X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=a387d3e75f8b7042dc4c6bd195608995b7802557;hp=d7827c486958f1e191c633d9affd61a4c5550b50;hb=20c2b559121a4cc220f68b0ef8846adbe739cb00;hpb=9fb25b1c17181bf7d73ac5daa9585d8fd8974604
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index d7827c4869..a387d3e75f 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -1,17 +1,36 @@
#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see . #
+# #
+###############################################################################
#
-# (c) 2004-2007 marco.s - http://www.advproxy.net
+# (c) 2004-2009 marco.s - http://www.advproxy.net
#
# This code is distributed under the terms of the GPL
#
-# $Id: advproxy.cgi,v 2.1.0 2007/03/06 00:00:00 marco.s Exp $
+# $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $
#
use strict;
# enable only the following on debugging purpose
-use warnings;
-use CGI::Carp 'fatalsToBrowser';
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
@@ -21,6 +40,11 @@ my @squidversion = `/usr/sbin/squid -v`;
my $http_port='81';
my $https_port='444';
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
my %proxysettings=();
my %netsettings=();
my %filtersettings=();
@@ -85,7 +109,7 @@ my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors";
my $identhosts = "$identdir/hosts";
-my $authdir = "/usr/lib/squid/auth";
+my $authdir = "/usr/lib/squid/";
my $errordir = "/usr/lib/squid/errors";
my $acl_src_subnets = "$acldir/src_subnets.acl";
@@ -95,8 +119,14 @@ my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl";
my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl";
my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl";
my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl";
-my $acl_dst_nocache = "$acldir/dst_nocache.acl";
my $acl_dst_noauth = "$acldir/dst_noauth.acl";
+my $acl_dst_noauth_dom = "$acldir/dst_noauth_dom.acl";
+my $acl_dst_noauth_net = "$acldir/dst_noauth_net.acl";
+my $acl_dst_noauth_url = "$acldir/dst_noauth_url.acl";
+my $acl_dst_nocache = "$acldir/dst_nocache.acl";
+my $acl_dst_nocache_dom = "$acldir/dst_nocache_dom.acl";
+my $acl_dst_nocache_net = "$acldir/dst_nocache_net.acl";
+my $acl_dst_nocache_url = "$acldir/dst_nocache_url.acl";
my $acl_dst_throttle = "$acldir/dst_throttle.acl";
my $acl_ports_safe = "$acldir/ports_safe.acl";
my $acl_ports_ssl = "$acldir/ports_ssl.acl";
@@ -127,8 +157,14 @@ unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip")
unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); }
unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); }
unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); }
-unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
-unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
+unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); }
+unless (-e $acl_dst_noauth_dom) { system("touch $acl_dst_noauth_dom"); }
+unless (-e $acl_dst_noauth_net) { system("touch $acl_dst_noauth_net"); }
+unless (-e $acl_dst_noauth_url) { system("touch $acl_dst_noauth_url"); }
+unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); }
+unless (-e $acl_dst_nocache_dom) { system("touch $acl_dst_nocache_dom"); }
+unless (-e $acl_dst_nocache_net) { system("touch $acl_dst_nocache_net"); }
+unless (-e $acl_dst_nocache_url) { system("touch $acl_dst_nocache_url"); }
unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); }
unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); }
@@ -144,14 +180,10 @@ close(FILE);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-$filtersettings{'CHILDREN'} = '5';
-if (-e "${General::swroot}/urlfilter/settings") {
- &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings);
-}
-
-$xlratorsettings{'CHILDREN'} = '5';
-if (-e "${General::swroot}/updatexlrator/settings") {
- &General::readhash("${General::swroot}/updatexlrator/settings", \%xlratorsettings);
+my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
+my $blue_cidr = "# Blue not defined";
+if ($netsettings{'BLUE_DEV'}) {
+ $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
}
&Header::showhttpheaders();
@@ -166,8 +198,9 @@ $proxysettings{'TRANSPARENT_BLUE'} = 'off';
$proxysettings{'PROXY_PORT'} = '800';
$proxysettings{'VISIBLE_HOSTNAME'} = '';
$proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
-$proxysettings{'ERR_LANGUAGE'} = 'English';
-$proxysettings{'ERR_DESIGN'} = 'IPCop';
+$proxysettings{'ADMIN_PASSWORD'} = '';
+$proxysettings{'ERR_LANGUAGE'} = 'German';
+$proxysettings{'ERR_DESIGN'} = 'ipfire';
$proxysettings{'SUPPRESS_VERSION'} = 'off';
$proxysettings{'FORWARD_VIA'} = 'off';
$proxysettings{'FORWARD_IPADDRESS'} = 'off';
@@ -177,8 +210,10 @@ $proxysettings{'UPSTREAM_PROXY'} = '';
$proxysettings{'UPSTREAM_USER'} = '';
$proxysettings{'UPSTREAM_PASSWORD'} = '';
$proxysettings{'LOGGING'} = 'off';
+$proxysettings{'CACHEMGR'} = 'off';
$proxysettings{'LOGQUERY'} = 'off';
$proxysettings{'LOGUSERAGENT'} = 'off';
+$proxysettings{'FILEDESCRIPTORS'} = '4096';
$proxysettings{'CACHE_MEM'} = '2';
$proxysettings{'CACHE_SIZE'} = '50';
$proxysettings{'MAX_SIZE'} = '4096';
@@ -245,6 +280,8 @@ $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
$proxysettings{'IDENT_USER_ACL'} = 'positive';
$proxysettings{'ENABLE_FILTER'} = 'off';
$proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
+$proxysettings{'ENABLE_CLAMAV'} = 'off';
+$proxysettings{'CHILDREN'} = '10';
$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
@@ -303,15 +340,15 @@ if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'})
$proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'};
}
-if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}))
-{
- if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
- $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
- $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
+if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}))
+{
+ if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ ||
+ $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ ||
+ $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ ||
$proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {
$errormessage = $Lang::tr{'invalid input'};
goto ERROR;
- }
+ }
if (!(&General::validport($proxysettings{'PROXY_PORT'})))
{
$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
@@ -320,7 +357,16 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
($proxysettings{'CACHE_SIZE'} < 10))
{
- $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
+ if (!($proxysettings{'CACHE_SIZE'} eq '0'))
+ {
+ $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'};
+ goto ERROR;
+ }
+ }
+ if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
+ ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 16384))
+ {
+ $errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
goto ERROR;
}
if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) ||
@@ -328,7 +374,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
{
$errormessage = $Lang::tr{'advproxy errmsg mem cache size'};
goto ERROR;
- }
+ }
my @free = `/usr/bin/free`;
$free[1] =~ m/(\d+)/;
$cachemem = int $1 / 2048;
@@ -359,6 +405,11 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
{
$errormessage = $Lang::tr{'invalid maximum incoming size'};
goto ERROR;
+ }
+ if (!($proxysettings{'CHILDREN'} =~ /^\d+$/) || ($proxysettings{'CHILDREN'} < 1))
+ {
+ $errormessage = $Lang::tr{'advproxy invalid num of children'};
+ goto ERROR;
}
if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
{
@@ -367,7 +418,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
{
chomp;
@useragent = split(/,/);
- if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; }
+ if ($proxysettings{'UA_'.$useragent[0]} eq 'on') { $browser_regexp .= "$useragent[2]|"; }
}
chop($browser_regexp);
if (!$browser_regexp)
@@ -398,8 +449,8 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
}
}
}
- if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
- ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
+ if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
+ ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
{
$errormessage = $Lang::tr{'advproxy errmsg max userip'};
goto ERROR;
@@ -489,6 +540,10 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
$errormessage = $Lang::tr{'advproxy errmsg invalid bdc'};
goto ERROR;
}
+
+ $proxysettings{'NTLM_DOMAIN'} = lc($proxysettings{'NTLM_DOMAIN'});
+ $proxysettings{'NTLM_PDC'} = lc($proxysettings{'NTLM_PDC'});
+ $proxysettings{'NTLM_BDC'} = lc($proxysettings{'NTLM_BDC'});
}
if ($proxysettings{'AUTH_METHOD'} eq 'radius')
{
@@ -574,34 +629,44 @@ ERROR:
if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); }
$stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
+ $stdproxysettings{'UPSTREAM_PROXY'} = $proxysettings{'UPSTREAM_PROXY'};
+ $stdproxysettings{'UPSTREAM_USER'} = $proxysettings{'UPSTREAM_USER'};
+ $stdproxysettings{'UPSTREAM_PASSWORD'} = $proxysettings{'UPSTREAM_PASSWORD'};
$stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
$stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
+ $stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
&General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
&writeconfig;
&writepacfile;
+ if ($proxysettings{'CACHEMGR'} eq 'on'){&writecachemgr;}
+
+ system ('/usr/local/bin/squidctrl', 'disable');
unlink "${General::swroot}/proxy/enable";
unlink "${General::swroot}/proxy/transparent";
unlink "${General::swroot}/proxy/enable_blue";
unlink "${General::swroot}/proxy/transparent_blue";
if ($proxysettings{'ENABLE'} eq 'on') {
- system ('/usr/bin/touch', "${General::swroot}/proxy/enable"); }
- if ($proxysettings{'TRANSPARENT'} eq 'on') {
+ system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
+ system ('/usr/local/bin/squidctrl', 'enable'); }
+ if ($proxysettings{'TRANSPARENT'} eq 'on' && $proxysettings{'ENABLE'} eq 'on') {
system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
- system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue"); }
- if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
+ system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
+ system ('/usr/local/bin/squidctrl', 'enable'); }
+ if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on' && $proxysettings{'ENABLE_BLUE'} eq 'on') {
system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
- if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
- }
+ if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
+ if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
+ }
}
if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
{
- system('/usr/local/bin/restartsquid','-f');
+ system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
}
if (!$errormessage)
@@ -657,6 +722,9 @@ $checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'";
$checked{'LOGGING'}{'off'} = '';
$checked{'LOGGING'}{'on'} = '';
$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";
+$checked{'CACHEMGR'}{'off'} = '';
+$checked{'CACHEMGR'}{'on'} = '';
+$checked{'CACHEMGR'}{$proxysettings{'CACHEMGR'}} = "checked='checked'";
$checked{'LOGQUERY'}{'off'} = '';
$checked{'LOGQUERY'}{'on'} = '';
$checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'";
@@ -739,9 +807,9 @@ $checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "chec
foreach (@useragentlist) {
@useragent = split(/,/);
- $checked{'UA_'.@useragent[0]}{'off'} = '';
- $checked{'UA_'.@useragent[0]}{'on'} = '';
- $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'";
+ $checked{'UA_'.$useragent[0]}{'off'} = '';
+ $checked{'UA_'.$useragent[0]}{'on'} = '';
+ $checked{'UA_'.$useragent[0]}{$proxysettings{'UA_'.$useragent[0]}} = "checked='checked'";
}
$checked{'AUTH_METHOD'}{'none'} = '';
@@ -808,6 +876,10 @@ $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
$checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
$checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
+$checked{'ENABLE_CLAMAV'}{'off'} = '';
+$checked{'ENABLE_CLAMAV'}{'on'} = '';
+$checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
+
&Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -864,8 +936,7 @@ if ($netsettings{'BLUE_DEV'}) {
print "
| ";
}
print <$Lang::tr{'advproxy admin mail'}:
- |
+ |
END
@@ -897,7 +968,7 @@ print <
$Lang::tr{'advproxy error design'}: |
|
@@ -910,6 +981,37 @@ print <
+$Lang::tr{'advproxy redirector children'} |
+$Lang::tr{'processes'} |
+END
+;
+my $count = `arp -a | wc -l`;
+if ( $count < 1 ){$count = 1;}
+if ( -e "/usr/bin/squidclamav" ) {
+ print "".$Lang::tr{'advproxy squidclamav'}." ";
+ if ( ! -e "/var/run/clamav/clamd.pid" ){
+ print "clamav not running
";
+ $proxysettings{'ENABLE_CLAMAV'} = 'off';
+ }
+ else {
+ print $Lang::tr{'advproxy enabled'}." ";
+ print "+ ".int(( $count**(1/3)) * 8);}
+ print " | ";
+} else {
+ print " | ";
+}
+print "".$Lang::tr{'advproxy url filter'}." ";
+print $Lang::tr{'advproxy enabled'}." ";
+print "+ ".int(($count**(1/3)) * 6);
+print " | ";
+print "".$Lang::tr{'advproxy update accelerator'}." ";
+print $Lang::tr{'advproxy enabled'}." ";
+print "+ ".int(($count**(1/3)) * 5);
+print " |
";
+print <
+
+
$Lang::tr{'advproxy upstream proxy'} |
@@ -961,6 +1063,18 @@ print <
$Lang::tr{'advproxy cache management'} |
+
+ $Lang::tr{'proxy cachemgr'}: |
+ |
+ $Lang::tr{'advproxy admin mail'}: |
+ |
+
+
+ $Lang::tr{'proxy filedescriptors'}: |
+ |
+ $Lang::tr{'proxy admin password'}: |
+ |
+
| | | |
@@ -1044,7 +1158,7 @@ print <$Lang::tr{'advproxy destination ports'}
- | | | |
+ | | | |
$Lang::tr{'advproxy standard ports'}: |
@@ -1079,16 +1193,16 @@ print <$Lang::tr{'advproxy allowed subnets'}:
- |
- |
-
+
END
;
@@ -1168,7 +1282,7 @@ END
print < |
-
+
END
;
@@ -1191,21 +1305,29 @@ if (-e $cre_enabled) { print <
- $Lang::tr{'advproxy classroom extensions'} |
+ $Lang::tr{'advproxy classroom extensions'} $Lang::tr{'advproxy enabled'}: |
| | | |
- $Lang::tr{'advproxy enabled'}: |
- |
+
+END
+;
+if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
+print <$Lang::tr{'advproxy supervisor password'}:
|
$Lang::tr{'advproxy cre group definitions'}: |
$Lang::tr{'advproxy cre supervisors'}: |
-
+END
+;
+}
+print " | | |
";
+if ($proxysettings{'CLASSROOM_EXT'} eq 'on'){
+print <
END
@@ -1223,12 +1345,11 @@ END
print < |
-
-
-
-
END
;
+}
+print "
";
+
} else {
print <
@@ -1240,7 +1361,7 @@ END
# -------------------------------------------------------------------
-print <
@@ -1429,17 +1550,17 @@ print <
|
|
-
+
-
-
-
-
-
$Lang::tr{'advproxy AUTH method'} |
@@ -1697,9 +1791,9 @@ print <
|
|
+ |
|
|
|
@@ -2163,7 +2258,7 @@ if (-e $disgrp)
# If the password file contains entries, print entries and action icons
-if (! -z "$userdb") {
+if ( ! -z "$userdb" ) {
print <
$Lang::tr{'advproxy NCSA username'} |
@@ -2181,9 +2276,9 @@ END
if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
print "\n"; }
elsif ($id % 2) {
- print "
\n"; }
+ print "
\n"; }
else {
- print "
\n"; }
+ print "
\n"; }
print <$temp[0]
@@ -2416,10 +2511,11 @@ sub check_acls
undef $proxysettings{'DST_NOCACHE'};
foreach (@temp)
{
- s/^\s+//g; s/\s+$//g;
+ s/^\s+//g;
+ unless (/^#/) { s/\s+//g; }
if ($_)
{
- unless (/^\./) { $_ = '.'.$_; }
+ if (/^\./) { $_ = '*'.$_; }
$proxysettings{'DST_NOCACHE'} .= $_."\n";
}
}
@@ -2488,10 +2584,11 @@ sub check_acls
undef $proxysettings{'DST_NOAUTH'};
foreach (@temp)
{
- s/^\s+//g; s/\s+$//g;
+ s/^\s+//g;
+ unless (/^#/) { s/\s+//g; }
if ($_)
{
- unless (/^\./) { $_ = '.'.$_; }
+ if (/^\./) { $_ = '*'.$_; }
$proxysettings{'DST_NOAUTH'} .= $_."\n";
}
}
@@ -2601,10 +2698,10 @@ sub write_acls
flock(FILE, 2);
if (!$proxysettings{'SRC_SUBNETS'})
{
- print FILE "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+ print FILE "$green_cidr\n";
if ($netsettings{'BLUE_DEV'})
{
- print FILE "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+ print FILE "$blue_cidr\n";
}
} else { print FILE $proxysettings{'SRC_SUBNETS'}; }
close(FILE);
@@ -2629,16 +2726,104 @@ sub write_acls
print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
close(FILE);
+ open(FILE, ">$acl_dst_noauth");
+ flock(FILE, 2);
+ print FILE $proxysettings{'DST_NOAUTH'};
+ close(FILE);
+
+ open(FILE, ">$acl_dst_noauth_net");
+ close(FILE);
+ open(FILE, ">$acl_dst_noauth_dom");
+ close(FILE);
+ open(FILE, ">$acl_dst_noauth_url");
+ close(FILE);
+
+ @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
+ foreach(@temp)
+ {
+ unless (/^#/)
+ {
+ if (/^\*\.\w/)
+ {
+ s/^\*//;
+ open(FILE, ">>$acl_dst_noauth_dom");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (&General::validipormask($_))
+ {
+ open(FILE, ">>$acl_dst_noauth_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
+ {
+ open(FILE, ">>$acl_dst_noauth_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ else
+ {
+ open(FILE, ">>$acl_dst_noauth_url");
+ flock(FILE, 2);
+ if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
+ close(FILE);
+ }
+ }
+ }
+
open(FILE, ">$acl_dst_nocache");
flock(FILE, 2);
print FILE $proxysettings{'DST_NOCACHE'};
close(FILE);
- open(FILE, ">$acl_dst_noauth");
- flock(FILE, 2);
- print FILE $proxysettings{'DST_NOAUTH'};
+ open(FILE, ">$acl_dst_nocache_net");
+ close(FILE);
+ open(FILE, ">$acl_dst_nocache_dom");
+ close(FILE);
+ open(FILE, ">$acl_dst_nocache_url");
close(FILE);
+ @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
+ foreach(@temp)
+ {
+ unless (/^#/)
+ {
+ if (/^\*\.\w/)
+ {
+ s/^\*//;
+ open(FILE, ">>$acl_dst_nocache_dom");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (&General::validipormask($_))
+ {
+ open(FILE, ">>$acl_dst_nocache_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
+ {
+ open(FILE, ">>$acl_dst_nocache_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ else
+ {
+ open(FILE, ">>$acl_dst_nocache_url");
+ flock(FILE, 2);
+ if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
+ close(FILE);
+ }
+ }
+ }
+
open(FILE, ">$acl_ports_safe");
flock(FILE, 2);
if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; }
@@ -2730,7 +2915,7 @@ sub write_acls
sub writepacfile
{
- open(FILE, ">/home/httpd/html/proxy.pac");
+ open(FILE, ">/srv/web/ipfire/html/proxy.pac");
flock(FILE, 2);
print FILE "function FindProxyForURL(url, host)\n";
print FILE "{\n";
@@ -2742,8 +2927,8 @@ if (
(dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
(isInNet(host, "10.0.0.0", "255.0.0.0")) ||
(isInNet(host, "172.16.0.0", "255.240.0.0")) ||
- (isInNet(host, "169.254.0.0", "255.255.0.0")) ||
- (isInNet(host, "192.168.0.0", "255.255.0.0"))
+ (isInNet(host, "192.168.0.0", "255.255.0.0")) ||
+ (isInNet(host, "169.254.0.0", "255.255.0.0"))
)
return "DIRECT";
@@ -2753,9 +2938,34 @@ END
;
if ($proxysettings{'ENABLE'} eq 'on')
{
+ print FILE "if (\n";
+ print FILE " (isInNet(myIpAddress(), \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\"))";
+
+ undef @templist;
+ if (-e "$acl_src_subnets") {
+ open(SUBNETS,"$acl_src_subnets");
+ @templist = ;
+ close(SUBNETS);
+ }
+
+ foreach (@templist)
+ {
+ @temp = split(/\//);
+ if (
+ ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
+ ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
+ )
+ {
+ chomp $temp[1];
+ print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
+ }
+ }
+
+ print FILE "\n";
+
print FILE < 0)
+ {
+ print FILE "\n";
-acl QUERY urlpath_regex cgi-bin \\?
-cache deny QUERY
-END
- ;
- if (!-z $acl_dst_nocache) {
- print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache\"\n";
- print FILE "cache deny no_cache_domains\n";
+ if (!-z $acl_dst_nocache_dom) {
+ print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
+ print FILE "cache deny no_cache_domains\n";
+ }
+ if (!-z $acl_dst_nocache_net) {
+ print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
+ print FILE "cache deny no_cache_ipaddr\n";
+ }
+ if (!-z $acl_dst_nocache_url) {
+ print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
+ print FILE "cache deny no_cache_hosts\n";
+ }
}
print FILE <) {
$_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
- $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
+ $_ =~ s/__GREEN_NET__/$green_cidr/;
$_ =~ s/__BLUE_IP__/$blue_ip/;
$_ =~ s/__BLUE_NET__/$blue_net/;
$_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
print FILE $_;
}
- print FILE "#End of custom includes\n";
+ print FILE "\n#End of custom includes\n";
close (ACL);
}
if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
@@ -3202,8 +3429,8 @@ END
http_access allow localhost
#GUI admin if local machine connects
-http_access allow IPCop_ips IPCop_networks IPCop_http
-http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
+http_access allow IPFire_ips IPFire_networks IPFire_http
+http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
#Deny not web services
http_access deny !Safe_ports
@@ -3283,14 +3510,14 @@ if ($delaypools) {
print FILE "\n";
}
- print FILE "delay_access 1 deny IPCop_ips\n";
- if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPCop_unrestricted_ips\n"; }
- if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPCop_unrestricted_mac\n"; }
+ print FILE "delay_access 1 deny IPFire_ips\n";
+ if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 1 deny IPFire_unrestricted_ips\n"; }
+ if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 1 deny IPFire_unrestricted_mac\n"; }
if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 1 deny for_extended_users\n"; }
if ($netsettings{'BLUE_DEV'})
{
- print FILE "delay_access 1 allow IPCop_green_network";
+ print FILE "delay_access 1 allow IPFire_green_network";
if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
print FILE "\n";
print FILE "delay_access 1 deny all\n";
@@ -3302,57 +3529,84 @@ if ($delaypools) {
if ($netsettings{'BLUE_DEV'})
{
- print FILE "delay_access 2 deny IPCop_ips\n";
- if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPCop_unrestricted_ips\n"; }
- if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPCop_unrestricted_mac\n"; }
+ print FILE "delay_access 2 deny IPFire_ips\n";
+ if (!-z $acl_src_unrestricted_ip) { print FILE "delay_access 2 deny IPFire_unrestricted_ips\n"; }
+ if (!-z $acl_src_unrestricted_mac) { print FILE "delay_access 2 deny IPFire_unrestricted_mac\n"; }
if (($proxysettings{'AUTH_METHOD'} eq 'ncsa') && (!-z $extgrp)) { print FILE "delay_access 2 deny for_extended_users\n"; }
- print FILE "delay_access 2 allow IPCop_blue_network";
+ print FILE "delay_access 2 allow IPFire_blue_network";
if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
print FILE "\n";
print FILE "delay_access 2 deny all\n";
}
- print FILE "delay_initial_bucket_level 100\n";
+ print FILE "delay_initial_bucket_level 100\n";
print FILE "\n";
}
if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
{
print FILE "#Prevent internal proxy access to Green\n";
- print FILE "http_access deny IPCop_green_servers !IPCop_green_network\n\n";
+ print FILE "http_access deny IPFire_green_servers !IPFire_green_network\n\n";
}
if ($proxysettings{'NO_PROXY_LOCAL_BLUE'} eq 'on')
{
print FILE "#Prevent internal proxy access from Blue\n";
- print FILE "http_access allow IPCop_blue_network IPCop_blue_servers\n";
- print FILE "http_access deny IPCop_blue_network IPCop_servers\n\n";
+ print FILE "http_access allow IPFire_blue_network IPFire_blue_servers\n";
+ print FILE "http_access deny IPFire_blue_network IPFire_servers\n\n";
}
print FILE < 0)
+ {
+ print FILE < 0) {
- if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; }
- if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; }
+ if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_ips\n"; }
+ if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_mac\n"; }
if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
{
- if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; }
+ if (!-z $extgrp) { print FILE "reply_body_max_size 0 deny for_extended_users\n"; }
}
}
- print FILE "reply_body_max_size $replybodymaxsize allow all\n\n";
+
+ if ( $replybodymaxsize != '0' )
+ {
+ print FILE "reply_body_max_size $replybodymaxsize deny all\n\n";
+ }
print FILE "visible_hostname";
if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
@@ -3633,7 +3902,11 @@ END
print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
}
- if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; }
+ if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
+ if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
+ print FILE "\n";
+
+ print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
# Write the parent proxy info, if needed.
if ($remotehost ne '')
@@ -3651,38 +3924,13 @@ END
}
elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
- print FILE "\nnever_direct allow all\n\n";
+ print FILE "\nalways_direct allow IPFire_ips\n";
+ print FILE "never_direct allow all\n\n";
}
- if (($proxysettings{'ENABLE_FILTER'} eq 'on') && ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on'))
+ if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
{
print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
- if ($filtersettings{'CHILDREN'} > $xlratorsettings{'CHILDREN'})
- {
- print FILE "url_rewrite_children $filtersettings{'CHILDREN'}\n\n";
- } else {
- print FILE "url_rewrite_children $xlratorsettings{'CHILDREN'}\n\n";
- }
- } else
- {
-
- if ($proxysettings{'ENABLE_FILTER'} eq 'on')
- {
- print FILE <>$stdgrp");
@@ -3756,3 +4004,15 @@ sub deluser
}
# -------------------------------------------------------------------
+
+sub writecachemgr
+{
+ open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
+ flock(FILE, 2);
+ print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
+ print FILE "localhost";
+ close(FILE);
+ return;
+}
+
+# -------------------------------------------------------------------