aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--packages/squid_cache.xml31
-rw-r--r--packages/squid_nac.xml108
-rw-r--r--packages/squid_ng.inc552
-rw-r--r--packages/squid_ng.xml386
-rw-r--r--packages/squid_traffic.xml24
-rw-r--r--packages/squid_upstream.xml28
6 files changed, 711 insertions, 418 deletions
diff --git a/packages/squid_cache.xml b/packages/squid_cache.xml
index 60445a6a..8741f319 100644
--- a/packages/squid_cache.xml
+++ b/packages/squid_cache.xml
@@ -1,14 +1,10 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
- <info>
- <name>squidcache</name>
- </info>
-
- <files></files>
- <menus></menus>
-
- <configpath>['installedpackages']['package']['squidcache']['configuration']['settings']</configpath>
+ <name>squidcache</name>
+ <title>Services: Squid Advanced Proxy</title>
+ <configpath>installedpackages->package->squidcache->configuration->settings</configpath>
+
<aftersaveredirect>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</aftersaveredirect>
<tabs>
@@ -40,12 +36,12 @@
<!-- <tab>
<text>Authentication Settings</text>
- <url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squidauth.xml&amp;id=0</url>
</tab>
<tab>
<text>Users</text>
- <url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squidusers.xml&amp;id=0</url>
</tab>
-->
</tabs>
@@ -54,7 +50,7 @@
<field>
<fielddescr>Memory Cache Size (MB)</fielddescr>
<fieldname>memory_cache_size</fieldname>
- <description>This is the amount of physical RAM to be used for negative cache and in-transit objects. This value should not exceed more than 50% of installed RAM. The minimum value is 1MB; the default is 2MB</description>
+ <description>This is the amount of physical RAM to be used for negative cache and in-transit objects. This value should not exceed more than 50% of installed RAM. The minimum value is 1MB; the default is 8MB</description>
<size>4</size>
<type>input</type>
<validation>number</validation>
@@ -130,7 +126,7 @@
<field>
<fielddescr>Domain</fielddescr>
<fieldname>domain</fieldname>
- <description>If required, the specified domains will never be cached. Only enter one domain per line.</description>
+ <description>If required, the specified domains will never be cached. Enter domains separated by a semicolon (;).</description>
<type>textarea</type>
<rows>10</rows>
<cols>50</cols>
@@ -145,10 +141,11 @@
</fields>
- <custom_php_global_functions>
- </custom_php_global_functions>
-
- <custom_add_php_command>
- </custom_add_php_command>
+ <custom_add_php_command_late>
+ require_once("/usr/local/pkg/squid_ng.inc");
+ global_write_squid_config();
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+ </custom_add_php_command_late>
+
</packagegui> \ No newline at end of file
diff --git a/packages/squid_nac.xml b/packages/squid_nac.xml
index b4e4ff24..70521b6d 100644
--- a/packages/squid_nac.xml
+++ b/packages/squid_nac.xml
@@ -1,14 +1,10 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
- <info>
- <name>squidnac</name>
- </info>
-
- <files></files>
- <menus></menus>
-
- <configpath>['installedpackages']['package']['squidnac']['configuration']['settings']</configpath>
+ <name>squidnac</name>
+ <title>Services: Squid Advanced Proxy</title>
+ <configpath>installedpackages->package->squidnac->configuration->settings</configpath>
+
<aftersaveredirect>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</aftersaveredirect>
<tabs>
@@ -40,12 +36,12 @@
<!-- <tab>
<text>Authentication Settings</text>
- <url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squidauth.xml&amp;id=0</url>
</tab>
<tab>
<text>Users</text>
- <url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squidusers.xml&amp;id=0</url>
</tab>
-->
</tabs>
@@ -54,65 +50,55 @@
<field>
<fielddescr>Allowed Subnets</fielddescr>
<fieldname>allowed_subnets</fieldname>
- <type>rowhelper</type>
- <rowhelper>
- <rowhelperfield>
- <fielddescr>Network Address</fielddescr>
- <fieldname>allowed_network_address</fieldname>
- <type>input</type>
- <size>32</size>
- <validation>number</validation>
- </rowhelperfield>
-
- <rowhelperfield>
- <fielddescr>Subnet Mask</fielddescr>
- <fieldname>allowed_subnet_mask</fieldname>
- <type>select</type>
- <options>
- <option><name>1</name><value>1</value></option>
- <option><name>2</name><value>2</value></option>
- <option><name>3</name><value>3</value></option>
- <option><name>4</name><value>4</value></option>
- <option><name>5</name><value>4</value></option>
- <option><name>6</name><value>4</value></option>
- <option><name>7</name><value>4</value></option>
- <option><name>8</name><value>4</value></option>
- <option><name>9</name><value>4</value></option>
- <option><name>10</name><value>4</value></option>
- <option><name>11</name><value>4</value></option>
- <option><name>12</name><value>4</value></option>
- <option><name>13</name><value>4</value></option>
- <option><name>14</name><value>4</value></option>
- <option><name>15</name><value>4</value></option>
- <option><name>16</name><value>4</value></option>
- <option><name>17</name><value>4</value></option>
- <option><name>18</name><value>4</value></option>
- <option><name>19</name><value>4</value></option>
- <option><name>20</name><value>4</value></option>
- <option><name>21</name><value>4</value></option>
- <option><name>22</name><value>4</value></option>
- <option><name>23</name><value>4</value></option>
- <option><name>24</name><value>4</value></option>
- <option><name>25</name><value>4</value></option>
- <option><name>26</name><value>4</value></option>
- <option><name>27</name><value>4</value></option>
- <option><name>28</name><value>4</value></option>
- <option><name>29</name><value>4</value></option>
- <option><name>30</name><value>4</value></option>
- <option><name>31</name><value>4</value></option>
- <option><name>32</name><value>4</value></option>
- </options>
- </rowhelperfield>
- </rowhelper>
+ <description>Subnets must be entered in the format of Network Address / Subnet Mask (e.g.: 192.168.1.0/24). Enter domains separated by a semicolon (;).</description>
+ <type>textarea</type>
+ <rows>5</rows>
+ <cols>50</cols>
</field>
<field>
<fielddescr>Unrestricted IP Addresses</fielddescr>
<fieldname>unrestricted_ip_address</fieldname>
+ <description>Specify each unrestricted IP address separated by a semicolon (;).</description>
<type>textarea</type>
- <rows>10</rows>
+ <rows>5</rows>
+ <cols>50</cols>
+ </field>
+
+ <field>
+ <fielddescr>Unrestricted MAC Addresses</fielddescr>
+ <fieldname>unrestricted_mac_addresses</fieldname>
+ <description>Specify each unrestricted MAC address separated by a semicolon (;).</description>
+ <type>textarea</type>
+ <rows>5</rows>
+ <cols>50</cols>
+ </field>
+
+ <field>
+ <fielddescr>Banned IP Addresses</fielddescr>
+ <fieldname>banned_ip_addresses</fieldname>
+ <description>Specify each banned IP address separated by a semicolon (l).</description>
+ <type>textarea</type>
+ <rows>5</rows>
+ <cols>50</cols>
+ </field>
+
+ <field>
+ <fielddescr>Banned MAC Addresses</fielddescr>
+ <fieldname>banned_mac_addresses</fieldname>
+ <description>Specify each banned MAC address separated by a semicolon (;).</description>
+ <type>textarea</type>
+ <rows>5</rows>
<cols>50</cols>
</field>
</fields>
+
+ <custom_add_php_command_late>
+ require_once("/usr/local/pkg/squid_ng.inc");
+
+ global_write_squid_config();
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+ </custom_add_php_command_late>
+
</packagegui> \ No newline at end of file
diff --git a/packages/squid_ng.inc b/packages/squid_ng.inc
new file mode 100644
index 00000000..33845789
--- /dev/null
+++ b/packages/squid_ng.inc
@@ -0,0 +1,552 @@
+<?php
+/* $Id$ */
+
+/*
+ squid_ng.inc
+ part of pfSense (www.pfSense.com)
+
+ Copyright (C) 2005 Michael Capp <michael.capp@gmail.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+function global_write_squid_config() {
+ conf_mount_rw();
+ config_lock();
+
+ global $config;
+
+ /* define squid configuration file in variable for replace function */
+ $squidconfig = "/usr/local/etc/squid/squid.conf";
+
+ /* squid_ng.xml values */
+ $active_interface = $config['installedpackages']['squidng']['config'][0]['active_interface'];
+ $transparent_proxy = $config['installedpackages']['squidng']['config'][0]['transparent_proxy'];
+ $log_enabled = $config['installedpackages']['squidng']['config'][0]['log_enabled'];
+ $urlfilter_enable = $config['installedpackages']['squidng']['config'][0]['urlfilter_enable'];
+ $log_query_terms = $config['installedpackages']['squidng']['config'][0]['log_query_terms'];
+ $log_user_agents = $config['installedpackages']['squidng']['config'][0]['log_user_agents'];
+ $proxy_port = $config['installedpackages']['squidng']['config'][0]['proxy_port'];
+ $visible_hostname = $config['installedpackages']['squidng']['config'][0]['visible_hostname'];
+ $cache_admin_email = $config['installedpackages']['squidng']['config'][0]['cache_admin_email'];
+ $error_language = $config['installedpackages']['squidng']['config'][0]['error_language'];
+
+ /* squid_upstream.xml values */
+ $proxy_forwarding = $config['installedpackages']['squidupstream']['config'][0]['proxy_forwarding'];
+ $client_ip_forwarding = $config['installedpackages']['squidupstream']['config'][0]['client_ip_forwarding'];
+ $user_forwarding = $config['installedpackages']['squidupstream']['config'][0]['user_forwarding'];
+ $upstream_proxy = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy'];
+ $upstream_proxy_port = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy_port'];
+ $upstream_username = $config['installedpackages']['squidupstream']['config'][0]['upstream_username'];
+ $upstream_password = $config['installedpackages']['squidupstream']['config'][0]['upstream_psasword'];
+
+ /* squidcache.xml values */
+ $memory_cache_size = $config['installedpackages']['squidcache']['config'][0]['memory_cache_size'];
+ $harddisk_cache_size = $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size'];
+ $minimum_object_size = $config['installedpackages']['squidcache']['config'][0]['minimum_object_size'];
+ $maximum_object_size = $config['installedpackages']['squidcache']['config'][0]['maximum_object_size'];
+ $level_subdirs = $config['installedpackages']['squidcache']['config'][0]['level_subdirs'];
+ $memory_replacement = $config['installedpackages']['squidcache']['config'][0]['memory_replacement'];
+ $cache_replacement = $config['installedpackages']['squidcache']['config'][0]['cache_replacement'];
+ $domain = $config['installedpackages']['squidcache']['config'][0]['domain'];
+ $enable_offline = $config['installedpackages']['squidcache']['config'][0]['enable_offline'];
+
+ /* squidnac.xml values */
+ $allowed_subnets = $config['installedpackages']['squidnac']['config'][0]['allowed_subnets'];
+ $unrestricted_ip_address = $config['installedpackages']['squidnac']['config'][0]['unrestricted_ip_address'];
+ $unrestricted_mac_addresses = $config['installedpackages']['squidnac']['config'][0]['unrestricted_mac_addresses'];
+ $banned_ip_addresses = $config['installedpackages']['squidnac']['config'][0]['banned_ip_addresses'];
+ $banned_mac_addresses = $config['installedpackages']['squidnac']['config'][0]['banned_mac_addresses'];
+
+ /* squidtraffic.xml values */
+ $max_download_size = $config['installedpackages']['squidtraffic']['config'][0]['max_download_size'];
+ $max_upload_size = $config['installedpackages']['squidtraffic']['config'][0]['max_upload_size'];
+ $dl_overall = $config['installedpackages']['squidtraffic']['config'][0]['dl_overall'];
+ $dl_per_host = $config['installedpackages']['squidtraffic']['config'][0]['dl_per_host'];
+ $throttle_binary_files = $config['installedpackages']['squidtraffic']['config'][0]['throttle_binary_files'];
+ $throttle_cd_images = $config['installedpackages']['squidtraffic']['config'][0]['throttle_cd_images'];
+ $throttle_multimedia = $config['installedpackages']['squidtraffic']['config'][0]['throttle_multimedia'];
+
+ /* squidauth.xml values (placeholder for now) */
+ $no_auth = $config['installedpackages']['squidtraffic']['config'][0]['no_auth'];
+ $local_auth = $config['installedpackages']['squidtraffic']['config'][0]['local_auth'];
+ $ldap_auth = $config['installedpackages']['squidtraffic']['config'][0]['ldap_auth'];
+ $windows_auth = $config['installedpackages']['squidtraffic']['config'][0]['windows_auth'];
+ $radius_auth = $config['installedpackages']['squidtraffic']['config'][0]['radius_auth'];
+ $auth_processes = $config['installedpackages']['squidtraffic']['config'][0]['auth_processes'];
+ $auth_cache_ttl = $config['installedpackages']['squidtraffic']['config'][0]['auth_cache_ttl'];
+ $limit_ip_addr = $config['installedpackages']['squidtraffic']['config'][0]['limit_ip_addr'];
+ $user_ip_cache_ttl = $config['installedpackages']['squidtraffic']['config'][0]['user_ip_cache_ttl'];
+ $req_unrestricted_auth = $config['installedpackages']['squidtraffic']['config'][0]['req_unrestricted_auth'];
+ $auth_realm_prompt = $config['installedpackages']['squidtraffic']['config'][0]['auth_realm_prompt'];
+ $no_domain_auth = $config['installedpackages']['squidtraffic']['config'][0]['no_domain_auth'];
+ $min_pass_length = $config['installedpackages']['squidtraffic']['config'][0]['min_pass_length'];
+ $bypass_extended = $config['installedpackages']['squidtraffic']['config'][0]['bypass_extended'];
+
+ $fout = fopen($squidconfig,"w");
+
+ /* option: shutdown_lifetime */
+ fwrite($fout, "shutdown_lifetime 5 seconds\n");
+ fwrite($fout, "\n");
+
+ /* option: icp_port */
+ if($icp_port == "") $icp_port="3130";
+ fwrite($fout, "icp_port " . $icp_port . "\n");
+
+ /* option: http_port */
+ if($http_port == "") $http_port="3128";
+ $int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['squidng']['config'][0]['active_interface']);
+ $listen_ip = find_interface_ip($int);
+ fwrite($fout, "http_port " . $listen_ip . ":" . $http_port . "\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
+ fwrite($fout, "no_cache deny QUERY\n");
+
+ if ($domain !== "") {
+ if (!file_exists("/usr/local/etc/squid/acls")) mwexec("/bin/mkdir -p /usr/local/etc/squid/acls");
+ $aclout = fopen("/usr/local/etc/squid/acls/dst_nocache.acl","w");
+
+ $domain_array = split(";",$domain);
+ foreach ($domain_array as $no_cache_domain) {
+ fwrite($aclout, $no_cache_domain . "\n");
+ }
+
+ fclose($aclout);
+
+ fwrite($fout, 'acl no_cache_domains dstdomain "/usr/local/etc/squid/acls/dst_nocache.acl"' . "\n");
+ fwrite($fout, "no_cache deny no_cache_domains\n");
+ }
+
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_effective_user squid\n");
+ fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "pid_filename /var/run/squid.pid\n");
+ fwrite($fout, "\n");
+
+ if ($memory_cache_size == "") $memory_cache_size="8";
+ fwrite($fout, "cache_mem " . $memory_cache_size . " MB\n");
+ if ($harddisk_cache_size == "") $harddisk_cache_size="500";
+ if ($level_subdirs == "") $level_subdirs="16";
+ fwrite($fout, "cache_dir aufs /var/squid/cache " . $harddisk_cache_size . " " . $level_subdirs . " 256\n");
+ fwrite($fout, "\n");
+
+ if ($error_language == "") $error_language="English";
+ fwrite($fout, "error_directory /usr/local/etc/squid/errors/" . $error_language . "\n");
+ fwrite($fout, "\n");
+
+ if ($offline_mode == "on") {
+ fwrite($fout, "offline_mode on\n");
+ fwrite($fout, "\n");
+ }
+
+ if ($memory_replacement == "") $memory_replacement="heap GDSF";
+ fwrite($fout, "memory_replacement_policy " . $memory_replacement . "\n");
+ if ($cache_replacement == "") $cache_replacement="heap GDSF";
+ fwrite($fout, "cache_replacement_policy " . $cache_replacement . "\n");
+ fwrite($fout, "\n");
+
+ if ($log_enabled == "on" ) {
+ fwrite($fout, "cache_access_log /var/squid/logs/access.log\n");
+ fwrite($fout, "cache_log /var/squid/logs/cache.log\n");
+ fwrite($fout, "cache_store_log none\n");
+ } else {
+ fwrite($fout, "cache_access_log /dev/null\n");
+ fwrite($fout, "cache_log /dev/null\n");
+ fwrite($fout, "cache_store_log none\n");
+ }
+
+ if ($log_query_terms == "on") {
+ fwrite($fout, "strip_query_terms off\n");
+ } else {
+ fwrite($fout, "strip_query_terms on\n");
+ }
+
+ if ($log_user_agents == "on") {
+ fwrite($fout, "useragent_log /var/squid/logs/useragent.log\n");
+ }
+ fwrite($fout, "\n");
+
+ fwrite($fout, "log_mime_hdrs off\n");
+ fwrite($fout, "emulate_httpd_log on\n");
+ if ($client_ip_forwarding !== "on") {
+ fwrite($fout, "forwarded_for off\n");
+ } elseif ($user_forwarding !== "on") {
+ fwrite($fout, "forwarded_for off\n");
+ } else {
+ fwrite($fout, "forwarded_for on\n");
+ }
+ fwrite($fout, "\n");
+
+ if ($no_auth == "on") {
+ fwrite($fout, "\n");
+ }
+
+ if ($local_auth == "on") {
+ fwrite($fout, "auth_param basic program /usr/local/libexec/squid/ncsa_auth /usr/local/etc/squid/advanced/ncsa/passwd\n");
+ fwrite($fout, "auth_param basic children 5\n");
+ fwrite($fout, "auth_param basic realm pfSense Advanced Proxy Service\n");
+ fwrite($fout, "auth_param basic credentialsttl 60 minutes\n");
+ fwrite($fout, "\n");
+ }
+
+ /* TODO: placeholder for local user management */
+
+ if ($throttle_binary_files == "on") {
+ if (!file_exists("/usr/local/etc/squid/acls")) mwexec("/bin/mkdir -p /usr/local/etc/squid/acls");
+ $binary_out = "\.bin$\n\.cab$\n\.gz$\n\.rar$\n\.sea$\n\.tar$\n\.tgz$\n\.zip$\n";
+
+ $throttle_out = fopen("/usr/local/etc/squid/acls/dst_throttle_binary.acl","w");
+ fwrite($throttle_out, $binary_out);
+ fwrite($fout, 'acl for_throttled_binary url_regex -i "/usr/local/etc/squid/acls/dst_throttle_binary.acl"' . "\n");
+ fclose($throttle_out);
+ } else {
+ if (file_exists("/usr/local/etc/squid/acls/dst_throttle_binary.acl")) unlink("/usr/local/etc/squid/acls/dst_throttle_binary.acl");
+ }
+
+ if ($throttle_cd_images == "on") {
+ if (!file_exists("/usr/local/etc/squid/acls")) mwexec("/bin/mkdir -p /usr/local/etc/squid/acls");
+
+ $cd_out = "\.b5t$\n\.bin$\n\.bwt$\n\.cdi$\n\.cue$\n\.gho$\n\.img$\n\.iso$\n\.mds$\n\.nrg$\n\.pqi$\n";
+
+ $throttle_out = fopen("/usr/local/etc/squid/acls/dst_throttle_cd.acl","w");
+ fwrite($throttle_out, $cd_out);
+ fwrite($fout, 'acl for_throttled_cd url_regex -i "/usr/local/etc/squid/acls/dst_throttle_cd.acl"' . "\n");
+ fclose($throttle_out);
+ } else {
+ if (file_exists("/usr/local/etc/squid/acls/dst_throttle_cd.acl")) unlink("/usr/local/etc/squid/acls/dst_throttle_cd.acl");
+ }
+
+ if ($throttle_multimedia == "on") {
+ if (!file_exists("/usr/local/etc/squid/acls")) mwexec("/bin/mkdir -p /usr/local/etc/squid/acls");
+
+ $multimedia_out = "\.aiff?$\n\.asf$\n\.avi$\n\.divx$\n\.mov$\n\.mp3$\n\.mpe?g$\n\.qt$\n\.ra?m$\n";
+
+ $throttle_out = fopen("/usr/local/etc/squid/acls/dst_throttle_multimedia.acl","w");
+ fwrite($throttle_out, $multimedia_out);
+ fwrite($fout, 'acl for_throttled_multimedia url_regex -i "/usr/local/etc/squid/acls/dst_throttle_multimedia.acl"' . "\n");
+ fclose($throttle_out);
+ } else {
+ if (file_exists("/usr/local/etc/squid/acls/dst_throttle_multimedia.acl")) unlink("/usr/local/etc/squid/acls/dst_throttle_multimedia.acl");
+ }
+
+ fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
+ fwrite($fout, "\n");
+
+ /* obtain interface subnet and address for Squid rules */
+ $lactive_interface = strtolower($active_interface);
+
+ $lancfg = $config['interfaces'][$lactive_interface];
+ $lanif = $lancfg['if'];
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
+ fwrite($fout, "acl Safe_ports port 80 # http\n");
+ fwrite($fout, "acl Safe_ports port 21 # ftp\n");
+ fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n");
+ fwrite($fout, "acl Safe_ports port 70 # gopher\n");
+ fwrite($fout, "acl Safe_ports port 210 # wais\n");
+ fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
+ fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
+ fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
+ fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
+ fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
+ fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
+ fwrite($fout, "\n");
+
+ /* allow access through proxy for custom admin port */
+ $custom_port = $config['system']['webgui']['port'];
+ if ($custom_port !== "") {
+ fwrite($fout, "acl pf_admin_port port " . $custom_port . "\n");
+ }
+
+ /* define subnets allowed to utilize proxy service */
+ if ($allowed_subnets !== "") {
+ if (!file_exists("/usr/local/etc/squid/acls")) mwexec("/bin/mkdir -p /usr/local/etc/squid/acls");
+
+ $aclout = fopen("/usr/local/etc/squid/acls/src_subnets.acl","w");
+
+ $allowed_subnets_array = split(";",$allowed_subnets);
+ foreach ($allowed_subnets_array as $ind_allowed_subnets) {
+ fwrite($aclout, $ind_allowed_subnets . "\n");
+ }
+
+ fclose($aclout);
+
+ fwrite($fout, 'acl pf_networks src "/usr/local/etc/squid/acls/src_subnets.acl"' . "\n");
+ }
+
+ /* define ip addresses that have 'unrestricted' access */
+ if ($unrestricted_ip_address !== "") {
+ if (!file_exists("/usr/local/etc/squid/acls")) mwexec("/bin/mkdir -p /usr/local/etc/squid/acls");
+ $aclout = fopen("/usr/local/etc/squid/acls/src_unrestricted_ip.acl","w");
+
+ $unrestricted_ip_array = split(";",$unrestricted_ip_address);
+ foreach ($unrestricted_ip_array as $ind_unrestricted_ip) {
+ fwrite($aclout, $ind_unrestricted_ip . "\n");
+ }
+
+ fclose($aclout);
+
+ fwrite($fout, 'acl pf_unrestricted_ip src "/usr/local/etc/squid/acls/src_unrestricted_ip.acl"' . "\n");
+ }
+
+ /* define mac addresses that have 'unrestricted' access */
+ if ($unrestricted_mac_addresses !== "") {
+ if (!file_exists("/usr/local/etc/squid/acls")) mwexec("/bin/mkdir -p /usr/local/etc/squid/acls");
+
+ $aclout = fopen("/usr/local/etc/squid/acls/src_unrestricted_mac.acl","w");
+
+ $unrestricted_mac_array = split(";",$unrestricted_mac_addresses);
+ foreach ($unrestricted_mac_array as $ind_unrestricted_mac) {
+ fwrite($aclout, $ind_unrestricted_mac . "\n");
+ }
+
+ fclose($aclout);
+
+ fwrite($fout, 'acl pf_unrestricted_mac src "/usr/local/etc/squid/acls/src_unrestricted_mac.acl"' . "\n");
+ }
+
+ /* define ip addresses that are banned from using the proxy service */
+ if ($banned_ip_addresses !== "") {
+ if (!file_exists("/usr/local/etc/squid/acls")) mwexec("/bin/mkdir -p /usr/local/etc/squid/acls");
+
+ $aclout = fopen("/usr/local/etc/squid/acls/src_banned_ip.acl","w");
+
+ $banned_ip_array = split(";",$banned_ip_addresses);
+ foreach ($banned_ip_array as $ind_banned_ip) {
+ fwrite($aclout, $ind_banned_ip . "\n");
+ }
+
+ fclose($aclout);
+
+ fwrite($fout, 'acl pf_banned_ip src "/usr/local/etc/squid/acls/src_banned_ip.acl"' . "\n");
+ }
+
+ /* define mac addresses that are banned from using the proxy service */
+ if ($banned_mac_addresses !== "") {
+ if (!file_exists("/usr/local/etc/squid/acls")) mwexec("/bin/mkdir -p /usr/local/etc/squid/acls");
+
+ $aclout = fopen("/usr/local/etc/squid/acls/src_banned_mac.acl","w");
+
+ $banned_mac_array = split(";",$banned_mac_addresses);
+ foreach ($banned_mac_array as $ind_banned_mac) {
+ fwrite($aclout, $ind_banned_mac . "\n");
+ }
+
+ fclose($aclout);
+
+ fwrite($fout, 'acl pf_banned_mac src "/usr/local/etc/squid/acls/src_banned_mac.acl"' . "\n");
+ }
+
+ fwrite($fout, "acl CONNECT method CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#access to squid; local machine; no restrictions\n");
+ fwrite($fout, "http_access allow localnet\n");
+ fwrite($fout, "http_access allow localhost\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Deny non web services\n");
+ fwrite($fout, "http_access deny !Safe_ports\n");
+ fwrite($fout, "http_access deny CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Set custom configured ACLs\n");
+ fwrite($fout, "http_access deny all\n");
+ fwrite($fout, "\n");
+
+ if ($dl_overall !== "" and $dl_per_host == "") {
+ fwrite($fout, "#Set throttle and bandwidth restrictions\n");
+
+ fwrite($fout, "delay_pools 1\n");
+ fwrite($fout, "delay_class 1 3\n");
+
+ if ($dl_overall == "unlimited") {
+ fwrite($fout, "delay_parameters 1 -1/-1 -1/-1 " . ($dl_overall * 125) . "/" . ($dl_overall * 250) . "\n");
+ } else {
+ fwrite($fout, "delay_parameters 1 " . ($dl_overall * 125) . "/" . ($dl_overall * 250) . " -1/-1 -1/-1\n");
+ }
+
+ /* if no unrestricted ip addresses are defined; this line is ignored */
+ if ($unrestricted_ip_address == "") fwrite($fout, "delay_access 1 deny pf_unrestricted_ip\n");
+
+ fwrite($fout, "#delay_access 1 deny for_extended_users\n");
+
+ /* this will define bandwidth delay restrictions for specified throttles */
+ if ($throttle_binary_files == "on") {
+ fwrite($fout, "delay_access 1 allow all for_throttled_binary\n");
+ }
+ if ($throttle_cd_images == "on") {
+ fwrite($fout, "delay_access 1 allow all for_throttled_cd\n");
+ }
+ if ($throttle_multimedia == "on") {
+ fwrite($fout, "delay_access 1 allow all for_throttled_multimedia\n");
+ } else {
+ fwrite($fout, "delay_access 1 allow all\n");
+ }
+ fwrite($fout, "delay_initial_bucket_level 100%\n\n");
+ }
+
+ if ($dl_per_host !== "" and $dl_overall == "") {
+ fwrite($fout, "#Set throttle and bandwidth restrictions\n");
+
+ fwrite($fout, "delay_pools 1\n");
+ fwrite($fout, "delay_class 1 3\n");
+
+ if ($dl_per_host == "unlimited") {
+ fwrite($fout, "delay_parameters 1 " . ($dl_per_host * 125) . "/" . ($dl_per_host * 250) . "-1/-1 -1/-1\n");
+ } else {
+ fwrite($fout, "delay_parameters 1 -1/-1 -1/-1 " . ($dl_per_host * 125) . "/" . ($dl_per_host * 250) . "\n");
+ }
+
+ /* if no unrestricted ip addresses are defined; this line is ignored */
+ if ($unrestricted_ip_address !== "") fwrite($fout, "delay_access 1 deny pf_unrestricted_ip\n");
+
+ fwrite($fout, "#delay_access 1 deny for_extended_users\n");
+
+ /* this will define bandwidth delay restrictions for specified throttles */
+ if ($throttle_binary_files == "on") {
+ fwrite($fout, "delay_access 1 allow all for_throttled_binary\n");
+ }
+ if ($throttle_cd_images == "on") {
+ fwrite($fout, "delay_access 1 allow all for_throttled_cd\n");
+ }
+ if ($throttle_multimedia == "on") {
+ fwrite($fout, "delay_access 1 allow all for_throttled_multimedia\n");
+ } else {
+ fwrite($fout, "delay_access 1 allow all\n");
+ }
+ fwrite($fout, "delay_initial_bucket_level 100%\n\n");
+ fwrite($fout, "\n");
+ }
+
+ if ($dl_overall !== "" and $dl_per_host !== "") {
+ /* if no bandwidth restrictions are specified, then these parameters are not necessary */
+ if ($dl_overall !== "unlimited" and $dl_per_host !== "unlimited") {
+ fwrite($fout, "#Set throttle and bandwidth restrictions\n");
+
+ if ($dl_overall == "unlimited" and $dl_per_host !== "") {
+ fwrite($fout, "delay_pools 1\n");
+ fwrite($fout, "delay_class 1 3\n");
+ fwrite($fout, "delay_parameters 1 -1/-1 -1/-1 " . ($dl_per_host * 125) . "/" . ($dl_overall * 250) . "\n");
+ } elseif ($dl_overall !== "" and $dl_per_host == "unlimited") {
+ fwrite($fout, "delay_pools 1\n");
+ fwrite($fout, "delay_class 1 3\n");
+ fwrite($fout, "delay_parameters 1 " . ($dl_overall * 125) . "/" . ($dl_overall * 250) . " -1/-1 -1/-1\n");
+ }
+ }
+
+ if ($dl_overall !== "unlimited" and $dl_per_host !== "unlimited") {
+
+ /* if no unrestricted ip addresses are defined; this line is ignored */
+ if ($unrestricted_ip_address !== "") fwrite($fout, "delay_access 1 deny pf_unrestricted_ip\n");
+
+ fwrite($fout, "#delay_access 1 deny for_extended_users\n");
+
+ /* this will define bandwidth delay restrictions for specified throttles */
+ if ($throttle_binary_files == "on") {
+ fwrite($fout, "delay_access 1 allow all for_throttled_binary\n");
+ }
+ if ($throttle_cd_images == "on") {
+ fwrite($fout, "delay_access 1 allow all for_throttled_cd\n");
+ }
+ if ($throttle_multimedia == "on") {
+ fwrite($fout, "delay_access 1 allow all for_throttled_multimedia\n");
+ } else {
+ fwrite($fout, "delay_access 1 allow all\n");
+ }
+ fwrite($fout, "delay_initial_bucket_level 100%\n\n");
+ }
+ }
+
+ fwrite($fout, "#Strip HTTP Header\n");
+ fwrite($fout, "header_access X-Forwarded-For deny all\n");
+ fwrite($fout, "header_access Via deny all\n");
+ fwrite($fout, "\n");
+
+ /* TODO: acl customization for snmp support */
+ fwrite($fout, "snmp_access deny all\n");
+ fwrite($fout, "\n");
+
+ if ($urlfilter_enable == "on") {
+ fwrite($fout, "redirect_program /usr/sbin/squidGuard");
+ fwrite($fout, "redirect_children 5");
+ fwrite($fout, "\n");
+ }
+
+ if ($max_upload_size != "") {
+ fwrite($fout, "request_body_max_size " . $max_download_size . "KB\n");
+ }
+
+ if ($max_download_size != "") {
+ if ($unrestricted_ip_addresses !== "") fwrite($fout, "reply_body_max_size 0 allow pf_unrestricted_ip\n");
+ fwrite($fout, "#reply_body_max_size 0 allow for_extended_users\n");
+ fwrite($fout, "reply_body_max_size " . $max_download_size * 1024 . " allow all\n");
+ fwrite($fout, "\n");
+ }
+
+ if ($visible_hostname !== "") {
+ fwrite($fout, "visible_hostname " . $visible_hostname . "\n");
+ }
+
+ if ($cache_admin_email !== "") {
+ fwrite($fout, "cache_mgr " . $cache_admin_email . "\n");
+ fwrite($fout, "\n");
+ }
+
+ if ($maximum_object_size == "") $maximum_object_size="4096";
+ if ($minimum_object_size == "") $minimum_object_size="0";
+ fwrite($fout, "maximum_object_size " . $maximum_object_size . " KB\n");
+ fwrite($fout, "minimum_object_size " . $minimum_object_size . " KB\n");
+ fwrite($fout, "\n");
+
+ if ($proxy_forwarding == "on") {
+ fwrite($fout, "cache_peer " . $upstream_proxy . "parent " . $upstream_proxy_port . "3130 login=" . upstream_username . ":" . upstream_password . " default no-query\n");
+ fwrite($fout, "never_direct allow all\n");
+ }
+
+ if ($transparent_proxy == "on") {
+ fwrite($fout, "httpd_accel_host virtual\n");
+ fwrite($fout, "httpd_accel_port 80\n");
+ fwrite($fout, "httpd_accel_with_proxy on\n");
+ fwrite($fout, "httpd_accel_uses_host_header on\n");
+ fwrite($fout, "\n");
+ }
+
+ fclose($fout);
+
+ conf_mount_ro();
+ config_unlock();
+
+ touch($squidconfig);
+} /* end function write_squid_config */
+
diff --git a/packages/squid_ng.xml b/packages/squid_ng.xml
index 0df323d5..bb8a2692 100644
--- a/packages/squid_ng.xml
+++ b/packages/squid_ng.xml
@@ -2,26 +2,32 @@
<packagegui>
<name>squidng</name>
+ <title>Services: Squid Advanced Proxy</title>
<category>Security</category>
<version>2.5.10_4</version>
- <title>Services: Squid Advanced Proxy</title>
+ <configpath>installedpackages->package->squidng->configuration->settings</configpath>
<!-- This defines the location where the config is stored within pfSense's
xml based global store -->
- <configpath>['installedpackages']['package']['squidng']['configuration']['settings']</configpath>
<aftersaveredirect>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</aftersaveredirect>
+ <menu>
+ <name>Squid Advanced Proxy</name>
+ <tooltiptext>Modify settings for Squid Advanced Proxy</tooltiptext>
+ <section>Services</section>
+ </menu>
+
<!-- TODO: Add xml to parse proxy logs into readable format
<menu>
<name>Proxy Log</name>
<section>Status</section>
<configfile>squid_log.xml</configfile>
</menu> -->
-
+
<files>
<file>
<type>package</type>
- <location>ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/www/squid-2.5.10_4.tbz</location>
+ <location>http://www.pfsense.org/packages/All/squid-2.5.STABLE10.tbz</location>
</file>
<file>
<type>package</type>
@@ -29,6 +35,12 @@
</file>
<!-- retrieves the configuration file for upstream proxy settings -->
+
+ <file>
+ <type>configfile</type>
+ <location>http://www.pfsense.com/packages/config/squid_ng.inc</location>
+ </file>
+
<file>
<type>configfile</type>
<location>http://www.pfsense.com/packages/config/squid_upstream.xml</location>
@@ -68,14 +80,6 @@
</files>
- <menus>
- <menu>
- <name>Squid Advanced Proxy</name>
- <tooltiptext>Modify settings for Squid Advanced Proxy</tooltiptext>
- <section>Services</section>
- </menu>
- </menus>
-
<tabs>
<tab>
<text>General Settings</text>
@@ -198,41 +202,40 @@
<description>Select the language in which the Proxy Server shall display error messages to users.</description>
<type>select</type>
<options>
- <option><name>Bulgarian</name><value>bulgarian</value></option>
- <option><name>Catalan</name><value>catalan</value></option>
- <option><name>Czech</name><value>czech</value></option>
- <option><name>Danish</name><value>danish</value></option>
- <option><name>Dutch</name><value>dutch</value></option>
- <option><name>English</name><value>english</value></option>
- <option><name>Estonian</name><value>estonian</value></option>
- <option><name>Finnish</name><value>finnish</value></option>
- <option><name>French</name><value>french</value></option>
- <option><name>German</name><value>german</value></option>
- <option><name>Hebrew</name><value>hebrew</value></option>
- <option><name>Hungarian</name><value>hungarian</value></option>
- <option><name>Italian</name><value>italian</value></option>
- <option><name>Japanese</name><value>japanese</value></option>
- <option><name>Korean</name><value>korean</value></option>
- <option><name>Lithuanian</name><value>lithuanian</value></option>
- <option><name>Polish</name><value>polish</value></option>
- <option><name>Portuguese</name><value>portuguese</value></option>
- <option><name>Romanian</name><value>romanian</value></option>
- <option><name>Russian-1251</name><value>russian_1251</value></option>
- <option><name>Russian-koi8-r</name><value>russian_koi8</value></option>
- <option><name>Serbian</name><value>serbian</value></option>
- <option><name>Simplified Chinese</name><value>simplified_chinese</value></option>
- <option><name>Slovak</name><value>slovak</value></option>
- <option><name>Spanish</name><value>spanish</value></option>
- <option><name>Swedish</name><value>swedish</value></option>
- <option><name>Traditional Chinese</name><value>traditional_chinese</value></option>
- <option><name>Turkish</name><value>turkish</value></option>
+ <option><name>Bulgarian</name><value>Bulgarian</value></option>
+ <option><name>Catalan</name><value>Catalan</value></option>
+ <option><name>Czech</name><value>Czech</value></option>
+ <option><name>Danish</name><value>Danish</value></option>
+ <option><name>Dutch</name><value>Dutch</value></option>
+ <option><name>English</name><value>English</value></option>
+ <option><name>Estonian</name><value>Estonian</value></option>
+ <option><name>Finnish</name><value>Finnish</value></option>
+ <option><name>French</name><value>French</value></option>
+ <option><name>German</name><value>German</value></option>
+ <option><name>Hebrew</name><value>Hebrew</value></option>
+ <option><name>Hungarian</name><value>Hungarian</value></option>
+ <option><name>Italian</name><value>Italian</value></option>
+ <option><name>Japanese</name><value>Japanese</value></option>
+ <option><name>Korean</name><value>Korean</value></option>
+ <option><name>Lithuanian</name><value>Lithuanian</value></option>
+ <option><name>Polish</name><value>Polish</value></option>
+ <option><name>Portuguese</name><value>Portuguese</value></option>
+ <option><name>Romanian</name><value>Romanian</value></option>
+ <option><name>Russian-1251</name><value>Russian-1251</value></option>
+ <option><name>Russian-koi8-r</name><value>Russian-koi8-r</value></option>
+ <option><name>Serbian</name><value>Serbian</value></option>
+ <option><name>Simplify Chinese</name><value>Simplify Chinese</value></option>
+ <option><name>Slovak</name><value>Slovak</value></option>
+ <option><name>Spanish</name><value>Spanish</value></option>
+ <option><name>Swedish</name><value>Swedish</value></option>
+ <option><name>Traditional Chinese</name><value>Traditional Chinese</value></option>
+ <option><name>Turkish</name><value>Turkish</value></option>
</options>
</field>
</fields>
-
- <!-- The below writes the configuration as defined by the GUI options -->
+ <!-- The below writes the configuration as defined by the GUI options -->
<custom_php_global_functions>
function write_static_squid_config() {
global $config;
@@ -242,7 +245,7 @@
$lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
$lansn = $lancfg['subnet'];
- $fout = fopen("/usr/local/etc/squid/squid.conf.new","w");
+ $fout = fopen("/usr/local/etc/squid/squid.conf","w");
fwrite($fout, "#\n");
fwrite($fout, "# This file was automatically generated by the pfSense package manager\n");
fwrite($fout, "# This default policy enables transparent proxy with no local disk logging\n");
@@ -256,28 +259,20 @@
fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
fwrite($fout, "no_cache deny QUERY\n");
- if ($domain != "") {
- $aclout = fopen("/usr/local/etc/squid/dst_nocache.acl","w");
- $each_domain = explode(" ", $domain);
- foreach ($each_domain as $line) {
- fwrite($aclout, $line . "\n");
- }
- fclose($aclout);
- }
fwrite($fout, "\n");
fwrite($fout, "pid_filename /var/run/squid.pid\n");
fwrite($fout, "\n");
fwrite($fout, "cache_mem 8 MB\n");
- fwrite($fout, "cache_dir aufs /usr/local/squid/cache 500 16 256\n");
+ fwrite($fout, "cache_dir ufs /var/squid/cache 500 16 256\n");
fwrite($fout, "\n");
- fwrite($fout, "error_directory /usr/local/squid/etc/errors/English\n");
+ fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n");
fwrite($fout, "\n");
fwrite($fout, "memory_replacement_policy heap LRU\n");
- fwrite($fout, "cache_replacement_policy heap GSDF\n");
+ fwrite($fout, "cache_replacement_policy heap GDSF\n");
fwrite($fout, "\n");
fwrite($fout, "cache_access_log /dev/null\n");
@@ -296,7 +291,6 @@
fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
- fwrite($fout, "acl SSL_ports port 443 563\n");
fwrite($fout, "acl Safe_ports port 80 # http\n");
fwrite($fout, "acl Safe_ports port 21 # ftp\n");
fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n");
@@ -336,7 +330,7 @@
fwrite($fout, "#Strip HTTP Header\n");
fwrite($fout, "header_access X-Forwarded-For deny all\n");
- fwrite($fout, "header_access deny all\n");
+ fwrite($fout, "header_access Via deny all\n");
fwrite($fout, "\n");
fwrite($fout, "maximum_object_size 4096 KB\n");
@@ -349,279 +343,40 @@
fclose($fout);
} <!-- end function write_static_squid_config() -->
-
- function global_write_squid_config() {
- global $config;
-
- <!-- define squid configuration file in variable for replace function -->
- $squidconfig = "/usr/local/etc/squid/squid.conf.new";
-
- <!-- squid_ng.xml values -->
- $active_interface = $config['installedpackages']['squidng']['config'][0]['active_interface'];
- $transparent_proxy = $config['installedpackages']['squidng']['config'][0]['transparent_proxy'];
- $log_enabled = $config['installedpackages']['squidng']['config'][0]['log_enabled'];
- $urlfilter_enable = $config['installedpackages']['squidng']['config'][0]['urlfilter_enable'];
- $log_query_terms = $config['installedpackages']['squidng']['config'][0]['log_query_terms'];
- $log_user_agents = $config['installedpackages']['squidng']['config'][0]['log_user_agents'];
- $proxy_port = $config['installedpackages']['squidng']['config'][0]['proxy_port'];
- $visible_hostname = $config['installedpackages']['squidng']['config'][0]['visible_hostname'];
- $cache_admin_email = $config['installedpackages']['squidng']['config'][0]['cache_admin_email'];
- $error_language = $config['installedpackages']['squidng']['config'][0]['error_language'];
-
- <!-- squid_upstream.xml values -->
- $proxy_forwarding = $config['installedpackages']['squidupstream']['config'][0]['proxy_forwarding'];
- $client_ip_forwarding = $config['installedpackages']['squidupstream']['config'][0]['client_ip_forwarding'];
- $user_forwarding = $config['installedpackages']['squidupstream']['config'][0]['user_forwarding'];
- $upstream_proxy = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy'];
- $upstream_proxy_port = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy_port'];
- $upstream_username = $config['installedpackages']['squidupstream']['config'][0]['upstream_username'];
- $upstream_password = $config['installedpackages']['squidupstream']['config'][0]['upstream_psasword'];
-
- <!-- squid_cache.xml values -->
- $memory_cache_size = $config['installedpackages']['squidcache']['config'][0]['memory_cache_size'];
- $harddisk_cache_size = $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size'];
- $minimum_object_size = $config['installedpackages']['squidcache']['config'][0]['minimum_object_size'];
- $maximum_object_size = $config['installedpackages']['squidcache']['config'][0]['maximum_object_size'];
- $level_subdirs = $config['installedpackages']['squidcache']['config'][0]['level_subdirs'];
- $memory_replacement = $config['installedpackages']['squidcache']['config'][0]['memory_replacement'];
- $cache_replacement = $config['installedpackages']['squidcache']['config'][0]['cache_replacement'];
- <!-- $domain <rowhelper> -->
- $enable_offline = $config['installedpackages']['squidcache']['config'][0]['enable_offline'];
-
- <!-- squid_nac.xml values -->
- $allowed_subnets = $config['installedpackages']['squidnac']['config'][0]['allowed_subnets'];
- <!-- allowed_network_address <rowhelper -->
- <!-- allowed_subnet_mask <rowhelper -->
- $unrestricted_ip_address = $config['installedpackages']['squidnac']['config'][0]['unrestricted_ip_address'];
-
- <!-- squid_traffic.xml values -->
- $max_download_size = $config['installedpackages']['squidtraffic']['config'][0]['max_download_size'];
- $max_upload_size = $config['installedpackages']['squidtraffic']['config'][0]['max_upload_size'];
- $dl_overall = $config['installedpackages']['squidtraffic']['config'][0]['dl_overall'];
- $dl_per_host = $config['installedpackages']['squidtraffic']['config'][0]['dl_per_host'];
- $throttle_binary_files = $config['installedpackages']['squidtraffic']['config'][0]['throttle_binary_files'];
- $throttle_cd_image = $config['installedpackages']['squidtraffic']['config'][0]['throttle_cd_image'];
- $throttle_multimedia = $config['installedpackages']['squidtraffic']['config'][0]['throttle_multimedia'];
-
- $fout = fopen($squidconfig,"w");
-
- <!-- option: shutdown_lifetime -->
- fwrite($fout, "shutdown_lifetime 5 seconds\n");
- fwrite($fout, "\n");
-
- <!-- option: icp_port -->
- if($icp_port == "") $icp_port="3130";
- fwrite($fout, "icp_port " . $icp_port . "\n");
-
- <!-- option: http_port -->
- if($http_port == "") $http_port="3128";
- $int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['squidng']['config'][0]['active_interface']);
- $listen_ip = find_interface_ip($int);
- fwrite($fout, "http_port " . $listen_ip . ":" . $http_port . "\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
- fwrite($fout, "non_cache deny QUERY\n");
-
-
- fwrite($fout, "\n");
-
- fwrite($fout, "cache_effective_user squid\n");
- fwrite($fout, "cache_effective_group squid\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "pid_filename /var/run/squid.pid\n");
- fwrite($fout, "\n");
-
- if ($memory_cache_size == "") $memory_cache_size="8";
- fwrite($fout, "cache_mem " . $memory_cache_size . " MB\n");
- if ($harddisk_cache_size == "") $harddisk_cache_size="500";
- if ($level_subdirs == "") $level_subdirs="16";
- fwrite($fout, "cache_dirs aufs /usr/local/squid/cache " . $harddisk_cache_size . " " . $level_subdirs . " 256\n");
- fwrite($fout, "\n");
-
- if ($error_language == "") $error_language="English";
- fwrite($fout, "error_directory /usr/local/squid/etc/errors/" . $error_language . "\n");
- fwrite($fout, "\n");
-
- if ($offline_mode == "on") {
- fwrite($fout, "offline_mode on\n");
- fwrite($fout, "\n");
- }
-
- if ($memory_replacement == "") $memory_replacement="heap GSDF";
- fwrite($fout, "memory_replacement_policy " . $memory_replacement . "\n");
- if ($cache_replacement == "") $cache_replacement="heap GSDF";
- fwrite($fout, "cache_replacement_policy " . $cache_replacement . "\n");
- fwrite($fout, "\n");
-
- if ($log_enabled == "on" ) {
- fwrite($fout, "cache_access_log /var/log/squid/access.log\n");
- fwrite($fout, "cache_log /var/log/squid/cache.log\n");
- fwrite($fout, "cache_store_log none\n");
- } else {
- fwrite($fout, "cache_access_log /dev/null\n");
- fwrite($fout, "cache_log /dev/null\n");
- fwrite($fout, "cache_store_log none\n");
- }
-
- if ($log_query_terms == "on") {
- fwrite($fout, "strip_query_terms off\n");
- } else {
- fwrite($fout, "strip_query_terms on\n");
- }
-
- if ($log_user_agents == "on") {
- fwrite($fout, "useragent_log /var/log/squid/useragent.log\n");
- }
- fwrite($fout, "\n");
-
- fwrite($fout, "log_mime_hdrs off\n");
- fwrite($fout, "emulate_httpd_log on\n");
- if ($client_ip_forwarding !== "on") {
- fwrite($fout, "forwarded_for off\n");
- } elseif ($user_forwarding !== "on") {
- fwrite($fout, "forwarded_for off\n");
- } else {
- fwrite($fout, "forwarded_for on\n");
- }
- fwrite($fout, "\n");
-
- fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
- fwrite($fout, "\n");
-
- <!-- obtain interface subnet and address for Squid rules -->
- $lactive_interface = strtolower($active_interface);
-
- $lancfg = $config['interfaces'][$lactive_interface];
- $lanif = $lancfg['if'];
- $lanip = $lancfg['ipaddr'];
- $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
- $lansn = $lancfg['subnet'];
-
- fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
- fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
- fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
- fwrite($fout, "acl SSL_ports port 443 563\n");
- fwrite($fout, "acl Safe_ports port 80 # http\n");
- fwrite($fout, "acl Safe_ports port 21 # ftp\n");
- fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n");
- fwrite($fout, "acl Safe_ports port 70 # gopher\n");
- fwrite($fout, "acl Safe_ports port 210 # wais\n");
- fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
- fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
- fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
- fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
- fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
- fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl CONNECT method CONNECT\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#access to squid; local machine; no restrictions\n");
- fwrite($fout, "http_access allow localnet\n");
- fwrite($fout, "http_access allow localhost\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#Deny non web services\n");
- fwrite($fout, "http_access deny !Safe_ports\n");
- fwrite($fout, "http_access deny CONNECT\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#Set custom configured ACLs\n");
- fwrite($fout, "http_access deny all\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "cache_effective_user squid\n");
- fwrite($fout, "cache_effective_group squid\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#Strip HTTP Header\n");
- fwrite($fout, "header_access X-Forwarded-For deny all\n");
- fwrite($fout, "header_access deny all\n");
- fwrite($fout, "\n");
-
- if ($urlfilter_enable == "on") {
- fwrite($fout, "redirect_program /usr/sbin/squidGuard");
- fwrite($fout, "redirect_children 5");
- }
-
- if ($visible_hostname !== "") {
- fwrite($fout, "visible_hostname " . $visible_hostname . "\n");
- }
-
- if ($cache_admin_email !== "") {
- fwrite($fout, "cache_mgr " . $cache_admin_email . "\n");
- }
-
- if ($maximum_object_size == "") $maximum_object_size="4096";
- if ($minimum_object_size == "") $minimum_object_size="0";
- fwrite($fout, "maximum_object_size " . $maximum_object_size . " KB\n");
- fwrite($fout, "minimum_object_size " . $minimum_object_size . " KB\n");
- fwrite($fout, "\n");
-
- if ($proxy_forwarding == "on") {
- fwrite($fout, "cache_peer " . $upstream_proxy . "parent " . $upstream_proxy_port . "3130 login=" . upstream_username . ":" . upstream_password . " default no-query\n");
- fwrite($fout, "never_direct allow all\n");
- }
-
- if ($transparent_proxy == "on") {
- fwrite($fout, "httpd_accel_host virtual\n");
- fwrite($fout, "httpd_accel_port 80\n");
- fwrite($fout, "httpd_accel_with_proxy on\n");
- fwrite($fout, "httpd_accel_uses_host_header on\n");
- fwrite($fout, "\n");
- }
-
- fclose($fout);
- } <!-- end function write_squid_config -->
-
</custom_php_global_functions>
- <custom_add_php_command>
- function sync_package_squid () {
- mwexec("/usr/local/sbin/squid -k reconfigure");
- conf_mount_ro(); <!-- mounts filesystems in read only mode -->
- config_unlock(); <!-- unlock the config file -->
- } <!-- end function sync_package_squid -->
-
- global_write_squid_config();
- <!-- sync_package_squid(); -->
- </custom_add_php_command>
-
- <custom_php_resync_command>
- function sync_package_squid() {
- mwexec("/usr/local/sbin/squid -k reconfigure");
- conf_mount_ro(); <!-- mounts filesystems in read only mode -->
- config_unlock(); <!-- unlock the config file -->
- }
-
+ <custom_add_php_command_late>
+ require_once("/usr/local/pkg/squid_ng.inc");
+
global_write_squid_config();
- sync_package_squid();
- </custom_php_resync_command>
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+ </custom_add_php_command_late>
<custom_php_install_command>
write_static_squid_config(); <!-- write initial config to work -->
+ update_output_window("Creating initialization scripts...");
$fout = fopen("/usr/local/etc/rc.d/squid.sh","w");
fwrite($fout, "#!/bin/sh\n");
- fwrite($fout, "# PACKAGE: Squid\n);
- fwrite($fout, "# EXECUTABLE: squid\n\n");
- fwrite($fout "# Alert system that we need the / mount rw\n");
- fwrite($fout, "touch /tmp/rw_root_mount\n\n");
+ fwrite($fout, "$pfSense: /usr/local/sbin/rc.d/squid.sh; created " . date(DATE_RFC822) . " mcapp\n");
+ fwrite($fout, "\n");
+ fwrite($fout, "touch /tmp/ro_root_mount\n\n");
fwrite($fout, "/usr/local/sbin/squid -D\n\n");
- fwrite($fout, "touch /tmp/filter_dirty\n\n");
+ fwrite($fout, "touch /tmp/filter_dirty\n\n");
fclose($fout);
chmod("/usr/local/etc/rc.d/squid.sh", 755);
- update_output_window("Configuring Squid... This may take a moment...");
- mwexec("/usr/local/sbin/squid -z");
- update_output_window("Starting Squid...");
+
+ if (!file_exists("/var/squid/cache")) {
+ update_output_window("Initializing Cache... This may take a moment...");
+ mwexec("/usr/local/sbin/squid -z");
+ }
+
+ update_output_window("Starting Squid Advanced Proxy...");
mwexec_bg("/usr/local/etc/rc.d/squid.sh");
filter_configure();
</custom_php_install_command>
-
+
<custom_php_deinstall_command>
rmdir_recursive("/usr/local/squid");
unlink_if_exists("/var/mail/squid");
@@ -629,12 +384,13 @@
unlink_if_exists("/usr/local/etc/squid/squid.conf");
unlink_if_exists("/usr/local/etc/squid");
unlink_if_exists("/usr/local/libexec/squid");
+ rmdir_recursive("/usr/local/etc/squid");
filter_configure();
</custom_php_deinstall_command>
- <!-- <start_command>/usr/local/etc/rc.d/squid.sh</start_command> -->
+ <start_command>/usr/local/etc/rc.d/squid.sh</start_command>
- <process_kill_command>squid</process_kill_command>
+ <process_kill_command>/usr/local/sbin/squid -k shutdown</process_kill_command>
</packagegui>
\ No newline at end of file
diff --git a/packages/squid_traffic.xml b/packages/squid_traffic.xml
index 037752e2..90ecc7af 100644
--- a/packages/squid_traffic.xml
+++ b/packages/squid_traffic.xml
@@ -1,14 +1,10 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
- <info>
- <name>squidtraffic</name>
- </info>
-
- <files></files>
- <menus></menus>
-
- <configpath>['installedpackages']['package']['squidtraffic']['configuration']['settings']</configpath>
+ <name>squidtraffic</name>
+ <title>Services: Squid Advanced Proxy</title>
+ <configpath>installedpackages->package->squidtraffic->configuration->settings</configpath>
+
<aftersaveredirect>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</aftersaveredirect>
<tabs>
@@ -40,12 +36,12 @@
<!--<tab>
<text>Authentication Settings</text>
- <url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squidauth.xml&amp;id=0</url>
</tab>
<tab>
<text>Users</text>
- <url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squidusers.xml&amp;id=0</url>
</tab>
-->
</tabs>
@@ -122,4 +118,12 @@
</field>
</fields>
+
+ <custom_add_php_command_late>
+ require_once("/usr/local/pkg/squid_ng.inc");
+
+ global_write_squid_config();
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+ </custom_add_php_command_late>
+
</packagegui> \ No newline at end of file
diff --git a/packages/squid_upstream.xml b/packages/squid_upstream.xml
index ab3eb008..b5270af4 100644
--- a/packages/squid_upstream.xml
+++ b/packages/squid_upstream.xml
@@ -1,17 +1,12 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
- <info>
- <name>squidupstream</name>
- </info>
+ <name>squidupstream</name>
+ <title>Services: Squid Advanced Proxy</title>
+ <configpath>installedpackages->package->squidupstream->configuration->settings</configpath>
- <files></files>
- <menus></menus>
-
- <configpath>['installedpackages']['package']['squidupstream']['configuration']['settings']</configpath>
<aftersaveredirect>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</aftersaveredirect>
-
<tabs>
<tab>
<text>General Settings</text>
@@ -41,14 +36,13 @@
<!-- <tab>
<text>Authentication Settings</text>
- <url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squidauth.xml&amp;id=0</url>
</tab>
<tab>
<text>Users</text>
- <url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
- </tab>
- -->
+ <url>/pkg_edit.php?xml=squidusers.xml&amp;id=0</url>
+ </tab> -->
</tabs>
<fields>
@@ -105,7 +99,11 @@
</field>
</fields>
- <custom_php_global_functions>
- </custom_php_global_functions>
-
+ <custom_add_php_command_late>
+ require_once("/usr/local/pkg/squid_ng.inc");
+
+ global_write_squid_config();
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+ </custom_add_php_command_late>
+
</packagegui> \ No newline at end of file