squid3 - merge squid3 and squid-reverse in one package

1 files changed, 55 insertions, 33 deletions

diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
index e3f57b13..ae0c0e8a 100644
--- a/config/squid-reverse/squid_reverse.xml
+++ b/config/squid-reverse/squid_reverse.xml
@@ -50,47 +50,50 @@
 	<title>Proxy server: Reverse Proxy</title>
 	<include_file>squid.inc</include_file>
 	<tabs>
-		<tab>
+<tab>
 			<text>General</text>
 			<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
 		</tab>
 		<tab>
-			<text>Upstream Proxy</text>
+			<text>Upstream</text>
 			<url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
 		</tab>
 		<tab>
-			<text>Cache Mgmt</text>
+			<text>Cache</text>
 			<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
 		</tab>
 		<tab>
-			<text>Access Control</text>
+			<text>ACLs</text>
 			<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
 		</tab>
 		<tab>
 			<text>Traffic Mgmt</text>
 			<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
-    </tab>
-		<tab>
-			<text>Reverse Proxy</text>
-			<url>/pkg_edit.php?xml=squid_reverse.xml&amp;id=0</url>
-			<active/>
 		</tab>
 		<tab>
-			<text>Reverse Settings</text>
+			<text>Reverse</text>
 			<url>/pkg_edit.php?xml=squid_reverse.xml&amp;id=0</url>
 			<active/>
-		</tab>		
+		</tab>
 		<tab>
-			<text>Auth Settings</text>
+			<text>Authentication</text>
 			<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
 		</tab>
 		<tab>
-			<text>Local Users</text>
+			<text>Users</text>
 			<url>/pkg.php?xml=squid_users.xml</url>
 		</tab>
+		<tab>
+			<text>Sync</text>
+			<url>/pkg_edit.php?xml=squid_sync.xml</url>
+		</tab>
 	</tabs>
 	<fields>
 		<field>
+			<name>Squid Reverse proxy General Settings</name>
+			<type>listtopic</type>
+		</field>
+		<field>
 			<fielddescr>Reverse Proxy interface</fielddescr>
 			<fieldname>reverse_interface</fieldname>
 			<description>The interface(s) the reverse-proxy server will bind to.</description>
@@ -104,7 +107,7 @@
 			<fieldname>reverse_ip</fieldname>
 			<description>Squid will additionally bind to this user-defined IPs for reverse-proxy operation. Useful for virtual IPs such as CARP. Separate by semi-colons (;).</description>
 			<type>input</type>
-			<size>80</size>
+			<size>70</size>
 		</field>			
 		<field>
 			<fielddescr>external FQDN</fielddescr>
@@ -112,7 +115,18 @@
 			<description>The external full-qualified-domain-name of the WAN address.</description>
 			<type>input</type>
 			<required/>
-			<size>80</size>
+			<size>70</size>
+		</field>
+		<field>
+			<fielddescr>Reset TCP connections if request is unauthorized</fielddescr>
+			<fieldname>deny_info_tcp_reset</fieldname>
+			<description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description>
+			<type>checkbox</type>
+			<default_value>on</default_value>
+		</field>
+		<field>
+			<name>Squid Reverse HTTP Settings</name>
+			<type>listtopic</type>
 		</field>
 		<field>
 			<fielddescr>Enable HTTP reverse mode</fielddescr>
@@ -139,11 +153,15 @@
 			<size>60</size>
 		</field>
 		<field>
+			<name>Squid Reverse HTTPS Settings</name>
+			<type>listtopic</type>
+		</field>
+		<field>
 			<fielddescr>Enable HTTPS reverse proxy</fielddescr>
 			<fieldname>reverse_https</fieldname>
 			<description>If this field is checked, the proxy-server will act in HTTPS reverse mode. &lt;br&gt;(You have to add a rule with destination "WAN-address")</description>
 			<type>checkbox</type>
-			<enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid,reverse_ssl_chain</enablefields>
+			<enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields>
 			<required/>
 			<default_value>off</default_value>
 		</field> 
@@ -166,8 +184,8 @@
 			<fielddescr>reverse SSL certificate</fielddescr>
 			<fieldname>reverse_ssl_cert</fieldname>
 			<description>Choose the SSL Server Certificate here.</description>
-			<type>select_source</type>
-			<source><![CDATA[squid_get_server_certs()]]></source>
+	    	<type>select_source</type>
+			<source><![CDATA[$config['cert']]]></source>
 			<source_name>descr</source_name>
 			<source_value>refid</source_value>
 		</field>
@@ -181,13 +199,6 @@
 			<encoding>base64</encoding>
 		</field>
 		<field>
-			<fielddescr>Reset TCP connections if request is unauthorized</fielddescr>
-			<fieldname>deny_info_tcp_reset</fieldname>
-			<description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description>
-			<type>checkbox</type>
-			<default_value>on</default_value>
-		</field>
-		<field>
 			<fielddescr>Ignore internal Certificate validation</fielddescr>
 			<fieldname>reverse_ignore_ssl_valid</fieldname>
 			<description>If this field is checked, internal certificate validation will be ignored.</description>
@@ -223,7 +234,8 @@
 		<field>
 			<fielddescr>Enable Exchange WebServices</fielddescr>
 			<fieldname>reverse_owa_webservice</fieldname>
-			<description>If this field is checked, Exchange WebServices will be enabled.</description>
+			<description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br>
+								<strong>There are potential DoS side effects to its use, please avoid unless you must.</strong>]]></description>
 			<type>checkbox</type>
 		</field>
 		<field>
@@ -233,10 +245,16 @@
 			<type>checkbox</type>
 		</field>
 		<field>
+			<name>Squid Reverse Mappings</name>
+			<type>listtopic</type>
+		</field>
+		<field>
 			<fielddescr>&lt;b&gt;peer definitions&lt;/b&gt; &lt;br&gt;publishing hosts</fielddescr>
 			<fieldname>reverse_cache_peer</fieldname>
-			<description>Enter each peer definition on a new line. Directives have to be separated by a semicolon(;). &lt;br&gt;syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS] &lt;br&gt;example: HOST1;192.168.0.1;80;HTTP &lt;br&gt;&lt;i&gt;WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING&lt;/i&gt;
-      </description>
+			<description><![CDATA[Enter each peer definition on a new line. Directives have to be separated by a semicolon(;).<BR>
+								syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS]<br>
+								example: HOST1;192.168.0.1;80;HTTP<br>
+								<strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description>
 			<type>textarea</type>
 			<cols>60</cols>
 			<rows>10</rows>
@@ -244,9 +262,12 @@
 		</field>
 		<field>
 			<fielddescr>&lt;b&gt;URI definitions&lt;/b&gt; &lt;br&gt;published URIs</fielddescr>
-			<fieldname>revrse_uri</fieldname>
-      <description>Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;).&lt;br&gt;syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn]) &lt;br&gt;(a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://) &lt;br&gt;example: URI1;public;server.pfsense.org. &lt;br&gt;&lt;i&gt;WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING&lt;/i&gt;
-      </description>
+			<fieldname>reverse_uri</fieldname>
+      <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;)<BR>
+      					syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn]) <BR>
+      					(a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://)<BR>
+      					example: URI1;public;server.pfsense.org.<BR>
+      					<STRONG>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</STRONG>]]></description>
 			<type>textarea</type>
 			<cols>60</cols>
 			<rows>10</rows>
@@ -255,8 +276,9 @@
 		<field>
 			<fielddescr>&lt;b&gt;ACL definitions&lt;/b&gt; &lt;br&gt;published URIs</fielddescr>
 			<fieldname>reverse_acl</fieldname>
-      <description>Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;). &lt;br&gt;syntax: [peer alias];[uri group alias] &lt;br&gt;example: HOST1;URI1 &lt;br&gt;&lt;i&gt;WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING&lt;/i&gt;
-      </description>
+      <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;). <br>
+      						syntax: [peer alias];[uri group alias] <br>example: HOST1;URI1 <br>
+      						<strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description>
 			<type>textarea</type>
 			<cols>60</cols>
 			<rows>10</rows>