diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-04-20 02:12:12 -0300 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2012-04-20 02:12:12 -0300 |
commit | 37681fd565cebf04d2feee3c5a37bb93fcbf1ba0 (patch) | |
tree | d175d06ade531a3bdf532fba6170935cbfeffa5e | |
parent | dca1b0e0ba28991164bb25c3e1cc3784582e5ebf (diff) | |
download | pfsense-packages-37681fd565cebf04d2feee3c5a37bb93fcbf1ba0.tar.gz pfsense-packages-37681fd565cebf04d2feee3c5a37bb93fcbf1ba0.tar.bz2 pfsense-packages-37681fd565cebf04d2feee3c5a37bb93fcbf1ba0.zip |
squid3 - version 2.0.4 with bug fixes and remote peer improvements
-rw-r--r-- | config/squid-reverse/squid.inc | 86 | ||||
-rw-r--r-- | config/squid-reverse/squid.xml | 7 | ||||
-rw-r--r-- | config/squid-reverse/squid_auth.xml | 8 | ||||
-rw-r--r-- | config/squid-reverse/squid_cache.xml | 8 | ||||
-rw-r--r-- | config/squid-reverse/squid_nac.xml | 8 | ||||
-rw-r--r-- | config/squid-reverse/squid_reverse.inc | 2 | ||||
-rw-r--r-- | config/squid-reverse/squid_reverse_general.xml | 6 | ||||
-rw-r--r-- | config/squid-reverse/squid_reverse_peer.xml | 6 | ||||
-rwxr-xr-x | config/squid-reverse/squid_reverse_sync.xml | 6 | ||||
-rw-r--r-- | config/squid-reverse/squid_reverse_uri.xml | 6 | ||||
-rwxr-xr-x | config/squid-reverse/squid_sync.xml | 6 | ||||
-rw-r--r-- | config/squid-reverse/squid_traffic.xml | 8 | ||||
-rw-r--r-- | config/squid-reverse/squid_upstream.xml | 242 | ||||
-rw-r--r-- | config/squid-reverse/squid_users.xml | 8 | ||||
-rw-r--r-- | pkg_config.8.xml | 4 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 4 |
16 files changed, 318 insertions, 97 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 3828476e..847d6a35 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -411,8 +411,8 @@ function squid_validate_general($post, $input_errors) { } function squid_validate_upstream($post, $input_errors) { - if ($post['proxy_forwarding'] == 'on') { - $addr = trim($post['proxy_addr']); + if ($post['enabled'] == 'on') { + $addr = trim($post['proxyaddr']); if (empty($addr)) $input_errors[] = 'The field \'Hostname\' is required'; else { @@ -420,7 +420,7 @@ function squid_validate_upstream($post, $input_errors) { $input_errors[] = 'You must enter a valid IP address or host name in the \'Proxy hostname\' field'; } - foreach (array('proxy_port' => 'TCP port', 'icp_port' => 'ICP port') as $field => $name) { + foreach (array('proxyport' => 'TCP port', 'icpport' => 'ICP port') as $field => $name) { $port = trim($post[$field]); if (empty($port)) $input_errors[] = "The field '$name' is required"; @@ -865,42 +865,45 @@ EOC; } if(preg_match('/windows/',$settings['refresh_patterns'])){ $conf.=<<<EOC + +# Windows Update refresh_pattern range_offset_limit -1 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims + EOC; } -if(preg_match('/symantec/',$settings['refresh_patterns'])){ +if(preg_match('/symantec/',$settings['refresh_patters'])){ $conf.=<<<EOC + +# Symantec refresh_pattern range_offset_limit -1 refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims + EOC; } -if(preg_match('/avast/',$settings['refresh_patterns'])){ +if(preg_match('/avast/',$settings['refresh_patters'])){ $conf.=<<<EOC + +# Avast refresh_pattern range_offset_limit -1 refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims + EOC; } -if(preg_match('/avira/',$settings['refresh_patterns'])){ +if(preg_match('/avira/',$settings['refresh_patters'])){ $conf.=<<<EOC + +# Avira refresh_pattern range_offset_limit -1 refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims + EOC; - } - - $refresh_conf=<<<EOC -# Add any of your own refresh_pattern entries above these. -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 -refresh_pattern . 0 20% 4320 -EOC; - } +} $conf .= <<<EOD cache_mem $memory_cache_size MB @@ -930,22 +933,33 @@ EOD; function squid_resync_upstream() { global $config; - $settings = $config['installedpackages']['squidupstream']['config'][0]; - - $conf = ''; - if ($settings['proxy_forwarding'] == 'on') { - $conf .= "cache_peer {$settings['proxy_addr']} parent {$settings['proxy_port']} "; - if ($settings['icp_port'] == '7') - $conf .= "{$settings['icp_port']} no-query"; - else - $conf .= "{$settings['icp_port']}"; - - if (!empty($settings['username'])) - $conf .= " login={$settings['username']}"; - if (!empty($settings['password'])) - $conf .= ":{$settings['password']}"; - } - + $conf = "\n#Remote proxies\n"; + foreach ($config['installedpackages']['squidremote']['config'] as $settings){ + if ($settings['enable'] == 'on') { + $conf .= "cache_peer {$settings['proxyaddr']} {$settings['hierarchy']} {$settings['proxyport']} "; + if ($settings['icpport'] == '7') + $conf .= "{$settings['icpport']} {$settings['icpoptions']} {$settings['peermethod']} {$settings['allowmiss']} "; + else + $conf .= "{$settings['icpport']} "; + #auth settings + if (!empty($settings['username']) && !empty($settings['password'])){ + $conf .= " login={$settings['username']}:{$settings['password']}"; + } + else{ + $conf .= "{$settings['authoption']} "; + } + #other options settings + if (!empty($settings['weight'])) + $conf .= "weight={$settings['weight']} "; + if (!empty($settings['basetime'])) + $conf .= "basetime={$settings['basetime']} "; + if (!empty($settings['ttl'])) + $conf .= "ttl={$settings['ttl']} "; + if (!empty($settings['nodelay'])) + $conf .= "no-delay"; + } + $conf .= "\n"; + } return $conf; } @@ -1316,6 +1330,7 @@ function squid_resync() { make_dirs($dir); chown($dir, 'proxy'); chgrp($dir, 'proxy'); + squid_chown_recursive($dir, 'proxy', 'proxy'); } $conf = squid_resync_general() . "\n"; $conf .= squid_resync_cache() . "\n"; @@ -1333,13 +1348,6 @@ function squid_resync() { if(file_exists("/usr/local/libexec/squid/pinger")) exec("chmod a+x /usr/local/libexec/squid/pinger"); - foreach (array( SQUID_CONFBASE, - SQUID_ACLDIR, - SQUID_BASE ) as $dir) { - make_dirs($dir); - squid_chown_recursive($dir, 'proxy', 'proxy'); - } - file_put_contents(SQUID_CONFBASE . '/squid.conf', $conf); $log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'].'/'; diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml index 1c003a27..981c256c 100644 --- a/config/squid-reverse/squid.xml +++ b/config/squid-reverse/squid.xml @@ -10,6 +10,7 @@ authng.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2007 to whom it may belong + Copyright (C) 2012 Marcello Coutinho All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -74,11 +75,11 @@ <active/> </tab> <tab> - <text>Upstream</text> - <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> </tab> <tab> - <text>Cache</text> + <text>Local Cache</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> diff --git a/config/squid-reverse/squid_auth.xml b/config/squid-reverse/squid_auth.xml index e04dbfba..43cbe7ea 100644 --- a/config/squid-reverse/squid_auth.xml +++ b/config/squid-reverse/squid_auth.xml @@ -48,18 +48,18 @@ <name>squidauth</name> <version>none</version> <title>Proxy server: Authentication</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> - <text>Upstream</text> - <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> </tab> <tab> - <text>Cache</text> + <text>Local Cache</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> diff --git a/config/squid-reverse/squid_cache.xml b/config/squid-reverse/squid_cache.xml index 01ea7da6..4144a7bc 100644 --- a/config/squid-reverse/squid_cache.xml +++ b/config/squid-reverse/squid_cache.xml @@ -48,18 +48,18 @@ <name>squidcache</name> <version>none</version> <title>Proxy server: Cache management</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> - <text>Upstream</text> - <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> </tab> <tab> - <text>Cache</text> + <text>Local Cache</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> <active/> </tab> diff --git a/config/squid-reverse/squid_nac.xml b/config/squid-reverse/squid_nac.xml index cb986f2b..c951b6f3 100644 --- a/config/squid-reverse/squid_nac.xml +++ b/config/squid-reverse/squid_nac.xml @@ -48,18 +48,18 @@ <name>squidnac</name> <version>none</version> <title>Proxy server: Access control</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> - <text>Upstream</text> - <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> </tab> <tab> - <text>Cache</text> + <text>Local Cache</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> diff --git a/config/squid-reverse/squid_reverse.inc b/config/squid-reverse/squid_reverse.inc index 7c0025ba..b208b7b1 100644 --- a/config/squid-reverse/squid_reverse.inc +++ b/config/squid-reverse/squid_reverse.inc @@ -58,7 +58,7 @@ function squid_resync_reverse() { } if (!empty($settings['reverse_int_ca'])) - file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decodedecode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX); + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX); $ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan'); $real_ifaces = array(); diff --git a/config/squid-reverse/squid_reverse_general.xml b/config/squid-reverse/squid_reverse_general.xml index 00c8d4a5..ff74b9d5 100644 --- a/config/squid-reverse/squid_reverse_general.xml +++ b/config/squid-reverse/squid_reverse_general.xml @@ -57,15 +57,15 @@ </tab> <tab> <text>Web Servers</text> - <url>/pkg.php?xml=squid_reverse_peer.xml&id=0</url> + <url>/pkg.php?xml=squid_reverse_peer.xml</url> </tab> <tab> <text>Mappings</text> - <url>/pkg.php?xml=squid_reverse_uri.xml&id=0</url> + <url>/pkg.php?xml=squid_reverse_uri.xml</url> </tab> <tab> <text>Sync</text> - <url>/pkg_edit.php?xml=squid_reverse_sync.xml</url> + <url>/pkg_edit.php?xml=squid_reverse_sync.xml&id=0</url> </tab> </tabs> <fields> diff --git a/config/squid-reverse/squid_reverse_peer.xml b/config/squid-reverse/squid_reverse_peer.xml index e32e1973..fb853eb3 100644 --- a/config/squid-reverse/squid_reverse_peer.xml +++ b/config/squid-reverse/squid_reverse_peer.xml @@ -56,16 +56,16 @@ </tab> <tab> <text>Web Servers</text> - <url>/pkg.php?xml=squid_reverse_peer.xml&id=0</url> + <url>/pkg.php?xml=squid_reverse_peer.xml</url> <active/> </tab> <tab> <text>Mappings</text> - <url>/pkg.php?xml=squid_reverse_uri.xml&id=0</url> + <url>/pkg.php?xml=squid_reverse_uri.xml</url> </tab> <tab> <text>Sync</text> - <url>/pkg_edit.php?xml=squid_reverse_sync.xml</url> + <url>/pkg_edit.php?xml=squid_reverse_sync.xml&id=0</url> </tab> </tabs> <adddeleteeditpagefields> diff --git a/config/squid-reverse/squid_reverse_sync.xml b/config/squid-reverse/squid_reverse_sync.xml index 9395f6d7..d666d4e8 100755 --- a/config/squid-reverse/squid_reverse_sync.xml +++ b/config/squid-reverse/squid_reverse_sync.xml @@ -52,15 +52,15 @@ </tab> <tab> <text>Web Servers</text> - <url>/pkg.php?xml=squid_reverse_peer.xml&id=0</url> + <url>/pkg.php?xml=squid_reverse_peer.xml</url> </tab> <tab> <text>Mappings</text> - <url>/pkg.php?xml=squid_reverse_uri.xml&id=0</url> + <url>/pkg.php?xml=squid_reverse_uri.xml</url> </tab> <tab> <text>Sync</text> - <url>/pkg_edit.php?xml=squid_reverse_sync.xml</url> + <url>/pkg_edit.php?xml=squid_reverse_sync.xml&id=0</url> <active/> </tab> </tabs> diff --git a/config/squid-reverse/squid_reverse_uri.xml b/config/squid-reverse/squid_reverse_uri.xml index 57ce5832..a7a5a6d6 100644 --- a/config/squid-reverse/squid_reverse_uri.xml +++ b/config/squid-reverse/squid_reverse_uri.xml @@ -56,16 +56,16 @@ </tab> <tab> <text>Web Servers</text> - <url>/pkg.php?xml=squid_reverse_peer.xml&id=0</url> + <url>/pkg.php?xml=squid_reverse_peer.xml</url> </tab> <tab> <text>Mappings</text> - <url>/pkg.php?xml=squid_reverse_uri.xml&id=0</url> + <url>/pkg.php?xml=squid_reverse_uri.xml</url> <active/> </tab> <tab> <text>Sync</text> - <url>/pkg_edit.php?xml=squid_reverse_sync.xml</url> + <url>/pkg_edit.php?xml=squid_reverse_sync.xml&id=0</url> </tab> </tabs> <adddeleteeditpagefields> diff --git a/config/squid-reverse/squid_sync.xml b/config/squid-reverse/squid_sync.xml index 5af26a7a..c581d2c5 100755 --- a/config/squid-reverse/squid_sync.xml +++ b/config/squid-reverse/squid_sync.xml @@ -51,11 +51,11 @@ <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> - <text>Upstream</text> - <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> </tab> <tab> - <text>Cache</text> + <text>Local Cache</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> diff --git a/config/squid-reverse/squid_traffic.xml b/config/squid-reverse/squid_traffic.xml index 40e8eb97..b1799cce 100644 --- a/config/squid-reverse/squid_traffic.xml +++ b/config/squid-reverse/squid_traffic.xml @@ -48,18 +48,18 @@ <name>squidtraffic</name> <version>none</version> <title>Proxy server: Traffic management</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> - <text>Upstream</text> - <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> </tab> <tab> - <text>Cache</text> + <text>Local Cache</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> diff --git a/config/squid-reverse/squid_upstream.xml b/config/squid-reverse/squid_upstream.xml index d3c10771..126a0710 100644 --- a/config/squid-reverse/squid_upstream.xml +++ b/config/squid-reverse/squid_upstream.xml @@ -7,9 +7,10 @@ /* $Id$ */ /* ========================================================================== */ /* - authng.xml + squid_upstream.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2007 to whom it may belong + Copyright (C) 2012 Marcello Coutinho All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -45,22 +46,22 @@ <description>Describe your package here</description> <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> - <name>squidupstream</name> + <name>squidremote</name> <version>none</version> - <title>Proxy server: Upstream proxy settings</title> - <include_file>squid.inc</include_file> + <title>Proxy server: Remote proxy settings</title> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> - <text>Upstream</text> - <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> <active/> </tab> <tab> - <text>Cache</text> + <text>Local Cache</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> @@ -84,42 +85,220 @@ <url>/pkg_edit.php?xml=squid_sync.xml</url> </tab> </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Status</fielddescr> + <fieldname>enable</fieldname> + </columnitem> + <columnitem> + <fielddescr>name</fielddescr> + <fieldname>proxyaddr</fieldname> + </columnitem> + <columnitem> + <fielddescr>Port</fielddescr> + <fieldname>proxyport</fieldname> + </columnitem> + <columnitem> + <fielddescr>ICP</fielddescr> + <fieldname>icpport</fieldname> + </columnitem> + <columnitem> + <fielddescr>Peer type</fielddescr> + <fieldname>hierarchy</fieldname> + </columnitem> + <columnitem> + <fielddescr>Method</fielddescr> + <fieldname>peermethod</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> <field> - <name>Upstream proxy settings</name> + <name>General Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Enable forwarding</fielddescr> - <fieldname>proxy_forwarding</fieldname> - <description>This option enables the proxy server to forward requests to an upstream server.</description> + <fielddescr>Enable</fielddescr> + <fieldname>enable</fieldname> + <description>This option enables the proxy server to forward requests to an upstream/neighbor server.</description> <type>checkbox</type> - <enablefields>proxy_addr,proxy_port,icp_port,username,password</enablefields> <required/> </field> <field> <fielddescr>Hostname</fielddescr> - <fieldname>proxy_addr</fieldname> + <fieldname>proxyaddr</fieldname> <description>Enter here the IP address or host name of the upstream proxy.</description> <type>input</type> + <size>35</size> + <required/> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>proxyname</fieldname> + <description>Unique name for the peer.Required if you have multiple peers on the same host but different ports.</description> + <type>input</type> + <size>35</size> + <required/> </field> <field> <fielddescr>TCP port</fielddescr> - <fieldname>proxy_port</fieldname> + <fieldname>proxyport</fieldname> <description>Enter the port to use to connect to the upstream proxy.</description> <type>input</type> <size>5</size> <default_value>3128</default_value> + <required/> + </field> + <field> + <fielddescr>Timeout</fielddescr> + <fieldname>connecttimeout</fieldname> + <description>A peer-specific connect timeout. Also see the peer_connect_timeout directive.</description> + <type>input</type> + <size>5</size> + </field> + <field> + <fielddescr>Fail Limit</fielddescr> + <fieldname>connectfailLimit</fieldname> + <description>How many times connecting to a peer must fail before it is marked as down. Default is 10.</description> + <type>input</type> + <size>5</size> + <default_value>10</default_value> + </field> + <field> + <fielddescr>Max</fielddescr> + <fieldname>maxconn</fieldname> + <description>Limit the amount of connections Squid may open to this peer.</description> + <type>input</type> + <size>5</size> + </field> + <field> + <fielddescr>Allow Miss</fielddescr> + <fieldname>allowmiss</fieldname> + <description><![CDATA[<strong>allow-miss</strong> - Disable Squid's use of only-if-cached when forwarding requests to siblings. This is primarily useful when icp_hit_stale is used by the sibling.<br><br> + <strong>no-tproxy</strong> - Do not use the client-spoof TPROXY support when forwarding requests to this peer. Use normal address selection instead.<br><br> + <strong>proxy-only</strong> - Objects fetched from the peer will not be stored locally.]]></description> + <type>select</type> + <default_value>allow-miss</default_value> + <options> + <option><name>Allow Miss</name><value>allow-miss</value></option> + <option><name>No Tproxy</name><value>no-tproxy</value></option> + <option><name>Proxy Only</name><value>proxy-only</value></option> + </options> + <multiple/> + <size>4</size> + </field> + <field> + <name>Peer settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Hierarchy</fielddescr> + <fieldname>hierarchy</fieldname> + <description>Specify remote caches hierarchy.</description> + <type>select</type> + <default_value>parent</default_value> + <options> + <option><name>parent</name><value>parent</value></option> + <option><name>sibling</name><value>sibling</value></option> + <option><name>multicast</name><value>multicast</value></option> + </options> + </field> + <field> + <fielddescr>Select method</fielddescr> + <fieldname>peermethod</fieldname> + <description><![CDATA[The default peer selection method is ICP, with the first responding peer being used as source. These options can be used for better load balancing.<br><br> + <strong>default</strong> - This is a parent cache which can be used as a "last-resort" if a peer cannot be located by any of the peer-selection methods.<br> + If specified more than once, only the first is used.<br><br> + <strong>round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion in the absence of any ICP queries.<br>weight=N can be used to add bias.<br><br> + <strong>weighted-round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion with the frequency of each parent being based on the round trip time.<br> + Closer parents are used more often. Usually used for background-ping parents. weight=N can be used to add bias.<br><br> + <strong>carp</strong> - Load-Balance parents which should be used as a CARP array. The requests will be distributed among the parents based on the CARP load balancing hash function based on their weight.<br><br> + <strong>userhash</strong> - Load-balance parents based on the client proxy_auth or ident username.<br><br> + <strong>sourcehash</strong> - Load-balance parents based on the client source IP.<br><br> + <strong>multicast-siblings</strong> - To be used only for cache peers of type "multicast".<br> + ALL members of this multicast group have "sibling" relationship with it, not "parent". This is to a multicast group when the requested object would be fetched only from a "parent" cache, anyway.<br> + It's useful, e.g., when configuring a pool of redundant Squid proxies, being members of the same multicast group.]]></description> + <type>select</type> + <default_value>round-robin</default_value> + <options> + <option><name>round-robin</name><value>round-robin</value></option> + <option><name>default</name><value>default</value></option> + <option><name>weighted-round-robin</name><value>weighted-round-robin</value></option> + <option><name>carp</name><value>carp</value></option> + <option><name>userhash</name><value>userhash</value></option> + <option><name>sourcehash</name><value>sourcehash</value></option> + <option><name>multicast-sibling</name><value>multicast-sibling</value></option> + </options> + </field> + <field> + <fielddescr>weight</fielddescr> + <fieldname>weight</fieldname> + <description>Use to affect the selection of a peer during any weighted peer-selection mechanisms. The weight must be an integer; default is 1,larger weights are favored more.</description> + <type>input</type> + <size>5</size> + <default>1</default> + </field> + <field> + <fielddescr>basetime</fielddescr> + <fieldname>basetime</fieldname> + <description><![CDATA[Specify a base amount to be subtracted from round trip times of parents.<br> + It is subtracted before division by weight in calculating which parent to fectch from. If the rtt is less than the base time the rtt is set to a minimal value.]]></description> + <type>input</type> + <size>5</size> + <default>1</default> + </field> + <field> + <fielddescr>ttl</fielddescr> + <fieldname>ttl</fieldname> + <description><![CDATA[Specify a TTL to use when sending multicast ICP queries to this address<br> + Only useful when sending to a multicast group. Because we don't accept ICP replies from random hosts, you must configure other group members as peers with the 'multicast-responder' option.]]></description> + <type>input</type> + <size>5</size> + <default>1</default> + </field> + <field> + <fielddescr>no-delay</fielddescr> + <fieldname>nodelay</fieldname> + <description><![CDATA[To prevent access to this neighbor from influencing the delay pools.]]></description> + <type>checkbox</type> + </field> + <field> + <name>ICP settings</name> + <type>listtopic</type> </field> <field> <fielddescr>ICP port</fielddescr> - <fieldname>icp_port</fieldname> + <fieldname>icpport</fieldname> <description>Enter the port to connect to the upstream proxy for the ICP protocol. Use port number 7 to disable ICP communication between the proxies.</description> <type>input</type> <size>5</size> <default_value>7</default_value> </field> <field> + <fielddescr>ICP Options</fielddescr> + <fieldname>icpoptions</fieldname> + <description><![CDATA[You MUST also set icp_port and icp_access explicitly when using these options.<br> + The defaults will prevent peer traffic using ICP<br><br> + <strong>no-query</strong> - Disable ICP queries to this neighbor.<br><br> + <strong>multicast-responder</strong> -Indicates the named peer is a member of a multicast group.<br> + ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.<br><br> + <strong>closest-only</strong> - Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.<br><br> + <strong>background-ping</strong> - To only send ICP queries to this neighbor infrequently.<br> + This is used to keep the neighbor round trip time updated and is usually used in conjunction with weighted-round-robin.]]></description> + <type>select</type> + <default_value>no-query</default_value> + <options> + <option><name>no-query</name><value>no-query</value></option> + <option><name>multicast-responder</name><value>multicast-responder</value></option> + <option><name>closest-only</name><value>closest-only</value></option> + <option><name>background-ping</name><value>background-ping</value></option> + </options> + </field> + <field> + <name>Auth settings</name> + <type>listtopic</type> + </field> + <field> <fielddescr>Username</fielddescr> <fieldname>username</fieldname> <description>If the upstream proxy requires a username, specify it here.</description> @@ -131,6 +310,39 @@ <description>If the upstream proxy requires a password, specify it here.</description> <type>password</type> </field> + <field> + <fielddescr>Authentication options</fielddescr> + <fieldname>authoption</fieldname> + <description><![CDATA[<br><strong>login=user:password</strong> - If this is a personal/workgroup proxy and your parent requires proxy authentication.<br><br> + <strong>login=PASSTHRU</strong> - Send login details received from client to this peer. Authentication is not required by Squid for this to work.<br> + This will pass any form of authentication but only Basic auth will work through a proxy unless the connection-auth options are also used.<br><br> + <strong>login=PASS</strong> - Send login details received from client to this peer.Authentication is not required by this option.<br> + To combine this with proxy_auth both proxies must share the same user database as HTTP only allows for a single login (one for proxy, one for origin server).<br> + Also be warned this will expose your users proxy password to the peer. USE WITH CAUTION<br><br> + <strong>login=*:password</strong> - Send the username to the upstream cache, but with a fixed password. This is meant to be used when the peer is in another administrative domain, but it is still needed to identify each user.<br><br> + <strong>login=NEGOTIATE</strong> - If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br> + The first principal from the default keytab or defined by the environment variable KRB5_KTNAME will be used.<br> + WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br> + <strong>login=NEGOTIATE:principal_name</strong>If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br> + The principal principal_name from the default keytab or defined by the environment variable KRB5_KTNAME will be used. + WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br> + <strong>connection-auth=on</strong> - Tell Squid that this peer does support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br> + Default is auto to automatically determine the status of the peer.<br><br> + <strong>connection-auth=off</strong> - Tell Squid that this peer does not support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br> + Default is auto to automatically determine the status of the peer.]]></description> + <type>select</type> + <default_value>login=*:password</default_value> + <options> + <option><name>login=*:password</name><value>login=*:password</value></option> + <option><name>login=user:password</name><value>login=user:password</value></option> + <option><name>login=PASSTHRU</name><value>login=PASSTHRU</value></option> + <option><name>login=PASS</name><value>login=PASS</value></option> + <option><name>login=NEGOTIATE</name><value>login=NEGOTIATE</value></option> + <option><name>login=NEGOTIATE:principal_name</name><value>login=NEGOTIATE:principal_name</value></option> + <option><name>connection-auth=on</name><value>connection-auth=on</value></option> + <option><name>connection-auth=off</name><value>connection-auth=off</value></option> + </options> + </field> </fields> <custom_php_validation_command> squid_validate_upstream($_POST, &$input_errors); diff --git a/config/squid-reverse/squid_users.xml b/config/squid-reverse/squid_users.xml index d51a5f87..295ce4fa 100644 --- a/config/squid-reverse/squid_users.xml +++ b/config/squid-reverse/squid_users.xml @@ -48,7 +48,7 @@ <name>squidusers</name> <version>none</version> <title>Proxy server: Local users</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> <tabs> @@ -57,11 +57,11 @@ <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> - <text>Upstream</text> - <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> </tab> <tab> - <text>Cache</text> + <text>Local Cache</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 6d38aa6b..8f7a1090 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1010,11 +1010,11 @@ <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.1.19 pkg 2.0.3</version> + <version>3.1.19 pkg 2.0.4</version> <status>RC1</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/8/All/</depends_on_package_base_url> <depends_on_package>squid-3.1.19.tbz</depends_on_package> <!-- use build ports from squid 2.0 --> <build_options>WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_CARP=true WITH_SQUID_SSL=true WITHOUT_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITH_SQUID_WCCP=true WITHOUT_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITHOUT_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITH_SQUID_AUFS=true WITH_SQUID_COSS=true WITH_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true</build_options> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 4c7c6fce..9743a3b2 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -118,11 +118,11 @@ <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.1.19 pkg 2.0.3</version> + <version>3.1.19 pkg 2.0.4</version> <status>Stable</status> <required_version>2.0</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> - <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>squid-3.1.19.tbz</depends_on_package> <!-- use build ports from squid 2.0 --> <build_options>WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_CARP=true WITH_SQUID_SSL=true WITHOUT_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITH_SQUID_WCCP=true WITHOUT_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITHOUT_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITH_SQUID_AUFS=true WITH_SQUID_COSS=true WITH_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true</build_options> |