diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-05-21 19:30:31 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-05-21 19:30:31 +0000 |
commit | 014c1fd18a094cd1dfcab2584c944de5682469d5 (patch) | |
tree | fa81090d1959027625bb42010990ca1642e2b8bc /packages/squid | |
parent | 77225d8fd5b31e9dbde9577db4ce7aa4640d131d (diff) | |
download | pfsense-packages-014c1fd18a094cd1dfcab2584c944de5682469d5.tar.gz pfsense-packages-014c1fd18a094cd1dfcab2584c944de5682469d5.tar.bz2 pfsense-packages-014c1fd18a094cd1dfcab2584c944de5682469d5.zip |
Various fixes from Martin Fuchs:
* There's an issue with squid: it only accepts one interface, wven when selected more than one.
* A second issue ist hat squid forwards the internal ip which is nor wanted by everyone
Diffstat (limited to 'packages/squid')
-rw-r--r-- | packages/squid/squid.inc | 8 | ||||
-rw-r--r-- | packages/squid/squid.xml | 6 |
2 files changed, 11 insertions, 3 deletions
diff --git a/packages/squid/squid.inc b/packages/squid/squid.inc index 4fbe2c16..ecefe813 100644 --- a/packages/squid/squid.inc +++ b/packages/squid/squid.inc @@ -499,7 +499,7 @@ EOD; $conf .= "acl localnet src $src\n"; $valid_acls[] = 'localnet'; } - + if ($settings['disable_xforward']) $conf .= "forwarded_for off\n"; return $conf; } @@ -1024,17 +1024,19 @@ function squid_generate_rules($type) { switch($type) { case 'nat': - foreach ($ifaces as $iface) + foreach ($ifaces as $iface){ $rules .= "# Setup Squid proxy redirect\n"; $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n"; $rules .= "\n"; + }; break; case 'filter': - foreach ($ifaces as $iface) + foreach ($ifaces as $iface){ $rules .= "# Setup squid pass rules for proxy\n"; $rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n"; $rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n"; $rules .= "\n"; + }; break; default: break; diff --git a/packages/squid/squid.xml b/packages/squid/squid.xml index 8b5845cc..ee5c4924 100644 --- a/packages/squid/squid.xml +++ b/packages/squid/squid.xml @@ -179,6 +179,12 @@ <default_value>English</default_value> <type>select</type> </field> + <field> + <fielddescr>Disable X-Forward</fielddescr> + <fieldname>disable_xforward</fieldname> + <description>If not set, Squid will include your system's IP address or name in the HTTP requests it forwards. By default it looks like this: X-Forwarded-For: 192.1.2.3. If you enable this, it will appear as X-Forwarded-For: unknown</description> + <type>checkbox</type> + </field> </fields> <custom_add_php_command> squid_resync(); |