diff options
| -rwxr-xr-x | config/squid3/33/squid.inc | 18 | ||||
| -rw-r--r-- | config/squid3/33/squid.xml | 14 | ||||
| -rw-r--r-- | pkg_config.10.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
5 files changed, 25 insertions, 13 deletions
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index e13e51d1..bc238a5d 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -1603,8 +1603,8 @@ function squid_resync_auth() { $conf.="# Package Integration\n".preg_replace($co_preg,$co_rep,$settingsconfig['custom_options'])."\n\n"; } - // Custom User Options - $conf .= "# Custom options\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n"; + // Custom User Options before authentication acls + $conf .= "# Custom options before auth\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n"; // Deny the banned guys before allowing the good guys if(! empty($settingsnac['banned_hosts'])) { @@ -1722,9 +1722,8 @@ function squid_resync_auth() { $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n"; break; case 'cp': - $conf .= "external_acl_type check_filter children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n"; - $conf .= "acl dgfilter external check_filter\n"; - $conf .= "http_access allow dgfilter\n"; + $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n"; + $conf .= "acl password external check_cp\n"; break; case 'msnt': $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n"; @@ -1740,6 +1739,9 @@ acl password proxy_auth REQUIRED EOD; } + // Custom User Options after authentication definition + $conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n"; + // Onto the ACLs $password = array('localnet', 'allowed_subnets'); $passwordless = array('unrestricted_hosts'); @@ -1756,7 +1758,7 @@ EOD; foreach ($passwordless as $acl) $conf .= "http_access allow $acl\n"; - if ($auth_method != 'cp'){ + //if ($auth_method != 'cp'){ // Include squidguard denied acl log in squid if ($settingsconfig['log_sqd']) $conf .="http_access deny password sglog\n"; @@ -1764,9 +1766,9 @@ EOD; // Allow the other ACLs as long as they authenticate foreach ($password as $acl) $conf .= "http_access allow password $acl\n"; - } + // } } - + $conf .= "# Default block all to be sure\n"; $conf .= "http_access deny allsrc\n"; diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml index ef5a9c94..1cbf2338 100644 --- a/config/squid3/33/squid.xml +++ b/config/squid3/33/squid.xml @@ -528,9 +528,19 @@ <rows>5</rows> </field> <field> - <fielddescr>Custom Options</fielddescr> + <fielddescr>Custom ACLS (Before_Auth)</fielddescr> <fieldname>custom_options_squid3</fieldname> - <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration.<br> + <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration before authetication acls(if any).<br> + <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> + <type>textarea</type> + <encoding>base64</encoding> + <cols>78</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>Custom ACLS (After_Auth)</fielddescr> + <fieldname>custom_options2_squid3</fieldname> + <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration after authetication definition(if any).<br> <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> <type>textarea</type> <encoding>base64</encoding> diff --git a/pkg_config.10.xml b/pkg_config.10.xml index e52ece81..9fd911e6 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -963,7 +963,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.10 pkg 2.2.1</version> + <version>3.3.10 pkg 2.2.2</version> <status>beta</status> <required_version>2.2</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index d2398704..ce23e24f 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1260,7 +1260,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.10 pkg 2.2.1</version> + <version>3.3.10 pkg 2.2.2</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 34fce7a6..328fc6b1 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1247,7 +1247,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.10 pkg 2.2.1</version> + <version>3.3.10 pkg 2.2.2</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> |