aboutsummaryrefslogtreecommitdiffstats
path: root/config/squid3/33
diff options
context:
space:
mode:
authorStephane Lapie <stephane.lapie@asahinet.com>2014-06-23 23:41:59 +0900
committerStephane Lapie <stephane.lapie@asahinet.com>2014-06-23 23:41:59 +0900
commitec079fc18a1289be2676fa57c15829b20cb4a912 (patch)
tree658ebfeb07d9ead4fb5c8d86d723a94819d02511 /config/squid3/33
parentab69db91000fd3d83bf86811ede117062f57f438 (diff)
parent5b4c84c4ecc9a6eded4ce3443a665eae2c8a43f9 (diff)
downloadpfsense-packages-ec079fc18a1289be2676fa57c15829b20cb4a912.tar.gz
pfsense-packages-ec079fc18a1289be2676fa57c15829b20cb4a912.tar.bz2
pfsense-packages-ec079fc18a1289be2676fa57c15829b20cb4a912.zip
Merge https://github.com/pfsense/pfsense-packages
Conflicts: pkg_config.10.xml pkg_config.8.xml pkg_config.8.xml.amd64
Diffstat (limited to 'config/squid3/33')
-rwxr-xr-xconfig/squid3/33/squid.inc36
-rw-r--r--config/squid3/33/squid.xml4
-rwxr-xr-xconfig/squid3/33/squid_auth.xml2
-rwxr-xr-xconfig/squid3/33/squid_cache.xml2
-rwxr-xr-xconfig/squid3/33/squid_nac.xml2
-rwxr-xr-xconfig/squid3/33/squid_reverse.inc39
-rwxr-xr-xconfig/squid3/33/squid_reverse.xml21
-rwxr-xr-xconfig/squid3/33/squid_reverse_general.xml28
-rwxr-xr-xconfig/squid3/33/squid_reverse_peer.xml6
-rwxr-xr-xconfig/squid3/33/squid_traffic.xml2
-rwxr-xr-xconfig/squid3/33/squid_upstream.xml2
11 files changed, 84 insertions, 60 deletions
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index a97746e2..d9bb1549 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -382,7 +382,7 @@ function squid_deinstall_command() {
filter_configure();
}
-function squid_before_form_general($pkg) {
+function squid_before_form_general(&$pkg) {
$values = get_dir(SQUID_CONFBASE . '/errors/');
// Get rid of '..' and '.' and ...
array_shift($values);
@@ -406,7 +406,7 @@ function squid_before_form_general($pkg) {
$field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]);
}
-function squid_validate_general($post, $input_errors) {
+function squid_validate_general($post, &$input_errors) {
global $config;
if (is_array($config['installedpackages']['squid']))
$settings = $config['installedpackages']['squid']['config'][0];
@@ -472,7 +472,7 @@ function squid_validate_general($post, $input_errors) {
}}
}
-function squid_validate_upstream($post, $input_errors) {
+function squid_validate_upstream($post, &$input_errors) {
if ($post['enabled'] == 'on') {
$addr = trim($post['proxyaddr']);
if (empty($addr))
@@ -494,7 +494,7 @@ function squid_validate_upstream($post, $input_errors) {
}
}
-function squid_validate_cache($post, $input_errors) {
+function squid_validate_cache($post, &$input_errors) {
$num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size',
'memory_cache_size' => 'Memory cache size',
'maximum_object_size' => 'Maximum object size',
@@ -533,7 +533,7 @@ function squid_validate_cache($post, $input_errors) {
}
-function squid_validate_nac($post, $input_errors) {
+function squid_validate_nac($post, &$input_errors) {
$allowed_subnets = explode("\n", $post['allowed_subnets']);
foreach ($allowed_subnets as $subnet) {
$subnet = trim($subnet);
@@ -579,7 +579,7 @@ function squid_validate_nac($post, $input_errors) {
}}
}
-function squid_validate_traffic($post, $input_errors) {
+function squid_validate_traffic($post, &$input_errors) {
$num_fields = array( 'max_download_size' => 'Maximum download size',
'max_upload_size' => 'Maximum upload size',
'perhost_throttling' => 'Per-host bandwidth throttling',
@@ -610,14 +610,13 @@ function squid_validate_traffic($post, $input_errors) {
}
}
-function squid_validate_reverse($post, $input_errors) {
+function squid_validate_reverse($post, &$input_errors) {
if(!empty($post['reverse_ip'])) {
$reverse_ip = explode(";", ($post['reverse_ip']));
foreach ($reverse_ip as $reip) {
- if (!is_ipaddr($reip))
- $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field';
- break;
+ if (!is_ipaddr(trim($reip)))
+ $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.';
}}
$fqdn = trim($post['reverse_external_fqdn']);
@@ -639,15 +638,12 @@ function squid_validate_reverse($post, $input_errors) {
$input_errors[] = "You have to enable reverse HTTPS before enabling OWA support.";
}
-/*
- if (!is_cert($post['reverse_int_ca']))
- $input_errors[] = 'A valid certificate for the external interface must be selected';
-*/
-
- $rowa = trim($post['reverse_owa_ip']);
- if (!empty($rowa) && !is_ipaddr($rowa))
- $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address';
-
+ if(!empty($post['reverse_owa_ip'])) {
+ $reverse_owa_ip = explode(";", ($post['reverse_owa_ip']));
+ foreach ($reverse_owa_ip as $reowaip) {
+ if (!is_ipaddr(trim($reowaip)))
+ $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.';
+ }}
$contents = $post['reverse_cache_peer'];
if(!empty($contents)) {
@@ -665,7 +661,7 @@ function squid_validate_reverse($post, $input_errors) {
}
-function squid_validate_auth($post, $input_errors) {
+function squid_validate_auth($post, &$input_errors) {
$num_fields = array( array('auth_processes', 'Authentication processes', 1),
array('auth_ttl', 'Authentication TTL', 0),
);
diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml
index bf740221..7e13e456 100644
--- a/config/squid3/33/squid.xml
+++ b/config/squid3/33/squid.xml
@@ -555,13 +555,13 @@
</field>
</fields>
<custom_php_command_before_form>
- squid_before_form_general(&amp;$pkg);
+ squid_before_form_general($pkg);
</custom_php_command_before_form>
<custom_add_php_command>
squid_resync();
</custom_add_php_command>
<custom_php_validation_command>
- squid_validate_general($_POST, &amp;$input_errors);
+ squid_validate_general($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
diff --git a/config/squid3/33/squid_auth.xml b/config/squid3/33/squid_auth.xml
index e71a7e8d..c79bf873 100755
--- a/config/squid3/33/squid_auth.xml
+++ b/config/squid3/33/squid_auth.xml
@@ -250,7 +250,7 @@
</field>
</fields>
<custom_php_validation_command>
- squid_validate_auth($_POST, &amp;$input_errors);
+ squid_validate_auth($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_after_form_command>
squid_print_javascript_auth2();
diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml
index f60863c9..612e9b73 100755
--- a/config/squid3/33/squid_cache.xml
+++ b/config/squid3/33/squid_cache.xml
@@ -312,7 +312,7 @@
}
</custom_php_command_before_form>
<custom_php_validation_command>
- squid_validate_cache($_POST, &amp;$input_errors);
+ squid_validate_cache($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
diff --git a/config/squid3/33/squid_nac.xml b/config/squid3/33/squid_nac.xml
index bffefb61..2e94ae58 100755
--- a/config/squid3/33/squid_nac.xml
+++ b/config/squid3/33/squid_nac.xml
@@ -183,7 +183,7 @@
</field>
</fields>
<custom_php_validation_command>
- squid_validate_nac($_POST, &amp;$input_errors);
+ squid_validate_nac($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc
index 34ff2366..a6b81c0b 100755
--- a/config/squid3/33/squid_reverse.inc
+++ b/config/squid3/33/squid_reverse.inc
@@ -89,9 +89,6 @@ function squid_resync_reverse() {
if(!empty($settings['reverse_ip'])) {
$reverse_ip = explode(";", ($settings['reverse_ip']));
foreach ($reverse_ip as $reip) {
- //IPv6 Addresses need to be enclosed in brackets
- if (strpos($reip, ':')) $reip = '[' . $reip . ']';
-
//HTTP
if (!empty($settings['reverse_http']))
$conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
@@ -103,14 +100,23 @@ function squid_resync_reverse() {
//PEERS
if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])))
- $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n";
-
+
+ if(!empty($settings['reverse_owa_ip'])) {
+ $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip']));
+ $casnr = 0;
+ foreach ($reverse_owa_ip as $reowaip) {
+ $casnr++;
+ $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n";
+ $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on name=OWA_HOST_80_{$casnr}_pfs\n";
+ }
+ }
+
$active_peers=array();
if (is_array($reverse_peers))
foreach ($reverse_peers as $rp){
if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){
$conf_peer = "#{$rp['description']}\n";
- $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin ";
+ $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin ";
if($rp['protocol'] == 'HTTPS')
$conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto ";
$conf_peer .= "name=rvp_{$rp['name']}\n\n";
@@ -173,10 +179,11 @@ function squid_resync_reverse() {
array_push($owa_dirs,'Microsoft-Server-ActiveSync');
if($settings['reverse_owa_rpchttp'])
array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll');
+ if($settings['reverse_owa_mapihttp'])
+ array_push($owa_dirs,'mapi');
if($settings['reverse_owa_webservice']){
array_push($owa_dirs,'EWS');
- //$conf .= "ignore_expect_100 on\n"; Obsolete on 3.3
- }
+ }
}
if (is_array($owa_dirs))
foreach ($owa_dirs as $owa_dir)
@@ -184,9 +191,12 @@ function squid_resync_reverse() {
if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) {
$reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
+ $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
+ $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
$conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
}
- }
+ }
//$conf .= "ssl_unclean_shutdown on";
if (is_array($reverse_maps))
foreach ($reverse_maps as $rm){
@@ -212,8 +222,15 @@ function squid_resync_reverse() {
//ACCESS
if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") {
- $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n";
- $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n";
+
+ for($cascnt=1;$cascnt<$casnr+1;$cascnt++)
+ {
+ $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n";
+ $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n";
+ $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n";
+ $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n";
+ }
+
$conf .= "never_direct allow OWA_URI_pfs\n";
$conf .= "http_access allow OWA_URI_pfs\n";
}
diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml
index 7c25c371..b3a4c6cb 100755
--- a/config/squid3/33/squid_reverse.xml
+++ b/config/squid3/33/squid_reverse.xml
@@ -165,7 +165,7 @@
<fieldname>reverse_https</fieldname>
<description>If this field is checked, the proxy-server will act in HTTPS reverse mode. &lt;br&gt;(You have to add a rule with destination "WAN-address")</description>
<type>checkbox</type>
- <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields>
+ <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields>
<required/>
<default_value>off</default_value>
</field>
@@ -214,14 +214,14 @@
<fieldname>reverse_owa</fieldname>
<description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description>
<type>checkbox</type>
- <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields>
+ <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields>
</field>
<field>
- <fielddescr>OWA frontend IP address</fielddescr>
+ <fielddescr>CAS-Array / OWA frontend IP address</fielddescr>
<fieldname>reverse_owa_ip</fieldname>
- <description>This is the internal IP Address of the OWA frontend server.</description>
+ <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description>
<type>input</type>
- <size>15</size>
+ <size>70</size>
</field>
<field>
<fielddescr>Enable ActiveSync</fielddescr>
@@ -236,6 +236,13 @@
<type>checkbox</type>
</field>
<field>
+ <fielddescr>Enable MAPI HTTP</fielddescr>
+ <fieldname>reverse_owa_mapihttp</fieldname>
+ <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br>
+ <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Enable Exchange WebServices</fielddescr>
<fieldname>reverse_owa_webservice</fieldname>
<description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br>
@@ -346,10 +353,10 @@
</fields>
<custom_php_command_before_form>
- squid_before_form_general(&amp;$pkg);
+ squid_before_form_general($pkg);
</custom_php_command_before_form>
<custom_php_validation_command>
- squid_validate_reverse($_POST, &amp;$input_errors);
+ squid_validate_reverse($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml
index 374666d7..47426c8e 100755
--- a/config/squid3/33/squid_reverse_general.xml
+++ b/config/squid3/33/squid_reverse_general.xml
@@ -149,7 +149,7 @@
<fieldname>reverse_https</fieldname>
<description>If this field is checked, the proxy-server will act in HTTPS reverse mode. &lt;br&gt;(You have to add a rule with destination "WAN-address")</description>
<type>checkbox</type>
- <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields>
+ <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields>
<required/>
<default_value>off</default_value>
</field>
@@ -200,19 +200,16 @@
<field>
<fielddescr>Enable OWA reverse proxy</fielddescr>
<fieldname>reverse_owa</fieldname>
- <description><![CDATA[If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.<br><br>
- See also:<br>
- <a target=_new href='http://support.microsoft.com/?scid=kb%3Ben-us%3B327800&x=17&y=16'>How to configure SSL Offloading for Outlook Web Access in Exchange 2000 Server and in Exchange Server 2003</a>
- ]]></description>
+ <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description>
<type>checkbox</type>
- <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields>
+ <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields>
</field>
<field>
- <fielddescr>OWA frontend IP address</fielddescr>
+ <fielddescr>CAS-Array / OWA frontend IP address</fielddescr>
<fieldname>reverse_owa_ip</fieldname>
- <description>This is the internal IP Address of the OWA frontend server.</description>
+ <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description>
<type>input</type>
- <size>15</size>
+ <size>70</size>
</field>
<field>
<fielddescr>Enable ActiveSync</fielddescr>
@@ -227,6 +224,13 @@
<type>checkbox</type>
</field>
<field>
+ <fielddescr>Enable MAPI HTTP</fielddescr>
+ <fieldname>reverse_owa_mapihttp</fieldname>
+ <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br>
+ <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Enable Exchange WebServices</fielddescr>
<fieldname>reverse_owa_webservice</fieldname>
<description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br>
@@ -241,12 +245,12 @@
</field>
</fields>
<custom_php_command_before_form>
- squid_before_form_general(&amp;$pkg);
+ squid_before_form_general($pkg);
</custom_php_command_before_form>
<custom_php_validation_command>
- squid_validate_reverse($_POST, &amp;$input_errors);
+ squid_validate_reverse($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
</custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/squid3/33/squid_reverse_peer.xml b/config/squid3/33/squid_reverse_peer.xml
index abfbf19b..b5a340e7 100755
--- a/config/squid3/33/squid_reverse_peer.xml
+++ b/config/squid3/33/squid_reverse_peer.xml
@@ -156,12 +156,12 @@
</field>
</fields>
<custom_php_command_before_form>
- squid_before_form_general(&amp;$pkg);
+ squid_before_form_general($pkg);
</custom_php_command_before_form>
<custom_php_validation_command>
- squid_validate_reverse($_POST, &amp;$input_errors);
+ squid_validate_reverse($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
</custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/squid3/33/squid_traffic.xml b/config/squid3/33/squid_traffic.xml
index 82e849c1..85822fef 100755
--- a/config/squid3/33/squid_traffic.xml
+++ b/config/squid3/33/squid_traffic.xml
@@ -200,7 +200,7 @@
</field>
</fields>
<custom_php_validation_command>
- squid_validate_traffic($_POST, &amp;$input_errors);
+ squid_validate_traffic($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
diff --git a/config/squid3/33/squid_upstream.xml b/config/squid3/33/squid_upstream.xml
index 407cedd8..f8e467b7 100755
--- a/config/squid3/33/squid_upstream.xml
+++ b/config/squid3/33/squid_upstream.xml
@@ -353,7 +353,7 @@
</field>
</fields>
<custom_php_validation_command>
- squid_validate_upstream($_POST, &amp;$input_errors);
+ squid_validate_upstream($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();