aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--packages/squid.xml218
-rw-r--r--packages/squidGuard.xml156
-rw-r--r--packages/squid_ng.xml82
3 files changed, 226 insertions, 230 deletions
diff --git a/packages/squid.xml b/packages/squid.xml
index 7fd48654..8a6c5b4b 100644
--- a/packages/squid.xml
+++ b/packages/squid.xml
@@ -221,106 +221,106 @@
<custom_php_global_functions>
function write_static_squid_config() {
global $config;
- $lancfg = $config['interfaces']['lan'];
- $lanif = $lancfg['if'];
- $lanip = $lancfg['ipaddr'];
- $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
- $lansn = $lancfg['subnet'];
-
- $fout = fopen("/usr/local/etc/squid/squid.conf","w");
- fwrite($fout, "#\n");
- fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n");
- fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n");
- fwrite($fout, "#\n");
- fwrite($fout, "shutdown_lifetime 5 seconds\n");
- fwrite($fout, "icp_port 0\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
- fwrite($fout, "no_cache deny QUERY\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "pid_filename /var/run/squid.pid\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "cache_mem 8 MB\n");
- fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "memory_replacement_policy heap GDSF\n");
- fwrite($fout, "cache_replacement_policy heap GDSF\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "cache_access_log /dev/null\n");
- fwrite($fout, "cache_log /dev/null\n");
- fwrite($fout, "cache_store_log none\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "log_mime_hdrs off\n");
- fwrite($fout, "emulate_httpd_log on\n");
- fwrite($fout, "forwarded_for off\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
- fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
- fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
- fwrite($fout, "acl SSL_ports port 443 563 873 # https, snews, rsync\n");
- fwrite($fout, "acl Safe_ports port 80 # http\n");
- fwrite($fout, "acl Safe_ports port 21 # ftp\n");
- fwrite($fout, "acl Safe_ports port 443 563 873 # https, snews, rsync\n");
- fwrite($fout, "acl Safe_ports port 70 # gopher\n");
- fwrite($fout, "acl Safe_ports port 210 # wais\n");
- fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
- fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
- fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
- fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
- fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
- fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl CONNECT method CONNECT\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#access to squid; local machine; no restrictions\n");
- fwrite($fout, "http_access allow localnet\n");
- fwrite($fout, "http_access allow localhost\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#Deny non web services\n");
- fwrite($fout, "http_access deny !Safe_ports\n");
- fwrite($fout, "http_access deny CONNECT !SSL_ports\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#Set custom configured ACLs\n");
- fwrite($fout, "http_access deny all\n");
- fwrite($fout, "visible_hostname pfSense\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "cache_effective_user squid\n");
- fwrite($fout, "cache_effective_group squid\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "maximum_object_size 4096 KB\n");
- fwrite($fout, "minimum_object_size 0 KB\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "request_body_max_size 0 KB\n");
- fwrite($fout, "reply_body_max_size 0 allow all\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "httpd_accel_host virtual\n");
- fwrite($fout, "httpd_accel_port 80\n");
- fwrite($fout, "httpd_accel_with_proxy on\n");
- fwrite($fout, "httpd_accel_uses_host_header on\n");
-
- fclose($fout);
- } <!-- end function write_static_squid_config() -->
+ $lancfg = $config['interfaces']['lan'];
+ $lanif = $lancfg['if'];
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ $fout = fopen("/usr/local/etc/squid/squid.conf","w");
+ fwrite($fout, "#\n");
+ fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n");
+ fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n");
+ fwrite($fout, "#\n");
+ fwrite($fout, "shutdown_lifetime 5 seconds\n");
+ fwrite($fout, "icp_port 0\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
+ fwrite($fout, "no_cache deny QUERY\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "pid_filename /var/run/squid.pid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_mem 8 MB\n");
+ fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "memory_replacement_policy heap GDSF\n");
+ fwrite($fout, "cache_replacement_policy heap GDSF\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_access_log /dev/null\n");
+ fwrite($fout, "cache_log /dev/null\n");
+ fwrite($fout, "cache_store_log none\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "log_mime_hdrs off\n");
+ fwrite($fout, "emulate_httpd_log on\n");
+ fwrite($fout, "forwarded_for off\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
+ fwrite($fout, "acl SSL_ports port 443 563 873 # https, snews, rsync\n");
+ fwrite($fout, "acl Safe_ports port 80 # http\n");
+ fwrite($fout, "acl Safe_ports port 21 # ftp\n");
+ fwrite($fout, "acl Safe_ports port 443 563 873 # https, snews, rsync\n");
+ fwrite($fout, "acl Safe_ports port 70 # gopher\n");
+ fwrite($fout, "acl Safe_ports port 210 # wais\n");
+ fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
+ fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
+ fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
+ fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
+ fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
+ fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl CONNECT method CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#access to squid; local machine; no restrictions\n");
+ fwrite($fout, "http_access allow localnet\n");
+ fwrite($fout, "http_access allow localhost\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Deny non web services\n");
+ fwrite($fout, "http_access deny !Safe_ports\n");
+ fwrite($fout, "http_access deny CONNECT !SSL_ports\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Set custom configured ACLs\n");
+ fwrite($fout, "http_access deny all\n");
+ fwrite($fout, "visible_hostname pfSense\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_effective_user squid\n");
+ fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "maximum_object_size 4096 KB\n");
+ fwrite($fout, "minimum_object_size 0 KB\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "request_body_max_size 0 KB\n");
+ fwrite($fout, "reply_body_max_size 0 allow all\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "httpd_accel_host virtual\n");
+ fwrite($fout, "httpd_accel_port 80\n");
+ fwrite($fout, "httpd_accel_with_proxy on\n");
+ fwrite($fout, "httpd_accel_uses_host_header on\n");
+
+ fclose($fout);
+ }
</custom_php_global_functions>
<custom_add_php_command_late>
@@ -331,7 +331,7 @@
</custom_add_php_command_late>
<custom_php_install_command>
- write_static_squid_config(); <!-- write initial static config for transparent proxy -->
+ write_static_squid_config();
touch("/tmp/custom_php_install_command");
@@ -346,7 +346,7 @@
mwexec("chmod 755 /usr/local/etc/rc.d/squid.sh");
- <!-- create log directory hierarchies if they don't exist -->
+ /* create log directory hierarchies if they don't exist */
update_output_window("Creating required directory hierarchies...");
if (!file_exists("/var/squid/logs")) {
@@ -354,7 +354,6 @@
}
mwexec("/usr/sbin/chown squid:squid /var/squid/logs");
-
if (!file_exists("/var/squid/cache")) {
mwexec("mkdir -p /var/squid/cache");
}
@@ -380,13 +379,14 @@
}
mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/radius");
- <-- EmanuelG: update pf group ownership settings to enhance squid performance and correct issue relating -->
- <-- to error message: parseHttpRequest: PF open failed: (13) Permission denied -->
+ /* EmanuelG: update pf group ownership settings to enhance squid performance and correct issue relating
+ * to error message: parseHttpRequest: PF open failed: (13) Permission denied
+ */
mwexec("chgrp squid /dev/pf");
mwexec("chmod g+rw /dev/pf");
$devfs_file = fopen("/etc/devfs.conf", "a");
- fwrite($devfs_file, "\n# Allow squid to query the packet filter bymaking is group-accessable.
+ fwrite($devfs_file, "\n# Allow squid to query the packet filter bymaking is group-accessable. ");
fwrite($devfs_file, "own pf root:squid");
fwrite($devfs_file, "perm pf 0640");
fclose($devfs_file);
@@ -407,10 +407,8 @@
$i++;
}
- if ($i == 30) {
- $pid = shell_exec('nohup squid > /dev/null & echo $!');
- shell_exec('kill -9 ' . $pid . '/dev/null');
- }
+ /* brute force any remaining squid processes out */
+ mwxec("/usr/bin/killall squid");
update_output_window("Recursively removing directories hierarchies...");
update_output_window("If existant, log files in /var/squid/logs will remain...");
diff --git a/packages/squidGuard.xml b/packages/squidGuard.xml
index c305af91..c229fe2f 100644
--- a/packages/squidGuard.xml
+++ b/packages/squidGuard.xml
@@ -1,78 +1,78 @@
-<?xml version="1.0" encoding="utf-8"?>
-<packagegui>
- <name>squidGuard</name>
- <custom_php_install_command>
- $fout = fopen("/usr/local/etc/squid/squidGuard.conf","w");
- fwrite($fout, "# This configuration was generated by the pfSense package manager.\n");
- fwrite($fout, "logdir /usr/local/squid/logs\n");
- fwrite($fout, "dbhome /var/db/squidGuard\n");
- fwrite($fout, "dest ads {\n");
- fwrite($fout, "\t domainlist\t ads/domains\n");
- fwrite($fout, "\t urllist\t ads/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest aggressive {\n");
- fwrite($fout, "\t domainlist\t aggressive/domains\n");
- fwrite($fout, "\t urllist\t aggressive/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest audio-video {\n");
- fwrite($fout, "\t domainlist\t audio-video/domains\n");
- fwrite($fout, "\t urllist\t audio-video/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest drugs {\n");
- fwrite($fout, "\t domainlist\t drugs/domains\n");
- fwrite($fout, "\t urllist\t drugs/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest gambling {\n");
- fwrite($fout, "\t domainlist\t gambling/domains\n");
- fwrite($fout, "\t urllist\t gambling/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest hacking {\n");
- fwrite($fout, "\t domainlist\t hacking/domains\n");
- fwrite($fout, "\t urllist\t hacking/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest mail {\n");
- fwrite($fout, "\t domainlist\t mail/domains\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest porn {\n");
- fwrite($fout, "\t domainlist\t porn/domains\n");
- fwrite($fout, "\t urllist\t porn/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest proxy {\n");
- fwrite($fout, "\t domainlist\t proxy/domains\n");
- fwrite($fout, "\t urllist\t proxy/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest violence {\n");
- fwrite($fout, "\t domainlist\t violence/domains\n");
- fwrite($fout, "\t urllist\t violence/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "dest warez {\n");
- fwrite($fout, "\t domainlist\t warez/domains\n");
- fwrite($fout, "\t urllist\t warez/urls\n");
- fwrite($fout, "}\n");
- fwrite($fout, "acl {\n");
- fwrite($fout, "\t default {\n");
- fwrite($fout, "\t pass !ads !aggressive !audio-video !drugs !gambling !hacking !mail !porn !proxy !violence !warez all\n");
- fwrite($fout, "\t redirect http://bkw.lindesign.se/tmp/denied.html");
- fwrite($fout, "\t }\n");
- fwrite($fout, "}\n");
- fclose($fout);
- add_text_to_file("/usr/local/etc/squid/squid.conf", "redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf");
- <-- $fout = fopen("/usr/local/etc/squid/squid.conf","a");
- fwrite($fout, "redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf\n");
- fclose($fout); -->
- mwexec("/usr/bin/touch /usr/local/squid/logs/squidGuard.log");
- mwexec("/usr/sbin/chown squid /usr/local/squid/logs/squidGuard.log");
- mwexec("/usr/bin/chgrp squid /usr/local/squid/logs/squidGuard.log");
- mwexec("/bin/chmod 744 /usr/local/squid/logs/squidGuard.log");
- mwexec("/usr/sbin/chown -R squid /var/db/squidGuard");
- mwexec("/usr/bin/chgrp -R squid /var/db/squidGuard");
- mwexec("/usr/local/sbin/squid -k reconfigure");
- </custom_php_install_command>
- <custom_php_deinstall_command>
- unlink_if_exists("/var/log/squidGuard.log");
- rmdir_recursive("/var/db/squidGuard");
- remove_text_from_file("/usr/local/etc/squid/squid.conf", "redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf");
- mwexec("/usr/local/sbin/squid -k reconfigure");
- </custom_php_deinstall_command>
- <process_kill_command>squid</process_kill_command>
-</packagegui>
+<?xml version="1.0" encoding="utf-8"?>
+<packagegui>
+ <name>squidGuard</name>
+ <custom_php_install_command>
+ $fout = fopen("/usr/local/etc/squid/squidGuard.conf","w");
+ fwrite($fout, "# This configuration was generated by the pfSense package manager.\n");
+ fwrite($fout, "logdir /usr/local/squid/logs\n");
+ fwrite($fout, "dbhome /var/db/squidGuard\n");
+ fwrite($fout, "dest ads {\n");
+ fwrite($fout, "\t domainlist\t ads/domains\n");
+ fwrite($fout, "\t urllist\t ads/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest aggressive {\n");
+ fwrite($fout, "\t domainlist\t aggressive/domains\n");
+ fwrite($fout, "\t urllist\t aggressive/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest audio-video {\n");
+ fwrite($fout, "\t domainlist\t audio-video/domains\n");
+ fwrite($fout, "\t urllist\t audio-video/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest drugs {\n");
+ fwrite($fout, "\t domainlist\t drugs/domains\n");
+ fwrite($fout, "\t urllist\t drugs/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest gambling {\n");
+ fwrite($fout, "\t domainlist\t gambling/domains\n");
+ fwrite($fout, "\t urllist\t gambling/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest hacking {\n");
+ fwrite($fout, "\t domainlist\t hacking/domains\n");
+ fwrite($fout, "\t urllist\t hacking/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest mail {\n");
+ fwrite($fout, "\t domainlist\t mail/domains\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest porn {\n");
+ fwrite($fout, "\t domainlist\t porn/domains\n");
+ fwrite($fout, "\t urllist\t porn/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest proxy {\n");
+ fwrite($fout, "\t domainlist\t proxy/domains\n");
+ fwrite($fout, "\t urllist\t proxy/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest violence {\n");
+ fwrite($fout, "\t domainlist\t violence/domains\n");
+ fwrite($fout, "\t urllist\t violence/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "dest warez {\n");
+ fwrite($fout, "\t domainlist\t warez/domains\n");
+ fwrite($fout, "\t urllist\t warez/urls\n");
+ fwrite($fout, "}\n");
+ fwrite($fout, "acl {\n");
+ fwrite($fout, "\t default {\n");
+ fwrite($fout, "\t pass !ads !aggressive !audio-video !drugs !gambling !hacking !mail !porn !proxy !violence !warez all\n");
+ fwrite($fout, "\t redirect http://bkw.lindesign.se/tmp/denied.html");
+ fwrite($fout, "\t }\n");
+ fwrite($fout, "}\n");
+ fclose($fout);
+ add_text_to_file("/usr/local/etc/squid/squid.conf", "redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf");
+ /* $fout = fopen("/usr/local/etc/squid/squid.conf","a");
+ fwrite($fout, "redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf\n");
+ fclose($fout); */
+ mwexec("/usr/bin/touch /usr/local/squid/logs/squidGuard.log");
+ mwexec("/usr/sbin/chown squid /usr/local/squid/logs/squidGuard.log");
+ mwexec("/usr/bin/chgrp squid /usr/local/squid/logs/squidGuard.log");
+ mwexec("/bin/chmod 744 /usr/local/squid/logs/squidGuard.log");
+ mwexec("/usr/sbin/chown -R squid /var/db/squidGuard");
+ mwexec("/usr/bin/chgrp -R squid /var/db/squidGuard");
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ unlink_if_exists("/var/log/squidGuard.log");
+ rmdir_recursive("/var/db/squidGuard");
+ remove_text_from_file("/usr/local/etc/squid/squid.conf", "redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf");
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+ </custom_php_deinstall_command>
+ <process_kill_command>squid</process_kill_command>
+</packagegui>
diff --git a/packages/squid_ng.xml b/packages/squid_ng.xml
index 764ab840..fa8ba94c 100644
--- a/packages/squid_ng.xml
+++ b/packages/squid_ng.xml
@@ -221,6 +221,7 @@
<!-- The below writes the configuration as defined by the GUI options -->
<custom_php_global_functions>
function write_static_squid_config() {
+ touch("/tmp/write_static_squid_config");
global $config;
$lancfg = $config['interfaces']['lan'];
$lanif = $lancfg['if'];
@@ -236,11 +237,11 @@
fwrite($fout, "shutdown_lifetime 5 seconds\n");
fwrite($fout, "icp_port 0\n");
fwrite($fout, "\n");
-
+
fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
fwrite($fout, "no_cache deny QUERY\n");
fwrite($fout, "\n");
-
+
fwrite($fout, "pid_filename /var/run/squid.pid\n");
fwrite($fout, "\n");
@@ -267,7 +268,7 @@
fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
fwrite($fout, "\n");
-
+
fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
@@ -285,52 +286,49 @@
fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
fwrite($fout, "\n");
- fwrite($fout, "acl CONNECT method CONNECT\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#access to squid; local machine; no restrictions\n");
- fwrite($fout, "http_access allow localnet\n");
- fwrite($fout, "http_access allow localhost\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#Deny non web services\n");
- fwrite($fout, "http_access deny !Safe_ports\n");
- fwrite($fout, "http_access deny CONNECT !SSL_ports\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#Set custom configured ACLs\n");
- fwrite($fout, "http_access deny all\n");
- fwrite($fout, "visible_hostname pfSense\n");
+ fwrite($fout, "acl CONNECT method CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#access to squid; local machine; no restrictions\n");
+ fwrite($fout, "http_access allow localnet\n");
+ fwrite($fout, "http_access allow localhost\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Deny non web services\n");
+ fwrite($fout, "http_access deny !Safe_ports\n");
+ fwrite($fout, "http_access deny CONNECT !SSL_ports\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Set custom configured ACLs\n");
+ fwrite($fout, "http_access deny all\n");
+ fwrite($fout, "visible_hostname pfSense\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_effective_user squid\n");
+ fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "maximum_object_size 4096 KB\n");
+ fwrite($fout, "minimum_object_size 0 KB\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "request_body_max_size 0 KB\n");
+ fwrite($fout, "reply_body_max_size 0 allow all\n");
fwrite($fout, "\n");
- fwrite($fout, "cache_effective_user squid\n");
- fwrite($fout, "cache_effective_group squid\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "maximum_object_size 4096 KB\n");
- fwrite($fout, "minimum_object_size 0 KB\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "request_body_max_size 0 KB\n");
- fwrite($fout, "reply_body_max_size 0 allow all\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "httpd_accel_host virtual\n");
- fwrite($fout, "httpd_accel_port 80\n");
- fwrite($fout, "httpd_accel_with_proxy on\n");
- fwrite($fout, "httpd_accel_uses_host_header on\n");
-
- fclose($fout);
- } /* end function write_static_squid_config() */
+ fwrite($fout, "httpd_accel_host virtual\n");
+ fwrite($fout, "httpd_accel_port 80\n");
+ fwrite($fout, "httpd_accel_with_proxy on\n");
+ fwrite($fout, "httpd_accel_uses_host_header on\n");
+
+ fclose($fout);
+ }
</custom_php_global_functions>
-
<custom_add_php_command_late>
require_once("/usr/local/pkg/squid_ng.inc");
-
global_write_squid_config();
mwexec("/usr/local/sbin/squid -k reconfigure");
</custom_add_php_command_late>
-
<custom_php_install_command>
/* write initial static config for transparent proxy */
write_static_squid_config();
@@ -417,7 +415,7 @@
update_output_window("Starting Proxy Server...");
mwexec("/usr/local/etc/rc.d/squid.sh");
- filter_configure();
+ filter_configure();
</custom_php_install_command>
<custom_php_deinstall_command>