aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/squid-reverse/squid.xml67
-rw-r--r--pkg_config.8.xml2
-rw-r--r--pkg_config.8.xml.amd642
3 files changed, 63 insertions, 8 deletions
diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml
index 72c10ab6..6bc40c6f 100644
--- a/config/squid-reverse/squid.xml
+++ b/config/squid-reverse/squid.xml
@@ -10,7 +10,7 @@
authng.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2007 to whom it may belong
- Copyright (C) 2012 Marcello Coutinho
+ Copyright (C) 2012-2013 Marcello Coutinho
All rights reserved.
Based on m0n0wall (http://m0n0.ch/wall)
@@ -22,7 +22,7 @@
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
+ 1. Redistributions of source code MUST retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
@@ -47,7 +47,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>squid</name>
- <version>3.1.STABLE19</version>
+ <version>3.2.7</version>
<title>Proxy server: General settings</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<menu>
@@ -199,6 +199,11 @@
<item>http://www.pfsense.org/packages/config/squid-reverse/swapstate_check.php</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.org/packages/config/squid-reverse/squid_reverse_redir.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
<item>http://www.pfsense.org/packages/config/squid-reverse/squid_monitor.php</item>
@@ -254,11 +259,11 @@
<default_value>on</default_value>
</field>
<field>
- <fielddescr>Transparent proxy</fielddescr>
+ <fielddescr>Transparent HTTP proxy</fielddescr>
<fieldname>transparent_proxy</fieldname>
<description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br>
- <strong>NOTE:</strong> Transparent mode does not filter ssl(port 443) or any other http/https port.<br>
- To filter both http and https protocol without touching user config, enable WPAD/PAC options on your dns/dhcp.]]></description>
+ <strong>NOTE:</strong> Transparent mode will filter ssl(port 443) if enable men-in-the-middle options below.<br>
+ To filter both http and https protocol without intercepting ssl connections, enable WPAD/PAC options on your dns/dhcp.]]></description>
<type>checkbox</type>
<enablefields>private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields>
<required/>
@@ -303,6 +308,56 @@
<type>input</type>
<size>70</size>
</field>
+ <field>
+ <name>SSL man in the middle Filtering</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>HTTPS/SSL interception</fielddescr>
+ <fieldname>ssl_proxy</fieldname>
+ <description><![CDATA[Enable SSL filtering.]]></description>
+ <type>checkbox</type>
+ <enablefields>dca,dcert,sslcrtd_children,check_certificate</enablefields>
+ </field>
+ <field>
+ <fielddescr>SSL Proxy port</fielddescr>
+ <fieldname>ssl_proxy_port</fieldname>
+ <description>This is the port the proxy server will listen on to intercept ssl while using transparent proxy.</description>
+ <type>input</type>
+ <size>5</size>
+ <default_value>3129</default_value>
+ </field>
+ <field>
+ <fielddescr>Cert</fielddescr>
+ <fieldname>dcert</fieldname>
+ <description><![CDATA[Select Certificate to use in SSL interception<br>
+ To create a Certificate on pfsense, go to <strong>system -> Cert Manager<strong>]]></description>
+ <type>select_source</type>
+ <source><![CDATA[$config['cert']]]></source>
+ <source_name>descr</source_name>
+ <source_value>refid</source_value>
+ </field>
+ <field>
+ <fielddescr>sslcrtd children</fielddescr>
+ <fieldname>sslcrtd_children</fieldname>
+ <description><![CDATA[This is the number of ssl crt deamon children to start. Default value is 5.<br>
+ if Squid is used in busy environments this may need to be increased, as well as the number of 'sslcrtd_children']]></description>
+ <type>input</type>
+ <size>2</size>
+ <default_value>5</default_value>
+ </field>
+ <field>
+ <fielddescr>Remote Cert checks</fielddescr>
+ <fieldname>interception_checks</fieldname>
+ <description><![CDATA[Select remote ssl cert checks to do.<br>Defaul is to do not select any of these options.]]></description>
+ <type>select</type>
+ <options>
+ <option><name>Accept remote server certificate Erros</name><value>sslproxy_cert_error</value></option>
+ <option><name>Do not verify remote certificate</name><value>sslproxy_flags</value></option>
+ </options>
+ <multiple/>
+ <size>3</size>
+ </field>
<field>
<name>Logging Settings</name>
<type>listtopic</type>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 5c710d06..c4839470 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1246,7 +1246,7 @@
<pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>3.1.20 pkg 2.0.5_8</version>
+ <version>3.1.20 pkg 2.0.6</version>
<status>beta</status>
<required_version>2.0</required_version>
<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 29a657f0..7ed2207e 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -1233,7 +1233,7 @@
<pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>3.1.20 pkg 2.0.5_8</version>
+ <version>3.1.20 pkg 2.0.6</version>
<status>beta</status>
<required_version>2.0</required_version>
<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>