diff options
-rw-r--r-- | config/squid/squid.inc | 6 | ||||
-rw-r--r-- | config/squid/squid_nac.xml | 16 |
2 files changed, 20 insertions, 2 deletions
diff --git a/config/squid/squid.inc b/config/squid/squid.inc index 98192253..f3936567 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -797,14 +797,16 @@ function squid_resync_nac() { $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); $settings = $config['installedpackages']['squidnac']['config'][0]; $webgui_port = $config['system']['webgui']['port']; + $addtl_ports = $settings['addtl_ports']; + $addtl_sslports = $settings['addtl_sslports']; $conf = <<<EOD # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 -acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 $webgui_port $port 1025-65535 -acl sslports port 443 563 $webgui_port +acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 $webgui_port $port 1025-65535 $addtl_ports +acl sslports port 443 563 $webgui_port $addtl_sslports acl manager proto cache_object acl purge method PURGE acl connect method CONNECT diff --git a/config/squid/squid_nac.xml b/config/squid/squid_nac.xml index 193a89c6..401426a6 100644 --- a/config/squid/squid_nac.xml +++ b/config/squid/squid_nac.xml @@ -133,6 +133,22 @@ <type>input</type> <size>60</size> </field> + <field> + <fielddescr>acl safeports</fielddescr> + <fieldname>addtl_ports</fieldname> + <description>This is a space-separated list of "safe ports" in addition to the already defined list: 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535</description> + <type>input</type> + <size>60</size> + <default_value></default_value> + </field> + <field> + <fielddescr>acl sslports</fielddescr> + <fieldname>addtl_sslports</fieldname> + <description>This is a space-separated list of ports to allow SSL "CONNECT" in addition to the already defined list: 443 563</description> + <type>input</type> + <size>60</size> + <default_value></default_value> + </field> </fields> <custom_php_validation_command> squid_validate_nac($_POST, &$input_errors); |