diff options
author | Martin Fuchs <martin.fuchs@trendchiller.com> | 2011-09-30 22:47:12 +0200 |
---|---|---|
committer | Martin Fuchs <martin.fuchs@trendchiller.com> | 2011-09-30 22:47:12 +0200 |
commit | 2aae3aff464282d34087b390e89c3163b06badb8 (patch) | |
tree | b3a6e5f669cf24c339e26d17aaf738d55b9a57c9 | |
parent | f2148bae9112023991f085e790f0361d61e047b1 (diff) | |
download | pfsense-packages-2aae3aff464282d34087b390e89c3163b06badb8.tar.gz pfsense-packages-2aae3aff464282d34087b390e89c3163b06badb8.tar.bz2 pfsense-packages-2aae3aff464282d34087b390e89c3163b06badb8.zip |
acls working
-rw-r--r-- | config/squid-reverse/squid.inc | 41 | ||||
-rw-r--r-- | config/squid-reverse/squid_reverse.xml | 2 |
2 files changed, 34 insertions, 9 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 044cf10b..aa8cf691 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -503,6 +503,21 @@ function squid_validate_reverse($post, $input_errors) { if (!empty($rowa) && !is_ipaddr($rowa)) $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; +/* + $contents = base64_decode($post['reverse_cache_peer']); + if(!empty($contents)) { + $defs = explode("\r\n", ($contents)); + foreach ($defs as $def) { + $cfg = explode(";",($def)); + if (!is_ipaddr($cfg[1])) + $input_errors[] = "please choose a valid IP in the cache peer configuration."; + if (!is_port($cfg[2])) + $input_errors[] = "please choose a valid port in the cache peer configuration."; + if (($cfg[3] != 'HTTPS') && ($cfg[3] != 'HTTP')) + $input_errors[] = "please choose HTTP or HTTPS in the cache peer configuration."; + }} +*/ + } function squid_validate_auth($post, $input_errors) { @@ -1059,20 +1074,30 @@ function squid_resync_reverse() { $conf .= "http_access allow OWA_URI_pfs\n"; } - $contents = base64_decode($settings['reverse_acl']); if(!empty($contents)) { -$conf .= "# -= TESTING AREA =-\n"; $defs = explode("\r\n", ($contents)); foreach ($defs as $def) { $cfg = explode(";",($def)); if (($cfg[0]) != '' && ($cfg[1]) != ''){ - $conf .= "# cache_peer_access {$cfg[0]} allow {$cfg[1]}\n"; - $conf .= "# cache_peer_access {$cfg[0]} deny all\n"; - $conf .= "# never direct allow {$cfg[1]}\n"; - $conf .= "# http_access allow {$cfg[1]}\n"; - }}} - + $conf .= "cache_peer_access {$cfg[0]} allow {$cfg[1]}\n"; + }} + foreach ($defs as $def) { + $cfg = explode(";",($def)); + if (($cfg[0]) != '' && ($cfg[1]) != ''){ + $conf .= "cache_peer_access {$cfg[0]} deny all\n"; + }} + foreach ($defs as $def) { + $cfg = explode(";",($def)); + if (($cfg[0]) != '' && ($cfg[1]) != ''){ + $conf .= "never direct allow {$cfg[1]}\n"; + }} + foreach ($defs as $def) { + $cfg = explode(";",($def)); + if (($cfg[0]) != '' && ($cfg[1]) != ''){ + $conf .= "http_access allow {$cfg[1]}\n"; + }} + } $conf .= "\n"; diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml index cafa3ec7..d921254f 100644 --- a/config/squid-reverse/squid_reverse.xml +++ b/config/squid-reverse/squid_reverse.xml @@ -165,7 +165,7 @@ <source_value>refid</source_value> </field> <field> - <fielddescr>intermediate CA certificate</fielddescr> + <fielddescr>intermediate CA certificate (if needed)</fielddescr> <fieldname>reverse_int_ca</fieldname> <description>Paste a signed certificate in X.509 PEM format here.</description> <type>textarea</type> |