diff options
| author | Stephane Lapie <stephane.lapie@asahinet.com> | 2014-06-23 23:41:59 +0900 |
|---|---|---|
| committer | Stephane Lapie <stephane.lapie@asahinet.com> | 2014-06-23 23:41:59 +0900 |
| commit | ec079fc18a1289be2676fa57c15829b20cb4a912 (patch) | |
| tree | 658ebfeb07d9ead4fb5c8d86d723a94819d02511 /config/squid3 | |
| parent | ab69db91000fd3d83bf86811ede117062f57f438 (diff) | |
| parent | 5b4c84c4ecc9a6eded4ce3443a665eae2c8a43f9 (diff) | |
| download | pfsense-packages-ec079fc18a1289be2676fa57c15829b20cb4a912.tar.gz pfsense-packages-ec079fc18a1289be2676fa57c15829b20cb4a912.tar.bz2 pfsense-packages-ec079fc18a1289be2676fa57c15829b20cb4a912.zip | |
Merge https://github.com/pfsense/pfsense-packages
Conflicts:
pkg_config.10.xml
pkg_config.8.xml
pkg_config.8.xml.amd64
Diffstat (limited to 'config/squid3')
29 files changed, 181 insertions, 125 deletions
diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc index 0256d078..ef346e1a 100644 --- a/config/squid3/31/squid.inc +++ b/config/squid3/31/squid.inc @@ -365,7 +365,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' and ... array_shift($values); @@ -389,7 +389,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; if (is_array($config['installedpackages']['squid'])) $settings = $config['installedpackages']['squid']['config'][0]; @@ -402,6 +402,7 @@ function squid_validate_general($post, $input_errors) { if (!empty($icp_port) && !is_port($icp_port)) $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field'; + if (substr($post['log_dir'], -1, 1) == '/') $input_errors[] = 'You may not end log location with an / mark'; @@ -451,7 +452,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['enabled'] == 'on') { $addr = trim($post['proxyaddr']); if (empty($addr)) @@ -473,7 +474,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -512,7 +513,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -558,7 +559,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -589,14 +590,13 @@ function squid_validate_traffic($post, $input_errors) { } } -function squid_validate_reverse($post, $input_errors) { +function squid_validate_reverse($post, &$input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -618,15 +618,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { @@ -644,7 +641,7 @@ function squid_validate_reverse($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/31/squid.xml b/config/squid3/31/squid.xml index 53293acd..a05e9427 100644 --- a/config/squid3/31/squid.xml +++ b/config/squid3/31/squid.xml @@ -429,13 +429,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_auth.xml b/config/squid3/31/squid_auth.xml index 307669c5..8dbaae67 100644 --- a/config/squid3/31/squid_auth.xml +++ b/config/squid3/31/squid_auth.xml @@ -244,7 +244,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/31/squid_cache.xml b/config/squid3/31/squid_cache.xml index 7f371f49..50c0dca0 100644 --- a/config/squid3/31/squid_cache.xml +++ b/config/squid3/31/squid_cache.xml @@ -287,7 +287,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_nac.xml b/config/squid3/31/squid_nac.xml index 659d626f..de3d670c 100644 --- a/config/squid3/31/squid_nac.xml +++ b/config/squid3/31/squid_nac.xml @@ -178,7 +178,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 993508aa..d2611c79 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -100,14 +100,23 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; - + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASS name=OWA_HOST_80_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; @@ -170,6 +179,8 @@ function squid_resync_reverse() { array_push($owa_dirs,'Microsoft-Server-ActiveSync'); if($settings['reverse_owa_rpchttp']) array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); + if($settings['reverse_owa_mapihttp']) + array_push($owa_dirs,'mapi'); if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); $conf .= "ignore_expect_100 on\n"; @@ -181,6 +192,9 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } } @@ -209,8 +223,15 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } diff --git a/config/squid3/31/squid_reverse.xml b/config/squid3/31/squid_reverse.xml index 7c25c371..b3a4c6cb 100644 --- a/config/squid3/31/squid_reverse.xml +++ b/config/squid3/31/squid_reverse.xml @@ -165,7 +165,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -214,14 +214,14 @@ <fieldname>reverse_owa</fieldname> <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -236,6 +236,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -346,10 +353,10 @@ </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_reverse_general.xml b/config/squid3/31/squid_reverse_general.xml index 2211bb20..47426c8e 100644 --- a/config/squid3/31/squid_reverse_general.xml +++ b/config/squid3/31/squid_reverse_general.xml @@ -149,7 +149,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -202,14 +202,14 @@ <fieldname>reverse_owa</fieldname> <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -224,6 +224,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -238,12 +245,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/31/squid_reverse_peer.xml b/config/squid3/31/squid_reverse_peer.xml index abfbf19b..b5a340e7 100644 --- a/config/squid3/31/squid_reverse_peer.xml +++ b/config/squid3/31/squid_reverse_peer.xml @@ -156,12 +156,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/31/squid_traffic.xml b/config/squid3/31/squid_traffic.xml index 62269792..786205c1 100644 --- a/config/squid3/31/squid_traffic.xml +++ b/config/squid3/31/squid_traffic.xml @@ -195,7 +195,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_upstream.xml b/config/squid3/31/squid_upstream.xml index 049d301c..45e5576a 100644 --- a/config/squid3/31/squid_upstream.xml +++ b/config/squid3/31/squid_upstream.xml @@ -349,7 +349,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index a97746e2..d9bb1549 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -382,7 +382,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' and ... array_shift($values); @@ -406,7 +406,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; if (is_array($config['installedpackages']['squid'])) $settings = $config['installedpackages']['squid']['config'][0]; @@ -472,7 +472,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['enabled'] == 'on') { $addr = trim($post['proxyaddr']); if (empty($addr)) @@ -494,7 +494,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -533,7 +533,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -579,7 +579,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -610,14 +610,13 @@ function squid_validate_traffic($post, $input_errors) { } } -function squid_validate_reverse($post, $input_errors) { +function squid_validate_reverse($post, &$input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -639,15 +638,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { @@ -665,7 +661,7 @@ function squid_validate_reverse($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml index bf740221..7e13e456 100644 --- a/config/squid3/33/squid.xml +++ b/config/squid3/33/squid.xml @@ -555,13 +555,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_auth.xml b/config/squid3/33/squid_auth.xml index e71a7e8d..c79bf873 100755 --- a/config/squid3/33/squid_auth.xml +++ b/config/squid3/33/squid_auth.xml @@ -250,7 +250,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml index f60863c9..612e9b73 100755 --- a/config/squid3/33/squid_cache.xml +++ b/config/squid3/33/squid_cache.xml @@ -312,7 +312,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_nac.xml b/config/squid3/33/squid_nac.xml index bffefb61..2e94ae58 100755 --- a/config/squid3/33/squid_nac.xml +++ b/config/squid3/33/squid_nac.xml @@ -183,7 +183,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 34ff2366..a6b81c0b 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -89,9 +89,6 @@ function squid_resync_reverse() { if(!empty($settings['reverse_ip'])) { $reverse_ip = explode(";", ($settings['reverse_ip'])); foreach ($reverse_ip as $reip) { - //IPv6 Addresses need to be enclosed in brackets - if (strpos($reip, ':')) $reip = '[' . $reip . ']'; - //HTTP if (!empty($settings['reverse_http'])) $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; @@ -103,14 +100,23 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; - + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on name=OWA_HOST_80_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; @@ -173,10 +179,11 @@ function squid_resync_reverse() { array_push($owa_dirs,'Microsoft-Server-ActiveSync'); if($settings['reverse_owa_rpchttp']) array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); + if($settings['reverse_owa_mapihttp']) + array_push($owa_dirs,'mapi'); if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); - //$conf .= "ignore_expect_100 on\n"; Obsolete on 3.3 - } + } } if (is_array($owa_dirs)) foreach ($owa_dirs as $owa_dir) @@ -184,9 +191,12 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } - } + } //$conf .= "ssl_unclean_shutdown on"; if (is_array($reverse_maps)) foreach ($reverse_maps as $rm){ @@ -212,8 +222,15 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml index 7c25c371..b3a4c6cb 100755 --- a/config/squid3/33/squid_reverse.xml +++ b/config/squid3/33/squid_reverse.xml @@ -165,7 +165,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -214,14 +214,14 @@ <fieldname>reverse_owa</fieldname> <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -236,6 +236,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -346,10 +353,10 @@ </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml index 374666d7..47426c8e 100755 --- a/config/squid3/33/squid_reverse_general.xml +++ b/config/squid3/33/squid_reverse_general.xml @@ -149,7 +149,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -200,19 +200,16 @@ <field> <fielddescr>Enable OWA reverse proxy</fielddescr> <fieldname>reverse_owa</fieldname> - <description><![CDATA[If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.<br><br> - See also:<br> - <a target=_new href='http://support.microsoft.com/?scid=kb%3Ben-us%3B327800&x=17&y=16'>How to configure SSL Offloading for Outlook Web Access in Exchange 2000 Server and in Exchange Server 2003</a> - ]]></description> + <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -227,6 +224,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -241,12 +245,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/33/squid_reverse_peer.xml b/config/squid3/33/squid_reverse_peer.xml index abfbf19b..b5a340e7 100755 --- a/config/squid3/33/squid_reverse_peer.xml +++ b/config/squid3/33/squid_reverse_peer.xml @@ -156,12 +156,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/33/squid_traffic.xml b/config/squid3/33/squid_traffic.xml index 82e849c1..85822fef 100755 --- a/config/squid3/33/squid_traffic.xml +++ b/config/squid3/33/squid_traffic.xml @@ -200,7 +200,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_upstream.xml b/config/squid3/33/squid_upstream.xml index 407cedd8..f8e467b7 100755 --- a/config/squid3/33/squid_upstream.xml +++ b/config/squid3/33/squid_upstream.xml @@ -353,7 +353,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid.inc b/config/squid3/old/squid.inc index 784fea8f..ce196700 100644 --- a/config/squid3/old/squid.inc +++ b/config/squid3/old/squid.inc @@ -289,7 +289,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' array_shift($values); @@ -310,7 +310,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; $settings = $config['installedpackages']['squid']['config'][0]; $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); @@ -367,7 +367,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['proxy_forwarding'] == 'on') { $addr = trim($post['proxy_addr']); if (empty($addr)) @@ -389,7 +389,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -428,7 +428,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -466,7 +466,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -498,7 +498,7 @@ function squid_validate_traffic($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/old/squid.xml b/config/squid3/old/squid.xml index 5762efb1..83fb9bc0 100644 --- a/config/squid3/old/squid.xml +++ b/config/squid3/old/squid.xml @@ -315,13 +315,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); @@ -339,4 +339,4 @@ exec("/bin/rm -f /usr/local/etc/rc.d/squid*"); </custom_php_deinstall_command> <filter_rules_needed>squid_generate_rules</filter_rules_needed> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/old/squid_auth.xml b/config/squid3/old/squid_auth.xml index c8e34553..db26756b 100644 --- a/config/squid3/old/squid_auth.xml +++ b/config/squid3/old/squid_auth.xml @@ -220,7 +220,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/old/squid_cache.xml b/config/squid3/old/squid_cache.xml index 881f15b3..a765d911 100644 --- a/config/squid3/old/squid_cache.xml +++ b/config/squid3/old/squid_cache.xml @@ -214,7 +214,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid_nac.xml b/config/squid3/old/squid_nac.xml index 193a89c6..0d914dca 100644 --- a/config/squid3/old/squid_nac.xml +++ b/config/squid3/old/squid_nac.xml @@ -135,7 +135,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid_traffic.xml b/config/squid3/old/squid_traffic.xml index d560a7ad..f34eec19 100644 --- a/config/squid3/old/squid_traffic.xml +++ b/config/squid3/old/squid_traffic.xml @@ -169,7 +169,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid_upstream.xml b/config/squid3/old/squid_upstream.xml index ad494524..b9a14dc8 100644 --- a/config/squid3/old/squid_upstream.xml +++ b/config/squid3/old/squid_upstream.xml @@ -125,7 +125,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); |