aboutsummaryrefslogtreecommitdiffstats
path: root/config/squid-reverse
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2012-07-11 16:42:41 -0300
committermarcelloc <marcellocoutinho@gmail.com>2012-07-11 16:42:41 -0300
commit5a519f7e667fea73434b3c1433f8c8ba1fe66eae (patch)
treec9d4d1ad99f30447adf00de9f0eab508cdd1e98a /config/squid-reverse
parent338d3bf70dceac5baa0cd2eab68d8a4db256483a (diff)
downloadpfsense-packages-5a519f7e667fea73434b3c1433f8c8ba1fe66eae.tar.gz
pfsense-packages-5a519f7e667fea73434b3c1433f8c8ba1fe66eae.tar.bz2
pfsense-packages-5a519f7e667fea73434b3c1433f8c8ba1fe66eae.zip
squid3 - change Unrestricted IPs and Banned host addresses check to allow CIDR networks
Diffstat (limited to 'config/squid-reverse')
-rw-r--r--config/squid-reverse/squid.inc16
-rw-r--r--config/squid-reverse/squid_nac.xml4
2 files changed, 14 insertions, 6 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index 51e5892c..e00da80c 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -492,10 +492,18 @@ function squid_validate_nac($post, $input_errors) {
}
foreach (array( 'unrestricted_hosts', 'banned_hosts') as $hosts) {
- foreach (explode("\n", $post[$hosts]) as $host) {
- $host = trim($host);
- if (!empty($host) && !is_ipaddr($host))
- $input_errors[] = "The host '$host' is not a valid IP address";
+
+ if (preg_match_all("@([0-9.]+)(/[0-9.]+|)@",$_POST[$hosts],$matches)){
+ for ($x=0;$x < count($matches[1]);$x++){
+ if ($matches[2][$x] == ""){
+ if (!is_ipaddr($matches[1][$x]))
+ $input_errors[] = "'{$matches[1][$x]}' is not a valid IP address";
+ }
+ else{
+ if (!is_subnet($matches[0][$x]))
+ $input_errors[] = "The subnet '{$matches[0][$x]}' is not a valid CIDR range";
+ }
+ }
}
}
diff --git a/config/squid-reverse/squid_nac.xml b/config/squid-reverse/squid_nac.xml
index 9371a0ba..bc4a278e 100644
--- a/config/squid-reverse/squid_nac.xml
+++ b/config/squid-reverse/squid_nac.xml
@@ -105,7 +105,7 @@
<field>
<fielddescr>Unrestricted IPs</fielddescr>
<fieldname>unrestricted_hosts</fieldname>
- <description>Enter each unrestricted IP address on a new line that is not to be filtered out by the other access control directives set in this page.</description>
+ <description>Enter unrestricted IP address / network(in CIDR format) on a new line that is not to be filtered out by the other access control directives set in this page.</description>
<type>textarea</type>
<cols>50</cols>
<rows>5</rows>
@@ -114,7 +114,7 @@
<field>
<fielddescr>Banned host addresses</fielddescr>
<fieldname>banned_hosts</fieldname>
- <description>Enter each IP address on a new line that is not to be allowed to use the proxy.</description>
+ <description>Enter each IP address / network(in CIDR format) on a new line that is not to be allowed to use the proxy.</description>
<type>textarea</type>
<cols>50</cols>
<rows>5</rows>