diff options
| author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-06-28 23:49:53 -0300 |
|---|---|---|
| committer | marcelloc <marcellocoutinho@gmail.com> | 2012-06-28 23:49:53 -0300 |
| commit | 3218802e1f1d6cbe4f4f592188b6bd93324c6ed9 (patch) | |
| tree | 081374dfb41e8516d321ab4509b86269c40efbcb /config/squid-reverse/squid_reverse.inc | |
| parent | 933e86301a3bcbfd157e029f43e172bd8c90d245 (diff) | |
| download | pfsense-packages-3218802e1f1d6cbe4f4f592188b6bd93324c6ed9.tar.gz pfsense-packages-3218802e1f1d6cbe4f4f592188b6bd93324c6ed9.tar.bz2 pfsense-packages-3218802e1f1d6cbe4f4f592188b6bd93324c6ed9.zip | |
squid3 - some fixes and improvements to squid reverse code
Diffstat (limited to 'config/squid-reverse/squid_reverse.inc')
| -rw-r--r-- | config/squid-reverse/squid_reverse.inc | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/config/squid-reverse/squid_reverse.inc b/config/squid-reverse/squid_reverse.inc index b208b7b1..6c34b4cb 100644 --- a/config/squid-reverse/squid_reverse.inc +++ b/config/squid-reverse/squid_reverse.inc @@ -104,10 +104,10 @@ function squid_resync_reverse() { foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query originserver login=PASS "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; - $conf_peer .= "name={$rp['name']}\n\n"; + $conf_peer .= "name=rvp_{$rp['name']}\n\n"; // add peer only if reverse proxy is enabled for http if($rp['protocol'] == 'HTTP' && $settings['reverse_http'] =="on"){ @@ -116,8 +116,10 @@ function squid_resync_reverse() { } // add peer only if if reverse proxy is enabled for https if($rp['protocol'] == 'HTTPS' && $settings['reverse_https'] =="on"){ - $conf .= $conf_peer; - array_push($active_peers,$rp['name']); + if (!in_array($rp['name'],$active_peers)){ + $conf .= $conf_peer; + array_push($active_peers,$rp['name']); + } } } } @@ -150,14 +152,18 @@ function squid_resync_reverse() { if ($rm['enable'] == "on" && $rm['name']!="" && $rm['peers']!=""){ if (is_array($rm['row'])) foreach ($rm['row'] as $uri){ - $url_regex=($uri['vhost'] == ''?$settings['reverse_external_fqdn']:$uri['vhost']); - $conf .= "acl {$rm['name']} url_regex -i {$url_regex}/{$uri['uri']}.*$\n"; - $cache_peer_never_direct_conf .= "never_direct allow {$rm['name']}\n"; - $http_access_conf .= "http_access allow {$rm['name']}\n"; - foreach (explode(',',$rm['peers']) as $map_peer) - if (in_array($map_peer,$active_peers)){ - $cache_peer_allow_conf .= "cache_peer_access {$map_peer} allow {$rm['name']}\n"; - $cache_peer_deny_conf .= "cache_peer_access {$map_peer} deny allsrc\n"; + $url_regex=($uri['uri'] == '' ? $settings['reverse_external_fqdn'] : $uri['uri'] ); + //$conf .= "acl rvm_{$rm['name']} url_regex -i {$uri['uri']}{$url_regex}.*$\n"; + $conf .= "acl rvm_{$rm['name']} url_regex -i {$url_regex}\n"; + if($rm['name'] != $last_rm_name){ + $cache_peer_never_direct_conf .= "never_direct allow rvm_{$rm['name']}\n"; + $http_access_conf .= "http_access allow rvm_{$rm['name']}\n"; + foreach (explode(',',$rm['peers']) as $map_peer) + if (in_array($map_peer,$active_peers)){ + $cache_peer_allow_conf .= "cache_peer_access rvp_{$map_peer} allow rvm_{$rm['name']}\n"; + $cache_peer_deny_conf .= "cache_peer_access rvp_{$map_peer} deny allsrc\n"; + } + $last_rm_name=$rm['name']; } } } |