aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2014-04-01 15:58:23 -0300
committerMarcello Coutinho <marcellocoutinho@gmail.com>2014-04-01 15:58:23 -0300
commit5eee1edfd52d58653d0589cce0effa7646c370fe (patch)
treea0c26c0f5225b4a9cb594f94a592c1ac3a69cb8d
parent58d8dd6d9b72e78ee163fd09945c252624d0496d (diff)
downloadpfsense-packages-5eee1edfd52d58653d0589cce0effa7646c370fe.tar.gz
pfsense-packages-5eee1edfd52d58653d0589cce0effa7646c370fe.tar.bz2
pfsense-packages-5eee1edfd52d58653d0589cce0effa7646c370fe.zip
squid3-dev - improve captive portal and custom options acls
-rwxr-xr-xconfig/squid3/33/squid.inc18
-rw-r--r--config/squid3/33/squid.xml14
-rw-r--r--pkg_config.10.xml2
-rw-r--r--pkg_config.8.xml2
-rw-r--r--pkg_config.8.xml.amd642
5 files changed, 25 insertions, 13 deletions
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index e13e51d1..bc238a5d 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -1603,8 +1603,8 @@ function squid_resync_auth() {
$conf.="# Package Integration\n".preg_replace($co_preg,$co_rep,$settingsconfig['custom_options'])."\n\n";
}
- // Custom User Options
- $conf .= "# Custom options\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n";
+ // Custom User Options before authentication acls
+ $conf .= "# Custom options before auth\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n";
// Deny the banned guys before allowing the good guys
if(! empty($settingsnac['banned_hosts'])) {
@@ -1722,9 +1722,8 @@ function squid_resync_auth() {
$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n";
break;
case 'cp':
- $conf .= "external_acl_type check_filter children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n";
- $conf .= "acl dgfilter external check_filter\n";
- $conf .= "http_access allow dgfilter\n";
+ $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n";
+ $conf .= "acl password external check_cp\n";
break;
case 'msnt':
$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n";
@@ -1740,6 +1739,9 @@ acl password proxy_auth REQUIRED
EOD;
}
+ // Custom User Options after authentication definition
+ $conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n";
+
// Onto the ACLs
$password = array('localnet', 'allowed_subnets');
$passwordless = array('unrestricted_hosts');
@@ -1756,7 +1758,7 @@ EOD;
foreach ($passwordless as $acl)
$conf .= "http_access allow $acl\n";
- if ($auth_method != 'cp'){
+ //if ($auth_method != 'cp'){
// Include squidguard denied acl log in squid
if ($settingsconfig['log_sqd'])
$conf .="http_access deny password sglog\n";
@@ -1764,9 +1766,9 @@ EOD;
// Allow the other ACLs as long as they authenticate
foreach ($password as $acl)
$conf .= "http_access allow password $acl\n";
- }
+ // }
}
-
+
$conf .= "# Default block all to be sure\n";
$conf .= "http_access deny allsrc\n";
diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml
index ef5a9c94..1cbf2338 100644
--- a/config/squid3/33/squid.xml
+++ b/config/squid3/33/squid.xml
@@ -528,9 +528,19 @@
<rows>5</rows>
</field>
<field>
- <fielddescr>Custom Options</fielddescr>
+ <fielddescr>Custom ACLS (Before_Auth)</fielddescr>
<fieldname>custom_options_squid3</fieldname>
- <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration.<br>
+ <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration before authetication acls(if any).<br>
+ <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <cols>78</cols>
+ <rows>10</rows>
+ </field>
+ <field>
+ <fielddescr>Custom ACLS (After_Auth)</fielddescr>
+ <fieldname>custom_options2_squid3</fieldname>
+ <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration after authetication definition(if any).<br>
<strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description>
<type>textarea</type>
<encoding>base64</encoding>
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index e52ece81..9fd911e6 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -963,7 +963,7 @@
<pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>3.3.10 pkg 2.2.1</version>
+ <version>3.3.10 pkg 2.2.2</version>
<status>beta</status>
<required_version>2.2</required_version>
<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index d2398704..ce23e24f 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1260,7 +1260,7 @@
<pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>3.3.10 pkg 2.2.1</version>
+ <version>3.3.10 pkg 2.2.2</version>
<status>beta</status>
<required_version>2.0</required_version>
<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 34fce7a6..328fc6b1 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -1247,7 +1247,7 @@
<pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>3.3.10 pkg 2.2.1</version>
+ <version>3.3.10 pkg 2.2.2</version>
<status>beta</status>
<required_version>2.0</required_version>
<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>