<tr>
- <td width='15%' class='base'>$Lang::tr{'advproxy throttle binary'}:</td>
- <td width='10%'><input type='checkbox' name='THROTTLE_BINARY' $checked{'THROTTLE_BINARY'}{'on'} /></td>
- <td width='15%' class='base'>$Lang::tr{'advproxy throttle dskimg'}:</td>
- <td width='10%'><input type='checkbox' name='THROTTLE_DSKIMG' $checked{'THROTTLE_DSKIMG'}{'on'} /></td>
- <td width='15%' class='base'>$Lang::tr{'advproxy throttle mmedia'}:</td>
- <td width='10%'><input type='checkbox' name='THROTTLE_MMEDIA' $checked{'THROTTLE_MMEDIA'}{'on'} /></td>
- <td width='15%'> </td>
- <td width='10%'> </td>
-</tr>
-</table>
<hr size='1'>
<table width='100%'>
<tr>
</table>
<hr size='1'>
-<table width='100%'>
-<tr>
- <td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b> $Lang::tr{'advproxy UA enable filter'}:<input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
-</tr>
-END
-;
-if ( $proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on' ){
-print <<END
-<tr>
- <td colspan='4'><i>
-END
-;
-if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
-print <<END
-</i></td>
-</tr>
-</table>
-<table width='100%'>
-END
-;
-for ($n=0; $n<=@useragentlist; $n = $n + $i) {
- for ($i=0; $i<=3; $i++) {
- if ($i eq 0) { print "<tr>\n"; }
- if (($n+$i) < @useragentlist) {
- @useragent = split(/,/,@useragentlist[$n+$i]);
- print "<td width='15%'>$useragent[1]:<\/td>\n";
- print "<td width='10%'><input type='checkbox' name='UA_$useragent[0]' $checked{'UA_'.$useragent[0]}{'on'} /></td>\n";
- }
- if ($i eq 3) { print "<\/tr>\n"; }
- }
-}
-}
-print <<END
-</table>
-<hr size='1'>
<table width='100%'>
<tr>
<td><b>$Lang::tr{'advproxy privacy'}</b></td>
<td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
<td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
</tr>
-<tr>
- <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
- <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
-</tr>
<tr>
<td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
<td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
-<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
<td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
<td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
-<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
END
; }
if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; }
close(FILE);
- open(FILE, ">$acl_dst_throttle");
- flock(FILE, 2);
- if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
- {
- @temp = split(/\|/,$throttle_binary);
- foreach (@temp) { print FILE "\\.$_\$\n"; }
- }
- if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
- {
- @temp = split(/\|/,$throttle_dskimg);
- foreach (@temp) { print FILE "\\.$_\$\n"; }
- }
- if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
- {
- @temp = split(/\|/,$throttle_mmedia);
- foreach (@temp) { print FILE "\\.$_\$\n"; }
- }
if (-s $throttled_urls)
{
open(URLFILE, $throttled_urls);
}
print FILE "\n";
+ # If we use authentication, users must always authenticate
+ unless ($proxysettings{"AUTH_METHOD"} eq "") {
+ print FILE "authenticate_ip_ttl 0\n\n";
+ }
+
if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
{
if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
print FILE "auth_param basic realm $authrealm\n";
print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
- if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
}
if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
print FILE "auth_param basic realm $authrealm\n";
print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
- if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
}
if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
print FILE "\n";
print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
+ print FILE "auth_param ntlm credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
# BASIC authentication
if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
print FILE " --require-membership-of=$ntlm_auth_group";
}
print FILE "\n";
- print FILE "auth_param basic children 10\n";
- print FILE "auth_param basic realm IPFire Web Proxy Server\n";
- print FILE "auth_param basic credentialsttl 2 hours\n\n";
+ print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
+ print FILE "auth_param basic realm $authrealm\n";
+ print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n";
}
}
print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
print FILE "auth_param basic realm $authrealm\n";
print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
- if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
}
print FILE "\n";
if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
- if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
-
print FILE "acl within_timeframe time ";
if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
print FILE " !within_timeframe";
} else {
print FILE " within_timeframe"; }
- if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
print FILE " to_ipaddr_without_auth\n";
}
if (!-z $acl_dst_noauth_dom)
print FILE " !within_timeframe";
} else {
print FILE " within_timeframe"; }
- if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
print FILE " to_domains_without_auth\n";
}
if (!-z $acl_dst_noauth_url)
print FILE " !within_timeframe";
} else {
print FILE " within_timeframe"; }
- if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
print FILE " to_hosts_without_auth\n";
}
}
print FILE " !within_timeframe";
} else {
print FILE " within_timeframe"; }
- if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
print FILE " !on_ident_aware_hosts\n";
}
print FILE " !within_timeframe";
} else {
print FILE " within_timeframe"; }
- if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
print FILE "\n";
print FILE "http_access deny all\n\n";
projects / people / pmueller / ipfire-2.x.git / blobdiff