X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=9476b743243dc1a2ec0c6b87ee622191bf23f4df;hp=76d52b425157e0788a4fa4398af4aea30a3a6805;hb=603248db53e41290600a25a140e7f033bbe09abd;hpb=15f78770b1d4ee730dca39166590393e3b24a666 diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 76d52b4251..9476b74324 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -172,6 +172,8 @@ unless (-e $acl_include) { system("touch $acl_include"); } unless (-e $browserdb) { system("touch $browserdb"); } unless (-e $mimetypes) { system("touch $mimetypes"); } +my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth"); + open FILE, $browserdb; @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,; close(FILE); @@ -180,8 +182,8 @@ close(FILE); &General::readhash("${General::swroot}/main/settings", \%mainsettings); my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}"); -my $blue_cidr = "# Blue not defined"; -if ($netsettings{'BLUE_DEV'}) { +my $blue_cidr = ""; +if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) { $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}"); } @@ -195,6 +197,7 @@ $proxysettings{'ENABLE_BLUE'} = 'off'; $proxysettings{'TRANSPARENT'} = 'off'; $proxysettings{'TRANSPARENT_BLUE'} = 'off'; $proxysettings{'PROXY_PORT'} = '800'; +$proxysettings{'TRANSPARENT_PORT'} = '3128'; $proxysettings{'VISIBLE_HOSTNAME'} = ''; $proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; $proxysettings{'ADMIN_PASSWORD'} = ''; @@ -212,7 +215,7 @@ $proxysettings{'LOGGING'} = 'off'; $proxysettings{'CACHEMGR'} = 'off'; $proxysettings{'LOGQUERY'} = 'off'; $proxysettings{'LOGUSERAGENT'} = 'off'; -$proxysettings{'FILEDESCRIPTORS'} = '4096'; +$proxysettings{'FILEDESCRIPTORS'} = '16384'; $proxysettings{'CACHE_MEM'} = '2'; $proxysettings{'CACHE_SIZE'} = '50'; $proxysettings{'MAX_SIZE'} = '4096'; @@ -359,6 +362,15 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; goto ERROR; } + if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'}))) + { + $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; + goto ERROR; + } + if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) { + $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'}; + goto ERROR; + } if (!($proxysettings{'UPSTREAM_PROXY'} eq '')) { my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'}); @@ -381,7 +393,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} } } if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) || - ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 65536)) + ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 1048576)) { $errormessage = $Lang::tr{'proxy errmsg filedescriptors'}; goto ERROR; @@ -850,6 +862,7 @@ $checked{'AUTH_METHOD'}{'ncsa'} = ''; $checked{'AUTH_METHOD'}{'ident'} = ''; $checked{'AUTH_METHOD'}{'ldap'} = ''; $checked{'AUTH_METHOD'}{'ntlm'} = ''; +$checked{'AUTH_METHOD'}{'ntlm-auth'} = ''; $checked{'AUTH_METHOD'}{'radius'} = ''; $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'"; @@ -956,8 +969,8 @@ print < $Lang::tr{'advproxy transparent on'} Green: - $Lang::tr{'advproxy visible hostname'}: * - + $Lang::tr{'advproxy proxy port transparent'}: + END @@ -969,7 +982,8 @@ if ($netsettings{'BLUE_DEV'}) { print " "; } print <  + $Lang::tr{'advproxy visible hostname'}: * + END @@ -1195,7 +1209,7 @@ print <$Lang::tr{'advproxy destination ports'} - + $Lang::tr{'advproxy standard ports'}: @@ -1667,26 +1681,41 @@ print <$Lang::tr{'advproxy fake referer'}: * - - + +
END ; -print < - $Lang::tr{'advproxy AUTH method'} + $Lang::tr{'advproxy AUTH method'} - $Lang::tr{'advproxy AUTH method none'} - $Lang::tr{'advproxy AUTH method ncsa'} - $Lang::tr{'advproxy AUTH method ident'} - $Lang::tr{'advproxy AUTH method ldap'} - $Lang::tr{'advproxy AUTH method ntlm'} - $Lang::tr{'advproxy AUTH method radius'} + $Lang::tr{'advproxy AUTH method none'} + $Lang::tr{'advproxy AUTH method ncsa'} + $Lang::tr{'advproxy AUTH method ident'} + $Lang::tr{'advproxy AUTH method ldap'} + $Lang::tr{'advproxy AUTH method ntlm'} +END + +if ($HAVE_NTLM_AUTH) { + print <$Lang::tr{'advproxy AUTH method ntlm auth'} +END +} + +print <$Lang::tr{'advproxy AUTH method radius'} END @@ -2225,7 +2254,7 @@ print < $Lang::tr{'advproxy NCSA group'}: @@ -2961,11 +2990,23 @@ sub writepacfile print FILE < 0) @@ -3104,7 +3161,6 @@ END print FILE <; close PORTS; @@ -3456,8 +3513,7 @@ END # Check if squidclamav is enabled. if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') { print FILE "\n#Settings for squidclamav:\n"; - print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n"; - print FILE "acl to_localhost dst 127.0.0.0/8\n"; + print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n"; print FILE "acl purge method PURGE\n"; print FILE "http_access deny to_localhost\n"; print FILE "http_access allow localhost\n";