aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordoktornotor <notordoktor@gmail.com>2015-10-03 10:07:24 +0200
committerdoktornotor <notordoktor@gmail.com>2015-10-03 10:07:24 +0200
commit1adc1d85625457a0e0ce6fa532665e03cdb9e089 (patch)
tree69d940f653b578cb1864765b11cf04698f7b4ea7
parent11ad58450e3229f0fc8551517802caa8134f43b3 (diff)
downloadpfsense-packages-1adc1d85625457a0e0ce6fa532665e03cdb9e089.tar.gz
pfsense-packages-1adc1d85625457a0e0ce6fa532665e03cdb9e089.tar.bz2
pfsense-packages-1adc1d85625457a0e0ce6fa532665e03cdb9e089.zip
Move squid_validate_reverse() to squid_reverse.inc where it belongs
-rwxr-xr-xconfig/squid3/34/squid_reverse.inc69
1 files changed, 69 insertions, 0 deletions
diff --git a/config/squid3/34/squid_reverse.inc b/config/squid3/34/squid_reverse.inc
index 32c3fa65..aa46e06d 100755
--- a/config/squid3/34/squid_reverse.inc
+++ b/config/squid3/34/squid_reverse.inc
@@ -262,4 +262,73 @@ function squid_resync_reverse() {
return $conf;
}
+function squid_validate_reverse($post, &$input_errors) {
+ global $config;
+
+ if (!empty($post['reverse_ip'])) {
+ $reverse_ip = explode(";", ($post['reverse_ip']));
+ foreach ($reverse_ip as $reip) {
+ if (!is_ipaddr(trim($reip))) {
+ $input_errors[] = "You must enter a valid IP address in the 'User-defined reverse-proxy IPs' field. '$reip' is invalid.";
+ }
+ }
+ }
+
+ $fqdn = trim($post['reverse_external_fqdn']);
+ if (!empty($fqdn) && !is_domain($fqdn)) {
+ $input_errors[] = "'External FQDN' field must contain a valid domain name.";
+ }
+
+ $port = trim($post['reverse_http_port']);
+ preg_match("/(\d+)/", shell_exec("/sbin/sysctl net.inet.ip.portrange.reservedhigh"), $portrange);
+ if (!empty($port) && !is_port($port)) {
+ $input_errors[] = "'Reverse HTTP port' must contain a valid port number.";
+ }
+ if (!empty($port) && is_port($port) && $port <= $portrange[1]) {
+ $input_errors[] = "'Reverse HTTP port' must contain a port number higher than net.inet.ip.portrange.reservedhigh sysctl value({$portrange[1]}).";
+ $input_errors[] = "To listen on low ports, change portrange.reservedhigh sysctl value to 0 in system tunable options and restart Squid daemon.";
+ }
+ $port = trim($post['reverse_https_port']);
+ if (!empty($port) && !is_port($port)) {
+ $input_errors[] = "'Reverse HTTPS port' must contain a valid port number.";
+ }
+ if (!empty($port) && is_port($port) && $port <= $portrange[1]) {
+ $input_errors[] = "'Reverse HTTPS port' must contain a port number higher than net.inet.ip.portrange.reservedhigh sysctl value({$portrange[1]}).";
+ $input_errors[] = "To listen on low ports, change portrange.reservedhigh sysctl value to 0 in system tunable options and restart Squid daemon.";
+ }
+ if ($post['reverse_ssl_cert'] == 'none') {
+ $input_errors[] = 'A valid certificate for the external interface must be selected';
+ }
+
+ if (($post['reverse_https'] != 'on') && ($post['reverse_owa'] == 'on')) {
+ $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support.";
+ }
+
+ if (!empty($post['reverse_owa_ip'])) {
+ $reverse_owa_ip = explode(";", ($post['reverse_owa_ip']));
+ foreach ($reverse_owa_ip as $reowaip) {
+ if (!is_ipaddr(trim($reowaip))) {
+ $input_errors[] = "You must enter a valid IP address in the 'CAS-Array / OWA frontend IP address' field. '$reowaip' is invalid.";
+ }
+ }
+ }
+
+ $contents = $post['reverse_cache_peer'];
+ if (!empty($contents)) {
+ $defs = explode("\r\n", ($contents));
+ foreach ($defs as $def) {
+ $cfg = explode(";", ($def));
+ if (!is_ipaddr($cfg[1])) {
+ $input_errors[] = "Please choose a valid IP in the cache peer configuration.";
+ }
+ if (!is_port($cfg[2])) {
+ $input_errors[] = "Please choose a valid port in the cache peer configuration.";
+ }
+ if (($cfg[3] != 'HTTPS') && ($cfg[3] != 'HTTP')) {
+ $input_errors[] = "Please choose HTTP or HTTPS in the cache peer configuration.";
+ }
+ }
+ }
+}
+
?>