diff options
author | serg dvoriancev <dv_serg@mail.ru> | 2009-05-01 22:59:43 +0400 |
---|---|---|
committer | serg dvoriancev <dv_serg@mail.ru> | 2009-05-01 22:59:43 +0400 |
commit | edd26d4525fd346b0493e255235aca5706c96428 (patch) | |
tree | 7c40a8d1fe8f2b0738f98b2d533f584d25b77b9f /config/havp/havp.xml | |
parent | 6911a4803dcf5a8eea3c0f3d1b000a80be4b97cd (diff) | |
download | pfsense-packages-edd26d4525fd346b0493e255235aca5706c96428.tar.gz pfsense-packages-edd26d4525fd346b0493e255235aca5706c96428.tar.bz2 pfsense-packages-edd26d4525fd346b0493e255235aca5706c96428.zip |
havp update new version ; squidGuard fix small bug
Diffstat (limited to 'config/havp/havp.xml')
-rw-r--r-- | config/havp/havp.xml | 251 |
1 files changed, 145 insertions, 106 deletions
diff --git a/config/havp/havp.xml b/config/havp/havp.xml index a70b09bc..f2e07c91 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -1,30 +1,58 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>havp</name> - <title>Services: Antivirus proxy server (havp + clamav) -> Settings</title> + <title>Antivirus: HTTP proxy (havp + clamav)</title> <category>Status</category> - <version>1.7.1</version> - <include_file>havp.inc</include_file> + <version>0.88_03</version> + <include_file>/usr/local/pkg/havp.inc</include_file> <!-- Installation --> <menu> - <name>HTTP Antivirus</name> - <tooltiptext>Proxy server antivirus</tooltiptext> + <name>Antivirus</name> + <tooltiptext>Antivirus service</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=havp.xml&id=0</url> </menu> + <service> + <name>havp</name> + <rcfile>havp.sh</rcfile> + <executable>havp</executable> + <description>Antivirus HTTP proxy Service</description> + </service> + <additional_files_needed> <item>http://www.pfsense.com/packages/config/havp/havp.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.com/packages/config/havp/havp_fscan.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.com/packages/config/havp/havp_avset.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> </additional_files_needed> <tabs> <tab> - <text>Settings</text> + <text>HTTP proxy</text> <url>/pkg_edit.php?xml=havp.xml&id=0</url> <active/> </tab> + <tab> + <text>Files Scanner</text> + <url>/pkg_edit.php?xml=havp_fscan.xml&id=0</url> + </tab> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=havp_avset.xml&id=0</url> + </tab> </tabs> + <fields> <field> <fielddescr>Enable</fielddescr> @@ -33,39 +61,73 @@ <type>checkbox</type> </field> <field> - <fielddescr>Use external interface</fielddescr> - <fieldname>listenextinterface</fieldname> - <description>Select this for use external interface, otherwise the proxy will use the internal interface '127.0.0.1'. Cascade you other proxy to the HAVP as 'parent proxy' via '127.0.0.1' ip.</description> - <type>checkbox</type> - <enablefields>proxyiface</enablefields> + <fielddescr>Proxy mode</fielddescr> + <fieldname>proxymode</fieldname> + <description> + Select interface mode: <br> + <b> standard </b> - client(s) bind to the 'proxy port' on selected interface(s); <br> + <b> parent for squid </b> - configure HAVP as parent for Squid proxy;<br> + <b> transparent </b> - all 'http' requests on interface(s) will be translated to the HAVP proxy server without any client(s) additional configuration necessary (worked as 'parent for squid' with 'transparent' Squid proxy); <br> + <b> internal </b> - HAVP listen internal interface (127.0.0.1) on 'proxy port', use you own traffic forwarding rules.<br> + </description> + <type>select</type> + <default_value>standard</default_value> + <options> + <option><value>standard</value><name>Standard</name></option> + <option><value>squid</value><name>Parent for Squid</name></option> + <option><value>transparent</value><name>Transparent</name></option> + <option><value>internal</value><name>Internal</name></option> + </options> </field> + <field> - <fielddescr>Proxy interface</fielddescr> - <fieldname>proxyiface</fieldname> - <description>The interface(s) the proxy server will bind to.</description> + <fielddescr>Proxy interface(s)</fielddescr> + <fieldname>proxyinterface</fieldname> + <description>The interface(s) for client connections to the proxy. Use 'Ctrl' + L.Click for multiple selection.</description> <type>interfaces_selection</type> <required/> - <default_value>lan</default_value> + <multiple/> + <value>lan</value> </field> <field> <fielddescr>Proxy port</fielddescr> <fieldname>proxyport</fieldname> - <description>This is the port the proxy server will listen on.</description> + <description> + This is the port the proxy server will listen on (for example: 8080). This port must be different from Squid proxy. + </description> <type>input</type> <size>10</size> <required/> - <default_value>3128</default_value> + <value>3125</value> </field> <field> <fielddescr>Parent proxy</fielddescr> <fieldname>parentproxy</fieldname> <description> - Enter the parent proxy as PROXY:PORT format or leave empty. + Enter the parent (upstream) proxy settings as PROXY:PORT format or leave empty. </description> <type>input</type> <size>90</size> </field> <field> + <fielddescr>Enable X-Forwarded-For</fielddescr> + <fieldname>enablexforwardedfor</fieldname> + <description> + If client sent this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons. + <br>Enable this if you use your own parent proxy after HAVP, so it will see the original client IP. + <br>Disabling this also disables Via: header generation. + </description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable Forwarded IP</fielddescr> + <fieldname>enableforwardedip</fieldname> + <description> + If HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP. + </description> + <type>checkbox</type> + </field> + <field> <fielddescr>Language</fielddescr> <fieldname>lang</fieldname> <description>Select the language in which the proxy server will display error messages to users.</description> @@ -84,17 +146,21 @@ </options> </field> <field> - <fielddescr>Max download size</fielddescr> + <fielddescr>Max download size, Bytes</fielddescr> <fieldname>maxdownloadsize</fieldname> - <description>Enter value or leave empty. Value in bytes. Downloads larger than 'Max download size' will be blocked. Only if not Whitelisted!</description> + <description>Enter value (in Bytes) or leave empty. Downloads larger, than 'Max download size' will be blocked. Only if not Whitelisted!</description> <type>input</type> <size>10</size> <default_value></default_value> </field> <field> - <fielddescr>Disable X-Forward</fielddescr> - <fieldname>xforwardedfor</fieldname> - <description>If not set, proxy will include your system's IP address or name in the HTTP requests it forwards.</description> + <fielddescr>HTTP Range requests</fielddescr> + <fieldname>range</fieldname> + <description> + Set this for allow HTTP Range requests, and broken downloads can be resumed. + Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned. + Whitelisted sites are allowed to use Range in any case. + </description> <type>checkbox</type> </field> @@ -129,101 +195,70 @@ </field> <field> + <fielddescr>Enable RAM Disk</fielddescr> + <fieldname>enableramdisk</fieldname> + <description> + This option allow use RAM Disk for HAVP temp files for more quick traffic scan. + Ram Disc size depend from 'ScanMax file size and avialable memory. + This option can be ignored in VMVare or on 'low system memory'. + ( RAM Disk size calculated as [1/4 avialable system memory] > [Scan max file size] * 100 ) + </description> + <type>checkbox</type> + </field> + <field> <fielddescr>Scan max file size</fielddescr> <fieldname>scanmaxsize</fieldname> <description> - Enter here value in bytes (5, 10, 15, 20) or leave empty. + Select this value for limit maximum file size or leave '---(5M)'. Files larger than this limit won't be scanned. - Empty or 0 also disables the limit. + Small values increace scan speed and maximum new connections per second and allow RAM Disk use. + <br> NOTE: Setting limit is a security risk, because some archives like ZIP need all the data to be scanned properly! Use this only if you - can't afford temporary space for big files. Also scanner settings - will affect how many files will be scanned inside an archive etc. + can't afford temporary space for big files. </description> - <type>input</type> - <size>10</size> + <type>select</type> + <value>0</value> + <options> + <option><value> 5000</value><name>--- (5M)</name></option> + <option><value> 1</value><name> 1 K</name></option> + <option><value> 2</value><name> 2 K</name></option> + <option><value> 3</value><name> 3 K</name></option> + <option><value> 5</value><name> 5 K</name></option> + <option><value> 7</value><name> 7 K</name></option> + <option><value> 10</value><name> 10 K</name></option> + <option><value> 20</value><name> 20 K</name></option> + <option><value> 30</value><name> 30 K</name></option> + <option><value> 50</value><name> 50 K</name></option> + <option><value> 70</value><name> 70 K</name></option> + <option><value> 100</value><name> 100 K</name></option> + <option><value> 200</value><name> 200 K</name></option> + <option><value> 300</value><name> 300 K</name></option> + <option><value> 500</value><name> 500 K</name></option> + <option><value> 700</value><name> 700 K</name></option> + <option><value> 1000</value><name> 1000 K</name></option> + <option><value> 1500</value><name> 1500 K</name></option> + <option><value> 2000</value><name> 2000 K</name></option> + <option><value> 2500</value><name> 2500 K</name></option> + <option><value> 3000</value><name> 3000 K</name></option> + <option><value> 3500</value><name> 3500 K</name></option> + <option><value> 4000</value><name> 4000 K</name></option> + <option><value> 4500</value><name> 4500 K</name></option> + <option><value> 5000</value><name> 5000 K</name></option> + <option><value> 5500</value><name> 5500 K</name></option> + <option><value> 6000</value><name> 6000 K</name></option> + <option><value> 7000</value><name> 7000 K</name></option> + <option><value> 8000</value><name> 8000 K</name></option> + <option><value> 9000</value><name> 9000 K</name></option> + <option><value>10000</value><name>10 000 K</name></option> + </options> </field> - <field> <fielddescr>Scan images</fielddescr> <fieldname>scanimg</fieldname> <description>Check this for scan image files.</description> <type>checkbox</type> </field> - - <field> - <fielddescr>Scan archives</fielddescr> - <fieldname>scanarc</fieldname> - <description>Check this for scan within archives and compressed files.</description> - <type>checkbox</type> - </field> - - <field> - <fielddescr>Scan archive max file size</fielddescr> - <fieldname>scanarcmaxsize</fieldname> - <value>10M</value> - <description> - Enter here value in megabytes (15M) or leave empty. - Files in archives larger than this limit won't be scanned. - Value of 0 also disables the limit. - </description> - <type>input</type> - <size>10</size> - </field> - - <field> - <fielddescr>AV bases update</fielddescr> - <fieldname>havpavupdate</fieldname> - <description> - <input name='submit' type='submit' value='Update_AV'> - Press button for update AV database now. - </description> - <type>select</type> - <value>hv_none</value> - <options> - <option><name>none</name><value>hv_none</value></option> - <option><name>every 1 hours</name><value>hv_01h</value></option> - <option><name>every 2 hours</name><value>hv_02h</value></option> - <option><name>every 3 hours</name><value>hv_03h</value></option> - <option><name>every 4 hours</name><value>hv_04h</value></option> - <option><name>every 6 hours</name><value>hv_06h</value></option> - <option><name>every 8 hours</name><value>hv_08h</value></option> - <option><name>every 12 hours</name><value>hv_12h</value></option> - <option><name>every 24 hours</name><value>hv_24h</value></option> - </options> - </field> - <field> - <fielddescr>Regional AV database update mirror</fielddescr> - <fieldname>dbregion</fieldname> - <description>Select regional database mirror.</description> - <type>select</type> - <value></value> - <options> - <option><value></value><name>-----</name></option> - <option><value>au</value><name>Australia</name></option> - <option><value>eu</value><name>Europe</name></option> - <option><value>ca</value><name>Canada</name></option> - <option><value>cn</value><name>China</name></option> - <option><value>id</value><name>Indonesia</name></option> - <option><value>jp</value><name>Japan</name></option> - <option><value>kr</value><name>Korea</name></option> - <option><value>ml</value><name>Malaysia</name></option> - <option><value>ru</value><name>Russian</name></option> - <option><value>sa</value><name>South africa</name></option> - <option><value>tw</value><name>Taiwan</name></option> - <option><value>uk</value><name>United Kingdom</name></option> - <option><value>us</value><name>United States</name></option> - </options> - </field> - <field> - <fielddescr>Optional AV database update servers</fielddescr> - <fieldname>avupdateserver</fieldname> - <description>Enter here space separated AV update servers, or leave empty.</description> - <type>textarea</type> - <cols>60</cols> - <rows>5</rows> - </field> - <field> <fielddescr>Syslog</fielddescr> <fieldname>syslog</fieldname> @@ -237,11 +272,15 @@ <type>checkbox</type> </field> </fields> + + <custom_php_command_before_form> + havp_before_form(&$pkg); + </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, &$input_errors); </custom_php_validation_command> <custom_php_resync_config_command> - havp_resync(); + havp_resync(); </custom_php_resync_config_command> <custom_php_install_command> </custom_php_install_command> |