aboutsummaryrefslogtreecommitdiffstats
path: root/config/squid3
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2010-11-19 17:10:32 -0500
committerjim-p <jimp@pfsense.org>2010-11-19 17:11:27 -0500
commit089edbf2d6918f2c7c17e77ff169e22d5345dcc9 (patch)
tree24dcc087178881d4f478cd273473fc0537542ebc /config/squid3
parent89809ee593cb5623914a34428d9baecf2af1a216 (diff)
downloadpfsense-packages-089edbf2d6918f2c7c17e77ff169e22d5345dcc9.tar.gz
pfsense-packages-089edbf2d6918f2c7c17e77ff169e22d5345dcc9.tar.bz2
pfsense-packages-089edbf2d6918f2c7c17e77ff169e22d5345dcc9.zip
Sync squid3 GUI code with recent changes to squid 2.x gui code, update to a more recent version of squid 3, enable for 2.0 (binaries have already been uploaded)
Diffstat (limited to 'config/squid3')
-rw-r--r--config/squid3/squid.inc305
-rw-r--r--config/squid3/squid.xml56
-rw-r--r--config/squid3/squid_auth.xml29
-rw-r--r--config/squid3/squid_cache.xml25
-rw-r--r--config/squid3/squid_extauth.xml8
-rw-r--r--config/squid3/squid_nac.xml16
-rw-r--r--config/squid3/squid_ng.xml4
-rw-r--r--config/squid3/squid_traffic.xml14
-rw-r--r--config/squid3/squid_upstream.xml16
-rw-r--r--config/squid3/squid_users.xml14
10 files changed, 325 insertions, 162 deletions
diff --git a/config/squid3/squid.inc b/config/squid3/squid.inc
index acb5a2d3..98192253 100644
--- a/config/squid3/squid.inc
+++ b/config/squid3/squid.inc
@@ -2,7 +2,7 @@
/* $Id$ */
/*
squid.inc
- Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2006-2009 Scott Ullrich
Copyright (C) 2006 Fernando Lemos
Copyright (C) 2008 Martin Fuchs
All rights reserved.
@@ -40,6 +40,7 @@ if(!function_exists("filter_configure"))
require_once("filter.inc");
define('SQUID_CONFBASE', '/usr/local/etc/squid');
+define('SQUID_BASE', '/var/squid/');
define('SQUID_ACLDIR', '/var/squid/acl');
define('SQUID_PASSWD', '/var/etc/squid.passwd');
@@ -64,7 +65,7 @@ function squid_chown_recursive($dir, $user, $group) {
$path = "$dir/$item";
if (is_dir($path))
squid_chown_recursive($path, $user, $group);
- else {
+ elseif (is_file($path)) {
chown($path, $user);
chgrp($path, $group);
}
@@ -76,6 +77,11 @@ function squid_chown_recursive($dir, $user, $group) {
function squid_dash_z() {
global $config;
$settings = $config['installedpackages']['squidcache']['config'][0];
+
+ // If the cache system is null, there is no need to initialize the (irrelevant) cache dir.
+ if ($settings['harddisk_cache_system'] == "null")
+ return;
+
$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
if(!is_dir($cachedir.'/')) {
@@ -92,7 +98,8 @@ function squid_dash_z() {
mwexec("/usr/local/sbin/squid -z");
}
- exec("chmod a+rw /var/squid/cache/swap.state");
+ if(file_exists("/var/squid/cache/swap.state"))
+ exec("chmod a+rw /var/squid/cache/swap.state");
}
@@ -105,11 +112,17 @@ function squid_is_valid_acl($acl) {
function squid_install_command() {
global $config;
+ global $g;
/* migrate existing csv config fields */
$settingsauth = $config['installedpackages']['squidauth']['config'][0];
$settingscache = $config['installedpackages']['squidcache']['config'][0];
$settingsnac = $config['installedpackages']['squidnac']['config'][0];
+ /* Set storage system */
+ if ($g['platform'] == "nanobsd") {
+ $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_system'] = 'null';
+ }
+
/* migrate auth settings */
if (!empty($settingsauth['no_auth_hosts'])) {
if(strstr($settingsauth['no_auth_hosts'], ",")) {
@@ -133,36 +146,42 @@ function squid_install_command() {
$config['installedpackages']['squidnac']['config'][0]['allowed_subnets'] = $settingsnac['allowed_subnets'];
}
}
+
if(! empty($settingsnac['banned_hosts'])) {
if(strstr($settingsnac['banned_hosts'], ",")) {
$settingsnac['banned_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_hosts'])));
$config['installedpackages']['squidnac']['config'][0]['banned_hosts'] = $settingsnac['banned_hosts'];
}
}
+
if(! empty($settingsnac['banned_macs'])) {
if(strstr($settingsnac['banned_macs'], ",")) {
$settingsnac['banned_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_macs'])));
$config['installedpackages']['squidnac']['config'][0]['banned_macs'] = $settingsnac['banned_macs'];
}
}
+
if(! empty($settingsnac['unrestricted_hosts'])) {
if(strstr($settingsnac['unrestricted_hosts'], ",")) {
$settingsnac['unrestricted_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_hosts'])));
$config['installedpackages']['squidnac']['config'][0]['unrestricted_hosts'] = $settingsnac['unrestricted_hosts'];
}
}
+
if(! empty($settingsnac['unrestricted_macs'])) {
if(strstr($settingsnac['unrestricted_macs'], ",")) {
$settingsnac['unrestricted_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_macs'])));
$config['installedpackages']['squidnac']['config'][0]['unrestricted_macs'] = $settingsnac['unrestricted_macs'];
}
}
+
if(! empty($settingsnac['whitelist'])) {
if(strstr($settingsnac['whitelist'], ",")) {
$settingsnac['whitelist'] = base64_encode(implode("\n", explode(",", $settingsnac['whitelist'])));
$config['installedpackages']['squidnac']['config'][0]['whitelist'] = $settingsnac['whitelist'];
}
}
+
if(! empty($settingsnac['blacklist'])) {
if(strstr($settingsnac['blacklist'], ",")) {
$settingsnac['blacklist'] = base64_encode(implode("\n", explode(",", $settingsnac['blacklist'])));
@@ -206,16 +225,17 @@ if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then
fi
EOD;
- update_status("Writing rc files... One moment please...");
+ update_status("Writing rc.d files... One moment please...");
+ conf_mount_rw();
write_rcfile($rc);
exec("chmod a+rx /usr/local/libexec/squid/dnsserver");
foreach (array( SQUID_CONFBASE,
SQUID_ACLDIR,
- ) as $dir) {
- make_dirs($dir);
- squid_chown_recursive($dir, 'proxy', 'proxy');
+ SQUID_BASE ) as $dir) {
+ make_dirs($dir);
+ squid_chown_recursive($dir, 'proxy', 'proxy');
}
/* kill any running proxy alarm scripts */
@@ -249,20 +269,24 @@ EOD;
}
function squid_deinstall_command() {
- global $config;
- squid_install_cron(false);
- $settings = $config['installedpackages']['squidcache']['config'][0];
+ global $config, $g;
+ $plswait_txt = "This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process.";
+ squid_install_cron(false);
+ $settings = &$config['installedpackages']['squidcache']['config'][0];
$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
- $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/log');
-
- mwexec('rm -rf $cachedir');
+ $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs');
+ update_status("Removing swap.state ... One moment please...");
+ update_output_window("$plswait_txt");
+ mwexec('rm -rf $cachedir/swap.state');
mwexec('rm -rf $logdir');
+ update_status("Finishing package cleanup.");
mwexec('rm -f /usr/local/etc/rc.d/proxy_monitor.sh');
mwexec("ps awux | grep \"proxy_monitor\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill");
mwexec("ps awux | grep \"squid\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill");
mwexec("ps awux | grep \"dnsserver\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill");
mwexec("ps awux | grep \"unlinkd\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill");
- filter_configure();
+ update_status("Reloading filter...");
+ filter_configure_sync();
}
function squid_before_form_general($pkg) {
@@ -288,6 +312,10 @@ function squid_before_form_general($pkg) {
function squid_validate_general($post, $input_errors) {
global $config;
+ $settings = $config['installedpackages']['squid']['config'][0];
+ $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128);
+ $port = $post['proxy_port'] ? $post['proxy_port'] : $port;
+
$icp_port = trim($post['icp_port']);
if (!empty($icp_port) && !is_port($icp_port))
$input_errors[] = 'You must enter a valid port number in the \'ICP port\' field';
@@ -322,13 +350,23 @@ function squid_validate_general($post, $input_errors) {
if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off'])) {
$input_errors[] = "You can not bypass traffic from specific IPs without using the transparent proxy.";
- }
+ }
+ if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off_dest'])) {
+ $input_errors[] = "You can not bypass traffic to specific IPs without using the transparent proxy.";
+ }
foreach (array('defined_ip_proxy_off') as $hosts) {
foreach (explode(";", $post[$hosts]) as $host) {
$host = trim($host);
- if (!empty($host) && !is_ipaddr($host))
- $input_errors[] = "The entry '$host' is not a valid IP address";
+ if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host))
+ $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias";
+ }
+ }
+ foreach (array('defined_ip_proxy_off_dest') as $hosts) {
+ foreach (explode(";", $post[$hosts]) as $host) {
+ $host = trim($host);
+ if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host))
+ $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias";
}
}
@@ -532,7 +570,7 @@ function squid_install_cron($should_install) {
return;
$x=0;
foreach($config['cron']['item'] as $item) {
- if(strstr($item['command'], "/usr/local/sbin/squid")) {
+ if(strstr($item['task_name'], "squid_rotate_logs")) {
$is_installed = true;
break;
}
@@ -542,6 +580,7 @@ function squid_install_cron($should_install) {
case true:
if(!$is_installed) {
$cron_item = array();
+ $cron_item['task_name'] = "squid_rotate_logs";
$cron_item['minute'] = "0";
$cron_item['hour'] = "0";
$cron_item['mday'] = "*";
@@ -585,8 +624,7 @@ function squid_resync_general() {
}
}
if (($settings['transparent_proxy'] == 'on')) {
- $conf .= "http_port 127.0.0.1:80 transparent\n"; // for squid < v.3.1 (for pf)
-// $conf .= "http_port 127.0.0.1:80 intercept\n"; // new from squid >= 3.1 (for pf)
+ $conf .= "http_port 127.0.0.1:80 transparent\n";
}
$icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0);
@@ -597,7 +635,7 @@ function squid_resync_general() {
$hostname = ($settings['visible_hostname'] ? $settings['visible_hostname'] : 'localhost');
$email = ($settings['admin_email'] ? $settings['admin_email'] : 'admin@localhost');
- $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/log');
+ $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs');
$logdir_cache = $logdir . '/cache.log';
$logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null');
@@ -647,7 +685,7 @@ EOD;
if ($settings['disable_squidversion']) $conf .= "httpd_suppress_version_string on\n";
if (!empty($settings['uri_whitespace'])) $conf .= "uri_whitespace {$settings['uri_whitespace']}\n";
else $conf .= "uri_whitespace strip\n"; //only used for first run
-
+
if(!empty($settings['dns_nameservers'])) {
$altdns = explode(";", ($settings['dns_nameservers']));
$conf .= "dns_nameservers ";
@@ -662,13 +700,12 @@ EOD;
function squid_resync_cache() {
- global $config;
+ global $config, $g;
$settings = $config['installedpackages']['squidcache']['config'][0];
$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
$disk_cache_size = ($settings['harddisk_cache_size'] ? $settings['harddisk_cache_size'] : 100);
- $disk_cache_system = ($settings['harddisk_cache_system'] ? $settings['harddisk_cache_system'] : 'aufs');
$level1 = ($settings['level1_subdirs'] ? $settings['level1_subdirs'] : 16);
$memory_cache_size = ($settings['memory_cache_size'] ? $settings['memory_cache_size'] : 8);
$max_objsize = ($settings['maximum_object_size'] ? $settings['maximum_object_size'] : 10);
@@ -677,15 +714,31 @@ function squid_resync_cache() {
$memory_policy = ($settings['memory_replacement_policy'] ? $settings['memory_replacement_policy'] : 'heap GDSF');
$offline_mode = ($settings['enable_offline'] == 'on' ? 'on' : 'off');
+ if (!isset($settings['harddisk_cache_system'])) {
+ if ($g['platform'] == "nanobsd") {
+ $disk_cache_system = 'null';
+ } else {
+ $disk_cache_system = 'ufs';
+ }
+ } else {
+ $disk_cache_system = $settings['harddisk_cache_system'];
+ }
+
+ if ($disk_cache_system == "null") {
+ $disk_cache_opts = "{$disk_cache_system} /tmp";
+ } else {
+ $disk_cache_opts = "{$disk_cache_system} {$cachedir} {$disk_cache_size} {$level1} 256";
+ }
+
$conf = <<<EOD
-cache_dir $disk_cache_system $cachedir $disk_cache_size $level1 256
cache_mem $memory_cache_size MB
-maximum_object_size $max_objsize KB
-minimum_object_size $min_objsize KB
-cache_replacement_policy $cache_policy
+maximum_object_size_in_memory 32 KB
memory_replacement_policy $memory_policy
+cache_replacement_policy $cache_policy
+cache_dir $disk_cache_opts
+minimum_object_size $min_objsize KB
+maximum_object_size $max_objsize KB
offline_mode $offline_mode
-dns_children 32
EOD;
@@ -748,6 +801,7 @@ function squid_resync_nac() {
$conf = <<<EOD
# Setup some default acls
+acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 $webgui_port $port 1025-65535
acl sslports port 443 563 $webgui_port
@@ -837,7 +891,7 @@ function squid_resync_traffic() {
$up_limit = ($settings['max_upload_size'] ? $settings['max_upload_size'] : 0);
$down_limit = ($settings['max_download_size'] ? $settings['max_download_size'] : 0);
$conf .= "request_body_max_size $up_limit KB\n";
- $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . "\n";
+ $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " allow all\n";
// Only apply throttling past 10MB
// XXX: Should this really be hardcoded?
@@ -954,13 +1008,15 @@ function squid_resync_auth() {
$auth_method = (($settings['auth_method'] && !$transparent_proxy) ? $settings['auth_method'] : 'none');
// Allow the remaining ACLs if no authentication is set
if ($auth_method == 'none') {
+ $conf .="# Setup allowed acls\n";
+ $allowed = array('allowed_subnets');
if ($settingsconfig['allow_interface'] == 'on') {
$conf .= "# Allow local network(s) on interface(s)\n";
- $allowed = array('localnet', 'allowed_subnets');
- $allowed = array_filter($allowed, 'squid_is_valid_acl');
- foreach ($allowed as $acl)
- $conf .= "http_access allow $acl\n";
+ $allowed[] = "localnet";
}
+ $allowed = array_filter($allowed, 'squid_is_valid_acl');
+ foreach ($allowed as $acl)
+ $conf .= "http_access allow $acl\n";
}
else {
$noauth = implode(' ', explode("\n", base64_decode($settings['no_auth_hosts'])));
@@ -978,16 +1034,17 @@ function squid_resync_auth() {
$conf .= 'auth_param basic program /usr/local/libexec/squid/ncsa_auth ' . SQUID_PASSWD . "\n";
break;
case 'ldap':
- $port = (isset($settings['auth_port']) ? ":{$settings['auth_port']}" : '');
+ $port = (isset($settings['auth_server_port']) ? ":{$settings['auth_server_port']}" : '');
$password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : '');
- $conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u uid -P {$settings['auth_server']}$port\n";
+ $conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";
break;
case 'radius':
- $port = (isset($settings['auth_port']) ? "-p {$settings['auth_server_port']}" : '');
+ $port = (isset($settings['auth_server_port']) ? "-p {$settings['auth_server_port']}" : '');
$conf .= "auth_param basic program /usr/local/libexec/squid/squid_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n";
break;
case 'msnt':
$conf .= "auth_param basic program /usr/local/libexec/squid/msnt_auth\n";
+ squid_resync_msnt();
break;
}
$conf .= <<<EOD
@@ -1047,8 +1104,22 @@ function squid_resync_users() {
chmod(SQUID_PASSWD, 0600);
}
+function squid_resync_msnt() {
+ global $config;
+
+ $settings = $config['installedpackages']['squidauth']['config'][0];
+ $pdcserver = $settings['auth_server'];
+ $bdcserver = str_replace(',',' ',$settings['msnt_secondary']);
+ $ntdomain = $settings['auth_ntdomain'];
+
+ file_put_contents(SQUID_CONFBASE."/msntauth.conf","server {$pdcserver} {$bdcserver} {$ntdomain}");
+ chown(SQUID_CONFBASE."/msntauth.conf", 'proxy');
+ chmod(SQUID_CONFBASE."/msntauth.conf", 0600);
+}
+
function squid_resync() {
global $config;
+ conf_mount_rw();
$conf = squid_resync_general() . "\n";
$conf .= squid_resync_cache() . "\n";
$conf .= squid_resync_redirector() . "\n";
@@ -1062,6 +1133,13 @@ function squid_resync() {
if(file_exists("/usr/local/libexec/squid/pinger"))
exec("chmod a+x /usr/local/libexec/squid/pinger");
+ foreach (array( SQUID_CONFBASE,
+ SQUID_ACLDIR,
+ SQUID_BASE ) as $dir) {
+ make_dirs($dir);
+ squid_chown_recursive($dir, 'proxy', 'proxy');
+ }
+
file_put_contents(SQUID_CONFBASE . '/squid.conf', $conf);
$log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'].'/';
@@ -1076,13 +1154,19 @@ function squid_resync() {
if (!is_service_running('squid')) {
log_error("Starting Squid");
- mwexec_bg("/usr/local/sbin/squid -D");
+ mwexec("/usr/local/sbin/squid -D");
} else {
log_error("Reloading Squid for configuration sync");
mwexec("/usr/local/sbin/squid -k reconfigure");
}
+ // Sleep for a couple seconds to give squid a chance to fire up fully.
+ for ($i=0; $i < 10; $i++) {
+ if (!is_service_running('squid'))
+ sleep(1);
+ }
filter_configure();
+ conf_mount_ro();
}
function squid_print_javascript_auth() {
@@ -1097,11 +1181,13 @@ function squid_print_javascript_auth() {
function on_auth_method_changed() {
document.iform.auth_method.disabled = 1;
document.iform.auth_server.disabled = 1;
+ document.iform.auth_ntdomain.disabled = 1;
document.iform.auth_server_port.disabled = 1;
document.iform.ldap_user.disabled = 1;
document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_userattribute.disabled = 1;
document.iform.ldap_filter.disabled = 1;
- document.iform.ldap_password.disabled = 1;
+ document.iform.ldap_pass.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 1;
document.iform.msnt_secondary.disabled = 1;
@@ -1127,10 +1213,12 @@ function on_auth_method_changed() {
if (auth_method == 'none') {
document.iform.auth_server.disabled = 1;
document.iform.auth_server_port.disabled = 1;
+ document.iform.auth_ntdomain.disabled = 1;
document.iform.ldap_user.disabled = 1;
document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_userattribute.disabled = 1;
document.iform.ldap_filter.disabled = 1;
- document.iform.ldap_password.disabled = 1;
+ document.iform.ldap_pass.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 1;
document.iform.msnt_secondary.disabled = 1;
@@ -1152,9 +1240,11 @@ function on_auth_method_changed() {
case 'local':
document.iform.auth_server.disabled = 1;
document.iform.auth_server_port.disabled = 1;
+ document.iform.auth_ntdomain.disabled = 1;
document.iform.ldap_user.disabled = 1;
- document.iform.ldap_password.disabled = 1;
+ document.iform.ldap_pass.disabled = 1;
document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_userattribute.disabled = 1;
document.iform.ldap_filter.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 1;
@@ -1164,30 +1254,36 @@ function on_auth_method_changed() {
document.iform.auth_server.disabled = 0;
document.iform.auth_server_port.disabled = 0;
document.iform.ldap_user.disabled = 0;
- document.iform.ldap_password.disabled = 0;
+ document.iform.ldap_pass.disabled = 0;
document.iform.ldap_version.disabled = 0;
+ document.iform.ldap_userattribute.disabled = 0;
document.iform.ldap_filter.disabled = 0;
document.iform.ldap_basedomain.disabled = 0;
document.iform.radius_secret.disabled = 1;
document.iform.msnt_secondary.disabled = 1;
+ document.iform.auth_ntdomain.disabled = 1;
break;
case 'radius':
document.iform.auth_server.disabled = 0;
document.iform.auth_server_port.disabled = 0;
document.iform.ldap_user.disabled = 1;
- document.iform.ldap_password.disabled = 1;
+ document.iform.ldap_pass.disabled = 1;
document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_userattribute.disabled = 1;
document.iform.ldap_filter.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 0;
document.iform.msnt_secondary.disabled = 1;
+ document.iform.auth_ntdomain.disabled = 1;
break;
case 'msnt':
document.iform.auth_server.disabled = 0;
document.iform.auth_server_port.disabled = 1;
+ document.iform.auth_ntdomain.disabled = 0;
document.iform.ldap_user.disabled = 1;
- document.iform.ldap_password.disabled = 1;
+ document.iform.ldap_pass.disabled = 1;
document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_userattribute.disabled = 1;
document.iform.ldap_filter.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 1;
@@ -1212,12 +1308,13 @@ function squid_generate_rules($type) {
global $config;
$squid_conf = $config['installedpackages']['squid']['config'][0];
- if (!is_service_running('squid')) {
- log_error("SQUID is installed but not started. Not installing redirect rules.");
+
+ if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) {
return;
}
- if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) {
+ if (!is_service_running('squid')) {
+ log_error("SQUID is installed but not started. Not installing \"{$type}\" rules.");
return;
}
@@ -1225,47 +1322,89 @@ function squid_generate_rules($type) {
$ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces);
$port = ($squid_conf['proxy_port'] ? $squid_conf['proxy_port'] : 3128);
+ $fw_aliases = filter_generate_aliases();
+ if(strstr($fw_aliases, "pptp ="))
+ $PPTP_ALIAS = "\$pptp";
+ else
+ $PPTP_ALIAS = "\$PPTP";
+ if(strstr($fw_aliases, "PPPoE ="))
+ $PPPOE_ALIAS = "\$PPPoE";
+ else
+ $PPPOE_ALIAS = "\$pppoe";
+
switch($type) {
- case 'nat':
- $rules .= "\n# Setup Squid proxy redirect\n";
- if ($squid_conf['private_subnet_proxy_off'] == 'on') {
- foreach ($ifaces as $iface){
- $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n";
- }
- }
-
- if (!empty($squid_conf['defined_ip_proxy_off'])) {
- $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']);
- $exempt_ip = "";
- foreach ($defined_ip_proxy_off as $ip_proxy_off) {
- if(!empty($ip_proxy_off)) {
- $ip_proxy_off = trim($ip_proxy_off);
- $exempt_ip .= ", $ip_proxy_off";
- }
- }
- $exempt_ip = substr($exempt_ip,2);
- foreach ($ifaces as $iface){
- $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n";
- }
- }
-
- foreach ($ifaces as $iface){
- $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
- };
- $rules .= "\n";
- break;
- case 'filter':
- foreach ($ifaces as $iface){
- $rules .= "# Setup squid pass rules for proxy\n";
- $rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
- $rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";
+ case 'nat':
+ $rules .= "\n# Setup Squid proxy redirect\n";
+ if ($squid_conf['private_subnet_proxy_off'] == 'on') {
+ foreach ($ifaces as $iface) {
+ $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n";
+ }
+ }
+ if (!empty($squid_conf['defined_ip_proxy_off'])) {
+ $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']);
+ $exempt_ip = "";
+ foreach ($defined_ip_proxy_off as $ip_proxy_off) {
+ if(!empty($ip_proxy_off)) {
+ $ip_proxy_off = trim($ip_proxy_off);
+ if (is_alias($ip_proxy_off))
+ $ip_proxy_off = '$'.$ip_proxy_off;
+ $exempt_ip .= ", $ip_proxy_off";
+ }
+ }
+ $exempt_ip = substr($exempt_ip,2);
+ foreach ($ifaces as $iface) {
+ $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n";
+ }
+ }
+ if (!empty($squid_conf['defined_ip_proxy_off_dest'])) {
+ $defined_ip_proxy_off_dest = explode(";", $squid_conf['defined_ip_proxy_off_dest']);
+ $exempt_dest = "";
+ foreach ($defined_ip_proxy_off_dest as $ip_proxy_off_dest) {
+ if(!empty($ip_proxy_off_dest)) {
+ $ip_proxy_off_dest = trim($ip_proxy_off_dest);
+ if (is_alias($ip_proxy_off_dest))
+ $ip_proxy_off_dest = '$'.$ip_proxy_off_dest;
+ $exempt_dest .= ", $ip_proxy_off_dest";
+ }
+ }
+ $exempt_dest = substr($exempt_dest,2);
+ foreach ($ifaces as $iface) {
+ $rules .= "no rdr on $iface proto tcp from any to { $exempt_dest } port 80\n";
+ }
+ }
+ foreach ($ifaces as $iface) {
+ $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
+ }
+ /* Handle PPPOE case */
+ if($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) {
+ $rules .= "rdr on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port 80 -> 127.0.0.1 port 80\n";
+ }
+ /* Handle PPTP case */
+ if($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) {
+ $rules .= "rdr on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port 80 -> 127.0.0.1 port 80\n";
+ }
$rules .= "\n";
+ break;
+ case 'filter':
+ case 'rule':
+ foreach ($ifaces as $iface) {
+ $rules .= "# Setup squid pass rules for proxy\n";
+ $rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
+ $rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";
+ $rules .= "\n";
};
- break;
- default:
- break;
+ if($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) {
+ $rules .= "pass in quick on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port $port flags S/SA keep state\n";
+ }
+ if($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) {
+ $rules .= "pass in quick on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port $port flags S/SA keep state\n";
+ }
+ break;
+ default:
+ break;
}
return $rules;
}
+
?>
diff --git a/config/squid3/squid.xml b/config/squid3/squid.xml
index 662805da..fe648a18 100644
--- a/config/squid3/squid.xml
+++ b/config/squid3/squid.xml
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>squid</name>
- <version>3.0.8</version>
+ <version>2.6.STABLE18</version>
<title>Proxy server: General settings</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<menu>
@@ -63,32 +63,32 @@
</service>
<tabs>
<tab>
- <text>General settings</text>
+ <text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
<active/>
</tab>
<tab>
- <text>Upstream proxy</text>
+ <text>Upstream Proxy</text>
<url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
</tab>
<tab>
- <text>Cache management</text>
+ <text>Cache Mgmt</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
- <text>Access control</text>
+ <text>Access Control</text>
<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
</tab>
<tab>
- <text>Traffic management</text>
+ <text>Traffic Mgmt</text>
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
<tab>
- <text>Auth settings</text>
+ <text>Auth Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
<tab>
- <text>Local users</text>
+ <text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
</tabs>
@@ -96,52 +96,52 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid.inc</item>
+ <item>http://www.pfsense.org/packages/config/squid/squid.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_cache.xml</item>
+ <item>http://www.pfsense.org/packages/config/squid/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_nac.xml</item>
+ <item>http://www.pfsense.org/packages/config/squid/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_ng.xml</item>
+ <item>http://www.pfsense.org/packages/config/squid/squid_ng.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_traffic.xml</item>
+ <item>http://www.pfsense.org/packages/config/squid/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_upstream.xml</item>
+ <item>http://www.pfsense.org/packages/config/squid/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_auth.xml</item>
+ <item>http://www.pfsense.org/packages/config/squid/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_users.xml</item>
+ <item>http://www.pfsense.org/packages/config/squid/squid_users.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/etc/rc.d/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/proxy_monitor.sh</item>
+ <item>http://www.pfsense.org/packages/config/squid/proxy_monitor.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_cache.xml</item>
+ <item>http://www.pfsense.org/packages/config/squid/squid_cache.xml</item>
</additional_files_needed>
<fields>
<field>
@@ -177,10 +177,17 @@
<field>
<fielddescr>Bypass proxy for these source IPs</fielddescr>
<fieldname>defined_ip_proxy_off</fieldname>
- <description>Do not forward traffic from these &lt;b&gt;source&lt;/b&gt; IPs through the proxy server but directly through the firewall. Separate by semi-colons (;).</description>
+ <description>Do not forward traffic from these &lt;b&gt;source&lt;/b&gt; IPs, hostnames, or aliases through the proxy server but directly through the firewall. Separate by semi-colons (;).</description>
<type>input</type>
<size>80</size>
- </field>
+ </field>
+ <field>
+ <fielddescr>Bypass proxy for these destination IPs</fielddescr>
+ <fieldname>defined_ip_proxy_off_dest</fieldname>
+ <description>Do not proxy traffic going to these &lt;b&gt;destination&lt;/b&gt; IPs, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;).</description>
+ <type>input</type>
+ <size>80</size>
+ </field>
<field>
<fielddescr>Enabled logging</fielddescr>
<fieldname>log_enabled</fieldname>
@@ -195,7 +202,7 @@
<type>input</type>
<size>60</size>
<required/>
- <default_value>/var/squid/log</default_value>
+ <default_value>/var/squid/logs</default_value>
</field>
<field>
<fielddescr>Log rotate</fielddescr>
@@ -296,8 +303,8 @@
<fieldname>disable_squidversion</fieldname>
<description>If set, suppress Squid version string info in HTTP headers and HTML error pages.</description>
<type>checkbox</type>
- </field>
- <field>
+ </field>
+ <field>
<fielddescr>Custom Options</fielddescr>
<fieldname>custom_options</fieldname>
<description>You can put your own custom options here, separated by semi-colons (;). They'll be added to the configuration. They need to be squid.conf native options, otherwise squid will NOT work.</description>
@@ -330,4 +337,5 @@
squid_deinstall_command();
exec("/bin/rm -f /usr/local/etc/rc.d/squid*");
</custom_php_deinstall_command>
-</packagegui>
+ <filter_rules_needed>squid_generate_rules</filter_rules_needed>
+</packagegui> \ No newline at end of file
diff --git a/config/squid3/squid_auth.xml b/config/squid3/squid_auth.xml
index b3e7c5c1..c8e34553 100644
--- a/config/squid3/squid_auth.xml
+++ b/config/squid3/squid_auth.xml
@@ -51,32 +51,32 @@
<include_file>squid.inc</include_file>
<tabs>
<tab>
- <text>General settings</text>
+ <text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream proxy</text>
+ <text>Upstream Proxy</text>
<url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
</tab>
<tab>
- <text>Cache management</text>
+ <text>Cache Mgmt</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
- <text>Access control</text>
+ <text>Access Control</text>
<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
</tab>
<tab>
- <text>Traffic management</text>
+ <text>Traffic Mgmt</text>
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
<tab>
- <text>Auth settings</text>
+ <text>Auth Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
<active/>
</tab>
<tab>
- <text>Local users</text>
+ <text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
</tabs>
@@ -123,6 +123,13 @@
<size>60</size>
</field>
<field>
+ <fielddescr>NT domain</fielddescr>
+ <fieldname>auth_ntdomain</fieldname>
+ <description>Enter here the NT domain.</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
<fielddescr>LDAP server user DN</fielddescr>
<fieldname>ldap_user</fieldname>
<description>Enter here the user DN to use to connect to the LDAP server.</description>
@@ -144,6 +151,14 @@
<size>60</size>
</field>
<field>
+ <fielddescr>LDAP username DN attribute</fielddescr>
+ <fieldname>ldap_userattribute</fieldname>
+ <description>Enter LDAP username DN attibute.</description>
+ <type>input</type>
+ <size>60</size>
+ <default_value>uid</default_value>
+ </field>
+ <field>
<fielddescr>LDAP search filter</fielddescr>
<fieldname>ldap_filter</fieldname>
<description>Enter LDAP search filter.</description>
diff --git a/config/squid3/squid_cache.xml b/config/squid3/squid_cache.xml
index f03053b0..881f15b3 100644
--- a/config/squid3/squid_cache.xml
+++ b/config/squid3/squid_cache.xml
@@ -42,41 +42,41 @@
/* ========================================================================== */
]]>
</copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
<name>squidcache</name>
<version>none</version>
<title>Proxy server: Cache management</title>
<include_file>squid.inc</include_file>
<tabs>
<tab>
- <text>General settings</text>
+ <text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream proxy</text>
+ <text>Upstream Proxy</text>
<url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
</tab>
<tab>
- <text>Cache management</text>
+ <text>Cache Mgmt</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
<active/>
</tab>
<tab>
- <text>Access control</text>
+ <text>Access Control</text>
<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
</tab>
<tab>
- <text>Traffic management</text>
+ <text>Traffic Mgmt</text>
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
<tab>
- <text>Auth settings</text>
+ <text>Auth Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
<tab>
- <text>Local users</text>
+ <text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
</tabs>
@@ -92,13 +92,14 @@
<field>
<fielddescr>Hard disk cache system</fielddescr>
<fieldname>harddisk_cache_system</fieldname>
- <description>This specifies the kind of storage system to use. &lt;p&gt; &lt;b&gt; ufs &lt;/b&gt; is the old well-known Squid storage format that has always been there. &lt;p&gt; &lt;b&gt; aufs &lt;/b&gt; uses POSIX-threads to avoid blocking the main Squid process on disk-I/O. (Formerly known as async-io.) &lt;p&gt; &lt;b&gt; diskd &lt;/b&gt; uses a separate process to avoid blocking the main Squid process on disk-I/O.</description>
+ <description>This specifies the kind of storage system to use. &lt;p&gt; &lt;b&gt; ufs &lt;/b&gt; is the old well-known Squid storage format that has always been there. &lt;p&gt; &lt;b&gt; aufs &lt;/b&gt; uses POSIX-threads to avoid blocking the main Squid process on disk-I/O. (Formerly known as async-io.) &lt;p&gt; &lt;b&gt; diskd &lt;/b&gt; uses a separate process to avoid blocking the main Squid process on disk-I/O. &lt;p&gt; &lt;b&gt; null &lt;/b&gt; Does not use any storage. Ideal for Embedded/NanoBSD.</description>
<type>select</type>
- <default_value>aufs</default_value>
+ <default_value>ufs</default_value>
<options>
<option><name>ufs</name><value>ufs</value></option>
<option><name>aufs</name><value>aufs</value></option>
<option><name>diskd</name><value>diskd</value></option>
+ <option><name>null</name><value>null</value></option>
</options>
</field>
<field>
diff --git a/config/squid3/squid_extauth.xml b/config/squid3/squid_extauth.xml
index 745e85d5..41d9f633 100644
--- a/config/squid3/squid_extauth.xml
+++ b/config/squid3/squid_extauth.xml
@@ -51,7 +51,7 @@
<aftersaveredirect>/pkg_edit.php?xml=squid_extauth.xml&amp;id=0</aftersaveredirect>
<tabs>
<tab>
- <text>General Settings</text>
+ <text>General</text>
<url>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</url>
</tab>
@@ -66,7 +66,7 @@
</tab>
<tab>
- <text>Network Access Control</text>
+ <text>Access Control</text>
<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
</tab>
@@ -76,12 +76,12 @@
</tab>
<tab>
- <text>Auth Settings</text>
+ <text>Auth</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
<tab>
- <text>Extended Auth Settings</text>
+ <text>Extended Auth</text>
<url>/pkg_edit.php?xml=squid_extauth.xml&amp;id=0</url>
<active/>
</tab>
diff --git a/config/squid3/squid_nac.xml b/config/squid3/squid_nac.xml
index 56e3fa8b..193a89c6 100644
--- a/config/squid3/squid_nac.xml
+++ b/config/squid3/squid_nac.xml
@@ -51,32 +51,32 @@
<include_file>squid.inc</include_file>
<tabs>
<tab>
- <text>General settings</text>
+ <text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream proxy</text>
+ <text>Upstream Proxy</text>
<url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
</tab>
<tab>
- <text>Cache management</text>
+ <text>Cache Mgmt</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
- <text>Access control</text>
+ <text>Access Control</text>
<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
<active/>
</tab>
<tab>
- <text>Traffic management</text>
+ <text>Traffic Mgmt</text>
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
<tab>
- <text>Auth settings</text>
+ <text>Auth Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
<tab>
- <text>Local users</text>
+ <text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
</tabs>
@@ -132,7 +132,7 @@
<description>Enter the IPs for the external Cache Managers to be allowed here, separated by semi-colons (;).</description>
<type>input</type>
<size>60</size>
- </field>
+ </field>
</fields>
<custom_php_validation_command>
squid_validate_nac($_POST, &amp;$input_errors);
diff --git a/config/squid3/squid_ng.xml b/config/squid3/squid_ng.xml
index 5949606e..5d956387 100644
--- a/config/squid3/squid_ng.xml
+++ b/config/squid3/squid_ng.xml
@@ -90,11 +90,11 @@
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
<tab>
- <text>Auth Settings</text>
+ <text>Auth</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
<tab>
- <text>Extended Auth Settings</text>
+ <text>Extended Auth</text>
<url>/pkg_edit.php?xml=squid_extauth.xml&amp;id=0</url>
</tab>
</tabs>
diff --git a/config/squid3/squid_traffic.xml b/config/squid3/squid_traffic.xml
index 1330cac9..d560a7ad 100644
--- a/config/squid3/squid_traffic.xml
+++ b/config/squid3/squid_traffic.xml
@@ -51,32 +51,32 @@
<include_file>squid.inc</include_file>
<tabs>
<tab>
- <text>General settings</text>
+ <text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream proxy</text>
+ <text>Upstream Proxy</text>
<url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
</tab>
<tab>
- <text>Cache management</text>
+ <text>Cache Mgmt</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
- <text>Access control</text>
+ <text>Access Control</text>
<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
</tab>
<tab>
- <text>Traffic management</text>
+ <text>Traffic Mgmt</text>
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
<active/>
</tab>
<tab>
- <text>Auth settings</text>
+ <text>Auth Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
<tab>
- <text>Local users</text>
+ <text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
</tabs>
diff --git a/config/squid3/squid_upstream.xml b/config/squid3/squid_upstream.xml
index 1102c672..ad494524 100644
--- a/config/squid3/squid_upstream.xml
+++ b/config/squid3/squid_upstream.xml
@@ -51,33 +51,33 @@
<include_file>squid.inc</include_file>
<tabs>
<tab>
- <text>General settings</text>
+ <text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream proxy</text>
+ <text>Upstream Proxy</text>
<url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
<active/>
</tab>
<tab>
- <text>Cache management</text>
+ <text>Cache Mgmt</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
- <text>Access control</text>
+ <text>Access Control</text>
<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
</tab>
<tab>
- <text>Traffic management</text>
+ <text>Traffic Mgmt</text>
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
<tab>
- <text>Auth settings</text>
+ <text>Auth Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
<tab>
- <text>Local users</text>
- <url>/pkg.php?xml=squid_users.in</url>
+ <text>Local Users</text>
+ <url>/pkg.php?xml=squid_users.xml</url>
</tab>
</tabs>
<fields>
diff --git a/config/squid3/squid_users.xml b/config/squid3/squid_users.xml
index 34260817..eef6389f 100644
--- a/config/squid3/squid_users.xml
+++ b/config/squid3/squid_users.xml
@@ -53,31 +53,31 @@
<addedit_string>A proxy server user has been created/modified.</addedit_string>
<tabs>
<tab>
- <text>General settings</text>
+ <text>General</text>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</tab>
<tab>
- <text>Upstream proxy</text>
+ <text>Upstream Proxy</text>
<url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
</tab>
<tab>
- <text>Cache management</text>
+ <text>Cache Mgmt</text>
<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
- <text>Access control</text>
+ <text>Access Control</text>
<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
</tab>
<tab>
- <text>Traffic management</text>
+ <text>Traffic Mgmt</text>
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
<tab>
- <text>Auth settings</text>
+ <text>Auth Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
<tab>
- <text>Local users</text>
+ <text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
<active/>
</tab>