aboutsummaryrefslogtreecommitdiffstats
path: root/config/squid3
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2014-06-17 14:18:15 -0400
committerjim-p <jimp@pfsense.org>2014-06-17 14:18:15 -0400
commit01608334652d20273469967f69d5367c49e42b9a (patch)
tree39cef23bc90dd6b8e0cee0927a9313c4fb2c64b1 /config/squid3
parent62559c79ad7d5033b285ca0dc65bccf0f88f72bd (diff)
parenta579dfb326bb24443f0d7da0dbcde27a527cb9aa (diff)
downloadpfsense-packages-01608334652d20273469967f69d5367c49e42b9a.tar.gz
pfsense-packages-01608334652d20273469967f69d5367c49e42b9a.tar.bz2
pfsense-packages-01608334652d20273469967f69d5367c49e42b9a.zip
Merge pull request #675 from trendchiller/master
Diffstat (limited to 'config/squid3')
-rw-r--r--config/squid3/31/squid.inc21
-rw-r--r--config/squid3/31/squid_reverse.inc27
-rw-r--r--config/squid3/31/squid_reverse.xml4
-rw-r--r--config/squid3/31/squid_reverse_general.xml4
-rwxr-xr-xconfig/squid3/33/squid.inc20
-rwxr-xr-xconfig/squid3/33/squid_reverse.inc29
-rwxr-xr-xconfig/squid3/33/squid_reverse.xml4
-rwxr-xr-xconfig/squid3/33/squid_reverse_general.xml4
8 files changed, 72 insertions, 41 deletions
diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc
index 0256d078..b8f1e3e1 100644
--- a/config/squid3/31/squid.inc
+++ b/config/squid3/31/squid.inc
@@ -402,6 +402,7 @@ function squid_validate_general($post, $input_errors) {
if (!empty($icp_port) && !is_port($icp_port))
$input_errors[] = 'You must enter a valid port number in the \'ICP port\' field';
+
if (substr($post['log_dir'], -1, 1) == '/')
$input_errors[] = 'You may not end log location with an / mark';
@@ -594,9 +595,8 @@ function squid_validate_reverse($post, $input_errors) {
if(!empty($post['reverse_ip'])) {
$reverse_ip = explode(";", ($post['reverse_ip']));
foreach ($reverse_ip as $reip) {
- if (!is_ipaddr($reip))
- $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field';
- break;
+ if (!is_ipaddr(trim($reip)))
+ $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.';
}}
$fqdn = trim($post['reverse_external_fqdn']);
@@ -618,15 +618,12 @@ function squid_validate_reverse($post, $input_errors) {
$input_errors[] = "You have to enable reverse HTTPS before enabling OWA support.";
}
-/*
- if (!is_cert($post['reverse_int_ca']))
- $input_errors[] = 'A valid certificate for the external interface must be selected';
-*/
-
- $rowa = trim($post['reverse_owa_ip']);
- if (!empty($rowa) && !is_ipaddr($rowa))
- $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address';
-
+ if(!empty($post['reverse_owa_ip'])) {
+ $reverse_owa_ip = explode(";", ($post['reverse_owa_ip']));
+ foreach ($reverse_owa_ip as $reowaip) {
+ if (!is_ipaddr(trim($reowaip)))
+ $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.';
+ }}
$contents = $post['reverse_cache_peer'];
if(!empty($contents)) {
diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index 4ac7fe82..d2611c79 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -100,8 +100,17 @@ function squid_resync_reverse() {
//PEERS
if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])))
- $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n";
-
+
+ if(!empty($settings['reverse_owa_ip'])) {
+ $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip']));
+ $casnr = 0;
+ foreach ($reverse_owa_ip as $reowaip) {
+ $casnr++;
+ $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n";
+ $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASS name=OWA_HOST_80_{$casnr}_pfs\n";
+ }
+ }
+
$active_peers=array();
if (is_array($reverse_peers))
foreach ($reverse_peers as $rp){
@@ -183,6 +192,9 @@ function squid_resync_reverse() {
if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) {
$reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
+ $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
+ $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
$conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
}
}
@@ -211,8 +223,15 @@ function squid_resync_reverse() {
//ACCESS
if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") {
- $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n";
- $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n";
+
+ for($cascnt=1;$cascnt<$casnr+1;$cascnt++)
+ {
+ $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n";
+ $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n";
+ $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n";
+ $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n";
+ }
+
$conf .= "never_direct allow OWA_URI_pfs\n";
$conf .= "http_access allow OWA_URI_pfs\n";
}
diff --git a/config/squid3/31/squid_reverse.xml b/config/squid3/31/squid_reverse.xml
index 28d8cbcf..b0f6a614 100644
--- a/config/squid3/31/squid_reverse.xml
+++ b/config/squid3/31/squid_reverse.xml
@@ -219,9 +219,9 @@
<field>
<fielddescr>CAS-Array / OWA frontend IP address</fielddescr>
<fieldname>reverse_owa_ip</fieldname>
- <description>This is the internal IP Address of the CAS-Array / OWA frontend server.</description>
+ <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description>
<type>input</type>
- <size>15</size>
+ <size>70</size>
</field>
<field>
<fielddescr>Enable ActiveSync</fielddescr>
diff --git a/config/squid3/31/squid_reverse_general.xml b/config/squid3/31/squid_reverse_general.xml
index 029072a6..9bff5d8e 100644
--- a/config/squid3/31/squid_reverse_general.xml
+++ b/config/squid3/31/squid_reverse_general.xml
@@ -207,9 +207,9 @@
<field>
<fielddescr>CAS-Array / OWA frontend IP address</fielddescr>
<fieldname>reverse_owa_ip</fieldname>
- <description>This is the internal IP Address of the CAS-Array / OWA frontend server.</description>
+ <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description>
<type>input</type>
- <size>15</size>
+ <size>70</size>
</field>
<field>
<fielddescr>Enable ActiveSync</fielddescr>
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index a97746e2..d006c0db 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -615,9 +615,8 @@ function squid_validate_reverse($post, $input_errors) {
if(!empty($post['reverse_ip'])) {
$reverse_ip = explode(";", ($post['reverse_ip']));
foreach ($reverse_ip as $reip) {
- if (!is_ipaddr($reip))
- $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field';
- break;
+ if (!is_ipaddr(trim($reip)))
+ $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.';
}}
$fqdn = trim($post['reverse_external_fqdn']);
@@ -639,15 +638,12 @@ function squid_validate_reverse($post, $input_errors) {
$input_errors[] = "You have to enable reverse HTTPS before enabling OWA support.";
}
-/*
- if (!is_cert($post['reverse_int_ca']))
- $input_errors[] = 'A valid certificate for the external interface must be selected';
-*/
-
- $rowa = trim($post['reverse_owa_ip']);
- if (!empty($rowa) && !is_ipaddr($rowa))
- $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address';
-
+ if(!empty($post['reverse_owa_ip'])) {
+ $reverse_owa_ip = explode(";", ($post['reverse_owa_ip']));
+ foreach ($reverse_owa_ip as $reowaip) {
+ if (!is_ipaddr(trim($reowaip)))
+ $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.';
+ }}
$contents = $post['reverse_cache_peer'];
if(!empty($contents)) {
diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc
index 6ae209b2..a6b81c0b 100755
--- a/config/squid3/33/squid_reverse.inc
+++ b/config/squid3/33/squid_reverse.inc
@@ -100,14 +100,23 @@ function squid_resync_reverse() {
//PEERS
if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])))
- $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n";
-
+
+ if(!empty($settings['reverse_owa_ip'])) {
+ $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip']));
+ $casnr = 0;
+ foreach ($reverse_owa_ip as $reowaip) {
+ $casnr++;
+ $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n";
+ $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on name=OWA_HOST_80_{$casnr}_pfs\n";
+ }
+ }
+
$active_peers=array();
if (is_array($reverse_peers))
foreach ($reverse_peers as $rp){
if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){
$conf_peer = "#{$rp['description']}\n";
- $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU round-robin ";
+ $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin ";
if($rp['protocol'] == 'HTTPS')
$conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto ";
$conf_peer .= "name=rvp_{$rp['name']}\n\n";
@@ -182,6 +191,9 @@ function squid_resync_reverse() {
if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) {
$reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
+ $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n";
+ $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
$conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
}
}
@@ -210,8 +222,15 @@ function squid_resync_reverse() {
//ACCESS
if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") {
- $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n";
- $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n";
+
+ for($cascnt=1;$cascnt<$casnr+1;$cascnt++)
+ {
+ $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n";
+ $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n";
+ $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n";
+ $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n";
+ }
+
$conf .= "never_direct allow OWA_URI_pfs\n";
$conf .= "http_access allow OWA_URI_pfs\n";
}
diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml
index 28d8cbcf..b0f6a614 100755
--- a/config/squid3/33/squid_reverse.xml
+++ b/config/squid3/33/squid_reverse.xml
@@ -219,9 +219,9 @@
<field>
<fielddescr>CAS-Array / OWA frontend IP address</fielddescr>
<fieldname>reverse_owa_ip</fieldname>
- <description>This is the internal IP Address of the CAS-Array / OWA frontend server.</description>
+ <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description>
<type>input</type>
- <size>15</size>
+ <size>70</size>
</field>
<field>
<fielddescr>Enable ActiveSync</fielddescr>
diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml
index 029072a6..9bff5d8e 100755
--- a/config/squid3/33/squid_reverse_general.xml
+++ b/config/squid3/33/squid_reverse_general.xml
@@ -207,9 +207,9 @@
<field>
<fielddescr>CAS-Array / OWA frontend IP address</fielddescr>
<fieldname>reverse_owa_ip</fieldname>
- <description>This is the internal IP Address of the CAS-Array / OWA frontend server.</description>
+ <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description>
<type>input</type>
- <size>15</size>
+ <size>70</size>
</field>
<field>
<fielddescr>Enable ActiveSync</fielddescr>