diff options
author | Martin Fuchs <mfuchs77@gmail.com> | 2014-06-13 11:52:37 +0200 |
---|---|---|
committer | Martin Fuchs <mfuchs77@gmail.com> | 2014-06-13 11:52:37 +0200 |
commit | 47a250e0d2b516cc87c7b582fda6f548c33c3d73 (patch) | |
tree | 71c908faf9498280ebf07b504c81978cbbb3a478 /config/squid3 | |
parent | 2bbfbdd783fe46d584d91b6014ef6c86520a9097 (diff) | |
download | pfsense-packages-47a250e0d2b516cc87c7b582fda6f548c33c3d73.tar.gz pfsense-packages-47a250e0d2b516cc87c7b582fda6f548c33c3d73.tar.bz2 pfsense-packages-47a250e0d2b516cc87c7b582fda6f548c33c3d73.zip |
allow multiple CAS-servers, correct checks
Diffstat (limited to 'config/squid3')
-rw-r--r-- | config/squid3/31/squid.inc | 21 | ||||
-rw-r--r-- | config/squid3/31/squid_reverse.inc | 20 | ||||
-rw-r--r-- | config/squid3/31/squid_reverse.xml | 4 | ||||
-rw-r--r-- | config/squid3/31/squid_reverse_general.xml | 4 |
4 files changed, 30 insertions, 19 deletions
diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc index 0256d078..b8f1e3e1 100644 --- a/config/squid3/31/squid.inc +++ b/config/squid3/31/squid.inc @@ -402,6 +402,7 @@ function squid_validate_general($post, $input_errors) { if (!empty($icp_port) && !is_port($icp_port)) $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field'; + if (substr($post['log_dir'], -1, 1) == '/') $input_errors[] = 'You may not end log location with an / mark'; @@ -594,9 +595,8 @@ function squid_validate_reverse($post, $input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -618,15 +618,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 4ac7fe82..418220c3 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -100,8 +100,17 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ @@ -211,8 +220,13 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } diff --git a/config/squid3/31/squid_reverse.xml b/config/squid3/31/squid_reverse.xml index 28d8cbcf..b0f6a614 100644 --- a/config/squid3/31/squid_reverse.xml +++ b/config/squid3/31/squid_reverse.xml @@ -219,9 +219,9 @@ <field> <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the CAS-Array / OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> diff --git a/config/squid3/31/squid_reverse_general.xml b/config/squid3/31/squid_reverse_general.xml index 029072a6..9bff5d8e 100644 --- a/config/squid3/31/squid_reverse_general.xml +++ b/config/squid3/31/squid_reverse_general.xml @@ -207,9 +207,9 @@ <field> <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the CAS-Array / OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> |