aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-30 12:07:13 +0200
committerMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-30 12:07:13 +0200
commit696863f625b7c55a387bb8411563c1d831203127 (patch)
treee13978a192ad1d6db39a57598dab6c513f66c6fa
parentcd3200f70fe1e1c3af08df1d90ed8e546b88d039 (diff)
downloadpfsense-packages-696863f625b7c55a387bb8411563c1d831203127.tar.gz
pfsense-packages-696863f625b7c55a387bb8411563c1d831203127.tar.bz2
pfsense-packages-696863f625b7c55a387bb8411563c1d831203127.zip
owa witard working
-rw-r--r--config/squid-reverse/squid.inc58
-rw-r--r--config/squid-reverse/squid_reverse.xml10
2 files changed, 58 insertions, 10 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index 925d1691..3794c47e 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -310,6 +310,7 @@ function squid_validate_general($post, $input_errors) {
$log_rotate = trim($post['log_rotate']);
if (!empty($log_rotate) && (!is_numeric($log_rotate) or ($log_rotate < 1)))
+
$input_errors[] = 'You must enter a valid number of days \'Log rotate\' field';
$webgui_port = $config['system']['webgui']['port'];
@@ -479,6 +480,10 @@ function squid_validate_traffic($post, $input_errors) {
function squid_validate_reverse($post, $input_errors) {
+ $fqdn = trim($post['reverse_external_fqdn']);
+ if (!empty($fqdn) && !is_domain($fqdn))
+ $input_errors[] = 'The field \'external FQDN\' must contain a valid domain name';
+
$port = trim($post['reverse_http_port']);
if (!empty($port) && !is_port($port))
$input_errors[] = 'The field \'reverse HTTP port\' must contain a valid port number';
@@ -490,6 +495,14 @@ function squid_validate_reverse($post, $input_errors) {
if ($post['reverse_ssl_cert'] == 'none')
$input_errors[] = 'A valid certificate for the external interface must be selected';
+ if (($post['reverse_https'] != 'on') && ($post['reverse_owa'] == 'on')) {
+ $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support.";
+ }
+
+ $rowa = trim($post['reverse_owa_ip']);
+ if (!empty($rowa) && !is_ipaddr($rowa))
+ $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address';
+
}
function squid_validate_auth($post, $input_errors) {
@@ -990,8 +1003,51 @@ function squid_resync_reverse() {
if (!empty($settings['reverse_https']) && (!empty($settings['reverse_https_port'])) && (!empty($settings['reverse_https_defsite']))) $conf .= "https_port {$real_ifaces[$i][0]}:{$settings['reverse_https_port']} cert={$reverse_crt} key={$reverse_key} defaultsite={$settings['reverse_https_defsite']} vhost\n";
}
}
+ //PEERS
+ if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=auto name=OWA_HOST_pfs\n";
+
+ //ACLs
+ if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) {
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/owa.*$\n";
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/exchange.*$\n";
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/public.*$\n";
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/exchwebexchweb.*$\n";
+ }
+ if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_activesync'] == 'on')) {
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/Microsoft-Server-ActiveSync.*$\n";
+ }
+ if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_rpchttp'] == 'on')) {
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/rpc/rpcproxy.dll.*$\n";
+ $conf .= "extension_methods RPC_IN_DATA RPC_OUT_DATA\n";
+ }
+
+ //ACCESS
+ if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) {
+ $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n";
+ $conf .= "cache_peer_access OWA_HOST_pfs deny all\n";
+ $conf .= "never_direct allow OWA_URI_pfs\n";
+ $conf .= "http_access allow OWA_URI_pfs\n";
+ }
+
+ /*
+ acl OWA url_regex -i ^https://xg1.fuchs-kiel.de/owa.*$;
+ acl OWA url_regex -i ^https://xg1.fuchs-kiel.de/exchange.*$;
+ acl OWA url_regex -i ^https://xg1.fuchs-kiel.de/public.*$;
+ acl OWA url_regex -i ^https://xg1.fuchs-kiel.de/exchweb.*$;
+
+ acl OWA url_regex -i ^https://xg1.fuchs-kiel.de/Microsoft-Server-ActiveSync.*$;
+ acl OWA url_regex -i ^https://xg1.fuchs-kiel.de/rpc/rpcproxy.dll.*$;
+
+ cache_peer_access CYGNUS_SSL allow OWA;
+ cache_peer_access CYGNUS_SSL deny all;
+
+ never_direct allow OWA;
+
+ http_access allow OWA;
+
+ #miss_access allow OWA;
+ */
- if (!empty($settings['extension_methods'])) $conf .= "extension_methods {$settings['extension_methods']}\n";
if (!empty($settings['deny_info_tcp_reset'])) $conf .= "deny_info TCP_RESET all\n";
return $conf;
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
index eb6a5c05..61aa4aae 100644
--- a/config/squid-reverse/squid_reverse.xml
+++ b/config/squid-reverse/squid_reverse.xml
@@ -136,7 +136,7 @@
<fieldname>reverse_https</fieldname>
<description>If this field is checked, squid will act as an accelerator/SSL offload for Outlook Web Access.</description>
<type>checkbox</type>
- <enablefields>reverse_owa,reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid</enablefields>
+ <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid</enablefields>
<required/>
<default_value>off</default_value>
</field>
@@ -206,14 +206,6 @@
<type>checkbox</type>
<enablefields>extension_methods</enablefields>
</field>
- <field>
- <fielddescr>extension methods</fielddescr>
- <fieldname>extension_methods</fieldname>
- <description>This field defines additional extension methods for the proxy to use. &lt;br&gt;(RPC_IN_DATA RPC_OUT_DATA for RPC over HTTP -> Outlook Anywhere)</description>
- <type>input</type>
- <size>80</size>
- <default_value>RPC_IN_DATA RPC_OUT_DATA</default_value>
- </field>
<field>