###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2010 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
my %checked=();
my %selected=();
-my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120);
-my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip";
-my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi";
-my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m";
+my @throttle_limits=(64,128,256,384,512,768,1024,1280,1536,1792,2048,2560,3072,3584,4096,5120,6144,7168,8192,10240,12288,16384,20480);
+my $throttle_binary="7z|arj|bin|bz2|cab|exe|gz|lzh|rar|sea|tar|tgz|xz|zip";
+my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi|vmdk";
+my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|ogg|qt|ra?m|ts|vob";
my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
my $def_ports_ssl="443 # https\n563 # snews\n";
my $cachemem=0;
my $proxy1='';
my $proxy2='';
-my $replybodymaxsize=0;
my $browser_regexp='';
my $needhup = 0;
my $errormessage='';
if (
(isPlainHostName(host)) ||
(dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
+ (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
(isInNet(host, "10.0.0.0", "255.0.0.0")) ||
(isInNet(host, "172.16.0.0", "255.240.0.0")) ||
(isInNet(host, "192.168.0.0", "255.255.0.0")) ||
if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
{
+ print FILE "auth_param basic utf8 on\n";
print FILE "auth_param basic program $authdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
{
if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')
{
- print FILE "auth_param ntlm program $authdir/ntlm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
+ print FILE "auth_param ntlm program $authdir/ntlm_smb_lm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}";
if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; }
print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
request_body_max_size $proxysettings{'MAX_OUTGOING_SIZE'} KB
END
;
- $replybodymaxsize = 1024 * $proxysettings{'MAX_INCOMING_SIZE'};
if ($proxysettings{'MAX_INCOMING_SIZE'} > 0) {
- if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_ips\n"; }
- if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_mac\n"; }
+ if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size none IPFire_unrestricted_ips\n"; }
+ if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size none IPFire_unrestricted_mac\n"; }
if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
{
- if (!-z $extgrp) { print FILE "reply_body_max_size 0 deny for_extended_users\n"; }
+ if (!-z $extgrp) { print FILE "reply_body_max_size none for_extended_users\n"; }
}
}
- if ( $replybodymaxsize != '0' )
+ if ( $proxysettings{'MAX_INCOMING_SIZE'} != '0' )
{
- print FILE "reply_body_max_size $replybodymaxsize deny all\n\n";
+ print FILE "reply_body_max_size $proxysettings{'MAX_INCOMING_SIZE'} KB all\n\n";
}
print FILE "visible_hostname";
projects / people / teissler / ipfire-2.x.git / blobdiff