aboutsummaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2007-05-21 19:30:31 +0000
committerScott Ullrich <sullrich@pfsense.org>2007-05-21 19:30:31 +0000
commit014c1fd18a094cd1dfcab2584c944de5682469d5 (patch)
treefa81090d1959027625bb42010990ca1642e2b8bc /packages
parent77225d8fd5b31e9dbde9577db4ce7aa4640d131d (diff)
downloadpfsense-packages-014c1fd18a094cd1dfcab2584c944de5682469d5.tar.gz
pfsense-packages-014c1fd18a094cd1dfcab2584c944de5682469d5.tar.bz2
pfsense-packages-014c1fd18a094cd1dfcab2584c944de5682469d5.zip
Various fixes from Martin Fuchs: * There's an issue with squid: it only accepts one interface, wven when selected more than one. * A second issue ist hat squid forwards the internal ip which is nor wanted by everyone
Diffstat (limited to 'packages')
-rw-r--r--packages/squid/squid.inc8
-rw-r--r--packages/squid/squid.xml6
2 files changed, 11 insertions, 3 deletions
diff --git a/packages/squid/squid.inc b/packages/squid/squid.inc
index 4fbe2c16..ecefe813 100644
--- a/packages/squid/squid.inc
+++ b/packages/squid/squid.inc
@@ -499,7 +499,7 @@ EOD;
$conf .= "acl localnet src $src\n";
$valid_acls[] = 'localnet';
}
-
+ if ($settings['disable_xforward']) $conf .= "forwarded_for off\n";
return $conf;
}
@@ -1024,17 +1024,19 @@ function squid_generate_rules($type) {
switch($type) {
case 'nat':
- foreach ($ifaces as $iface)
+ foreach ($ifaces as $iface){
$rules .= "# Setup Squid proxy redirect\n";
$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
$rules .= "\n";
+ };
break;
case 'filter':
- foreach ($ifaces as $iface)
+ foreach ($ifaces as $iface){
$rules .= "# Setup squid pass rules for proxy\n";
$rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
$rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";
$rules .= "\n";
+ };
break;
default:
break;
diff --git a/packages/squid/squid.xml b/packages/squid/squid.xml
index 8b5845cc..ee5c4924 100644
--- a/packages/squid/squid.xml
+++ b/packages/squid/squid.xml
@@ -179,6 +179,12 @@
<default_value>English</default_value>
<type>select</type>
</field>
+ <field>
+ <fielddescr>Disable X-Forward</fielddescr>
+ <fieldname>disable_xforward</fieldname>
+ <description>If not set, Squid will include your system's IP address or name in the HTTP requests it forwards. By default it looks like this: X-Forwarded-For: 192.1.2.3. If you enable this, it will appear as X-Forwarded-For: unknown</description>
+ <type>checkbox</type>
+ </field>
</fields>
<custom_add_php_command>
squid_resync();