aboutsummaryrefslogtreecommitdiffstats
path: root/config/squid3
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2014-04-01 15:58:23 -0300
committerMarcello Coutinho <marcellocoutinho@gmail.com>2014-04-01 15:58:23 -0300
commit5eee1edfd52d58653d0589cce0effa7646c370fe (patch)
treea0c26c0f5225b4a9cb594f94a592c1ac3a69cb8d /config/squid3
parent58d8dd6d9b72e78ee163fd09945c252624d0496d (diff)
downloadpfsense-packages-5eee1edfd52d58653d0589cce0effa7646c370fe.tar.gz
pfsense-packages-5eee1edfd52d58653d0589cce0effa7646c370fe.tar.bz2
pfsense-packages-5eee1edfd52d58653d0589cce0effa7646c370fe.zip
squid3-dev - improve captive portal and custom options acls
Diffstat (limited to 'config/squid3')
-rwxr-xr-xconfig/squid3/33/squid.inc18
-rw-r--r--config/squid3/33/squid.xml14
2 files changed, 22 insertions, 10 deletions
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index e13e51d1..bc238a5d 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -1603,8 +1603,8 @@ function squid_resync_auth() {
$conf.="# Package Integration\n".preg_replace($co_preg,$co_rep,$settingsconfig['custom_options'])."\n\n";
}
- // Custom User Options
- $conf .= "# Custom options\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n";
+ // Custom User Options before authentication acls
+ $conf .= "# Custom options before auth\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n";
// Deny the banned guys before allowing the good guys
if(! empty($settingsnac['banned_hosts'])) {
@@ -1722,9 +1722,8 @@ function squid_resync_auth() {
$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n";
break;
case 'cp':
- $conf .= "external_acl_type check_filter children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n";
- $conf .= "acl dgfilter external check_filter\n";
- $conf .= "http_access allow dgfilter\n";
+ $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n";
+ $conf .= "acl password external check_cp\n";
break;
case 'msnt':
$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n";
@@ -1740,6 +1739,9 @@ acl password proxy_auth REQUIRED
EOD;
}
+ // Custom User Options after authentication definition
+ $conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n";
+
// Onto the ACLs
$password = array('localnet', 'allowed_subnets');
$passwordless = array('unrestricted_hosts');
@@ -1756,7 +1758,7 @@ EOD;
foreach ($passwordless as $acl)
$conf .= "http_access allow $acl\n";
- if ($auth_method != 'cp'){
+ //if ($auth_method != 'cp'){
// Include squidguard denied acl log in squid
if ($settingsconfig['log_sqd'])
$conf .="http_access deny password sglog\n";
@@ -1764,9 +1766,9 @@ EOD;
// Allow the other ACLs as long as they authenticate
foreach ($password as $acl)
$conf .= "http_access allow password $acl\n";
- }
+ // }
}
-
+
$conf .= "# Default block all to be sure\n";
$conf .= "http_access deny allsrc\n";
diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml
index ef5a9c94..1cbf2338 100644
--- a/config/squid3/33/squid.xml
+++ b/config/squid3/33/squid.xml
@@ -528,9 +528,19 @@
<rows>5</rows>
</field>
<field>
- <fielddescr>Custom Options</fielddescr>
+ <fielddescr>Custom ACLS (Before_Auth)</fielddescr>
<fieldname>custom_options_squid3</fieldname>
- <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration.<br>
+ <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration before authetication acls(if any).<br>
+ <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <cols>78</cols>
+ <rows>10</rows>
+ </field>
+ <field>
+ <fielddescr>Custom ACLS (After_Auth)</fielddescr>
+ <fieldname>custom_options2_squid3</fieldname>
+ <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration after authetication definition(if any).<br>
<strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description>
<type>textarea</type>
<encoding>base64</encoding>