aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-30 22:47:12 +0200
committerMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-30 22:47:12 +0200
commit2aae3aff464282d34087b390e89c3163b06badb8 (patch)
treeb3a6e5f669cf24c339e26d17aaf738d55b9a57c9
parentf2148bae9112023991f085e790f0361d61e047b1 (diff)
downloadpfsense-packages-2aae3aff464282d34087b390e89c3163b06badb8.tar.gz
pfsense-packages-2aae3aff464282d34087b390e89c3163b06badb8.tar.bz2
pfsense-packages-2aae3aff464282d34087b390e89c3163b06badb8.zip
acls working
-rw-r--r--config/squid-reverse/squid.inc41
-rw-r--r--config/squid-reverse/squid_reverse.xml2
2 files changed, 34 insertions, 9 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index 044cf10b..aa8cf691 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -503,6 +503,21 @@ function squid_validate_reverse($post, $input_errors) {
if (!empty($rowa) && !is_ipaddr($rowa))
$input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address';
+/*
+ $contents = base64_decode($post['reverse_cache_peer']);
+ if(!empty($contents)) {
+ $defs = explode("\r\n", ($contents));
+ foreach ($defs as $def) {
+ $cfg = explode(";",($def));
+ if (!is_ipaddr($cfg[1]))
+ $input_errors[] = "please choose a valid IP in the cache peer configuration.";
+ if (!is_port($cfg[2]))
+ $input_errors[] = "please choose a valid port in the cache peer configuration.";
+ if (($cfg[3] != 'HTTPS') && ($cfg[3] != 'HTTP'))
+ $input_errors[] = "please choose HTTP or HTTPS in the cache peer configuration.";
+ }}
+*/
+
}
function squid_validate_auth($post, $input_errors) {
@@ -1059,20 +1074,30 @@ function squid_resync_reverse() {
$conf .= "http_access allow OWA_URI_pfs\n";
}
-
$contents = base64_decode($settings['reverse_acl']);
if(!empty($contents)) {
-$conf .= "# -= TESTING AREA =-\n";
$defs = explode("\r\n", ($contents));
foreach ($defs as $def) {
$cfg = explode(";",($def));
if (($cfg[0]) != '' && ($cfg[1]) != ''){
- $conf .= "# cache_peer_access {$cfg[0]} allow {$cfg[1]}\n";
- $conf .= "# cache_peer_access {$cfg[0]} deny all\n";
- $conf .= "# never direct allow {$cfg[1]}\n";
- $conf .= "# http_access allow {$cfg[1]}\n";
- }}}
-
+ $conf .= "cache_peer_access {$cfg[0]} allow {$cfg[1]}\n";
+ }}
+ foreach ($defs as $def) {
+ $cfg = explode(";",($def));
+ if (($cfg[0]) != '' && ($cfg[1]) != ''){
+ $conf .= "cache_peer_access {$cfg[0]} deny all\n";
+ }}
+ foreach ($defs as $def) {
+ $cfg = explode(";",($def));
+ if (($cfg[0]) != '' && ($cfg[1]) != ''){
+ $conf .= "never direct allow {$cfg[1]}\n";
+ }}
+ foreach ($defs as $def) {
+ $cfg = explode(";",($def));
+ if (($cfg[0]) != '' && ($cfg[1]) != ''){
+ $conf .= "http_access allow {$cfg[1]}\n";
+ }}
+ }
$conf .= "\n";
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
index cafa3ec7..d921254f 100644
--- a/config/squid-reverse/squid_reverse.xml
+++ b/config/squid-reverse/squid_reverse.xml
@@ -165,7 +165,7 @@
<source_value>refid</source_value>
</field>
<field>
- <fielddescr>intermediate CA certificate</fielddescr>
+ <fielddescr>intermediate CA certificate (if needed)</fielddescr>
<fieldname>reverse_int_ca</fieldname>
<description>Paste a signed certificate in X.509 PEM format here.</description>
<type>textarea</type>