diff options
| author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-04-22 04:11:38 +0000 |
|---|---|---|
| committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-04-22 04:11:38 +0000 |
| commit | c7b1432ce5e49d061a182df0b09db5de36d787f5 (patch) | |
| tree | 87f552c880943bc9e5668a795f63aff36029eb3e /config/squid-reverse | |
| parent | b5779ad7a8932bfef434f2a8bec0cdc8cb7c2105 (diff) | |
| download | pfsense-packages-c7b1432ce5e49d061a182df0b09db5de36d787f5.tar.gz pfsense-packages-c7b1432ce5e49d061a182df0b09db5de36d787f5.tar.bz2 pfsense-packages-c7b1432ce5e49d061a182df0b09db5de36d787f5.zip | |
squid3 - version 2.0.5 with transparent proxy fix and integration with captive portal for non transparent use.
Diffstat (limited to 'config/squid-reverse')
| -rw-r--r-- | config/squid-reverse/squid.inc | 37 | ||||
| -rw-r--r-- | config/squid-reverse/squid.xml | 11 | ||||
| -rw-r--r-- | config/squid-reverse/squid_monitor.php | 167 | ||||
| -rw-r--r-- | config/squid-reverse/squid_monitor_data.php | 136 |
4 files changed, 349 insertions, 2 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index db3aafca..70127510 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -1525,7 +1525,42 @@ function squid_generate_rules($type) { global $config; $squid_conf = $config['installedpackages']['squid']['config'][0]; - + + //check captive portal option + $cp_file='/etc/inc/captiveportal.inc'; + $pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version")); + $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); + $cp_inc = file($cp_file); + $new_cp_inc=""; + $found_rule=0; + foreach ($cp_inc as $line){ + $new_line=$line; + //remove applied squid patch + if (preg_match('/} set 1 skipto 65314/',$line)){ + $found_rule++; + $new_line =""; + } + //add squid patch option based on current config + if (preg_match('/set 1 pass ip from any to/',$line) && $squid_conf['patch_cp']){ + $found_rule++; + $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from any to {$ips} '.$port.' in\n";'."\n"; + $new_line .= $line; + } + if (preg_match('/set 1 pass ip from {/',$line) && $squid_conf['patch_cp']){ + $found_rule++; + $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from {$ips} '.$port.' to any out\n";'."\n"; + $new_line .= $line; + } + $new_cp_inc .= $new_line; + } + if (!file_exists('/root/'.$pfsense_version.'.captiveportal.inc.backup')) { + copy ($cp_file,'/root/'.$pfsense_version.'.captiveportal.inc.backup'); + } + if($found_rule > 0){ + file_put_contents($cp_file,$new_cp_inc, LOCK_EX); + } + + //normal squid rule check if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) { return; } diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml index 981c256c..764011ea 100644 --- a/config/squid-reverse/squid.xml +++ b/config/squid-reverse/squid.xml @@ -236,12 +236,21 @@ <field> <fielddescr>Transparent proxy</fielddescr> <fieldname>transparent_proxy</fieldname> - <description>If transparent mode is enabled, all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary.</description> + <description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br> + <strong>NOTE:</strong> Transparent mode does not filter ssl(port 443) or any other http/https port.<br> + To filter both http and https protocol without touching user config, enable WPAD/PAC options on your dns/dhcp.]]></description> <type>checkbox</type> <enablefields>private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields> <required/> </field> <field> + <fielddescr>Patch captive portal</fielddescr> + <fieldname>patch_cp</fieldname> + <description><![CDATA[Enable this option to force captive portal to non transparent proxy users.<br> + <strong>NOTE:</strong> You may need to reapply captive portal config after changing this option.]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Bypass proxy for Private Address Space (RFC 1918) destination</fielddescr> <fieldname>private_subnet_proxy_off</fieldname> <description>Do not forward traffic to Private Address Space (RFC 1918) <b>destination</b> through the proxy server but directly through the firewall.</description> diff --git a/config/squid-reverse/squid_monitor.php b/config/squid-reverse/squid_monitor.php new file mode 100644 index 00000000..cbcc8918 --- /dev/null +++ b/config/squid-reverse/squid_monitor.php @@ -0,0 +1,167 @@ +<?php +/* $Id$ */ +/* ========================================================================== */ +/* + squid_monitor.php + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 ccesario @ pfsense forum + All rights reserved. + +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + + +require_once("/etc/inc/util.inc"); +require_once("/etc/inc/functions.inc"); +require_once("/etc/inc/pkg-utils.inc"); +require_once("/etc/inc/globals.inc"); + +require_once("guiconfig.inc"); + + + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "Status: Proxy Monitor"; +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> + +<?php if($one_two): ?> +<p class="pgtitle"><?=$pgtitle?></font></p> +<?php endif; ?> + +<?php if ($savemsg) print_info_box($savemsg); ?> + +<!-- Function to call squid logs --> +<script language="JavaScript"> + function ShowLog(content,url,program) + { + var v_maxlines = $('maxlines').getValue(); + var v_strfilter = $('strfilter').getValue(); + var pars = 'maxlines='+escape(v_maxlines) + '&strfilter=' + escape(v_strfilter) + '&program=' + escape(program); + new Ajax.Updater(content,url, { + method: 'post', + parameters: pars, + onSuccess: function() { + window.setTimeout( ShowLog(content,url,program), 100 ); + } + }); + } + + +</script> + + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td id="mainarea"> + <div class="tabcont"> + <div id="param"> + <form id="paramsForm" name="paramsForm" method="post"> + <table width="100%" border="0" cellpadding=5" cellspacing="0"> + <tr> + <td width="15%" valign="top" class="vncell"><?php echo "Max lines:"; ?></td> + <td width="85%" class="vtable"> + <select name="maxlines" id="maxlines"> + <option value="5">5 lines</option> + <option value="10" selected="selected">10 lines</option> + <option value="15">15 lines</option> + <option value="20">20 lines</option> + <option value="25">25 lines</option> + <option value="30">30 lines</option> + </select> + <br/> + <span class="vexpl"> + <?php echo "Max. lines to be displayed."; ?> + </span> + </td> + </tr> + <tr> + <td width="15%" valign="top" class="vncell"><?php echo "String filter:"; ?></td> + <td width="85%" class="vtable"> + <input name="strfilter" type="text" class="formfld unknown" id="strfilter" size="50" value=""> + <br/> + <span class="vexpl"> + <?php echo "Enter the string filter: eg. username or ip addr or url."; ?> + </span> + </td> + </tr> + </table> + </form> + </div> + + <form> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"> + <center> + Squid Proxy + </center> + </td> + </tr> + <tr> + <td> + <table iD="squidView" width="100%" border="0" cellpadding="0" cellspacing="0"> + <script language="JavaScript"> + ShowLog('squidView', 'squid_monitor_data.php','squid'); + </script> + </table> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"> + <center> + SquidGuard + </center> + </td> + </tr> + <tr> + <td> + <table id="sguardView" width="100%" border="0" cellpadding="5" cellspacing="0"> + <script language="JavaScript"> + ShowLog('sguardView', 'squid_monitor_data.php','sguard'); + </script> + </table> + </td> + </tr> + </table> + </form> + </div> + </td> + </tr> +</table> + +<?php +include("fend.inc"); +?> + +</body> +</html> + diff --git a/config/squid-reverse/squid_monitor_data.php b/config/squid-reverse/squid_monitor_data.php new file mode 100644 index 00000000..46280446 --- /dev/null +++ b/config/squid-reverse/squid_monitor_data.php @@ -0,0 +1,136 @@ +<?php +/* $Id$ */ +/* ========================================================================== */ +/* + squid_monitor_data.php + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 ccesario @ pfsense forum + All rights reserved. + +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ +if ($_POST) { + switch (strtolower($_POST['program'])) { + case 'squid': + showSquid(); + break; + case 'sguard'; + showSGuard(); + break; + } +} + + + +// Show Squid Logs +function showSquid() { + echo "<tr>"; + echo "<td class=\"listhdrr\">Date</td>"; + echo "<td class=\"listhdrr\">IP</td>"; + echo "<td class=\"listhdrr\">Status</td>"; + echo "<td class=\"listhdrr\">Address</td>"; + echo "<td class=\"listhdrr\">User</td>"; + echo "<td class=\"listhdrr\">Destination</td>"; + echo "</tr>"; + + // Get Data from form post + $lines = $_POST['maxlines']; + $filter = $_POST['strfilter']; + + if ($filter != "") { + $exprfilter = "| grep -i $filter"; + } else { + $exprfilter = ""; + } + + // TODO FIX: + // Remove the hard link (maybe, get from config) + // + exec("tail -r -n $lines /var/squid/logs/access.log $exprfilter",$logarr); + + foreach ($logarr as $logent) { + $logline = preg_split("/\s+/", $logent); + + if ($filter != "") + $logline = preg_replace("/$filter/","<spam style='color:red'>$filter</spam>",$logline); + + echo "<tr>\n"; + echo "<td class=\"listr\">".date("d/m/y H:i:s",$logline[0])."</td>\n"; + echo "<td class=\"listr\">".$logline[2]."</td>\n"; + echo "<td class=\"listr\">".$logline[3]."</td>\n"; + echo "<td class=\"listr\" nowrap>".$logline[6]."</td>\n"; + echo "<td class=\"listr\">".$logline[7]."</td>\n"; + echo "<td class=\"listr\">".$logline[8]."</td>\n"; + echo "</tr>\n"; + } +} + +// Show SquidGuard Logs +function showSGuard() { + + + echo "<tr>"; + echo "<td class=\"listhdrr\">Date</td>"; + echo "<td class=\"listhdrr\">Hour</td>"; + echo "<td class=\"listhdrr\">ACL</td>"; + echo "<td class=\"listhdrr\">Address</td>"; + echo "<td class=\"listhdrr\">Host</td>"; + echo "<td class=\"listhdrr\">User</td>"; + echo "</tr>"; + + + // Get Data from form post + $lines = $_POST['maxlines']; + $filter = $_POST['strfilter']; + + if ($filter != "") { + $exprfilter = "| grep -i $filter"; + } else { + $exprfilter = ""; + } + + // TODO FIX: + // Remove the hard link (maybe, get from config) + // + exec("tail -r -n $lines /var/squidGuard/log/block.log $exprfilter",$logarr); + + foreach ($logarr as $logent) { + $logline = preg_split("/\s+/", $logent); + + if ($filter != "") + $logline = preg_replace("/$filter/","<spam style='color:red'>$filter</spam>",$logline); + + echo "<tr>\n"; + echo "<td class=\"listr\">".$logline[0]."</td>\n"; + echo "<td class=\"listr\">".$logline[1]."</td>\n"; + echo "<td class=\"listr\">".$logline[3]."</td>\n"; + echo "<td class=\"listr\">".$logline[4]."</td>\n"; + echo "<td class=\"listr\">".$logline[5]."</td>\n"; + echo "<td class=\"listr\">".$logline[6]."</td>\n"; + echo "</tr>\n"; + } +} + +?> |