aboutsummaryrefslogtreecommitdiffstats
path: root/config/squid-reverse
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2012-04-22 04:11:38 +0000
committerMarcello Coutinho <marcellocoutinho@gmail.com>2012-04-22 04:11:38 +0000
commitc7b1432ce5e49d061a182df0b09db5de36d787f5 (patch)
tree87f552c880943bc9e5668a795f63aff36029eb3e /config/squid-reverse
parentb5779ad7a8932bfef434f2a8bec0cdc8cb7c2105 (diff)
downloadpfsense-packages-c7b1432ce5e49d061a182df0b09db5de36d787f5.tar.gz
pfsense-packages-c7b1432ce5e49d061a182df0b09db5de36d787f5.tar.bz2
pfsense-packages-c7b1432ce5e49d061a182df0b09db5de36d787f5.zip
squid3 - version 2.0.5 with transparent proxy fix and integration with captive portal for non transparent use.
Diffstat (limited to 'config/squid-reverse')
-rw-r--r--config/squid-reverse/squid.inc37
-rw-r--r--config/squid-reverse/squid.xml11
-rw-r--r--config/squid-reverse/squid_monitor.php167
-rw-r--r--config/squid-reverse/squid_monitor_data.php136
4 files changed, 349 insertions, 2 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index db3aafca..70127510 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -1525,7 +1525,42 @@ function squid_generate_rules($type) {
global $config;
$squid_conf = $config['installedpackages']['squid']['config'][0];
-
+
+ //check captive portal option
+ $cp_file='/etc/inc/captiveportal.inc';
+ $pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version"));
+ $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128);
+ $cp_inc = file($cp_file);
+ $new_cp_inc="";
+ $found_rule=0;
+ foreach ($cp_inc as $line){
+ $new_line=$line;
+ //remove applied squid patch
+ if (preg_match('/} set 1 skipto 65314/',$line)){
+ $found_rule++;
+ $new_line ="";
+ }
+ //add squid patch option based on current config
+ if (preg_match('/set 1 pass ip from any to/',$line) && $squid_conf['patch_cp']){
+ $found_rule++;
+ $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from any to {$ips} '.$port.' in\n";'."\n";
+ $new_line .= $line;
+ }
+ if (preg_match('/set 1 pass ip from {/',$line) && $squid_conf['patch_cp']){
+ $found_rule++;
+ $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from {$ips} '.$port.' to any out\n";'."\n";
+ $new_line .= $line;
+ }
+ $new_cp_inc .= $new_line;
+ }
+ if (!file_exists('/root/'.$pfsense_version.'.captiveportal.inc.backup')) {
+ copy ($cp_file,'/root/'.$pfsense_version.'.captiveportal.inc.backup');
+ }
+ if($found_rule > 0){
+ file_put_contents($cp_file,$new_cp_inc, LOCK_EX);
+ }
+
+ //normal squid rule check
if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) {
return;
}
diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml
index 981c256c..764011ea 100644
--- a/config/squid-reverse/squid.xml
+++ b/config/squid-reverse/squid.xml
@@ -236,12 +236,21 @@
<field>
<fielddescr>Transparent proxy</fielddescr>
<fieldname>transparent_proxy</fieldname>
- <description>If transparent mode is enabled, all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary.</description>
+ <description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br>
+ <strong>NOTE:</strong> Transparent mode does not filter ssl(port 443) or any other http/https port.<br>
+ To filter both http and https protocol without touching user config, enable WPAD/PAC options on your dns/dhcp.]]></description>
<type>checkbox</type>
<enablefields>private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields>
<required/>
</field>
<field>
+ <fielddescr>Patch captive portal</fielddescr>
+ <fieldname>patch_cp</fieldname>
+ <description><![CDATA[Enable this option to force captive portal to non transparent proxy users.<br>
+ <strong>NOTE:</strong> You may need to reapply captive portal config after changing this option.]]></description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Bypass proxy for Private Address Space (RFC 1918) destination</fielddescr>
<fieldname>private_subnet_proxy_off</fieldname>
<description>Do not forward traffic to Private Address Space (RFC 1918) &lt;b&gt;destination&lt;/b&gt; through the proxy server but directly through the firewall.</description>
diff --git a/config/squid-reverse/squid_monitor.php b/config/squid-reverse/squid_monitor.php
new file mode 100644
index 00000000..cbcc8918
--- /dev/null
+++ b/config/squid-reverse/squid_monitor.php
@@ -0,0 +1,167 @@
+<?php
+/* $Id$ */
+/* ========================================================================== */
+/*
+ squid_monitor.php
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2012 ccesario @ pfsense forum
+ All rights reserved.
+
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+
+
+require_once("/etc/inc/util.inc");
+require_once("/etc/inc/functions.inc");
+require_once("/etc/inc/pkg-utils.inc");
+require_once("/etc/inc/globals.inc");
+
+require_once("guiconfig.inc");
+
+
+
+$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
+if(strstr($pfSversion, "1.2"))
+ $one_two = true;
+
+$pgtitle = "Status: Proxy Monitor";
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+
+<?php if($one_two): ?>
+<p class="pgtitle"><?=$pgtitle?></font></p>
+<?php endif; ?>
+
+<?php if ($savemsg) print_info_box($savemsg); ?>
+
+<!-- Function to call squid logs -->
+<script language="JavaScript">
+ function ShowLog(content,url,program)
+ {
+ var v_maxlines = $('maxlines').getValue();
+ var v_strfilter = $('strfilter').getValue();
+ var pars = 'maxlines='+escape(v_maxlines) + '&strfilter=' + escape(v_strfilter) + '&program=' + escape(program);
+ new Ajax.Updater(content,url, {
+ method: 'post',
+ parameters: pars,
+ onSuccess: function() {
+ window.setTimeout( ShowLog(content,url,program), 100 );
+ }
+ });
+ }
+
+
+</script>
+
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td id="mainarea">
+ <div class="tabcont">
+ <div id="param">
+ <form id="paramsForm" name="paramsForm" method="post">
+ <table width="100%" border="0" cellpadding=5" cellspacing="0">
+ <tr>
+ <td width="15%" valign="top" class="vncell"><?php echo "Max lines:"; ?></td>
+ <td width="85%" class="vtable">
+ <select name="maxlines" id="maxlines">
+ <option value="5">5 lines</option>
+ <option value="10" selected="selected">10 lines</option>
+ <option value="15">15 lines</option>
+ <option value="20">20 lines</option>
+ <option value="25">25 lines</option>
+ <option value="30">30 lines</option>
+ </select>
+ <br/>
+ <span class="vexpl">
+ <?php echo "Max. lines to be displayed."; ?>
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="15%" valign="top" class="vncell"><?php echo "String filter:"; ?></td>
+ <td width="85%" class="vtable">
+ <input name="strfilter" type="text" class="formfld unknown" id="strfilter" size="50" value="">
+ <br/>
+ <span class="vexpl">
+ <?php echo "Enter the string filter: eg. username or ip addr or url."; ?>
+ </span>
+ </td>
+ </tr>
+ </table>
+ </form>
+ </div>
+
+ <form>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">
+ <center>
+ Squid Proxy
+ </center>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <table iD="squidView" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <script language="JavaScript">
+ ShowLog('squidView', 'squid_monitor_data.php','squid');
+ </script>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">
+ <center>
+ SquidGuard
+ </center>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <table id="sguardView" width="100%" border="0" cellpadding="5" cellspacing="0">
+ <script language="JavaScript">
+ ShowLog('sguardView', 'squid_monitor_data.php','sguard');
+ </script>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+ </div>
+ </td>
+ </tr>
+</table>
+
+<?php
+include("fend.inc");
+?>
+
+</body>
+</html>
+
diff --git a/config/squid-reverse/squid_monitor_data.php b/config/squid-reverse/squid_monitor_data.php
new file mode 100644
index 00000000..46280446
--- /dev/null
+++ b/config/squid-reverse/squid_monitor_data.php
@@ -0,0 +1,136 @@
+<?php
+/* $Id$ */
+/* ========================================================================== */
+/*
+ squid_monitor_data.php
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2012 ccesario @ pfsense forum
+ All rights reserved.
+
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+if ($_POST) {
+ switch (strtolower($_POST['program'])) {
+ case 'squid':
+ showSquid();
+ break;
+ case 'sguard';
+ showSGuard();
+ break;
+ }
+}
+
+
+
+// Show Squid Logs
+function showSquid() {
+ echo "<tr>";
+ echo "<td class=\"listhdrr\">Date</td>";
+ echo "<td class=\"listhdrr\">IP</td>";
+ echo "<td class=\"listhdrr\">Status</td>";
+ echo "<td class=\"listhdrr\">Address</td>";
+ echo "<td class=\"listhdrr\">User</td>";
+ echo "<td class=\"listhdrr\">Destination</td>";
+ echo "</tr>";
+
+ // Get Data from form post
+ $lines = $_POST['maxlines'];
+ $filter = $_POST['strfilter'];
+
+ if ($filter != "") {
+ $exprfilter = "| grep -i $filter";
+ } else {
+ $exprfilter = "";
+ }
+
+ // TODO FIX:
+ // Remove the hard link (maybe, get from config)
+ //
+ exec("tail -r -n $lines /var/squid/logs/access.log $exprfilter",$logarr);
+
+ foreach ($logarr as $logent) {
+ $logline = preg_split("/\s+/", $logent);
+
+ if ($filter != "")
+ $logline = preg_replace("/$filter/","<spam style='color:red'>$filter</spam>",$logline);
+
+ echo "<tr>\n";
+ echo "<td class=\"listr\">".date("d/m/y H:i:s",$logline[0])."</td>\n";
+ echo "<td class=\"listr\">".$logline[2]."</td>\n";
+ echo "<td class=\"listr\">".$logline[3]."</td>\n";
+ echo "<td class=\"listr\" nowrap>".$logline[6]."</td>\n";
+ echo "<td class=\"listr\">".$logline[7]."</td>\n";
+ echo "<td class=\"listr\">".$logline[8]."</td>\n";
+ echo "</tr>\n";
+ }
+}
+
+// Show SquidGuard Logs
+function showSGuard() {
+
+
+ echo "<tr>";
+ echo "<td class=\"listhdrr\">Date</td>";
+ echo "<td class=\"listhdrr\">Hour</td>";
+ echo "<td class=\"listhdrr\">ACL</td>";
+ echo "<td class=\"listhdrr\">Address</td>";
+ echo "<td class=\"listhdrr\">Host</td>";
+ echo "<td class=\"listhdrr\">User</td>";
+ echo "</tr>";
+
+
+ // Get Data from form post
+ $lines = $_POST['maxlines'];
+ $filter = $_POST['strfilter'];
+
+ if ($filter != "") {
+ $exprfilter = "| grep -i $filter";
+ } else {
+ $exprfilter = "";
+ }
+
+ // TODO FIX:
+ // Remove the hard link (maybe, get from config)
+ //
+ exec("tail -r -n $lines /var/squidGuard/log/block.log $exprfilter",$logarr);
+
+ foreach ($logarr as $logent) {
+ $logline = preg_split("/\s+/", $logent);
+
+ if ($filter != "")
+ $logline = preg_replace("/$filter/","<spam style='color:red'>$filter</spam>",$logline);
+
+ echo "<tr>\n";
+ echo "<td class=\"listr\">".$logline[0]."</td>\n";
+ echo "<td class=\"listr\">".$logline[1]."</td>\n";
+ echo "<td class=\"listr\">".$logline[3]."</td>\n";
+ echo "<td class=\"listr\">".$logline[4]."</td>\n";
+ echo "<td class=\"listr\">".$logline[5]."</td>\n";
+ echo "<td class=\"listr\">".$logline[6]."</td>\n";
+ echo "</tr>\n";
+ }
+}
+
+?>