]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/usr/bin/perl\r |
2 | #\r | |
3 | # SmoothWall CGIs\r | |
4 | #\r | |
5 | # This code is distributed under the terms of the GPL\r | |
6 | #\r | |
7 | # (c) The SmoothWall Team\r | |
8 | #\r | |
9 | # $Id: proxy.cgi,v 1.13.2.23 2006/01/29 09:29:47 eoberlander Exp $\r | |
10 | #\r | |
11 | \r | |
12 | use strict;\r | |
13 | \r | |
14 | # enable only the following on debugging purpose\r | |
15 | #use warnings;\r | |
16 | #use CGI::Carp 'fatalsToBrowser';\r | |
17 | \r | |
18 | require 'CONFIG_ROOT/general-functions.pl';\r | |
19 | require "${General::swroot}/lang.pl";\r | |
20 | require "${General::swroot}/header.pl";\r | |
21 | \r | |
22 | my %proxysettings=();\r | |
23 | my %netsettings=();\r | |
24 | my %mainsettings=();\r | |
25 | my $errormessage = '';\r | |
26 | my $NeedDoHTML = 1;\r | |
27 | \r | |
28 | &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);\r | |
29 | &General::readhash("${General::swroot}/main/settings", \%mainsettings);\r | |
30 | \r | |
31 | &Header::showhttpheaders();\r | |
32 | \r | |
33 | $proxysettings{'ACTION'} = '';\r | |
34 | $proxysettings{'VALID'} = '';\r | |
35 | \r | |
36 | $proxysettings{'UPSTREAM_PROXY'} = '';\r | |
37 | $proxysettings{'UPSTREAM_USER'} = '';\r | |
38 | $proxysettings{'UPSTREAM_PASSWORD'} = '';\r | |
39 | $proxysettings{'ENABLE'} = 'off';\r | |
40 | $proxysettings{'ENABLE_BLUE'} = 'off';\r | |
41 | $proxysettings{'CACHE_SIZE'} = '50';\r | |
42 | $proxysettings{'TRANSPARENT'} = 'off';\r | |
43 | $proxysettings{'TRANSPARENT_BLUE'} = 'off';\r | |
44 | $proxysettings{'MAX_SIZE'} = '4096';\r | |
45 | $proxysettings{'MIN_SIZE'} = '0';\r | |
46 | $proxysettings{'MAX_OUTGOING_SIZE'} = '0';\r | |
47 | $proxysettings{'MAX_INCOMING_SIZE'} = '0';\r | |
48 | $proxysettings{'LOGGING'} = 'off';\r | |
49 | $proxysettings{'PROXY_PORT'} = '800';\r | |
50 | $proxysettings{'EXTENSION_METHODS'} = '';\r | |
51 | \r | |
52 | &Header::getcgihash(\%proxysettings);\r | |
53 | \r | |
54 | my $needhup = 0;\r | |
55 | my $cachemem = '';\r | |
56 | \r | |
57 | if ($proxysettings{'ACTION'} eq $Lang::tr{'save'})\r | |
58 | {\r | |
59 | \r | |
60 | #assume error\r | |
61 | my $configerror = 1;\r | |
62 | \r | |
63 | if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ || \r | |
64 | $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ || \r | |
65 | $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ || \r | |
66 | $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) {\r | |
67 | $errormessage = $Lang::tr{'invalid input'};\r | |
68 | goto ERROR;\r | |
69 | } \r | |
70 | if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||\r | |
71 | ($proxysettings{'CACHE_SIZE'} < 10))\r | |
72 | {\r | |
73 | $errormessage = $Lang::tr{'invalid cache size'};\r | |
74 | goto ERROR;\r | |
75 | } \r | |
76 | if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/))\r | |
77 | {\r | |
78 | $errormessage = $Lang::tr{'invalid maximum object size'};\r | |
79 | goto ERROR;\r | |
80 | }\r | |
81 | if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/))\r | |
82 | {\r | |
83 | $errormessage = $Lang::tr{'invalid minimum object size'};\r | |
84 | goto ERROR;\r | |
85 | }\r | |
86 | if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/))\r | |
87 | {\r | |
88 | $errormessage = $Lang::tr{'invalid maximum outgoing size'};\r | |
89 | goto ERROR;\r | |
90 | }\r | |
91 | if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/))\r | |
92 | {\r | |
93 | $errormessage = $Lang::tr{'invalid maximum incoming size'};\r | |
94 | goto ERROR;\r | |
95 | }\r | |
96 | \r | |
97 | if (!($proxysettings{'EXTENSION_METHODS'} =~ /^(|[A-Z0-9 _-]+)$/))\r | |
98 | {\r | |
99 | $errormessage = $Lang::tr{'squid extension methods invalid'};\r | |
100 | goto ERROR;\r | |
101 | }\r | |
102 | \r | |
103 | # Quick parent proxy error checking of username and password info. If username password don't both exist give an error.\r | |
104 | my $proxy1 = 'YES';\r | |
105 | my $proxy2 = 'YES';\r | |
106 | if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';}\r | |
107 | if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';}\r | |
108 | if (($proxy1 ne $proxy2))\r | |
109 | {\r | |
110 | $errormessage = $Lang::tr{'invalid upstream proxy username or password setting'};\r | |
111 | goto ERROR;\r | |
112 | }\r | |
113 | \r | |
114 | $_ = $proxysettings{'UPSTREAM_PROXY'};\r | |
115 | my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);\r | |
116 | $remoteport = 80 if ($remoteport eq '');\r | |
117 | \r | |
118 | $proxysettings{'VALID'} = 'yes';\r | |
119 | &General::writehash("${General::swroot}/proxy/settings", \%proxysettings);\r | |
120 | \r | |
121 | #\r | |
122 | # NAH, 03-Jan-2004\r | |
123 | #\r | |
124 | my @free = `/usr/bin/free`;\r | |
125 | $free[1] =~ m/(\d+)/;\r | |
126 | $cachemem = int $1 / 10;\r | |
127 | if ($cachemem < 4096) {\r | |
128 | $cachemem = 4096;\r | |
129 | }\r | |
130 | if ($cachemem > $proxysettings{'CACHE_SIZE'} * 40) {\r | |
131 | $cachemem = ( $proxysettings{'CACHE_SIZE'} * 40 );\r | |
132 | }\r | |
133 | \r | |
134 | open(FILE, ">/${General::swroot}/proxy/squid.conf") or die "Unable to write squid.conf file";\r | |
135 | flock(FILE, 2);\r | |
136 | print FILE <<END\r | |
137 | shutdown_lifetime 5 seconds\r | |
138 | icp_port 0\r | |
139 | \r | |
140 | http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\r | |
141 | END\r | |
142 | ;\r | |
143 | print FILE "\nextension_methods $proxysettings{'EXTENSION_METHODS'}\n" if ($proxysettings{'EXTENSION_METHODS'} ne '');\r | |
144 | \r | |
145 | if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {\r | |
146 | print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";\r | |
147 | }\r | |
148 | print FILE <<END\r | |
149 | \r | |
150 | acl QUERY urlpath_regex cgi-bin \\?\r | |
151 | no_cache deny QUERY\r | |
152 | \r | |
153 | cache_effective_user squid\r | |
154 | cache_effective_group squid\r | |
155 | \r | |
156 | pid_filename /var/run/squid.pid\r | |
157 | \r | |
158 | END\r | |
159 | ;\r | |
160 | \r | |
161 | if ($proxysettings{'LOGGING'} eq 'on')\r | |
162 | {\r | |
163 | print FILE <<END\r | |
164 | cache_access_log /var/log/squid/access.log\r | |
165 | cache_log /var/log/squid/cache.log\r | |
166 | cache_store_log none\r | |
167 | \r | |
168 | END\r | |
169 | ;} else {\r | |
170 | print FILE <<END\r | |
171 | cache_access_log /dev/null\r | |
172 | cache_log /dev/null\r | |
173 | cache_store_log none\r | |
174 | \r | |
175 | END\r | |
176 | ;}\r | |
177 | print FILE <<END\r | |
178 | log_mime_hdrs off\r | |
179 | forwarded_for off\r | |
180 | \r | |
181 | END\r | |
182 | ;\r | |
183 | \r | |
184 | #Insert acl file and replace __VAR__ with correct values\r | |
185 | my $blue_net = ''; #BLUE empty by default\r | |
186 | my $blue_ip = '';\r | |
187 | if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {\r | |
188 | $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";\r | |
189 | $blue_ip = "$netsettings{'BLUE_ADDRESS'}";\r | |
190 | }\r | |
191 | open (ACL, "${General::swroot}/proxy/acl") or die "Unable to open ACL list file";\r | |
192 | while (<ACL>) {\r | |
193 | $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;\r | |
194 | $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;\r | |
195 | $_ =~ s/__BLUE_IP__/$blue_ip/;\r | |
196 | $_ =~ s/__BLUE_NET__/$blue_net/;\r | |
197 | $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;\r | |
198 | print FILE $_;\r | |
199 | }\r | |
200 | close (ACL);\r | |
201 | \r | |
202 | # This value is in bytes, so we must turn it from KB into bytes\r | |
203 | my $max_incoming_size = $proxysettings{'MAX_INCOMING_SIZE'} * 1024;\r | |
204 | \r | |
205 | print FILE <<END\r | |
206 | \r | |
207 | maximum_object_size $proxysettings{'MAX_SIZE'} KB\r | |
208 | minimum_object_size $proxysettings{'MIN_SIZE'} KB\r | |
209 | \r | |
210 | cache_mem $cachemem KB\r | |
211 | cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} 16 256\r | |
212 | \r | |
213 | request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB\r | |
214 | reply_body_max_size $max_incoming_size allow all\r | |
215 | \r | |
216 | visible_hostname $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\r | |
217 | \r | |
218 | END\r | |
219 | ;\r | |
220 | \r | |
221 | # Write the parent proxy info, if needed.\r | |
222 | if ($remotehost ne '')\r | |
223 | {\r | |
224 | # Enter authentication for the parent cache (format is login=user:password)\r | |
225 | if ($proxy1 eq 'YES') {\r | |
226 | print FILE <<END\r | |
227 | cache_peer $remotehost parent $remoteport 3130 login=$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'} default no-query\r | |
228 | \r | |
229 | END\r | |
230 | ; \r | |
231 | } else {\r | |
232 | # Not using authentication with the parent cache\r | |
233 | print FILE <<END\r | |
234 | cache_peer $remotehost parent $remoteport 3130 default no-query\r | |
235 | \r | |
236 | END\r | |
237 | ;\r | |
238 | }\r | |
239 | print FILE "never_direct allow all\n";\r | |
240 | }\r | |
241 | if (($proxysettings{'TRANSPARENT'} eq 'on') ||\r | |
242 | ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))\r | |
243 | {\r | |
244 | print FILE <<END\r | |
245 | httpd_accel_host virtual \r | |
246 | httpd_accel_port 80 \r | |
247 | httpd_accel_with_proxy on\r | |
248 | httpd_accel_uses_host_header on \r | |
249 | END\r | |
250 | ;\r | |
251 | }\r | |
252 | close FILE;\r | |
253 | $configerror = 0; ## a good config!\r | |
254 | \r | |
255 | ERROR:\r | |
256 | unlink "${General::swroot}/proxy/enable";\r | |
257 | unlink "${General::swroot}/proxy/transparent";\r | |
258 | unlink "${General::swroot}/proxy/enable_blue";\r | |
259 | unlink "${General::swroot}/proxy/transparent_blue";\r | |
260 | &DoHTML;\r | |
261 | \r | |
262 | if (!$configerror)\r | |
263 | {\r | |
264 | if ($proxysettings{'ENABLE'} eq 'on') {\r | |
265 | system ('/bin/touch', "${General::swroot}/proxy/enable"); }\r | |
266 | if ($proxysettings{'TRANSPARENT'} eq 'on') {\r | |
267 | system ('/bin/touch', "${General::swroot}/proxy/transparent"); }\r | |
268 | if ($proxysettings{'ENABLE_BLUE'} eq 'on') {\r | |
269 | system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); }\r | |
270 | if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {\r | |
271 | system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); }\r | |
272 | system('/usr/local/bin/restartsquid');\r | |
273 | }\r | |
274 | }\r | |
275 | \r | |
276 | if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'})\r | |
277 | {\r | |
278 | &DoHTML;\r | |
279 | system('/usr/local/bin/restartsquid','-f');\r | |
280 | }\r | |
281 | \r | |
282 | &DoHTML if $NeedDoHTML;\r | |
283 | \r | |
284 | \r | |
285 | sub DoHTML {\r | |
286 | \r | |
287 | $NeedDoHTML = 0;\r | |
288 | &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);\r | |
289 | \r | |
290 | my %checked=();\r | |
291 | \r | |
292 | $checked{'ENABLE'}{'off'} = '';\r | |
293 | $checked{'ENABLE'}{'on'} = '';\r | |
294 | $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";\r | |
295 | \r | |
296 | $checked{'TRANSPARENT'}{'off'} = '';\r | |
297 | $checked{'TRANSPARENT'}{'on'} = '';\r | |
298 | $checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'";\r | |
299 | \r | |
300 | $checked{'ENABLE_BLUE'}{'off'} = '';\r | |
301 | $checked{'ENABLE_BLUE'}{'on'} = '';\r | |
302 | $checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'";\r | |
303 | \r | |
304 | $checked{'TRANSPARENT_BLUE'}{'off'} = '';\r | |
305 | $checked{'TRANSPARENT_BLUE'}{'on'} = '';\r | |
306 | $checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'";\r | |
307 | \r | |
308 | $checked{'LOGGING'}{'off'} = '';\r | |
309 | $checked{'LOGGING'}{'on'} = '';\r | |
310 | $checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'";\r | |
311 | \r | |
312 | &Header::openpage($Lang::tr{'web proxy configuration'}, 1, '');\r | |
313 | \r | |
314 | &Header::openbigbox('100%', 'left', '', $errormessage);\r | |
315 | \r | |
316 | if ($errormessage) {\r | |
317 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'});\r | |
318 | print "<font class='base'>$errormessage </font>\n";\r | |
319 | &Header::closebox();\r | |
320 | }\r | |
321 | \r | |
322 | print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";\r | |
323 | \r | |
324 | &Header::openbox('100%', 'left', "$Lang::tr{'web proxy'}:");\r | |
325 | print <<END\r | |
326 | <table width='100%'>\r | |
327 | <tr>\r | |
328 | <td width='25%' class='base'>$Lang::tr{'enabled on'} <font color="${Header::colourgreen}">Green</font>:</td>\r | |
329 | <td width='15%'><input type='checkbox' name='ENABLE' $checked{'ENABLE'}{'on'} /></td>\r | |
330 | <td width='30%' class='base'>$Lang::tr{'upstream proxy host:port'}: <img src='/blob.gif' alt='*' /></td>\r | |
331 | <td width='30%'><input type='text' name='UPSTREAM_PROXY' value='$proxysettings{'UPSTREAM_PROXY'}' /></td>\r | |
332 | </tr>\r | |
333 | <tr>\r | |
334 | <td class='base'>$Lang::tr{'transparent on'} <font color="${Header::colourgreen}">Green</font>:</td>\r | |
335 | <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>\r | |
336 | <td class='base'>$Lang::tr{'upstream username'} <img src='/blob.gif' alt='*' /></td>\r | |
337 | <td><input type='text' name='UPSTREAM_USER' value='$proxysettings{'UPSTREAM_USER'}' /></td>\r | |
338 | </tr>\r | |
339 | <tr>\r | |
340 | END\r | |
341 | ;\r | |
342 | if ($netsettings{'BLUE_DEV'}) {\r | |
343 | print "<td class='base'>$Lang::tr{'enabled on'} <font color='${Header::colourblue}'>Blue</font>:</td>";\r | |
344 | print "<td><input type='checkbox' name='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'} /></td>";\r | |
345 | } else {\r | |
346 | print "<td colspan='2'> </td>";\r | |
347 | }\r | |
348 | print <<END\r | |
349 | <td class='base'>$Lang::tr{'upstream password'} <img src='/blob.gif' alt='*' /></td>\r | |
350 | <td><input type='password' name='UPSTREAM_PASSWORD' value='$proxysettings{'UPSTREAM_PASSWORD'}' /></td>\r | |
351 | </tr>\r | |
352 | <tr>\r | |
353 | END\r | |
354 | ;\r | |
355 | if ($netsettings{'BLUE_DEV'}) {\r | |
356 | print "<td class='base'>$Lang::tr{'transparent on'} <font color='${Header::colourblue}'>Blue</font>:</td>";\r | |
357 | print "<td><input type='checkbox' name='TRANSPARENT_BLUE' $checked{'TRANSPARENT_BLUE'}{'on'} /></td>";\r | |
358 | } else {\r | |
359 | print "<td colspan='2'> </td>";\r | |
360 | }\r | |
361 | print <<END\r | |
362 | <td class='base'>$Lang::tr{'proxy port'}:</td>\r | |
363 | <td><input type='text' name='PROXY_PORT' value='$proxysettings{'PROXY_PORT'}' size='5' /></td>\r | |
364 | </tr>\r | |
365 | <tr>\r | |
366 | <td class='base'>$Lang::tr{'log enabled'}:</td>\r | |
367 | <td><input type='checkbox' name='LOGGING' $checked{'LOGGING'}{'on'} /></td>\r | |
368 | <td>$Lang::tr{'squid extension methods'}: <img src='/blob.gif' alt='*' /></td>\r | |
369 | <td><input type='text' name='EXTENSION_METHODS' value='$proxysettings{'EXTENSION_METHODS'}' /></td>\r | |
370 | </tr>\r | |
371 | <!--TAG FOR ADDONS-->\r | |
372 | <tr>\r | |
373 | <td colspan='4'><hr /><b>$Lang::tr{'cache management'}</b></td>\r | |
374 | </tr>\r | |
375 | <tr>\r | |
376 | <td width='25%' class='base'>$Lang::tr{'cache size'}</td>\r | |
377 | <td><input type='text' name='CACHE_SIZE' value='$proxysettings{'CACHE_SIZE'}' size='5' /></td>\r | |
378 | </tr>\r | |
379 | <tr>\r | |
380 | <td class='base'>$Lang::tr{'min size'}</td>\r | |
381 | <td><input type='text' name='MIN_SIZE' value='$proxysettings{'MIN_SIZE'}' size='5' /></td>\r | |
382 | <td class='base'>$Lang::tr{'max size'}</td>\r | |
383 | <td><input type='text' name='MAX_SIZE' value='$proxysettings{'MAX_SIZE'}' size='5' /></td>\r | |
384 | </tr>\r | |
385 | <tr>\r | |
386 | <td colspan='4'><hr /><b>$Lang::tr{'transfer limits'}</b></td>\r | |
387 | </tr>\r | |
388 | <tr>\r | |
389 | <td class='base'>$Lang::tr{'max incoming size'}</td>\r | |
390 | <td><input type='text' name='MAX_INCOMING_SIZE' value='$proxysettings{'MAX_INCOMING_SIZE'}' size='5' /></td>\r | |
391 | <td class='base'>$Lang::tr{'max outgoing size'}</td>\r | |
392 | <td><input type='text' name='MAX_OUTGOING_SIZE' value='$proxysettings{'MAX_OUTGOING_SIZE'}' size='5' /></td>\r | |
393 | </tr>\r | |
394 | </table>\r | |
395 | <table width='100%'>\r | |
396 | <hr />\r | |
397 | <tr>\r | |
398 | <td width='28%'>\r | |
399 | <img src='/blob.gif' align='top' alt='*' /> \r | |
400 | <font class='base'>$Lang::tr{'this field may be blank'}</font>\r | |
401 | </td>\r | |
402 | <td width='33%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'clear cache'}' /></td>\r | |
403 | <td width=33%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>\r | |
404 | <td width='5%' align='right'>\r | |
405 | <a href='${General::adminmanualurl}/services.html#services_webproxy' target='_blank'>\r | |
406 | <img src='/images/web-support.png' title='$Lang::tr{'online help en'}' /></a></td>\r | |
407 | </tr>\r | |
408 | \r | |
409 | </table>\r | |
410 | END\r | |
411 | ;\r | |
412 | &Header::closebox();\r | |
413 | \r | |
414 | print "</form>\n";\r | |
415 | \r | |
416 | &Header::closebigbox();\r | |
417 | \r | |
418 | &Header::closepage();\r | |
419 | \r | |
420 | } # end sub DoHTML\r | |
421 | 1\r |