aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--packages/squid_cache.xml61
-rw-r--r--packages/squid_nac.xml23
-rw-r--r--packages/squid_ng.xml481
-rw-r--r--packages/squid_traffic.xml125
-rw-r--r--packages/squid_upstream.xml18
5 files changed, 587 insertions, 121 deletions
diff --git a/packages/squid_cache.xml b/packages/squid_cache.xml
index 0fd39977..60445a6a 100644
--- a/packages/squid_cache.xml
+++ b/packages/squid_cache.xml
@@ -2,18 +2,19 @@
<packagegui>
<info>
- <name>Squid Cache Management</name>
+ <name>squidcache</name>
</info>
<files></files>
<menus></menus>
- <configpath>installedpackages->package->$packagename->configuration->settings</configpath>
-
+ <configpath>['installedpackages']['package']['squidcache']['configuration']['settings']</configpath>
+ <aftersaveredirect>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</aftersaveredirect>
+
<tabs>
<tab>
<text>General Settings</text>
- <url>/pkg_edit.php?xml=squid1.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</url>
</tab>
<tab>
@@ -37,7 +38,7 @@
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
- <tab>
+ <!-- <tab>
<text>Authentication Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
@@ -45,7 +46,8 @@
<tab>
<text>Users</text>
<url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
- </tab>
+ </tab>
+ -->
</tabs>
<fields>
@@ -105,10 +107,10 @@
<description>The memory replacement policy determines which objects are purged from memory when space is needed. The default policy for memory replacement is GSDF. &lt;p&gt; &lt;b&gt; LRU: Last Recently Used Policy &lt;/b&gt; - The LRU policies keep recently referenced objects. i.e., it replaces the object that has not been accessed for the longest time. &lt;p&gt; &lt;b&gt; Heap GSDF: Greedy-Dual Size Frequency &lt;/b&gt; - The Heap GSDF policy optimizes object-hit rate by keeping smaller, popular objects in cache. It achieves a lower byte hit rate than LFUDA though, since it evicts larger (possibly popular) objects. &lt;p&gt; &lt;b&gt; Heap LFUDA: Least Frequently Used with Dynamic Aging &lt;/b&gt; - The Heap LFUDA policy keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate since one large, popular object will prevent many smaller, slightly less popular objects from being cached. &lt;p&gt; &lt;b&gt; Heap LRU: Last Recently Used &lt;/b&gt; - Works like LRU, but uses a heap instead. &lt;p&gt; Note: If using the LFUDA replacement policy, the value of Maximum Object Size should be increased above its default of 4096 KB to maximuze the potential byte hit rate improvement of LFUDA.</description>
<type>select</type>
<options>
- <option><name>LRU</name><value>lru</value></option>
- <option><name>Heap LFUDA</name><value>heap_lfuda</value></option>
- <option><name>Heap GDSF</name><value>heap_gdsf</value></option>
- <option><name>Heap LRU</name><value>heap_lru</value></option>
+ <option><name>LRU</name><value>LRU</value></option>
+ <option><name>Heap LFUDA</name><value>heap LFUDA</value></option>
+ <option><name>Heap GDSF</name><value>heap GSDF</value></option>
+ <option><name>Heap LRU</name><value>heap LRU</value></option>
</options>
</field>
@@ -118,34 +120,35 @@
<description>The cache replacement policy decides which objects will remain in cache and which objects are replaced to create space for the new objects. The default policy for cache replacement is LFUDA.</description>
<type>select</type>
<options>
- <option><name>LRU</name><value>lru</value></option>
- <option><name>Heap LFUDA</name><value>heap_lfuda</value></option>
- <option><name>Heap GDSF</name><value>heap_gdsf</value></option>
- <option><name>Heap LRU</name><value>heap_lru</value></option>
+ <option><name>LRU</name><value>LRU</value></option>
+ <option><name>Heap LFUDA</name><value>heap LFUDA</value></option>
+ <option><name>Heap GDSF</name><value>heap GSDF</value></option>
+ <option><name>Heap LRU</name><value>heap LRU</value></option>
</options>
</field>
-
+
<field>
- <fielddescr>Do not cache these domains</fielddescr>
- <fieldname>no_cache_domains</fieldname>
- <type>rowhelper</type>
- <rowhelper>
- <rowhelperfield>
- <fielddescr>Domain</fielddescr>
- <fieldname>domain</fieldname>
- <description>If required, the specified domains will never be cached.</description>
- <type>input</type>
- <size>40</size>
- </rowhelperfield>
- </rowhelper>
+ <fielddescr>Domain</fielddescr>
+ <fieldname>domain</fieldname>
+ <description>If required, the specified domains will never be cached. Only enter one domain per line.</description>
+ <type>textarea</type>
+ <rows>10</rows>
+ <cols>50</cols>
</field>
-
+
<field>
<fielddescr>Enable Offline Mode</fielddescr>
<fieldname>enable_offline</fieldname>
<description></description>
<type>checkbox</type>
</field>
-
+
</fields>
+
+ <custom_php_global_functions>
+ </custom_php_global_functions>
+
+ <custom_add_php_command>
+ </custom_add_php_command>
+
</packagegui> \ No newline at end of file
diff --git a/packages/squid_nac.xml b/packages/squid_nac.xml
index 39ab565a..b4e4ff24 100644
--- a/packages/squid_nac.xml
+++ b/packages/squid_nac.xml
@@ -2,18 +2,19 @@
<packagegui>
<info>
- <name>Squid Cache Management</name>
+ <name>squidnac</name>
</info>
<files></files>
<menus></menus>
- <configpath>installedpackages->package->$packagename->configuration->settings</configpath>
-
+ <configpath>['installedpackages']['package']['squidnac']['configuration']['settings']</configpath>
+ <aftersaveredirect>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</aftersaveredirect>
+
<tabs>
<tab>
<text>General Settings</text>
- <url>/pkg_edit.php?xml=squid1.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</url>
</tab>
<tab>
@@ -37,7 +38,7 @@
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
- <tab>
+ <!-- <tab>
<text>Authentication Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
@@ -46,6 +47,7 @@
<text>Users</text>
<url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
</tab>
+ -->
</tabs>
<fields>
@@ -107,14 +109,9 @@
<field>
<fielddescr>Unrestricted IP Addresses</fielddescr>
<fieldname>unrestricted_ip_address</fieldname>
- <type>rowhelper</type>
- <rowhelper>
- <rowhelperfield>
- <fielddescr>IP Address</fielddescr>
- <fieldname>unrestricted_ip_address</fieldname>
- <type>input</type>
- </rowhelperfield>
- </rowhelper>
+ <type>textarea</type>
+ <rows>10</rows>
+ <cols>50</cols>
</field>
</fields>
diff --git a/packages/squid_ng.xml b/packages/squid_ng.xml
index f2ae25ac..0df323d5 100644
--- a/packages/squid_ng.xml
+++ b/packages/squid_ng.xml
@@ -1,12 +1,22 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
- <info>
- <name>Squid</name>
- <category>Security</category>
- <version>2.5.10_4</version>
- <status>Alpha</status>
- </info>
+ <name>squidng</name>
+ <category>Security</category>
+ <version>2.5.10_4</version>
+ <title>Services: Squid Advanced Proxy</title>
+
+ <!-- This defines the location where the config is stored within pfSense's
+ xml based global store -->
+ <configpath>['installedpackages']['package']['squidng']['configuration']['settings']</configpath>
+ <aftersaveredirect>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</aftersaveredirect>
+
+ <!-- TODO: Add xml to parse proxy logs into readable format
+ <menu>
+ <name>Proxy Log</name>
+ <section>Status</section>
+ <configfile>squid_log.xml</configfile>
+ </menu> -->
<files>
<file>
@@ -42,17 +52,19 @@
<location>http://www.pfsense.com/packages/config/squid_traffic.xml</location>
</file>
- <!-- retrieves the configuration file for authentication settings -->
+ <!-- TODO: retrieves the configuration file for authentication settings
<file>
<type>configfile</type>
<location>http://www.pfsense.com/packages/config/squid_auth.xml</location>
</file>
+ -->
- <!-- retrieves the configuration file for user definitions -->
+ <!-- TODO: retrieves the configuration file for user definitions
<file>
<type>configfile</type>
<location>http://www.pfsense.com/packages/config/squid_users.xml</location>
</file>
+ -->
</files>
@@ -64,14 +76,10 @@
</menu>
</menus>
- <!-- This defines the location where the config is stored within pfSense's
- xml based global store -->
- <configpath>installedpackages->package->$packagename->configuration->settings</configpath>
-
<tabs>
<tab>
<text>General Settings</text>
- <url>/pkg_edit.php?xml=squid1.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</url>
<active/>
</tab>
@@ -95,6 +103,7 @@
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
+ <!--
<tab>
<text>Authentication Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
@@ -104,11 +113,12 @@
<text>Users</text>
<url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
</tab>
+ -->
</tabs>
<fields>
<field>
- <fielddescr>Listening Interface</fielddescr>
+ <fielddescr>Proxy Listening Interface</fielddescr>
<fieldname>active_interface</fieldname>
<description>This defines the active listening interface to which the proxy server will listen for its requests.</description>
<type>interfaces_selection</type>
@@ -129,6 +139,13 @@
</field>
<field>
+ <fielddescr>URL Filtering Enabled</fielddescr>
+ <fieldname>urlfilter_enable</fieldname>
+ <description>This enables the advanced functionality in conjunction with squidGuard to provide an array of URL filtering options. This squidGuard functionality can be additionally configured from Services -> Advanced Proxy Filtering</description>
+ <type>checkbox</type>
+ </field>
+
+ <field>
<fielddescr>Log Query Terms</fielddescr>
<fieldname>log_query_terms</fieldname>
<description>This will log the complete URL rather than the part of the URL containing dynamic queries.</description>
@@ -152,6 +169,14 @@
</field>
<field>
+ <fielddescr>ICP Port</fielddescr>
+ <fieldname>icp_port</fieldname>
+ <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. The default value is 0, which means this function is disabled.</description>
+ <size>4</size>
+ <type>input</type>
+ </field>
+
+ <field>
<fielddescr>Visible Hostname</fielddescr>
<fieldname>visible_hostname</fieldname>
<description>This URL is displayed on the Proxy Server error messages.</description>
@@ -209,97 +234,407 @@
<!-- The below writes the configuration as defined by the GUI options -->
<custom_php_global_functions>
- function write_squid_config() {
- conf_mount_rw(); <!-- mounts filesystems in read/write mode -->
- config_lock(); <!-- locks the config file -->
- global $config;
+ function write_static_squid_config() {
+ global $config;
+ $lancfg = $config['interfaces']['lan'];
+ $lanif = $lancfg['if'];
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ $fout = fopen("/usr/local/etc/squid/squid.conf.new","w");
+ fwrite($fout, "#\n");
+ fwrite($fout, "# This file was automatically generated by the pfSense package manager\n");
+ fwrite($fout, "# This default policy enables transparent proxy with no local disk logging\n");
+ fwrite($fout, "#\n");
+ fwrite($fout, "shutdown_lifetime 5 seconds\n");
+ fwrite($fout, "icp_port 0\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "http_port 3128\n");
+ fwrite($fout, "\n");
- $fout = fopen("/usr/local/etc/squid/squid.conf","w");
+ fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
+ fwrite($fout, "no_cache deny QUERY\n");
+ if ($domain != "") {
+ $aclout = fopen("/usr/local/etc/squid/dst_nocache.acl","w");
+ $each_domain = explode(" ", $domain);
+ foreach ($each_domain as $line) {
+ fwrite($aclout, $line . "\n");
+ }
+ fclose($aclout);
+ }
+ fwrite($fout, "\n");
+
+ fwrite($fout, "pid_filename /var/run/squid.pid\n");
+ fwrite($fout, "\n");
- <!-- if listening interface is specified, identifies the ip address -->
- if ($active_interface != "") {
- lan_iface = $active_interface['if'];
- listen_ip = $lan_iface['ipaddr'];
- iface_subnet_address = gen_subnet($lan_iface['ipaddr'], $lan_iface['subnet']);
- iface_subnet_network = $lan_iface['subnet'];
- }
-
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option shutdown_lifetime:
- this puts squid into shutdown pending mode until all sockets are
- closed. any active clients after the specified seconds will
- receive a 'timeout'.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- fwrite($fout, "shutdown_lifetime 5 seconds\n");
-
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option icp_port:
- the port where squid sends and receives ICP queries to and from
- neighbor caches. a value of "0" disables this feature. default
- is "3130".
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- fwrite($fout, "icp_port 3130\n");
+ fwrite($fout, "cache_mem 8 MB\n");
+ fwrite($fout, "cache_dir aufs /usr/local/squid/cache 500 16 256\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "error_directory /usr/local/squid/etc/errors/English\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "memory_replacement_policy heap LRU\n");
+ fwrite($fout, "cache_replacement_policy heap GSDF\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_access_log /dev/null\n");
+ fwrite($fout, "cache_log /dev/null\n");
+ fwrite($fout, "cache_store_log none\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "log_mime_hdrs off\n");
+ fwrite($fout, "emulate_httpd_log on\n");
+ fwrite($fout, "forwarded_for off\n");
fwrite($fout, "\n");
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option http_port:
- this specifies the ip address/port that squid will be listening
- on for requests. the below evaluates if a value was entered for
- the listening port and defines the value.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- if ($http_port == "") $http_port="3128";
- fwrite($fout, "http_port " . $listen_ip . " " . $proxy_port . "\n");
+ fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
+ fwrite($fout, "acl SSL_ports port 443 563\n");
+ fwrite($fout, "acl Safe_ports port 80 # http\n");
+ fwrite($fout, "acl Safe_ports port 21 # ftp\n");
+ fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n");
+ fwrite($fout, "acl Safe_ports port 70 # gopher\n");
+ fwrite($fout, "acl Safe_ports port 210 # wais\n");
+ fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
+ fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
+ fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
+ fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
+ fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
+ fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl CONNECT method CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#access to squid; local machine; no restrictions\n");
+ fwrite($fout, "http_access allow localnet\n");
+ fwrite($fout, "http_access allow localhost\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Deny non web services\n");
+ fwrite($fout, "http_access deny !Safe_ports\n");
+ fwrite($fout, "http_access deny CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Set custom configured ACLs\n");
+ fwrite($fout, "http_access deny all\n");
+ fwrite($fout, "visible_hostname pfSense\n");
+ fwrite($fout, "httpd_accel_host virtual\n");
+ fwrite($fout, "httpd_accel_port 80\n");
+ fwrite($fout, "httpd_accel_with_proxy on\n");
+ fwrite($fout, "httpd_accel_uses_host_header on\n");
+ fwrite($fout, "cache_effective_user squid\n");
+ fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Strip HTTP Header\n");
+ fwrite($fout, "header_access X-Forwarded-For deny all\n");
+ fwrite($fout, "header_access deny all\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "maximum_object_size 4096 KB\n");
+ fwrite($fout, "minimum_object_size 0 KB\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "request_body_max_size 0 KB\n");
+ fwrite($fout, "reply_body_max_size 0 allow all\n");
+ fwrite($fout, "\n");
+
+ fclose($fout);
+ } <!-- end function write_static_squid_config() -->
+
+ function global_write_squid_config() {
+ global $config;
+
+ <!-- define squid configuration file in variable for replace function -->
+ $squidconfig = "/usr/local/etc/squid/squid.conf.new";
+
+ <!-- squid_ng.xml values -->
+ $active_interface = $config['installedpackages']['squidng']['config'][0]['active_interface'];
+ $transparent_proxy = $config['installedpackages']['squidng']['config'][0]['transparent_proxy'];
+ $log_enabled = $config['installedpackages']['squidng']['config'][0]['log_enabled'];
+ $urlfilter_enable = $config['installedpackages']['squidng']['config'][0]['urlfilter_enable'];
+ $log_query_terms = $config['installedpackages']['squidng']['config'][0]['log_query_terms'];
+ $log_user_agents = $config['installedpackages']['squidng']['config'][0]['log_user_agents'];
+ $proxy_port = $config['installedpackages']['squidng']['config'][0]['proxy_port'];
+ $visible_hostname = $config['installedpackages']['squidng']['config'][0]['visible_hostname'];
+ $cache_admin_email = $config['installedpackages']['squidng']['config'][0]['cache_admin_email'];
+ $error_language = $config['installedpackages']['squidng']['config'][0]['error_language'];
+
+ <!-- squid_upstream.xml values -->
+ $proxy_forwarding = $config['installedpackages']['squidupstream']['config'][0]['proxy_forwarding'];
+ $client_ip_forwarding = $config['installedpackages']['squidupstream']['config'][0]['client_ip_forwarding'];
+ $user_forwarding = $config['installedpackages']['squidupstream']['config'][0]['user_forwarding'];
+ $upstream_proxy = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy'];
+ $upstream_proxy_port = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy_port'];
+ $upstream_username = $config['installedpackages']['squidupstream']['config'][0]['upstream_username'];
+ $upstream_password = $config['installedpackages']['squidupstream']['config'][0]['upstream_psasword'];
+
+ <!-- squid_cache.xml values -->
+ $memory_cache_size = $config['installedpackages']['squidcache']['config'][0]['memory_cache_size'];
+ $harddisk_cache_size = $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size'];
+ $minimum_object_size = $config['installedpackages']['squidcache']['config'][0]['minimum_object_size'];
+ $maximum_object_size = $config['installedpackages']['squidcache']['config'][0]['maximum_object_size'];
+ $level_subdirs = $config['installedpackages']['squidcache']['config'][0]['level_subdirs'];
+ $memory_replacement = $config['installedpackages']['squidcache']['config'][0]['memory_replacement'];
+ $cache_replacement = $config['installedpackages']['squidcache']['config'][0]['cache_replacement'];
+ <!-- $domain <rowhelper> -->
+ $enable_offline = $config['installedpackages']['squidcache']['config'][0]['enable_offline'];
+
+ <!-- squid_nac.xml values -->
+ $allowed_subnets = $config['installedpackages']['squidnac']['config'][0]['allowed_subnets'];
+ <!-- allowed_network_address <rowhelper -->
+ <!-- allowed_subnet_mask <rowhelper -->
+ $unrestricted_ip_address = $config['installedpackages']['squidnac']['config'][0]['unrestricted_ip_address'];
+
+ <!-- squid_traffic.xml values -->
+ $max_download_size = $config['installedpackages']['squidtraffic']['config'][0]['max_download_size'];
+ $max_upload_size = $config['installedpackages']['squidtraffic']['config'][0]['max_upload_size'];
+ $dl_overall = $config['installedpackages']['squidtraffic']['config'][0]['dl_overall'];
+ $dl_per_host = $config['installedpackages']['squidtraffic']['config'][0]['dl_per_host'];
+ $throttle_binary_files = $config['installedpackages']['squidtraffic']['config'][0]['throttle_binary_files'];
+ $throttle_cd_image = $config['installedpackages']['squidtraffic']['config'][0]['throttle_cd_image'];
+ $throttle_multimedia = $config['installedpackages']['squidtraffic']['config'][0]['throttle_multimedia'];
+
+ $fout = fopen($squidconfig,"w");
+
+ <!-- option: shutdown_lifetime -->
+ fwrite($fout, "shutdown_lifetime 5 seconds\n");
+ fwrite($fout, "\n");
+
+ <!-- option: icp_port -->
+ if($icp_port == "") $icp_port="3130";
+ fwrite($fout, "icp_port " . $icp_port . "\n");
+ <!-- option: http_port -->
+ if($http_port == "") $http_port="3128";
+ $int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['squidng']['config'][0]['active_interface']);
+ $listen_ip = find_interface_ip($int);
+ fwrite($fout, "http_port " . $listen_ip . ":" . $http_port . "\n");
fwrite($fout, "\n");
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option acl QUERY urlpath_regex cgi-bin \?:
- option non_cache deny QUERY:
- this forces squid to never cache files in the below specified
- directory for security and performance reasons.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
fwrite($fout, "non_cache deny QUERY\n");
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option cache_effective_user:
- option cache_effective_group:
- this specifies the UID/GID that the cache process will run on.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+
+ fwrite($fout, "\n");
+
fwrite($fout, "cache_effective_user squid\n");
fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- option pid_filename:
- this specifies the path and filename to write the process-id to.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
fwrite($fout, "pid_filename /var/run/squid.pid\n");
-
+ fwrite($fout, "\n");
+
+ if ($memory_cache_size == "") $memory_cache_size="8";
+ fwrite($fout, "cache_mem " . $memory_cache_size . " MB\n");
+ if ($harddisk_cache_size == "") $harddisk_cache_size="500";
+ if ($level_subdirs == "") $level_subdirs="16";
+ fwrite($fout, "cache_dirs aufs /usr/local/squid/cache " . $harddisk_cache_size . " " . $level_subdirs . " 256\n");
+ fwrite($fout, "\n");
+
+ if ($error_language == "") $error_language="English";
+ fwrite($fout, "error_directory /usr/local/squid/etc/errors/" . $error_language . "\n");
+ fwrite($fout, "\n");
+
+ if ($offline_mode == "on") {
+ fwrite($fout, "offline_mode on\n");
+ fwrite($fout, "\n");
+ }
+
+ if ($memory_replacement == "") $memory_replacement="heap GSDF";
+ fwrite($fout, "memory_replacement_policy " . $memory_replacement . "\n");
+ if ($cache_replacement == "") $cache_replacement="heap GSDF";
+ fwrite($fout, "cache_replacement_policy " . $cache_replacement . "\n");
+ fwrite($fout, "\n");
+
+ if ($log_enabled == "on" ) {
+ fwrite($fout, "cache_access_log /var/log/squid/access.log\n");
+ fwrite($fout, "cache_log /var/log/squid/cache.log\n");
+ fwrite($fout, "cache_store_log none\n");
+ } else {
+ fwrite($fout, "cache_access_log /dev/null\n");
+ fwrite($fout, "cache_log /dev/null\n");
+ fwrite($fout, "cache_store_log none\n");
+ }
+
+ if ($log_query_terms == "on") {
+ fwrite($fout, "strip_query_terms off\n");
+ } else {
+ fwrite($fout, "strip_query_terms on\n");
+ }
+
+ if ($log_user_agents == "on") {
+ fwrite($fout, "useragent_log /var/log/squid/useragent.log\n");
+ }
+ fwrite($fout, "\n");
+
+ fwrite($fout, "log_mime_hdrs off\n");
+ fwrite($fout, "emulate_httpd_log on\n");
+ if ($client_ip_forwarding !== "on") {
+ fwrite($fout, "forwarded_for off\n");
+ } elseif ($user_forwarding !== "on") {
+ fwrite($fout, "forwarded_for off\n");
+ } else {
+ fwrite($fout, "forwarded_for on\n");
+ }
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
+ fwrite($fout, "\n");
+
+ <!-- obtain interface subnet and address for Squid rules -->
+ $lactive_interface = strtolower($active_interface);
+
+ $lancfg = $config['interfaces'][$lactive_interface];
+ $lanif = $lancfg['if'];
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
+ fwrite($fout, "acl SSL_ports port 443 563\n");
+ fwrite($fout, "acl Safe_ports port 80 # http\n");
+ fwrite($fout, "acl Safe_ports port 21 # ftp\n");
+ fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n");
+ fwrite($fout, "acl Safe_ports port 70 # gopher\n");
+ fwrite($fout, "acl Safe_ports port 210 # wais\n");
+ fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
+ fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
+ fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
+ fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
+ fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
+ fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl CONNECT method CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#access to squid; local machine; no restrictions\n");
+ fwrite($fout, "http_access allow localnet\n");
+ fwrite($fout, "http_access allow localhost\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Deny non web services\n");
+ fwrite($fout, "http_access deny !Safe_ports\n");
+ fwrite($fout, "http_access deny CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Set custom configured ACLs\n");
+ fwrite($fout, "http_access deny all\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_effective_user squid\n");
+ fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Strip HTTP Header\n");
+ fwrite($fout, "header_access X-Forwarded-For deny all\n");
+ fwrite($fout, "header_access deny all\n");
+ fwrite($fout, "\n");
+
+ if ($urlfilter_enable == "on") {
+ fwrite($fout, "redirect_program /usr/sbin/squidGuard");
+ fwrite($fout, "redirect_children 5");
+ }
+
+ if ($visible_hostname !== "") {
+ fwrite($fout, "visible_hostname " . $visible_hostname . "\n");
+ }
+
+ if ($cache_admin_email !== "") {
+ fwrite($fout, "cache_mgr " . $cache_admin_email . "\n");
+ }
+
+ if ($maximum_object_size == "") $maximum_object_size="4096";
+ if ($minimum_object_size == "") $minimum_object_size="0";
+ fwrite($fout, "maximum_object_size " . $maximum_object_size . " KB\n");
+ fwrite($fout, "minimum_object_size " . $minimum_object_size . " KB\n");
+ fwrite($fout, "\n");
+
+ if ($proxy_forwarding == "on") {
+ fwrite($fout, "cache_peer " . $upstream_proxy . "parent " . $upstream_proxy_port . "3130 login=" . upstream_username . ":" . upstream_password . " default no-query\n");
+ fwrite($fout, "never_direct allow all\n");
+ }
+
+ if ($transparent_proxy == "on") {
+ fwrite($fout, "httpd_accel_host virtual\n");
+ fwrite($fout, "httpd_accel_port 80\n");
+ fwrite($fout, "httpd_accel_with_proxy on\n");
+ fwrite($fout, "httpd_accel_uses_host_header on\n");
+ fwrite($fout, "\n");
+ }
+
fclose($fout);
- }
+ } <!-- end function write_squid_config -->
+
</custom_php_global_functions>
<custom_add_php_command>
- function sync_package_squid;
- write_squid_config();
+ function sync_package_squid () {
mwexec("/usr/local/sbin/squid -k reconfigure");
conf_mount_ro(); <!-- mounts filesystems in read only mode -->
config_unlock(); <!-- unlock the config file -->
- }
+ } <!-- end function sync_package_squid -->
- sync_package_squid();
+ global_write_squid_config();
+ <!-- sync_package_squid(); -->
</custom_add_php_command>
<custom_php_resync_command>
- function sync_package_squid;
- write_squid_config();
+ function sync_package_squid() {
mwexec("/usr/local/sbin/squid -k reconfigure");
conf_mount_ro(); <!-- mounts filesystems in read only mode -->
config_unlock(); <!-- unlock the config file -->
}
+ global_write_squid_config();
sync_package_squid();
</custom_php_resync_command>
+ <custom_php_install_command>
+ write_static_squid_config(); <!-- write initial config to work -->
+
+ $fout = fopen("/usr/local/etc/rc.d/squid.sh","w");
+ fwrite($fout, "#!/bin/sh\n");
+ fwrite($fout, "# PACKAGE: Squid\n);
+ fwrite($fout, "# EXECUTABLE: squid\n\n");
+ fwrite($fout "# Alert system that we need the / mount rw\n");
+ fwrite($fout, "touch /tmp/rw_root_mount\n\n");
+ fwrite($fout, "/usr/local/sbin/squid -D\n\n");
+ fwrite($fout, "touch /tmp/filter_dirty\n\n");
+ fclose($fout);
+
+ chmod("/usr/local/etc/rc.d/squid.sh", 755);
+ update_output_window("Configuring Squid... This may take a moment...");
+ mwexec("/usr/local/sbin/squid -z");
+ update_output_window("Starting Squid...");
+ mwexec_bg("/usr/local/etc/rc.d/squid.sh");
+ filter_configure();
+ </custom_php_install_command>
+
+ <custom_php_deinstall_command>
+ rmdir_recursive("/usr/local/squid");
+ unlink_if_exists("/var/mail/squid");
+ unlink_if_exists("/usr/local/etc/rc.d/squid");
+ unlink_if_exists("/usr/local/etc/squid/squid.conf");
+ unlink_if_exists("/usr/local/etc/squid");
+ unlink_if_exists("/usr/local/libexec/squid");
+ filter_configure();
+ </custom_php_deinstall_command>
+
+ <!-- <start_command>/usr/local/etc/rc.d/squid.sh</start_command> -->
+
+ <process_kill_command>squid</process_kill_command>
+
</packagegui>
\ No newline at end of file
diff --git a/packages/squid_traffic.xml b/packages/squid_traffic.xml
new file mode 100644
index 00000000..037752e2
--- /dev/null
+++ b/packages/squid_traffic.xml
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="utf-8" ?>
+
+<packagegui>
+ <info>
+ <name>squidtraffic</name>
+ </info>
+
+ <files></files>
+ <menus></menus>
+
+ <configpath>['installedpackages']['package']['squidtraffic']['configuration']['settings']</configpath>
+ <aftersaveredirect>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</aftersaveredirect>
+
+ <tabs>
+ <tab>
+ <text>General Settings</text>
+ <url>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</url>
+ </tab>
+
+ <tab>
+ <text>Upstream Proxy</text>
+ <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ </tab>
+
+ <tab>
+ <text>Cache Mgmt</text>
+ <url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
+ </tab>
+
+ <tab>
+ <text>Network Access Control</text>
+ <url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
+ </tab>
+
+ <tab>
+ <text>Traffic Mgmt</text>
+ <url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
+ <active/>
+ </tab>
+
+ <!--<tab>
+ <text>Authentication Settings</text>
+ <url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
+ </tab>
+
+ <tab>
+ <text>Users</text>
+ <url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
+ </tab>
+ -->
+ </tabs>
+
+ <fields>
+ <field>
+ <fielddescr>Maximum Download Size (KB)</fielddescr>
+ <fieldname>max_download_size</fieldname>
+ <description>This value allows limitation to download size (in KB) for each download request. The default value is 0, which disables the limitation.</description>
+ <type>input</type>
+ <size>4</size>
+ </field>
+
+ <field>
+ <fielddescr>Maximum Upload Size (KB)</fielddescr>
+ <fieldname>max_upload_size</fieldname>
+ <description>This value allows limitation to upload size (in KB) for each upload request. The default value is 0, which disables the limitation.</description>
+ <type>input</type>
+ <size>4</size>
+ </field>
+
+ <field>
+ <fielddescr>Download Throttle on Interface</fielddescr>
+ <fieldname>dl_overall</fieldname>
+ <description>This value specifies the bandwidth throttle on the interface if desired.</description>
+ <type>select</type>
+ <options>
+ <option><name>64 kBit/s</name><value>64</value></option>
+ <option><name>128 kBit/s</name><value>128</value></option>
+ <option><name>256 kBit/s</name><value>256</value></option>
+ <option><name>512 kBit/s</name><value>512</value></option>
+ <option><name>1024 kBit/s</name><value>1024</value></option>
+ <option><name>2048 kBit/s</name><value>2048</value></option>
+ <option><name>3072 kBit/s</name><value>3072</value></option>
+ <option><name>5120 kBit/s</name><value>5120</value></option>
+ <option><name>Unlimited</name><value>unlimited</value></option>
+ </options>
+ </field>
+
+ <field>
+ <fielddescr>Download Limit Per Host</fielddescr>
+ <fieldname>dl_per_host</fieldname>
+ <description>This value specifies the download limit per host if desired.</description>
+ <type>select</type>
+ <options>
+ <option><name>64 kBit/s</name><value>64</value></option>
+ <option><name>128 kBit/s</name><value>128</value></option>
+ <option><name>256 kBit/s</name><value>256</value></option>
+ <option><name>512 kBit/s</name><value>512</value></option>
+ <option><name>1024 kBit/s</name><value>1024</value></option>
+ <option><name>2048 kBit/s</name><value>2048</value></option>
+ <option><name>3072 kBit/s</name><value>3072</value></option>
+ <option><name>5120 kBit/s</name><value>5120</value></option>
+ <option><name>Unlimited</name><value>unlimited</value></option>
+ </options>
+ </field>
+
+ <field>
+ <fielddescr>Throttle Binary Files</fielddescr>
+ <fieldname>throttle_binary_files</fieldname>
+ <type>checkbox</type>
+ </field>
+
+ <field>
+ <fielddescr>Throttle CD Images</fielddescr>
+ <fieldname>throttle_cd_images</fieldname>
+ <type>checkbox</type>
+ </field>
+
+ <field>
+ <fielddescr>Throttle Multimedia</fielddescr>
+ <fieldname>throttle_multimedia</fieldname>
+ <type>checkbox</type>
+ </field>
+
+ </fields>
+</packagegui> \ No newline at end of file
diff --git a/packages/squid_upstream.xml b/packages/squid_upstream.xml
index 3d18924f..ab3eb008 100644
--- a/packages/squid_upstream.xml
+++ b/packages/squid_upstream.xml
@@ -2,18 +2,20 @@
<packagegui>
<info>
- <name>Squid Upstream Proxy</name>
+ <name>squidupstream</name>
</info>
<files></files>
<menus></menus>
- <configpath>installedpackages->package->$packagename->configuration->settings</configpath>
+ <configpath>['installedpackages']['package']['squidupstream']['configuration']['settings']</configpath>
+ <aftersaveredirect>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</aftersaveredirect>
+
<tabs>
<tab>
<text>General Settings</text>
- <url>/pkg_edit.php?xml=squid1.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=squid_ng.xml&amp;id=0</url>
</tab>
<tab>
@@ -24,7 +26,7 @@
<tab>
<text>Cache Mgmt</text>
- <url>/pkg_edit.php?xml=squid_cache&.xmlamp;id=0</url>
+ <url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
</tab>
<tab>
@@ -37,7 +39,7 @@
<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
</tab>
- <tab>
+ <!-- <tab>
<text>Authentication Settings</text>
<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
</tab>
@@ -46,6 +48,7 @@
<text>Users</text>
<url>/pkg_edit.php?xml=squid_users.xml&amp;id=0</url>
</tab>
+ -->
</tabs>
<fields>
@@ -58,7 +61,7 @@
<field>
<fielddescr>Client IP Address Forwarding</fielddescr>
- <fieldname>client_ip_forwardining</fieldname>
+ <fieldname>client_ip_forwarding</fieldname>
<description>This option will enable the client IP address to be forwarded to the upstream proxy server.</description>
<type>checkbox</type>
</field>
@@ -102,4 +105,7 @@
</field>
</fields>
+ <custom_php_global_functions>
+ </custom_php_global_functions>
+
</packagegui> \ No newline at end of file