X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=25e935bf05778a0eb5d283395622304158e71407;hp=76d52b425157e0788a4fa4398af4aea30a3a6805;hb=8dc177053fc97d89afb99bb2ab4849656d550833;hpb=920cc7233335608630a117183b24ee0d5ff2a908

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 76d52b425..25e935bf0 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -195,6 +195,7 @@ $proxysettings{'ENABLE_BLUE'} = 'off';
 $proxysettings{'TRANSPARENT'} = 'off';
 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
 $proxysettings{'PROXY_PORT'} = '800';
+$proxysettings{'TRANSPARENT_PORT'} = '3128';
 $proxysettings{'VISIBLE_HOSTNAME'} = '';
 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
 $proxysettings{'ADMIN_PASSWORD'} = '';
@@ -212,7 +213,7 @@ $proxysettings{'LOGGING'} = 'off';
 $proxysettings{'CACHEMGR'} = 'off';
 $proxysettings{'LOGQUERY'} = 'off';
 $proxysettings{'LOGUSERAGENT'} = 'off';
-$proxysettings{'FILEDESCRIPTORS'} = '4096';
+$proxysettings{'FILEDESCRIPTORS'} = '16384';
 $proxysettings{'CACHE_MEM'} = '2';
 $proxysettings{'CACHE_SIZE'} = '50';
 $proxysettings{'MAX_SIZE'} = '4096';
@@ -359,6 +360,15 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 		$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
 		goto ERROR;
 	}
+	if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
+	{
+		$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
+		goto ERROR;
+	}
+	if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
+		$errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
+		goto ERROR;
+	}
 	if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
 	{
 		my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
@@ -956,8 +966,8 @@ print <<END
 <tr>
 	<td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
 	<td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
-	<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
+	<td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:</td>
+	<td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
 </tr>
 <tr>
 END
@@ -969,7 +979,8 @@ if ($netsettings{'BLUE_DEV'}) {
 	print "<td colspan='2'>&nbsp;</td>";
 }
 print <<END
-	<td colspan='2'>&nbsp;</td>
+	<td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
 </tr>
 <tr>
 END
@@ -3071,16 +3082,32 @@ icp_port 0
 
 END
 	;
+
+	# Include file with user defined settings.
+	if (-e "/etc/squid/squid.conf.pre.local") {
+		print FILE "include /etc/squid/squid.conf.pre.local\n\n";
+	}
+
 	print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
-	if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" }
 	if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
 	print FILE "\n";
 
+	if ($proxysettings{'TRANSPARENT'} eq 'on') {
+		print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
+		if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
+		print FILE "\n";
+	}
+
 	if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
 		print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
-		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { print FILE " transparent" }
 		if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
 		print FILE "\n";
+
+		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
+			print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
+			if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
+			print FILE "\n";
+		}
 	}
 
 	if ($proxysettings{'CACHE_SIZE'} > 0)
@@ -3138,12 +3165,12 @@ END
 	if ($proxysettings{'LOGGING'} eq 'on')
 	{
 		print FILE <<END
-access_log /var/log/squid/access.log
+access_log stdio:/var/log/squid/access.log
 cache_log /var/log/squid/cache.log
 cache_store_log none
 END
 	;
-		if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "useragent_log \/var\/log\/squid\/user_agent.log\n"; }
+		if ($proxysettings{'LOGUSERAGENT'} eq 'on') { print FILE "access_log stdio:\/var\/log\/squid\/user_agent.log useragent\n"; }
 		if ($proxysettings{'LOGQUERY'} eq 'on') { print FILE "\nstrip_query_terms off\n"; }
 	} else {
 		print FILE <<END
@@ -3176,7 +3203,7 @@ END
 	{
 		if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
 		{
-			print FILE "auth_param basic program $authdir/ncsa_auth $userdb\n";
+			print FILE "auth_param basic program $authdir/basic_ncsa_auth $userdb\n";
 			print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
 			print FILE "auth_param basic realm $authrealm\n";
 			print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
@@ -3186,7 +3213,7 @@ END
 		if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
 		{
 			print FILE "auth_param basic utf8 on\n";
-			print FILE "auth_param basic program $authdir/squid_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
+			print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
 			if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
 			if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
 			if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
@@ -3237,7 +3264,7 @@ END
 				print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
 				if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
 			} else {
-				print FILE "auth_param basic program $authdir/msnt_auth\n";
+				print FILE "auth_param basic program $authdir/basic_msnt_auth\n";
 				print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
 				print FILE "auth_param basic realm $authrealm\n";
 				print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
@@ -3263,7 +3290,7 @@ END
 
 		if ($proxysettings{'AUTH_METHOD'} eq 'radius')
 		{
-			print FILE "auth_param basic program $authdir/squid_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
+			print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
 			if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
 			print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
 			print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
@@ -3356,11 +3383,6 @@ END
 		print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
 	}
 
-	print FILE <<END
-#acl all src all
-acl localhost src 127.0.0.1/32
-END
-;
 open (PORTS,"$acl_ports_ssl");
 @temp = <PORTS>;
 close PORTS;
@@ -3456,8 +3478,7 @@ END
 	# Check if squidclamav is enabled.
 	if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
 		print FILE "\n#Settings for squidclamav:\n";
-		print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n";
-		print FILE "acl to_localhost dst 127.0.0.0/8\n";
+		print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
 		print FILE "acl purge method PURGE\n";
 		print FILE "http_access deny to_localhost\n";
 		print FILE "http_access allow localhost\n";