aboutsummaryrefslogtreecommitdiffstats
path: root/config/havp/havp.xml
diff options
context:
space:
mode:
authorserg dvoriancev <dv_serg@mail.ru>2009-05-01 22:59:43 +0400
committerserg dvoriancev <dv_serg@mail.ru>2009-05-01 22:59:43 +0400
commitedd26d4525fd346b0493e255235aca5706c96428 (patch)
tree7c40a8d1fe8f2b0738f98b2d533f584d25b77b9f /config/havp/havp.xml
parent6911a4803dcf5a8eea3c0f3d1b000a80be4b97cd (diff)
downloadpfsense-packages-edd26d4525fd346b0493e255235aca5706c96428.tar.gz
pfsense-packages-edd26d4525fd346b0493e255235aca5706c96428.tar.bz2
pfsense-packages-edd26d4525fd346b0493e255235aca5706c96428.zip
havp update new version ; squidGuard fix small bug
Diffstat (limited to 'config/havp/havp.xml')
-rw-r--r--config/havp/havp.xml251
1 files changed, 145 insertions, 106 deletions
diff --git a/config/havp/havp.xml b/config/havp/havp.xml
index a70b09bc..f2e07c91 100644
--- a/config/havp/havp.xml
+++ b/config/havp/havp.xml
@@ -1,30 +1,58 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
<name>havp</name>
- <title>Services: Antivirus proxy server (havp + clamav) -> Settings</title>
+ <title>Antivirus: HTTP proxy (havp + clamav)</title>
<category>Status</category>
- <version>1.7.1</version>
- <include_file>havp.inc</include_file>
+ <version>0.88_03</version>
+ <include_file>/usr/local/pkg/havp.inc</include_file>
<!-- Installation -->
<menu>
- <name>HTTP Antivirus</name>
- <tooltiptext>Proxy server antivirus</tooltiptext>
+ <name>Antivirus</name>
+ <tooltiptext>Antivirus service</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=havp.xml&amp;id=0</url>
</menu>
+ <service>
+ <name>havp</name>
+ <rcfile>havp.sh</rcfile>
+ <executable>havp</executable>
+ <description>Antivirus HTTP proxy Service</description>
+ </service>
+
<additional_files_needed>
<item>http://www.pfsense.com/packages/config/havp/havp.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.com/packages/config/havp/havp_fscan.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.com/packages/config/havp/havp_avset.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
</additional_files_needed>
<tabs>
<tab>
- <text>Settings</text>
+ <text>HTTP proxy</text>
<url>/pkg_edit.php?xml=havp.xml&amp;id=0</url>
<active/>
</tab>
+ <tab>
+ <text>Files Scanner</text>
+ <url>/pkg_edit.php?xml=havp_fscan.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=havp_avset.xml&amp;id=0</url>
+ </tab>
</tabs>
+
<fields>
<field>
<fielddescr>Enable</fielddescr>
@@ -33,39 +61,73 @@
<type>checkbox</type>
</field>
<field>
- <fielddescr>Use external interface</fielddescr>
- <fieldname>listenextinterface</fieldname>
- <description>Select this for use external interface, otherwise the proxy will use the internal interface '127.0.0.1'. Cascade you other proxy to the HAVP as 'parent proxy' via '127.0.0.1' ip.</description>
- <type>checkbox</type>
- <enablefields>proxyiface</enablefields>
+ <fielddescr>Proxy mode</fielddescr>
+ <fieldname>proxymode</fieldname>
+ <description>
+ Select interface mode: &lt;br&gt;
+ &lt;b&gt; standard &lt;/b&gt; - client(s) bind to the 'proxy port' on selected interface(s); &lt;br&gt;
+ &lt;b&gt; parent for squid &lt;/b&gt; - configure HAVP as parent for Squid proxy;&lt;br&gt;
+ &lt;b&gt; transparent &lt;/b&gt; - all 'http' requests on interface(s) will be translated to the HAVP proxy server without any client(s) additional configuration necessary (worked as 'parent for squid' with 'transparent' Squid proxy); &lt;br&gt;
+ &lt;b&gt; internal &lt;/b&gt; - HAVP listen internal interface (127.0.0.1) on 'proxy port', use you own traffic forwarding rules.&lt;br&gt;
+ </description>
+ <type>select</type>
+ <default_value>standard</default_value>
+ <options>
+ <option><value>standard</value><name>Standard</name></option>
+ <option><value>squid</value><name>Parent for Squid</name></option>
+ <option><value>transparent</value><name>Transparent</name></option>
+ <option><value>internal</value><name>Internal</name></option>
+ </options>
</field>
+
<field>
- <fielddescr>Proxy interface</fielddescr>
- <fieldname>proxyiface</fieldname>
- <description>The interface(s) the proxy server will bind to.</description>
+ <fielddescr>Proxy interface(s)</fielddescr>
+ <fieldname>proxyinterface</fieldname>
+ <description>The interface(s) for client connections to the proxy. Use 'Ctrl' + L.Click for multiple selection.</description>
<type>interfaces_selection</type>
<required/>
- <default_value>lan</default_value>
+ <multiple/>
+ <value>lan</value>
</field>
<field>
<fielddescr>Proxy port</fielddescr>
<fieldname>proxyport</fieldname>
- <description>This is the port the proxy server will listen on.</description>
+ <description>
+ This is the port the proxy server will listen on (for example: 8080). This port must be different from Squid proxy.
+ </description>
<type>input</type>
<size>10</size>
<required/>
- <default_value>3128</default_value>
+ <value>3125</value>
</field>
<field>
<fielddescr>Parent proxy</fielddescr>
<fieldname>parentproxy</fieldname>
<description>
- Enter the parent proxy as PROXY:PORT format or leave empty.
+ Enter the parent (upstream) proxy settings as PROXY:PORT format or leave empty.
</description>
<type>input</type>
<size>90</size>
</field>
<field>
+ <fielddescr>Enable X-Forwarded-For</fielddescr>
+ <fieldname>enablexforwardedfor</fieldname>
+ <description>
+ If client sent this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons.
+ &lt;br&gt;Enable this if you use your own parent proxy after HAVP, so it will see the original client IP.
+ &lt;br&gt;Disabling this also disables Via: header generation.
+ </description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Enable Forwarded IP</fielddescr>
+ <fieldname>enableforwardedip</fieldname>
+ <description>
+ If HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP.
+ </description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Language</fielddescr>
<fieldname>lang</fieldname>
<description>Select the language in which the proxy server will display error messages to users.</description>
@@ -84,17 +146,21 @@
</options>
</field>
<field>
- <fielddescr>Max download size</fielddescr>
+ <fielddescr>Max download size, Bytes</fielddescr>
<fieldname>maxdownloadsize</fieldname>
- <description>Enter value or leave empty. Value in bytes. Downloads larger than 'Max download size' will be blocked. Only if not Whitelisted!</description>
+ <description>Enter value (in Bytes) or leave empty. Downloads larger, than 'Max download size' will be blocked. Only if not Whitelisted!</description>
<type>input</type>
<size>10</size>
<default_value></default_value>
</field>
<field>
- <fielddescr>Disable X-Forward</fielddescr>
- <fieldname>xforwardedfor</fieldname>
- <description>If not set, proxy will include your system's IP address or name in the HTTP requests it forwards.</description>
+ <fielddescr>HTTP Range requests</fielddescr>
+ <fieldname>range</fieldname>
+ <description>
+ Set this for allow HTTP Range requests, and broken downloads can be resumed.
+ Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned.
+ Whitelisted sites are allowed to use Range in any case.
+ </description>
<type>checkbox</type>
</field>
@@ -129,101 +195,70 @@
</field>
<field>
+ <fielddescr>Enable RAM Disk</fielddescr>
+ <fieldname>enableramdisk</fieldname>
+ <description>
+ This option allow use RAM Disk for HAVP temp files for more quick traffic scan.
+ Ram Disc size depend from 'ScanMax file size and avialable memory.
+ This option can be ignored in VMVare or on 'low system memory'.
+ ( RAM Disk size calculated as [1/4 avialable system memory] > [Scan max file size] * 100 )
+ </description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Scan max file size</fielddescr>
<fieldname>scanmaxsize</fieldname>
<description>
- Enter here value in bytes (5, 10, 15, 20) or leave empty.
+ Select this value for limit maximum file size or leave '---(5M)'.
Files larger than this limit won't be scanned.
- Empty or 0 also disables the limit.
+ Small values increace scan speed and maximum new connections per second and allow RAM Disk use.
+ &lt;br&gt;
NOTE: Setting limit is a security risk, because some archives like
ZIP need all the data to be scanned properly! Use this only if you
- can't afford temporary space for big files. Also scanner settings
- will affect how many files will be scanned inside an archive etc.
+ can't afford temporary space for big files.
</description>
- <type>input</type>
- <size>10</size>
+ <type>select</type>
+ <value>0</value>
+ <options>
+ <option><value> 5000</value><name>--- (5M)</name></option>
+ <option><value> 1</value><name> 1 K</name></option>
+ <option><value> 2</value><name> 2 K</name></option>
+ <option><value> 3</value><name> 3 K</name></option>
+ <option><value> 5</value><name> 5 K</name></option>
+ <option><value> 7</value><name> 7 K</name></option>
+ <option><value> 10</value><name> 10 K</name></option>
+ <option><value> 20</value><name> 20 K</name></option>
+ <option><value> 30</value><name> 30 K</name></option>
+ <option><value> 50</value><name> 50 K</name></option>
+ <option><value> 70</value><name> 70 K</name></option>
+ <option><value> 100</value><name> 100 K</name></option>
+ <option><value> 200</value><name> 200 K</name></option>
+ <option><value> 300</value><name> 300 K</name></option>
+ <option><value> 500</value><name> 500 K</name></option>
+ <option><value> 700</value><name> 700 K</name></option>
+ <option><value> 1000</value><name> 1000 K</name></option>
+ <option><value> 1500</value><name> 1500 K</name></option>
+ <option><value> 2000</value><name> 2000 K</name></option>
+ <option><value> 2500</value><name> 2500 K</name></option>
+ <option><value> 3000</value><name> 3000 K</name></option>
+ <option><value> 3500</value><name> 3500 K</name></option>
+ <option><value> 4000</value><name> 4000 K</name></option>
+ <option><value> 4500</value><name> 4500 K</name></option>
+ <option><value> 5000</value><name> 5000 K</name></option>
+ <option><value> 5500</value><name> 5500 K</name></option>
+ <option><value> 6000</value><name> 6000 K</name></option>
+ <option><value> 7000</value><name> 7000 K</name></option>
+ <option><value> 8000</value><name> 8000 K</name></option>
+ <option><value> 9000</value><name> 9000 K</name></option>
+ <option><value>10000</value><name>10 000 K</name></option>
+ </options>
</field>
-
<field>
<fielddescr>Scan images</fielddescr>
<fieldname>scanimg</fieldname>
<description>Check this for scan image files.</description>
<type>checkbox</type>
</field>
-
- <field>
- <fielddescr>Scan archives</fielddescr>
- <fieldname>scanarc</fieldname>
- <description>Check this for scan within archives and compressed files.</description>
- <type>checkbox</type>
- </field>
-
- <field>
- <fielddescr>Scan archive max file size</fielddescr>
- <fieldname>scanarcmaxsize</fieldname>
- <value>10M</value>
- <description>
- Enter here value in megabytes (15M) or leave empty.
- Files in archives larger than this limit won't be scanned.
- Value of 0 also disables the limit.
- </description>
- <type>input</type>
- <size>10</size>
- </field>
-
- <field>
- <fielddescr>AV bases update</fielddescr>
- <fieldname>havpavupdate</fieldname>
- <description>
- &lt;input name='submit' type='submit' value='Update_AV'&gt;
- Press button for update AV database now.
- </description>
- <type>select</type>
- <value>hv_none</value>
- <options>
- <option><name>none</name><value>hv_none</value></option>
- <option><name>every 1 hours</name><value>hv_01h</value></option>
- <option><name>every 2 hours</name><value>hv_02h</value></option>
- <option><name>every 3 hours</name><value>hv_03h</value></option>
- <option><name>every 4 hours</name><value>hv_04h</value></option>
- <option><name>every 6 hours</name><value>hv_06h</value></option>
- <option><name>every 8 hours</name><value>hv_08h</value></option>
- <option><name>every 12 hours</name><value>hv_12h</value></option>
- <option><name>every 24 hours</name><value>hv_24h</value></option>
- </options>
- </field>
- <field>
- <fielddescr>Regional AV database update mirror</fielddescr>
- <fieldname>dbregion</fieldname>
- <description>Select regional database mirror.</description>
- <type>select</type>
- <value></value>
- <options>
- <option><value></value><name>-----</name></option>
- <option><value>au</value><name>Australia</name></option>
- <option><value>eu</value><name>Europe</name></option>
- <option><value>ca</value><name>Canada</name></option>
- <option><value>cn</value><name>China</name></option>
- <option><value>id</value><name>Indonesia</name></option>
- <option><value>jp</value><name>Japan</name></option>
- <option><value>kr</value><name>Korea</name></option>
- <option><value>ml</value><name>Malaysia</name></option>
- <option><value>ru</value><name>Russian</name></option>
- <option><value>sa</value><name>South africa</name></option>
- <option><value>tw</value><name>Taiwan</name></option>
- <option><value>uk</value><name>United Kingdom</name></option>
- <option><value>us</value><name>United States</name></option>
- </options>
- </field>
- <field>
- <fielddescr>Optional AV database update servers</fielddescr>
- <fieldname>avupdateserver</fieldname>
- <description>Enter here space separated AV update servers, or leave empty.</description>
- <type>textarea</type>
- <cols>60</cols>
- <rows>5</rows>
- </field>
-
<field>
<fielddescr>Syslog</fielddescr>
<fieldname>syslog</fieldname>
@@ -237,11 +272,15 @@
<type>checkbox</type>
</field>
</fields>
+
+ <custom_php_command_before_form>
+ havp_before_form(&amp;$pkg);
+ </custom_php_command_before_form>
<custom_php_validation_command>
- havp_validate_settings($_POST, &amp;$input_errors);
+ havp_validate_settings($_POST, &amp;$input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
- havp_resync();
+ havp_resync();
</custom_php_resync_config_command>
<custom_php_install_command>
</custom_php_install_command>