aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authordoktornotor <notordoktor@gmail.com>2015-09-25 18:16:56 +0200
committerdoktornotor <notordoktor@gmail.com>2015-09-25 18:16:56 +0200
commit8bd11f12a7ed5cc05f0ea143e1efc39437b0b4d4 (patch)
tree8eb56bd2b3eb04c1543e47d90068875e3d8b8242 /config
parent1bb22453b33423265b2af2056159179c1cefea67 (diff)
downloadpfsense-packages-8bd11f12a7ed5cc05f0ea143e1efc39437b0b4d4.tar.gz
pfsense-packages-8bd11f12a7ed5cc05f0ea143e1efc39437b0b4d4.tar.bz2
pfsense-packages-8bd11f12a7ed5cc05f0ea143e1efc39437b0b4d4.zip
squid3 - code style fixes, fix file perms, fix error language, improve descriptions
Diffstat (limited to 'config')
-rw-r--r--config/squid3/34/squid.xml579
1 files changed, 366 insertions, 213 deletions
diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml
index 96f2610c..294494da 100644
--- a/config/squid3/34/squid.xml
+++ b/config/squid3/34/squid.xml
@@ -2,62 +2,58 @@
<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
- <copyright>
- <![CDATA[
+ <copyright>
+<![CDATA[
/* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2013-2014 Marcello Coutinho
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
+ squid.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2012-2014 Marcello Coutinho
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+*/
+/* ====================================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 1. Redistributions of source code MUST retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ====================================================================================== */
+ ]]>
+ </copyright>
<name>squid</name>
- <version>0.2.8</version>
- <title>Proxy server: General settings</title>
+ <version>0.3.5</version>
+ <title>Proxy Server: General Settings</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<menu>
- <name>Proxy server</name>
- <tooltiptext>Modify the proxy server's settings</tooltiptext>
+ <name>Squid Proxy Server</name>
+ <tooltiptext>Modify the proxy server settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
</menu>
<menu>
- <name>Reverse Proxy</name>
- <tooltiptext>Modify the proxy reverse server's settings</tooltiptext>
+ <name>Squid Reverse Proxy</name>
+ <tooltiptext>Modify the reverse proxy server settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squid_reverse_general.xml&amp;id=0</url>
</menu>
@@ -65,19 +61,19 @@
<name>squid</name>
<rcfile>squid.sh</rcfile>
<executable>squid</executable>
- <description>Proxy server Service</description>
+ <description>Squid Proxy Server Service</description>
</service>
<service>
<name>clamd</name>
<rcfile>clamav-clamd</rcfile>
<executable>clamd</executable>
- <description>Clamav Antivirus</description>
+ <description>ClamAV Antivirus</description>
</service>
<service>
<name>c-icap</name>
<rcfile>c-icap</rcfile>
<executable>c-icap</executable>
- <description>Icap inteface for squid and clamav integration</description>
+ <description>ICAP Inteface for Squid and ClamAV integration</description>
</service>
<tabs>
<tab>
@@ -114,7 +110,7 @@
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
<tab>
- <text>Real time</text>
+ <text>Real Time</text>
<url>/squid_monitor.php</url>
</tab>
<tab>
@@ -122,143 +118,136 @@
<url>/pkg_edit.php?xml=squid_sync.xml</url>
</tab>
</tabs>
- <!-- Installation -->
+ <!-- START INC files -->
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
+ <prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/squid3/34/squid.inc</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_general.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_peer.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.inc</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_uri.xml</item>
+ <prefix>/usr/local/www/shortcuts/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/pkg_squid.inc</item>
</additional_files_needed>
+ <!-- END INC files -->
+ <!-- START XML files -->
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_sync.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_sync.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
+ <prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/squid3/34/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
+ <prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/squid3/34/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_traffic.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_upstream.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_general.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_peer.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_redir.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_auth.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_users.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_uri.xml</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/sqpmon.sh</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/swapstate_check.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_redir.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_users.xml</item>
+ </additional_files_needed>
+ <!-- END XML files -->
+ <!-- START additional PHP files -->
+ <additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_clwarn.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
+ <prefix>/usr/local/www/</prefix>
<item>https://packages.pfsense.org/packages/config/squid3/34/squid_monitor.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
+ <prefix>/usr/local/www/</prefix>
<item>https://packages.pfsense.org/packages/config/squid3/34/squid_monitor_data.php</item>
</additional_files_needed>
+ <!-- END additional PHP files -->
+ <!-- START executable CLI scripts -->
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_log_parser.php</item>
+ <prefix>/usr/local/bin/</prefix>
+ <chmod>0755</chmod>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/check_ip.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/squid_clwarn.php</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/sqpmon.sh</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/www/shortcuts/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/pkg_squid.inc</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_log_parser.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>0755</chmod>
- <item>https://packages.pfsense.org/packages/config/squid3/34/check_ip.php</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/swapstate_check.php</item>
</additional_files_needed>
+ <!-- END executable CLI scripts -->
+ <advanced_options>enabled</advanced_options>
<fields>
<field>
<name>Squid General Settings</name>
<type>listtopic</type>
</field>
<field>
- <fielddescr>Proxy interface(s)</fielddescr>
+ <fielddescr>Proxy Interface(s)</fielddescr>
<fieldname>active_interface</fieldname>
- <description>The interface(s) the proxy server will bind to.</description>
+ <description>
+ <![CDATA[
+ The interface(s) the proxy server will bind to.<br/>
+ <strong>Note: Use CTRL + click to select multiple interfaces.</strong>
+ ]]>
+ </description>
<type>interfaces_selection</type>
<required/>
<default_value>lan</default_value>
<multiple/>
</field>
<field>
- <fielddescr>Proxy port</fielddescr>
+ <fielddescr>Proxy Port</fielddescr>
<fieldname>proxy_port</fieldname>
<description>This is the port the proxy server will listen on.</description>
<type>input</type>
@@ -267,44 +256,71 @@
<default_value>3128</default_value>
</field>
<field>
- <fielddescr>ICP port</fielddescr>
+ <fielddescr>ICP Port</fielddescr>
<fieldname>icp_port</fieldname>
- <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. Leave this blank if you don't want the proxy server to communicate with neighbor caches through ICP.</description>
+ <description>
+ <![CDATA[
+ This is the port the proxy server will send and receive ICP queries to and from neighbor caches.<br/>
+ Leave this blank if you don't want the proxy server to communicate with neighbor caches through ICP.
+ ]]>
+ </description>
<type>input</type>
<size>5</size>
</field>
<field>
- <fielddescr>Allow users on interface</fielddescr>
+ <fielddescr>Allow Users on Interface</fielddescr>
<fieldname>allow_interface</fieldname>
- <description>If this field is checked, the users connected to the interface selected in the 'Proxy interface' field will be allowed to use the proxy, i.e., there will be no need to add the interface's subnet to the list of allowed subnets. This is just a shortcut.</description>
+ <description>
+ <![CDATA[
+ If checked, the users connected to the interface(s) selected in the 'Proxy interface(s)' field will be allowed to use the proxy.<br/>
+ There will be no need to add the interface's subnet to the list of allowed subnets.
+ ]]>
+ </description>
<type>checkbox</type>
- <required/>
<default_value>on</default_value>
</field>
<field>
- <fielddescr>Patch captive portal</fielddescr>
+ <fielddescr>Patch Captive Portal</fielddescr>
<fieldname>patch_cp</fieldname>
- <description><![CDATA[Enable this option to force captive portal to non transparent proxy users.<br>
- <strong>NOTE:</strong> You may need to reapply captive portal config after changing this option.]]></description>
+ <description>
+ <![CDATA[
+ Enable this option to force Captive Portal to non transparent proxy users.<br/>
+ <strong>Note:</strong> You may need to reapply Captive Portal settings after changing this option.<br/>
+ <strong><span class="errmsg">Warning:</span> This alters /etc/inc/captiveportal.inc file! USE WITH CAUTION!</strong> (A backup is made available under /root directory.)
+ ]]>
+ </description>
<type>checkbox</type>
</field>
<field>
- <fielddescr>Resolv dns v4 first</fielddescr>
+ <fielddescr>Resolve DNS IPv4 First</fielddescr>
<fieldname>dns_v4_first</fieldname>
- <description><![CDATA[Enable this option to force dns v4 lookup first. This option is very usefull if you have problems to access https sites.]]></description>
+ <description>
+ <![CDATA[
+ Enable this to force DNS IPv4 lookup first. This option is very useful if you have problems accessing HTTPS sites.
+ ]]>
+ </description>
<type>checkbox</type>
</field>
<field>
<fielddescr>Disable ICMP</fielddescr>
<fieldname>disable_pinger</fieldname>
- <description><![CDATA[Enable this option to disable squid ICMP pinger helper.]]></description>
+ <description>
+ <![CDATA[
+ Check this to disable Squid ICMP pinger helper.
+ ]]>
+ </description>
<type>checkbox</type>
</field>
<field>
- <fielddescr>Use alternate DNS-servers for the proxy-server</fielddescr>
+ <fielddescr>Use Alternate DNS Servers for the Proxy Server</fielddescr>
<fieldname>dns_nameservers</fieldname>
- <description>If you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;).</description>
+ <description>
+ <![CDATA[
+ If you want to use DNS servers other than the DNS forwarder/resolver configured in pfSense, enter the IP(s) here.<br/>
+ <strong>Note: Separate entries by semi-colons (;)</strong>
+ ]]>
+ </description>
<type>input</type>
<size>70</size>
</field>
@@ -313,59 +329,88 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Transparent HTTP proxy</fielddescr>
+ <fielddescr>Transparent HTTP Proxy</fielddescr>
<fieldname>transparent_proxy</fieldname>
- <description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br>
- <strong>NOTE:</strong> Transparent mode will filter ssl(port 443) if enable men-in-the-middle options below.<br>
- To filter both http and https protocol without intercepting ssl connections, enable WPAD/PAC options on your dns/dhcp.]]></description>
+ <description>
+ <![CDATA[
+ Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration being necessary.<br/>
+ <strong>Note:</strong> Transparent mode will filter SSL (port 443) if you enable man-in-the-middle options below.<br/>
+ In order to proxy both HTTP and HTTPS protocols without intercepting SSL connections, configure WPAD/PAC options on your DNS/DHCP servers.
+ ]]>
+ </description>
<type>checkbox</type>
- <enablefields>transparent_active_interface,private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields>
- <required/>
+ <enablefields>transparent_active_interface,private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields>
</field>
<field>
- <fielddescr>Transparent Proxy interface(s)</fielddescr>
+ <fielddescr>Transparent Proxy Interface(s)</fielddescr>
<fieldname>transparent_active_interface</fieldname>
- <description>The interface(s) the proxy server will transparent intercept requests.</description>
+ <description>
+ <![CDATA[
+ The interface(s) the proxy server will transparently intercept requests on.<br/>
+ <strong>Note: Use CTRL + click to select multiple interfaces.</strong>
+ ]]>
+ </description>
<type>interfaces_selection</type>
<required/>
<default_value>lan</default_value>
<multiple/>
</field>
<field>
- <fielddescr>Bypass proxy for Private Address destination</fielddescr>
+ <fielddescr>Bypass Proxy for Private Address Destination</fielddescr>
<fieldname>private_subnet_proxy_off</fieldname>
- <description>Do not forward traffic to Private Address Space (RFC 1918) &lt;b&gt;destination&lt;/b&gt; through the proxy server but directly through the firewall.</description>
+ <description>
+ <![CDATA[
+ Do not forward traffic to Private Address Space (RFC 1918) <strong>destinations</strong> through the proxy server but let is pass directly through the firewall.
+ ]]>
+ </description>
<type>checkbox</type>
</field>
<field>
- <fielddescr>Bypass proxy for these source IPs</fielddescr>
+ <fielddescr>Bypass Proxy for These Source IPs</fielddescr>
<fieldname>defined_ip_proxy_off</fieldname>
- <description>Do not forward traffic from these &lt;b&gt;source&lt;/b&gt; IPs, CIDR nets, hostnames, or aliases through the proxy server but directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]</description>
+ <description>
+ <![CDATA[
+ Do not forward traffic from these <strong>source</strong> IPs, CIDR nets, hostnames, or aliases through the proxy server but let it pass directly through the firewall.
+ (Applies only to transparent mode.)<br/><br/>
+ <strong>Note: Separate entries by semi-colons (;)</strong>
+ ]]>
+ </description>
<type>input</type>
- <size>70</size>
+ <size>70</size>
</field>
<field>
- <fielddescr>Bypass proxy for these destination IPs</fielddescr>
+ <fielddescr>Bypass Proxy for These Destination IPs</fielddescr>
<fieldname>defined_ip_proxy_off_dest</fieldname>
- <description>Do not proxy traffic going to these &lt;b&gt;destination&lt;/b&gt; IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]</description>
+ <description>
+ <![CDATA[
+ Do not proxy traffic going to these <strong>destination<strong> IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall.<br/>
+ (Applies only to transparent mode.)<br/><br/>
+ <strong>Note: Separate entries by semi-colons (;)</strong>
+ ]]>
+ </description>
<type>input</type>
- <size>70</size>
+ <size>70</size>
</field>
<field>
- <name>SSL man in the middle Filtering</name>
+ <name>SSL Man In the Middle Filtering</name>
<type>listtopic</type>
</field>
<field>
<fielddescr>HTTPS/SSL interception</fielddescr>
<fieldname>ssl_proxy</fieldname>
- <description><![CDATA[Enable SSL filtering.]]></description>
+ <description>Enable SSL filtering.</description>
<type>checkbox</type>
- <enablefields>ssl_active_interface,dcert,sslcrtd_children,ssl_proxy_port,interception_checks</enablefields>
+ <enablefields>ssl_active_interface,dca,sslcrtd_children,ssl_proxy_port,interception_checks</enablefields>
</field>
<field>
- <fielddescr>SSL Intercept interface(s)</fielddescr>
+ <fielddescr>SSL Intercept Interface(s)</fielddescr>
<fieldname>ssl_active_interface</fieldname>
- <description>The interface(s) the proxy server will intercept ssl requests.</description>
+ <description>
+ <![CDATA[
+ The interface(s) the proxy server will intercept SSL requests on.<br/>
+ <strong>Note: Use CTRL + click to select multiple interfaces.</strong>
+ ]]>
+ </description>
<type>interfaces_selection</type>
<required/>
<default_value>lan</default_value>
@@ -374,7 +419,7 @@
<field>
<fielddescr>SSL Proxy port</fielddescr>
<fieldname>ssl_proxy_port</fieldname>
- <description>This is the port the proxy server will listen on to intercept ssl while using transparent proxy.</description>
+ <description>This is the port the proxy server will listen on to intercept SSL while using transparent proxy.</description>
<type>input</type>
<size>5</size>
<default_value>3129</default_value>
@@ -382,44 +427,62 @@
<field>
<fielddescr>CA</fielddescr>
<fieldname>dca</fieldname>
- <description><![CDATA[Select Certificate Authority to use when SSL interception is enabled.<br>
- To create a CA on pfsense, go to <strong>system -> Cert Manager<strong><br>
- Install the CA crt as an trusted ca on each computer you want to filter ssl to avoid ssl error on each connection.]]></description>
- <type>select_source</type>
+ <description>
+ <![CDATA[
+ Select Certificate Authority to use when SSL interception is enabled.<br/>
+ To create a CA on pfSense, go to <strong>System -> Cert Manager</strong>.<br/>
+ Install the CA certificate as a Trusted Root CA on each computer you want to filter SSL on to avoid SSL error on each connection.
+ ]]>
+ </description>
+ <type>select_source</type>
<source><![CDATA[$config['ca']]]></source>
<source_name>descr</source_name>
<source_value>refid</source_value>
</field>
<field>
- <fielddescr>sslcrtd children</fielddescr>
+ <fielddescr>SSL Certificate Deamon Children</fielddescr>
<fieldname>sslcrtd_children</fieldname>
- <description><![CDATA[This is the number of ssl crt deamon children to start. Default value is 5.<br>
- if Squid is used in busy environments this may need to be increased, as well as the number of 'sslcrtd_children']]></description>
+ <description>
+ <![CDATA[
+ This is the number of SSL certificate deamon children to start. If Squid is used in busy environments, this may need to be increased.<br/>
+ Default: 5
+ ]]>
+ </description>
<type>input</type>
<size>2</size>
<default_value>5</default_value>
</field>
<field>
- <fielddescr>Remote Cert checks</fielddescr>
+ <fielddescr>Remote Cert Checks</fielddescr>
<fieldname>interception_checks</fieldname>
- <description><![CDATA[Select remote ssl cert checks to do.<br>Defaul is to do not select any of these options.]]></description>
- <type>select</type>
- <options>
- <option><name>Accept remote server certificate Erros</name><value>sslproxy_cert_error</value></option>
+ <description>
+ <![CDATA[
+ Select remote SSL certificate checks to perform.<br/>
+ Note: Use CTRL + click to select multiple options.<br/>
+ ]]>
+ </description>
+ <type>select</type>
+ <options>
+ <option><name>Accept remote server certificate with errors</name><value>sslproxy_cert_error</value></option>
<option><name>Do not verify remote certificate</name><value>sslproxy_flags</value></option>
- </options>
- <multiple/>
- <size>3</size>
+ </options>
+ <multiple/>
+ <size>3</size>
</field>
<field>
- <fielddescr>Certificate adapt</fielddescr>
+ <fielddescr>Certificate Adapt</fielddescr>
<fieldname>interception_adapt</fieldname>
- <description><![CDATA[Pass original SSL server certificate information to the user. Allow the user to make an informed decision on whether to trust the server certificate.<br>Hint: Set subject CN<br><a target=_new href='http://wiki.squid-cache.org/Features/MimicSslServerCert'>wiki doc with reference</a>]]></description>
+ <description>
+ <![CDATA[
+ Pass original SSL server certificate information to the user. Allow the user to make an informed decision on whether to trust the server certificate.<br/>
+ Hint: Set the subject CN - see <a href="http://wiki.squid-cache.org/Features/MimicSslServerCert">fake certificate properties documentation</a> for details.
+ ]]>
+ </description>
<type>select</type>
<options>
- <option><name>Sets the "Not After" (setValidAfter).</name><value>setValidAfter</value></option>
- <option><name>Sets the "Not Before" (setValidBefore).</name><value>setValidBefore</value></option>
- <option><name>Sets CN property (setCommonName)</name><value>setCommonName</value></option>
+ <option><name>Sets the "Not After" (setValidAfter)</name><value>setValidAfter</value></option>
+ <option><name>Sets the "Not Before" (setValidBefore)</name><value>setValidBefore</value></option>
+ <option><name>Sets CN property (setCommonName)</name><value>setCommonName</value></option>
</options>
<multiple/>
<size>3</size>
@@ -429,38 +492,49 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Enabled logging</fielddescr>
+ <fielddescr>Enable Logging</fielddescr>
<fieldname>log_enabled</fieldname>
- <description>This will enable the access log. Don't switch this on if you don't have much disk space left.</description>
+ <description>
+ <![CDATA[
+ This will enable the access log.
+ <strong>Warning:</strong> Do not switch this on if you don't have much disk space left.
+ ]]>
+ </description>
<type>checkbox</type>
- <enablefields>log_query_terms,log_user_agents</enablefields>
+ <enablefields>log_dir,log_rotate</enablefields>
</field>
<field>
- <fielddescr>Log store directory</fielddescr>
+ <fielddescr>Log Store Directory</fielddescr>
<fieldname>log_dir</fieldname>
- <description>The directory where the log will be stored (note: do not end with a / mark)</description>
+ <description>
+ <![CDATA[
+ The directory where the log will be stored.<br/>
+ Default: /var/squid/logs<br/>
+ <strong>Note: Do NOT include the trailing / when setting a custom location.</strong>
+ ]]>
+ </description>
<type>input</type>
<size>60</size>
<required/>
<default_value>/var/squid/logs</default_value>
</field>
<field>
- <fielddescr>Log rotate</fielddescr>
+ <fielddescr>Rotate Logs</fielddescr>
<fieldname>log_rotate</fieldname>
<description>Defines how many days of logfiles will be kept. Rotation is disabled if left empty.</description>
<type>input</type>
<size>5</size>
</field>
<field>
- <fielddescr>Visible hostname</fielddescr>
+ <fielddescr>Visible Hostname</fielddescr>
<fieldname>visible_hostname</fieldname>
- <description>This is the URL to be displayed in proxy server error messages.</description>
+ <description>This is the hostname to be displayed in proxy server error messages.</description>
<type>input</type>
<size>60</size>
<default_value>localhost</default_value>
</field>
<field>
- <fielddescr>Administrator email</fielddescr>
+ <fielddescr>Administrator's Email</fielddescr>
<fieldname>admin_email</fieldname>
<description>This is the email address displayed in error messages to the users.</description>
<type>input</type>
@@ -468,16 +542,71 @@
<default_value>admin@localhost</default_value>
</field>
<field>
- <fielddescr>Language</fielddescr>
+ <fielddescr>Error Language</fielddescr>
<fieldname>error_language</fieldname>
<description>Select the language in which the proxy server will display error messages to users.</description>
<type>select</type>
<default_value>en</default_value>
+ <options>
+ <option><name>af</name><value>af</value></option>
+ <option><name>ar</name><value>ar</value></option>
+ <option><name>az</name><value>az</value></option>
+ <option><name>bg</name><value>bg</value></option>
+ <option><name>ca</name><value>ca</value></option>
+ <option><name>cs</name><value>cs</value></option>
+ <option><name>da</name><value>da</value></option>
+ <option><name>de</name><value>de</value></option>
+ <option><name>el</name><value>el</value></option>
+ <option><name>en</name><value>en</value></option>
+ <option><name>es</name><value>es</value></option>
+ <option><name>et</name><value>et</value></option>
+ <option><name>fa</name><value>fa</value></option>
+ <option><name>fi</name><value>fi</value></option>
+ <option><name>fr</name><value>fr</value></option>
+ <option><name>he</name><value>he</value></option>
+ <option><name>hu</name><value>hu</value></option>
+ <option><name>hy</name><value>hy</value></option>
+ <option><name>id</name><value>id</value></option>
+ <option><name>it</name><value>it</value></option>
+ <option><name>ja</name><value>ja</value></option>
+ <option><name>ko</name><value>ko</value></option>
+ <option><name>lt</name><value>lt</value></option>
+ <option><name>lv</name><value>lv</value></option>
+ <option><name>ms</name><value>ms</value></option>
+ <option><name>nl</name><value>nl</value></option>
+ <option><name>oc</name><value>oc</value></option>
+ <option><name>pl</name><value>pl</value></option>
+ <option><name>pt</name><value>pt</value></option>
+ <option><name>pt-br</name><value>pt-br</value></option>
+ <option><name>ro</name><value>ro</value></option>
+ <option><name>ru</name><value>ru</value></option>
+ <option><name>sk</name><value>sk</value></option>
+ <option><name>sl</name><value>sl</value></option>
+ <option><name>sr-cyrl</name><value>sr-cyrl</value></option>
+ <option><name>sr-latn</name><value>sr-latn</value></option>
+ <option><name>sv</name><value>sv</value></option>
+ <option><name>th</name><value>th</value></option>
+ <option><name>tr</name><value>tr</value></option>
+ <option><name>uk</name><value>uk</value></option>
+ <option><name>uz</name><value>uz</value></option>
+ <option><name>vi</name><value>vi</value></option>
+ <option><name>zh-cn</name><value>zh-cn</value></option>
+ <option><name>zh-tw</name><value>zh-tw</value></option>
+ </options>
</field>
<field>
- <fielddescr>X-Forward Mode</fielddescr>
+ <fielddescr>X-Forwarded Header Mode</fielddescr>
<fieldname>xforward_mode</fieldname>
- <description>&lt;p&gt;&lt;b&gt; on:&lt;/b&gt; Squid will append your client's IP address in the HTTP requests it forwards. (Default)&lt;p&gt; By default it looks like: X-Forwarded-For: 192.1.2.3 &lt;p&gt; &lt;b&gt; off:&lt;/b&gt; It will appear as: X-Forwarded-For: unknown&lt;p&gt; &lt;b&gt; transparent:&lt;/b&gt; Squid will not alter the X-Forwarded-For header in any way.&lt;p&gt; &lt;b&gt; delete:&lt;/b&gt; Squid will delete the entire X-Forwarded-For header.&lt;p&gt; &lt;b&gt; truncate:&lt;/b&gt; Squid will remove all existing X-Forwarded-For entries, and place the client IP as the sole entry.</description>
+ <description>
+ <![CDATA[
+ <strong>on:</strong> Squid will append your client's IP address in the HTTP requests it forwards. The header looks like: X-Forwarded-For: 192.1.2.3.<br/>
+ <strong>off:</strong> Squid will NOT append your client's IP address in the HTTP requests it forwards. The header looks like: X-Forwarded-For: unknown<br/>
+ <strong>transparent:</strong> Squid will not alter the X-Forwarded-For header in any way.<br/>
+ <strong>delete:</strong> Squid will delete the entire X-Forwarded-For header.<br/>
+ <strong>truncate:</strong> Squid will remove all existing X-Forwarded-For header entries and place the client's IP address as the only header entry.<br/><br/>
+ Default: on
+ ]]>
+ </description>
<type>select</type>
<default_value>on</default_value>
<options>
@@ -489,26 +618,39 @@
</options>
</field>
<field>
- <fielddescr>Disable VIA</fielddescr>
+ <fielddescr>Disable VIA Header</fielddescr>
<fieldname>disable_via</fieldname>
<description>If not set, Squid will include a Via header in requests and replies as required by RFC2616.</description>
<type>checkbox</type>
</field>
<field>
- <fielddescr>Log denied pages by squidguard</fielddescr>
+ <fielddescr>Log Pages Denied by SquidGuard</fielddescr>
<fieldname>log_sqd</fieldname>
- <description><![CDATA[Enable squidguard denied log to be included on squid logs.<br>
- <strong>Note:</strong> This option only will work if you include this code on your sgerror.php file to force client browser send a second request to squid with denied string on url.<br><br>
- $sge_prefix=(preg_match("/\?/",$cl['u'])?"&":"?");<br>
- $str[] = '< iframe > src="'.$cl['u'].$sge_prefix.'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';<br><br>
- removing extra space on iframe html code.]]></description>
+ <description>
+ <![CDATA[
+ Makes it possible for SquidGuard denied log to be included on Squid logs.<br/>
+ <strong>Note: This option will only work if you include the code below in your sgerror.php file.</strong><br/>
+ This forces the client browser to send a second request to Squid with the denied string in URL.<br/><br/>
+ $sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?");<br/>
+ $str[] = '< iframe > src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';<br/><br/>
+ <strong>Hint: You MUST remove extra spaces in the above iframe HTML tags.</strong>
+ ]]>
+ </description>
<type>checkbox</type>
</field>
<field>
- <fielddescr>What to do with requests that have whitespace characters in the URI</fielddescr>
+ <fielddescr>URI Whitespace Characters Handling</fielddescr>
<fieldname>uri_whitespace</fieldname>
- <description>&lt;b&gt; strip:&lt;/b&gt; The whitespace characters are stripped out of the URL. This is the behavior recommended by RFC2396. &lt;p&gt; &lt;b&gt; deny:&lt;/b&gt; The request is denied. The user receives an "Invalid Request" message.&lt;p&gt; &lt;b&gt; allow:&lt;/b&gt; The request is allowed and the URI is not changed. The whitespace characters remain in the URI.&lt;p&gt; &lt;b&gt; encode:&lt;/b&gt; The request is allowed and the whitespace characters are encoded according to RFC1738.&lt;p&gt; &lt;b&gt; chop:&lt;/b&gt; The request is allowed and the URI is chopped at the first whitespace.</description>
- <type>select</type>
+ <description>
+ <![CDATA[
+ <strong>strip:</strong> The whitespace characters are stripped out of the URI. This is the behavior recommended by RFC2396.
+ <strong>deny:</strong> The request is denied. The user receives an "Invalid Request" message.
+ <strong>allow:</strong> The request is allowed and the URI is not changed. The whitespace characters remain in the URI.
+ <strong>encode:</strong> The request is allowed and the whitespace characters are encoded according to RFC1738.
+ <strong>chop:</strong> The request is allowed and the URI is chopped at the first whitespace.
+ ]]>
+ </description>
+ <type>select</type>
<default_value>strip</default_value>
<options>
<option><name>strip</name><value>strip</value></option>
@@ -521,45 +663,53 @@
<field>
<fielddescr>Suppress Squid Version</fielddescr>
<fieldname>disable_squidversion</fieldname>
- <description>If set, suppress Squid version string info in HTTP headers and HTML error pages.</description>
+ <description>Suppresses Squid version string info in HTTP headers and HTML error pages if enabled.</description>
<type>checkbox</type>
</field>
<field>
- <name>Custom Settings</name>
- <type>listtopic</type>
- </field>
- <field>
<fielddescr>Integrations</fielddescr>
<fieldname>custom_options</fieldname>
- <description><![CDATA[Squid options added from packages like squidguard or havp for squid integration.]]></description>
+ <description>
+ <![CDATA[
+ Squid options added from packages like SquidGuard or HAVP for Squid integration.
+ ]]>
+ </description>
<type>textarea</type>
<cols>78</cols>
<rows>5</rows>
+ <advancedfield/>
</field>
- <field>
- <fielddescr>Custom ACLS (Before_Auth)</fielddescr>
+ <field>
+ <fielddescr>Custom ACLS (Before Auth)</fielddescr>
<fieldname>custom_options_squid3</fieldname>
- <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration before authetication acls(if any).<br>
- <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description>
+ <description>
+ <![CDATA[
+ Put your own custom options here, one per line. They'll be added to the configuration before authetication ACLS (if any).<br/>
+ <strong><span class="errmsg">Warning:</span> These need to be squid.conf native options, otherwise Squid will NOT work.</strong>
+ ]]>
+ </description>
<type>textarea</type>
<encoding>base64</encoding>
<cols>78</cols>
<rows>10</rows>
+ <advancedfield/>
</field>
- <field>
- <fielddescr>Custom ACLS (After_Auth)</fielddescr>
+ <field>
+ <fielddescr>Custom ACLS (After Auth)</fielddescr>
<fieldname>custom_options2_squid3</fieldname>
- <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration after authetication definition(if any).<br>
- <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description>
+ <description>
+ <![CDATA[
+ Put your own custom options here, one per line. They'll be added to the configuration after authentication definition (if any).<br/>
+ <strong><span class="errmsg">Warning:</span> These need to be squid.conf native options, otherwise Squid will NOT work.</strong>
+ ]]>
+ </description>
<type>textarea</type>
<encoding>base64</encoding>
<cols>78</cols>
<rows>10</rows>
+ <advancedfield/>
</field>
</fields>
- <custom_php_command_before_form>
- squid_before_form_general($pkg);
- </custom_php_command_before_form>
<custom_add_php_command>
squid_resync();
</custom_add_php_command>
@@ -568,18 +718,21 @@
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
- unlink_if_exists("/usr/local/etc/rc.d/squid");
</custom_php_resync_config_command>
<custom_php_install_command>
+ <![CDATA[
update_status("Checking Squid cache... One moment please...");
- update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process.");
+ update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process.");
squid_install_command();
squid_resync();
exec("/bin/rm -f /usr/local/etc/rc.d/squid");
+ ]]>
</custom_php_install_command>
<custom_php_deinstall_command>
+ <![CDATA[
squid_deinstall_command();
exec("/bin/rm -f /usr/local/etc/rc.d/squid*");
+ ]]>
</custom_php_deinstall_command>
<filter_rules_needed>squid_generate_rules</filter_rules_needed>
</packagegui>