aboutsummaryrefslogtreecommitdiffstats
path: root/packages/squid_ng.xml
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-09-09 02:48:54 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-09-09 02:48:54 +0000
commitae713f06c76f0129e573357642fcca3f08a61eeb (patch)
tree2ca0b22c9bad604799f545fa01b402e5fd2ead69 /packages/squid_ng.xml
parenta75da77eb139efaf96f06548359352140531ec2a (diff)
downloadpfsense-packages-ae713f06c76f0129e573357642fcca3f08a61eeb.tar.gz
pfsense-packages-ae713f06c76f0129e573357642fcca3f08a61eeb.tar.bz2
pfsense-packages-ae713f06c76f0129e573357642fcca3f08a61eeb.zip
Update squid package from Michael Capp
Diffstat (limited to 'packages/squid_ng.xml')
-rw-r--r--packages/squid_ng.xml481
1 files changed, 408 insertions, 73 deletions
diff --git a/packages/squid_ng.xml b/packages/squid_ng.xml
index f2ae25ac..0df323d5 100644
--- a/packages/squid_ng.xml
+++ b/packages/squid_ng.xml
@@ -1,12 +1,22 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
- <info>
- <name>Squid</name>
- <category>Security</category>
- <version>2.5.10_4</version>
- <status>Alpha</status>
- </info>
+ <name>squidng</name>
+ <category>Security</category>
+ <version>2.5.10_4</version>
+ <title>Services: Squid Advanced Proxy</title>
+
+ <!-- This defines the location where the config is stored within pfSense's
+ xml based global store -->
+ <configpath>['installedpackages']['package']['squidng']['configuration']['settings']</configpath>
+ <aftersaveredirect>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</aftersaveredirect>
+
+ <!-- TODO: Add xml to parse proxy logs into readable format
+ <menu>
+ <name>Proxy Log</name>
+ <section>Status</section>
+ <configfile>squid_log.xml</configfile>
+ </menu> -->
<files>
<file>
@@ -42,17 +52,19 @@
<location>http://www.pfsense.com/packages/config/squid_traffic.xml</location>
</file>
- <!-- retrieves the configuration file for authentication settings -->
+ <!-- TODO: retrieves the configuration file for authentication settings
<file>
<type>configfile</type>
<location>http://www.pfsense.com/packages/config/squid_auth.xml</location>
</file>
+ -->
- <!-- retrieves the configuration file for user definitions -->
+ <!-- TODO: retrieves the configuration file for user definitions
<file>
<type>configfile</type>
<location>http://www.pfsense.com/packages/config/squid_users.xml</location>
</file>
+ -->
</files>
@@ -64,14 +76,10 @@
</menu>
</menus>
- <!-- This defines the location where the config is stored within pfSense's
- xml based global store -->
- <configpath>installedpackages->package->$packagename->configuration->settings</configpath>
-
<tabs>
<tab>
<text>General Settings</text>
- <url>/pkg_edit.php?xml=squid1.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</url>
<active/>
</tab>
@@ -95,6 +103,7 @@
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
+ <!--
<tab>
<text>Authentication Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
@@ -104,11 +113,12 @@
<text>Users</text>
<url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
</tab>
+ -->
</tabs>
<fields>
<field>
- <fielddescr>Listening Interface</fielddescr>
+ <fielddescr>Proxy Listening Interface</fielddescr>
<fieldname>active_interface</fieldname>
<description>This defines the active listening interface to which the proxy server will listen for its requests.</description>
<type>interfaces_selection</type>
@@ -129,6 +139,13 @@
</field>
<field>
+ <fielddescr>URL Filtering Enabled</fielddescr>
+ <fieldname>urlfilter_enable</fieldname>
+ <description>This enables the advanced functionality in conjunction with squidGuard to provide an array of URL filtering options. This squidGuard functionality can be additionally configured from Services -> Advanced Proxy Filtering</description>
+ <type>checkbox</type>
+ </field>
+
+ <field>
<fielddescr>Log Query Terms</fielddescr>
<fieldname>log_query_terms</fieldname>
<description>This will log the complete URL rather than the part of the URL containing dynamic queries.</description>
@@ -152,6 +169,14 @@
</field>
<field>
+ <fielddescr>ICP Port</fielddescr>
+ <fieldname>icp_port</fieldname>
+ <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. The default value is 0, which means this function is disabled.</description>
+ <size>4</size>
+ <type>input</type>
+ </field>
+
+ <field>
<fielddescr>Visible Hostname</fielddescr>
<fieldname>visible_hostname</fieldname>
<description>This URL is displayed on the Proxy Server error messages.</description>
@@ -209,97 +234,407 @@
<!-- The below writes the configuration as defined by the GUI options -->
<custom_php_global_functions>
- function write_squid_config() {
- conf_mount_rw(); <!-- mounts filesystems in read/write mode -->
- config_lock(); <!-- locks the config file -->
- global $config;
+ function write_static_squid_config() {
+ global $config;
+ $lancfg = $config['interfaces']['lan'];
+ $lanif = $lancfg['if'];
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ $fout = fopen("/usr/local/etc/squid/squid.conf.new","w");
+ fwrite($fout, "#\n");
+ fwrite($fout, "# This file was automatically generated by the pfSense package manager\n");
+ fwrite($fout, "# This default policy enables transparent proxy with no local disk logging\n");
+ fwrite($fout, "#\n");
+ fwrite($fout, "shutdown_lifetime 5 seconds\n");
+ fwrite($fout, "icp_port 0\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "http_port 3128\n");
+ fwrite($fout, "\n");
- $fout = fopen("/usr/local/etc/squid/squid.conf","w");
+ fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
+ fwrite($fout, "no_cache deny QUERY\n");
+ if ($domain != "") {
+ $aclout = fopen("/usr/local/etc/squid/dst_nocache.acl","w");
+ $each_domain = explode(" ", $domain);
+ foreach ($each_domain as $line) {
+ fwrite($aclout, $line . "\n");
+ }
+ fclose($aclout);
+ }
+ fwrite($fout, "\n");
+
+ fwrite($fout, "pid_filename /var/run/squid.pid\n");
+ fwrite($fout, "\n");
- <!-- if listening interface is specified, identifies the ip address -->
- if ($active_interface != "") {
- lan_iface = $active_interface['if'];
- listen_ip = $lan_iface['ipaddr'];
- iface_subnet_address = gen_subnet($lan_iface['ipaddr'], $lan_iface['subnet']);
- iface_subnet_network = $lan_iface['subnet'];
- }
-
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option shutdown_lifetime:
- this puts squid into shutdown pending mode until all sockets are
- closed. any active clients after the specified seconds will
- receive a 'timeout'.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- fwrite($fout, "shutdown_lifetime 5 seconds\n");
-
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option icp_port:
- the port where squid sends and receives ICP queries to and from
- neighbor caches. a value of "0" disables this feature. default
- is "3130".
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- fwrite($fout, "icp_port 3130\n");
+ fwrite($fout, "cache_mem 8 MB\n");
+ fwrite($fout, "cache_dir aufs /usr/local/squid/cache 500 16 256\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "error_directory /usr/local/squid/etc/errors/English\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "memory_replacement_policy heap LRU\n");
+ fwrite($fout, "cache_replacement_policy heap GSDF\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_access_log /dev/null\n");
+ fwrite($fout, "cache_log /dev/null\n");
+ fwrite($fout, "cache_store_log none\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "log_mime_hdrs off\n");
+ fwrite($fout, "emulate_httpd_log on\n");
+ fwrite($fout, "forwarded_for off\n");
fwrite($fout, "\n");
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option http_port:
- this specifies the ip address/port that squid will be listening
- on for requests. the below evaluates if a value was entered for
- the listening port and defines the value.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- if ($http_port == "") $http_port="3128";
- fwrite($fout, "http_port " . $listen_ip . " " . $proxy_port . "\n");
+ fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
+ fwrite($fout, "acl SSL_ports port 443 563\n");
+ fwrite($fout, "acl Safe_ports port 80 # http\n");
+ fwrite($fout, "acl Safe_ports port 21 # ftp\n");
+ fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n");
+ fwrite($fout, "acl Safe_ports port 70 # gopher\n");
+ fwrite($fout, "acl Safe_ports port 210 # wais\n");
+ fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
+ fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
+ fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
+ fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
+ fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
+ fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl CONNECT method CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#access to squid; local machine; no restrictions\n");
+ fwrite($fout, "http_access allow localnet\n");
+ fwrite($fout, "http_access allow localhost\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Deny non web services\n");
+ fwrite($fout, "http_access deny !Safe_ports\n");
+ fwrite($fout, "http_access deny CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Set custom configured ACLs\n");
+ fwrite($fout, "http_access deny all\n");
+ fwrite($fout, "visible_hostname pfSense\n");
+ fwrite($fout, "httpd_accel_host virtual\n");
+ fwrite($fout, "httpd_accel_port 80\n");
+ fwrite($fout, "httpd_accel_with_proxy on\n");
+ fwrite($fout, "httpd_accel_uses_host_header on\n");
+ fwrite($fout, "cache_effective_user squid\n");
+ fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Strip HTTP Header\n");
+ fwrite($fout, "header_access X-Forwarded-For deny all\n");
+ fwrite($fout, "header_access deny all\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "maximum_object_size 4096 KB\n");
+ fwrite($fout, "minimum_object_size 0 KB\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "request_body_max_size 0 KB\n");
+ fwrite($fout, "reply_body_max_size 0 allow all\n");
+ fwrite($fout, "\n");
+
+ fclose($fout);
+ } <!-- end function write_static_squid_config() -->
+
+ function global_write_squid_config() {
+ global $config;
+
+ <!-- define squid configuration file in variable for replace function -->
+ $squidconfig = "/usr/local/etc/squid/squid.conf.new";
+
+ <!-- squid_ng.xml values -->
+ $active_interface = $config['installedpackages']['squidng']['config'][0]['active_interface'];
+ $transparent_proxy = $config['installedpackages']['squidng']['config'][0]['transparent_proxy'];
+ $log_enabled = $config['installedpackages']['squidng']['config'][0]['log_enabled'];
+ $urlfilter_enable = $config['installedpackages']['squidng']['config'][0]['urlfilter_enable'];
+ $log_query_terms = $config['installedpackages']['squidng']['config'][0]['log_query_terms'];
+ $log_user_agents = $config['installedpackages']['squidng']['config'][0]['log_user_agents'];
+ $proxy_port = $config['installedpackages']['squidng']['config'][0]['proxy_port'];
+ $visible_hostname = $config['installedpackages']['squidng']['config'][0]['visible_hostname'];
+ $cache_admin_email = $config['installedpackages']['squidng']['config'][0]['cache_admin_email'];
+ $error_language = $config['installedpackages']['squidng']['config'][0]['error_language'];
+
+ <!-- squid_upstream.xml values -->
+ $proxy_forwarding = $config['installedpackages']['squidupstream']['config'][0]['proxy_forwarding'];
+ $client_ip_forwarding = $config['installedpackages']['squidupstream']['config'][0]['client_ip_forwarding'];
+ $user_forwarding = $config['installedpackages']['squidupstream']['config'][0]['user_forwarding'];
+ $upstream_proxy = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy'];
+ $upstream_proxy_port = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy_port'];
+ $upstream_username = $config['installedpackages']['squidupstream']['config'][0]['upstream_username'];
+ $upstream_password = $config['installedpackages']['squidupstream']['config'][0]['upstream_psasword'];
+
+ <!-- squid_cache.xml values -->
+ $memory_cache_size = $config['installedpackages']['squidcache']['config'][0]['memory_cache_size'];
+ $harddisk_cache_size = $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size'];
+ $minimum_object_size = $config['installedpackages']['squidcache']['config'][0]['minimum_object_size'];
+ $maximum_object_size = $config['installedpackages']['squidcache']['config'][0]['maximum_object_size'];
+ $level_subdirs = $config['installedpackages']['squidcache']['config'][0]['level_subdirs'];
+ $memory_replacement = $config['installedpackages']['squidcache']['config'][0]['memory_replacement'];
+ $cache_replacement = $config['installedpackages']['squidcache']['config'][0]['cache_replacement'];
+ <!-- $domain <rowhelper> -->
+ $enable_offline = $config['installedpackages']['squidcache']['config'][0]['enable_offline'];
+
+ <!-- squid_nac.xml values -->
+ $allowed_subnets = $config['installedpackages']['squidnac']['config'][0]['allowed_subnets'];
+ <!-- allowed_network_address <rowhelper -->
+ <!-- allowed_subnet_mask <rowhelper -->
+ $unrestricted_ip_address = $config['installedpackages']['squidnac']['config'][0]['unrestricted_ip_address'];
+
+ <!-- squid_traffic.xml values -->
+ $max_download_size = $config['installedpackages']['squidtraffic']['config'][0]['max_download_size'];
+ $max_upload_size = $config['installedpackages']['squidtraffic']['config'][0]['max_upload_size'];
+ $dl_overall = $config['installedpackages']['squidtraffic']['config'][0]['dl_overall'];
+ $dl_per_host = $config['installedpackages']['squidtraffic']['config'][0]['dl_per_host'];
+ $throttle_binary_files = $config['installedpackages']['squidtraffic']['config'][0]['throttle_binary_files'];
+ $throttle_cd_image = $config['installedpackages']['squidtraffic']['config'][0]['throttle_cd_image'];
+ $throttle_multimedia = $config['installedpackages']['squidtraffic']['config'][0]['throttle_multimedia'];
+
+ $fout = fopen($squidconfig,"w");
+
+ <!-- option: shutdown_lifetime -->
+ fwrite($fout, "shutdown_lifetime 5 seconds\n");
+ fwrite($fout, "\n");
+
+ <!-- option: icp_port -->
+ if($icp_port == "") $icp_port="3130";
+ fwrite($fout, "icp_port " . $icp_port . "\n");
+ <!-- option: http_port -->
+ if($http_port == "") $http_port="3128";
+ $int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['squidng']['config'][0]['active_interface']);
+ $listen_ip = find_interface_ip($int);
+ fwrite($fout, "http_port " . $listen_ip . ":" . $http_port . "\n");
fwrite($fout, "\n");
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option acl QUERY urlpath_regex cgi-bin \?:
- option non_cache deny QUERY:
- this forces squid to never cache files in the below specified
- directory for security and performance reasons.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
fwrite($fout, "non_cache deny QUERY\n");
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option cache_effective_user:
- option cache_effective_group:
- this specifies the UID/GID that the cache process will run on.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+
+ fwrite($fout, "\n");
+
fwrite($fout, "cache_effective_user squid\n");
fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option pid_filename:
- this specifies the path and filename to write the process-id to.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
fwrite($fout, "pid_filename /var/run/squid.pid\n");
-
+ fwrite($fout, "\n");
+
+ if ($memory_cache_size == "") $memory_cache_size="8";
+ fwrite($fout, "cache_mem " . $memory_cache_size . " MB\n");
+ if ($harddisk_cache_size == "") $harddisk_cache_size="500";
+ if ($level_subdirs == "") $level_subdirs="16";
+ fwrite($fout, "cache_dirs aufs /usr/local/squid/cache " . $harddisk_cache_size . " " . $level_subdirs . " 256\n");
+ fwrite($fout, "\n");
+
+ if ($error_language == "") $error_language="English";
+ fwrite($fout, "error_directory /usr/local/squid/etc/errors/" . $error_language . "\n");
+ fwrite($fout, "\n");
+
+ if ($offline_mode == "on") {
+ fwrite($fout, "offline_mode on\n");
+ fwrite($fout, "\n");
+ }
+
+ if ($memory_replacement == "") $memory_replacement="heap GSDF";
+ fwrite($fout, "memory_replacement_policy " . $memory_replacement . "\n");
+ if ($cache_replacement == "") $cache_replacement="heap GSDF";
+ fwrite($fout, "cache_replacement_policy " . $cache_replacement . "\n");
+ fwrite($fout, "\n");
+
+ if ($log_enabled == "on" ) {
+ fwrite($fout, "cache_access_log /var/log/squid/access.log\n");
+ fwrite($fout, "cache_log /var/log/squid/cache.log\n");
+ fwrite($fout, "cache_store_log none\n");
+ } else {
+ fwrite($fout, "cache_access_log /dev/null\n");
+ fwrite($fout, "cache_log /dev/null\n");
+ fwrite($fout, "cache_store_log none\n");
+ }
+
+ if ($log_query_terms == "on") {
+ fwrite($fout, "strip_query_terms off\n");
+ } else {
+ fwrite($fout, "strip_query_terms on\n");
+ }
+
+ if ($log_user_agents == "on") {
+ fwrite($fout, "useragent_log /var/log/squid/useragent.log\n");
+ }
+ fwrite($fout, "\n");
+
+ fwrite($fout, "log_mime_hdrs off\n");
+ fwrite($fout, "emulate_httpd_log on\n");
+ if ($client_ip_forwarding !== "on") {
+ fwrite($fout, "forwarded_for off\n");
+ } elseif ($user_forwarding !== "on") {
+ fwrite($fout, "forwarded_for off\n");
+ } else {
+ fwrite($fout, "forwarded_for on\n");
+ }
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
+ fwrite($fout, "\n");
+
+ <!-- obtain interface subnet and address for Squid rules -->
+ $lactive_interface = strtolower($active_interface);
+
+ $lancfg = $config['interfaces'][$lactive_interface];
+ $lanif = $lancfg['if'];
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
+ fwrite($fout, "acl SSL_ports port 443 563\n");
+ fwrite($fout, "acl Safe_ports port 80 # http\n");
+ fwrite($fout, "acl Safe_ports port 21 # ftp\n");
+ fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n");
+ fwrite($fout, "acl Safe_ports port 70 # gopher\n");
+ fwrite($fout, "acl Safe_ports port 210 # wais\n");
+ fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
+ fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
+ fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
+ fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
+ fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
+ fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl CONNECT method CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#access to squid; local machine; no restrictions\n");
+ fwrite($fout, "http_access allow localnet\n");
+ fwrite($fout, "http_access allow localhost\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Deny non web services\n");
+ fwrite($fout, "http_access deny !Safe_ports\n");
+ fwrite($fout, "http_access deny CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Set custom configured ACLs\n");
+ fwrite($fout, "http_access deny all\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_effective_user squid\n");
+ fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Strip HTTP Header\n");
+ fwrite($fout, "header_access X-Forwarded-For deny all\n");
+ fwrite($fout, "header_access deny all\n");
+ fwrite($fout, "\n");
+
+ if ($urlfilter_enable == "on") {
+ fwrite($fout, "redirect_program /usr/sbin/squidGuard");
+ fwrite($fout, "redirect_children 5");
+ }
+
+ if ($visible_hostname !== "") {
+ fwrite($fout, "visible_hostname " . $visible_hostname . "\n");
+ }
+
+ if ($cache_admin_email !== "") {
+ fwrite($fout, "cache_mgr " . $cache_admin_email . "\n");
+ }
+
+ if ($maximum_object_size == "") $maximum_object_size="4096";
+ if ($minimum_object_size == "") $minimum_object_size="0";
+ fwrite($fout, "maximum_object_size " . $maximum_object_size . " KB\n");
+ fwrite($fout, "minimum_object_size " . $minimum_object_size . " KB\n");
+ fwrite($fout, "\n");
+
+ if ($proxy_forwarding == "on") {
+ fwrite($fout, "cache_peer " . $upstream_proxy . "parent " . $upstream_proxy_port . "3130 login=" . upstream_username . ":" . upstream_password . " default no-query\n");
+ fwrite($fout, "never_direct allow all\n");
+ }
+
+ if ($transparent_proxy == "on") {
+ fwrite($fout, "httpd_accel_host virtual\n");
+ fwrite($fout, "httpd_accel_port 80\n");
+ fwrite($fout, "httpd_accel_with_proxy on\n");
+ fwrite($fout, "httpd_accel_uses_host_header on\n");
+ fwrite($fout, "\n");
+ }
+
fclose($fout);
- }
+ } <!-- end function write_squid_config -->
+
</custom_php_global_functions>
<custom_add_php_command>
- function sync_package_squid;
- write_squid_config();
+ function sync_package_squid () {
mwexec("/usr/local/sbin/squid -k reconfigure");
conf_mount_ro(); <!-- mounts filesystems in read only mode -->
config_unlock(); <!-- unlock the config file -->
- }
+ } <!-- end function sync_package_squid -->
- sync_package_squid();
+ global_write_squid_config();
+ <!-- sync_package_squid(); -->
</custom_add_php_command>
<custom_php_resync_command>
- function sync_package_squid;
- write_squid_config();
+ function sync_package_squid() {
mwexec("/usr/local/sbin/squid -k reconfigure");
conf_mount_ro(); <!-- mounts filesystems in read only mode -->
config_unlock(); <!-- unlock the config file -->
}
+ global_write_squid_config();
sync_package_squid();
</custom_php_resync_command>
+ <custom_php_install_command>
+ write_static_squid_config(); <!-- write initial config to work -->
+
+ $fout = fopen("/usr/local/etc/rc.d/squid.sh","w");
+ fwrite($fout, "#!/bin/sh\n");
+ fwrite($fout, "# PACKAGE: Squid\n);
+ fwrite($fout, "# EXECUTABLE: squid\n\n");
+ fwrite($fout "# Alert system that we need the / mount rw\n");
+ fwrite($fout, "touch /tmp/rw_root_mount\n\n");
+ fwrite($fout, "/usr/local/sbin/squid -D\n\n");
+ fwrite($fout, "touch /tmp/filter_dirty\n\n");
+ fclose($fout);
+
+ chmod("/usr/local/etc/rc.d/squid.sh", 755);
+ update_output_window("Configuring Squid... This may take a moment...");
+ mwexec("/usr/local/sbin/squid -z");
+ update_output_window("Starting Squid...");
+ mwexec_bg("/usr/local/etc/rc.d/squid.sh");
+ filter_configure();
+ </custom_php_install_command>
+
+ <custom_php_deinstall_command>
+ rmdir_recursive("/usr/local/squid");
+ unlink_if_exists("/var/mail/squid");
+ unlink_if_exists("/usr/local/etc/rc.d/squid");
+ unlink_if_exists("/usr/local/etc/squid/squid.conf");
+ unlink_if_exists("/usr/local/etc/squid");
+ unlink_if_exists("/usr/local/libexec/squid");
+ filter_configure();
+ </custom_php_deinstall_command>
+
+ <!-- <start_command>/usr/local/etc/rc.d/squid.sh</start_command> -->
+
+ <process_kill_command>squid</process_kill_command>
+
</packagegui>
\ No newline at end of file