diff options
-rwxr-xr-x | config/squid3/34/squid.inc | 487 | ||||
-rw-r--r-- | config/squid3/34/squid.xml | 42 | ||||
-rwxr-xr-x | config/squid3/34/squid_antivirus.xml | 33 | ||||
-rwxr-xr-x | config/squid3/34/squid_reverse.xml | 451 | ||||
-rwxr-xr-x | config/squid3/34/squid_reverse_general.xml | 7 | ||||
-rw-r--r-- | pkg_config.10.xml | 2 |
6 files changed, 368 insertions, 654 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index db5f1b0c..654aeb3c 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -153,7 +153,7 @@ function squid_dash_z($cache_action = 'none') { if (is_service_running('squid')) { stop_service("squid"); } - rename($cachedir, "{$cachedir}.old"); + @rename($cachedir, "{$cachedir}.old"); mwexec_bg("/bin/rm -rf {$cachedir}.old"); squid_restart_services(); } else { @@ -166,7 +166,7 @@ function squid_dash_z($cache_action = 'none') { // Re-create the cachedir if clean is forced by cronjob/manually, // or if the cachedir changed, or level1_subdirs don't exist or the number of level1_subdirs changed - if ($cache_action == "clean" || ((!is_dir($cachedir)) || (!is_dir($cachedir . '/00'))) || ($numdirs !== $currentdirs)) { + if ($cache_action == "clean" || !is_dir($cachedir) || !is_dir($cachedir . '/00') || $numdirs != $currentdirs) { // cannot nuke disk cache while Squid is running squid_stop_monitor(); if (is_service_running('squid')) { @@ -174,7 +174,7 @@ function squid_dash_z($cache_action = 'none') { } if (is_dir($cachedir)) { if (substr($cachedir, 0, 11) === "/var/squid/") { - rename($cachedir, "{$cachedir}.old"); + @rename($cachedir, "{$cachedir}.old"); mwexec_bg("/bin/rm -rf {$cachedir}.old"); } else { log_error("Will NOT delete Squid cache dir '{$cachedir}' since it is not located under /var/squid. Delete manually if required."); @@ -228,7 +228,8 @@ function squid_is_valid_acl($acl) { function squid_install_command() { global $config, $g; - update_status("Checking if there is configuration to migrate... One moment please..."); + update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); + update_output_window("Checking if there is configuration to migrate... One moment please..."); /* migrate existing csv config fields */ if (is_array($config['installedpackages']['squidauth']['config'])) { $settingsauth = $config['installedpackages']['squidauth']['config'][0]; @@ -360,7 +361,7 @@ function squid_install_command() { } } - update_status("Writing configuration... One moment please..."); + update_output_window("Writing configuration... One moment please..."); write_config(); /* make sure pinger is executable and suid root */ @@ -383,7 +384,7 @@ function squid_install_command() { "start" => "/usr/local/pkg/sqpmon.sh &", "stop" => "/bin/ps awux | /usr/bin/grep \"sqpmon\" | /usr/bin/grep -v \"grep\" | /usr/bin/grep -v \"php\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill") ); - + // create c-icap rcfile squid_write_cicap_rcfile(); @@ -394,6 +395,9 @@ function squid_install_command() { } } + // create clamd rcfile + squid_write_clamd_rcfile(); + foreach (array(SQUID_CONFBASE, SQUID_ACLDIR, SQUID_SSL_DB) as $dir) { safe_mkdir($dir, 0755); squid_chown_recursive($dir, SQUID_UID, SQUID_GID); @@ -403,17 +407,23 @@ function squid_install_command() { copy(SQUID_CONFBASE . '/mime.conf.default', SQUID_CONFBASE . '/mime.conf'); } + // remove unwanted PBI rcfiles + unlink_if_exists("/usr/local/etc/rc.d/squid"); + unlink_if_exists("/usr/local/etc/rc.d/c-icap"); + unlink_if_exists("/usr/local/etc/rc.d/clamav-clamd"); + unlink_if_exists("/usr/local/etc/rc.d/clamav-freshclam"); + } function squid_deinstall_command() { - global $config, $g; + global $config, $g, $keep; /* remove cronjobs */ squid_install_cron(false); squid_install_freshclam_cron(false); - update_status("Stopping services..."); /* kill all running services */ + update_output_window("Stopping and removing services..."); mwexec('/usr/local/etc/rc.d/sqp_monitor.sh stop'); if (is_process_running("c-icap")) { mwexec('/bin/echo -n "stop" > /var/run/c-icap/c-icap.ctl'); @@ -425,14 +435,11 @@ function squid_deinstall_command() { mwexec("/bin/ps awux | /usr/bin/grep '[u]nlinkd' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); /* delete rc scripts */ unlink_if_exists('/usr/local/etc/rc.d/sqp_monitor.sh'); - unlink_if_exists('/usr/local/etc/rc.d/c-icap'); + unlink_if_exists('/usr/local/etc/rc.d/squid.sh'); unlink_if_exists("/usr/local/etc/rc.d/c-icap.sh"); - unlink_if_exists('/usr/local/etc/rc.d/clamav-clamd'); - unlink_if_exists('/usr/local/etc/rc.d/clamav-freshclam'); + unlink_if_exists('/usr/local/etc/rc.d/clamd.sh'); - /* clean up created directories */ - update_status("Removing cache and logs ... One moment please..."); - update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); + /* clean up created directories if 'Keep Settings/Data' is disabled */ if (is_array($config['installedpackages']['squidcache'])) { $cachesettings = $config['installedpackages']['squidcache']['config'][0]; } else { @@ -445,30 +452,36 @@ function squid_deinstall_command() { $squidsettings = array(); } $logdir = ($squidsettings['log_dir'] ? $squidsettings['log_dir'] : '/var/squid/logs'); - // XXX: Is it ok to remove cache and logs? It's going to happen every time package is updated - if (is_dir("{$cachedir}")) { - if (substr($cachedir, 0, 11) === "/var/squid/") { - mwexec_bg("/bin/rm -rf {$cachedir}"); - } else { - log_error("Will NOT delete Squid cache dir '{$cachedir}' since it is not located under /var/squid. Delete manually if required."); + $keep = ($squidsettings['keep_squid_data'] ? true : false); + + if (!$keep) { + update_output_window("Removing cache and logs ... One moment please..."); + update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); + if (is_dir("{$cachedir}")) { + if (substr($cachedir, 0, 11) === "/var/squid/") { + mwexec_bg("/bin/rm -rf {$cachedir}"); + } else { + log_error("Will NOT delete Squid cache dir '{$cachedir}' since it is not located under /var/squid. Delete manually if required."); + } } - } - if (is_dir("{$logdir}")) { - if (substr($logdir, 0, 11) === "/var/squid/") { - mwexec("/bin/rm -rf {$logdir}"); - } else { - log_error("Will NOT delete Squid log dir '{$logdir}' since it is not located under /var/squid. Delete manually if required."); + if (is_dir("{$logdir}")) { + if (substr($logdir, 0, 11) === "/var/squid/") { + mwexec("/bin/rm -rf {$logdir}"); + } else { + log_error("Will NOT delete Squid log dir '{$logdir}' since it is not located under /var/squid. Delete manually if required."); + } } - } - $dirs = array("/var/run/c-icap", "/var/log/c-icap", "/var/log/clamav", "/var/run/clamav", "/var/db/clamav", "/var/run/squid", "/var/squid"); - foreach ($dirs as $dir) { - if (is_dir("{$dir}")) { - mwexec("/bin/rm -rf {$dir}"); + + $dirs = array("/var/run/c-icap", "/var/log/c-icap", "/var/log/clamav", "/var/run/clamav", "/var/db/clamav", "/var/run/squid", "/var/squid"); + foreach ($dirs as $dir) { + if (is_dir("{$dir}")) { + mwexec("/bin/rm -rf {$dir}"); + } } } /* clean up created PBI symlinks */ - update_status("Finishing package cleanup."); + update_output_window("Finishing package cleanup."); if (SQUID_LOCALBASE != '/usr/local') { $ln_icap = array('bin/c-icap', 'bin/c-icap-client', 'c-icap-config', 'c-icap-libicapapi-config', 'c-icap-stretch', 'lib/c_icap', 'share/c_icap', 'etc/c-icap'); foreach ($ln_icap as $ln) { @@ -483,7 +496,7 @@ function squid_deinstall_command() { /* check if clamav/c_icap is enabled in rc.conf.local */ if (file_exists("/etc/rc.conf.local")) { - update_status("Removing antivirus services from /etc/rc.conf.local..."); + update_output_window("Removing antivirus services from /etc/rc.conf.local..."); $sample_file = file_get_contents("/etc/rc.conf.local"); $rcconf_local_m[0] = "@c_icap_enable(.*)\n@"; $rcconf_local_m[1] = "@clamav_clamd_enable(.*)\n@"; @@ -492,8 +505,53 @@ function squid_deinstall_command() { file_put_contents("/etc/rc.conf.local", preg_replace($rcconf_local_m, $rcconf_local_r, $sample_file), LOCK_EX); } - update_status("Reloading filter..."); + update_output_window("Reloading filter..."); filter_configure(); + + /* Remove package settings from config if 'Keep Settings/Data' is disabled */ + if (!$keep) { + log_error("Removing all Squid settings since 'Keep Settings/Data' is disabled..."); + if (is_array($config['installedpackages']['squid'])) { + unset($config['installedpackages']['squid']); + } + if (is_array($config['installedpackages']['squidantivirus'])) { + unset($config['installedpackages']['squidantivirus']); + } + if (is_array($config['installedpackages']['squidauth'])) { + unset($config['installedpackages']['squidauth']); + } + if (is_array($config['installedpackages']['squidcache'])) { + unset($config['installedpackages']['squidcache']); + } + if (is_array($config['installedpackages']['squidnac'])) { + unset($config['installedpackages']['squidnac']); + } + if (is_array($config['installedpackages']['squidreverse'])) { + unset($config['installedpackages']['squidreverse']); + } + if (is_array($config['installedpackages']['squidreversegeneral'])) { + unset($config['installedpackages']['squidreversegeneral']); + } + if (is_array($config['installedpackages']['squidreversepeer'])) { + unset($config['installedpackages']['squidreversepeer']); + } + if (is_array($config['installedpackages']['squidreverseredir'])) { + unset($config['installedpackages']['squidreverseredir']); + } + if (is_array($config['installedpackages']['squidsync'])) { + unset($config['installedpackages']['squidsync']); + } + if (is_array($config['installedpackages']['squidtraffic'])) { + unset($config['installedpackages']['squidtraffic']); + } + if (is_array($config['installedpackages']['squidremote'])) { + unset($config['installedpackages']['squidremote']); + } + if (is_array($config['installedpackages']['squidusers'])) { + unset($config['installedpackages']['squidusers']); + } + } + update_output_window("Squid3 has been uninstalled."); } function squid_validate_antivirus($post, &$input_errors) { @@ -931,7 +989,7 @@ function squid_install_cron($should_install) { install_cron_job("{$cron_cmd}", $should_install, "0", "0", "*", "*", "*", "root"); $swapstate_cmd = "/usr/local/pkg/swapstate_check.php clean; "; - if ($should_install) { + if (($should_install) && (squid_enabled())) { if ($settings['clear_cache'] == 'on' ) { install_cron_job("{$swapstate_cmd}", true, "*/360"); } else { @@ -944,7 +1002,7 @@ function squid_install_cron($should_install) { function squid_install_freshclam_cron($should_install) { global $config; - + if (platform_booting()) { return; } @@ -956,7 +1014,7 @@ function squid_install_freshclam_cron($should_install) { } $freshclam_cmd = (SQUID_BASE . "/bin/freshclam --config-file=" . SQUID_BASE . "/etc/freshclam.conf"); - if ($should_install) { + if (($should_install) && (squid_enabled())) { if ($antivirus_config['clamav_update'] != "0") { $minutes = ($antivirus_config['clamav_update'] * 60); install_cron_job("{$freshclam_cmd}", true, "*/{$minutes}", "*", "*", "*", "*", "clamav"); @@ -1399,20 +1457,6 @@ function squid_resync_upstream() { return $conf; } -function squid_resync_redirector() { - global $config; - - // XXX: What port provide squirm binary? It's not present - $httpav_enabled = ($config['installedpackages']['clamav']['config'][0]['scan_http'] == 'on'); - $redirector = "/usr/local/bin/squirm"; - if (($httpav_enabled) && is_executable($redirector)) { - $conf = "url_rewrite_program /usr/local/bin/squirm\n"; - } else { - $conf = "# No redirector configured\n"; - } - return $conf; -} - function squid_resync_nac() { global $config, $valid_acls; @@ -1518,7 +1562,7 @@ function squid_resync_antivirus() { $antivirus_config = array(); } - if ($antivirus_config['enable'] == "on") { + if (squid_enabled() && ($antivirus_config['enable'] == "on")) { switch ($antivirus_config['client_info']) { case "both": default: @@ -1555,23 +1599,7 @@ adaptation_access service_avi_resp allow all EOF; - // check if clamav is enabled in rc.conf.local - // XXX: This whole thing sucks and should be redone to install/enable services in pfSense way - if (file_exists("/etc/rc.conf.local")) { - $rc_old_file = file("/etc/rc.conf.local"); - foreach ($rc_old_file as $rc_line) { - if (preg_match("/^clamav_clamd_enable/", $rc_line, $matches)) { - $rc_file .= $matches[1] . '="YES"' . "\n"; - ${$matches[1]} = "ok"; - } else { - $rc_file .= $rc_line; - } - } - } - if (!isset($clamav_clamd_enable)) { - $rc_file .= 'clamav_clamd_enable="YES"' . "\n"; - } - file_put_contents("/etc/rc.conf.local", $rc_file, LOCK_EX); + // check clamav user squid_check_clamav_user('clamav'); // patch sample files to pfsense dirs // squidclamav.conf @@ -1584,6 +1612,9 @@ EOF; if ($antivirus_config['clamav_safebrowsing'] == "on") { $clamav_m[2] = "@safebrowsing\s0@"; $clamav_r[2] = "safebrowsing 1"; + } else { + $clamav_m[2] = "@safebrowsing\s1@"; + $clamav_r[2] = "safebrowsing 0"; } file_put_contents(SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf.sample", preg_replace($clamav_m, $clamav_r, $sample_file), LOCK_EX); } @@ -1640,6 +1671,11 @@ EOF; if ($antivirus_config['clamav_safebrowsing'] == "on") { $freshclam_m[2] = "@#SafeBrowsing yes@"; $freshclam_r[2] = "SafeBrowsing yes"; + } else { + if (!preg_match("@#SafeBrowsing yes@", file_get_contents($sample_file))) { + $freshclam_m[2] = "@SafeBrowsing yes@"; + $freshclam_r[2] = "#SafeBrowsing yes"; + } } file_put_contents(SQUID_LOCALBASE . "/etc/freshclam.conf.sample", preg_replace($freshclam_m, $freshclam_r, $sample_file), LOCK_EX); } @@ -1691,86 +1727,15 @@ EOF; squid_chown_recursive($dir_path, $dir_user, "wheel"); } - $rcd_files = scandir(SQUID_LOCALBASE."/etc/rc.d"); - foreach ($rcd_files as $rcd_file) { - if (SQUID_LOCALBASE != '/usr/local' && !file_exists("/usr/local/etc/rc.d/{$rcd_file}")) { - symlink(SQUID_LOCALBASE . "/etc/rc.d/{$rcd_file}", "/usr/local/etc/rc.d/{$rcd_file}"); - } - } - // write advanced clamav/icap config files file_put_contents(SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf", base64_decode($antivirus_config['squidclamav']), LOCK_EX); file_put_contents(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf", base64_decode($antivirus_config['c-icap_conf']), LOCK_EX); file_put_contents(SQUID_LOCALBASE . "/etc/c-icap/c-icap.magic", base64_decode($antivirus_config['c-icap_magic']), LOCK_EX); file_put_contents(SQUID_LOCALBASE . "/etc/freshclam.conf", base64_decode($antivirus_config['freshclam_conf']), LOCK_EX); - - // Check clamav database - if (count(glob("/var/db/clamav/*d")) == 0) { - log_error("Squid - Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam in background."); - mwexec_bg(SQUID_BASE . "/bin/freshclam --config-file=" . SQUID_BASE . "/etc/freshclam.conf"); - } elseif (($antivirus_config['clamav_safebrowsing'] == "on") && (!is_file("/var/db/clamav/safebrowsing.cvd"))) { - log_error("Squid - Google Safe Browsing is enabled but missing safebrowsing.cvd definitions. Running freshclam in background."); - mwexec_bg(SQUID_BASE . "/bin/freshclam --config-file=" . SQUID_BASE . "/etc/freshclam.conf"); - } - - // check antivirus daemons - // check icap - $c_icap_rcfile = "/usr/local/etc/rc.d/c-icap.sh"; - if (!file_exists($c_icap_rcfile)) { - squid_write_cicap_rcfile(); - } - if (is_process_running("c-icap")) { - mwexec_bg('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl'); - } else { - mwexec_bg("{$c_icap_rcfile} start"); - } - // check clamav/freshclam - $rc_files = array("clamav-freshclam", "clamav-clamd"); - $clamm[0] = "@/usr/local/(bin|sbin)@"; - $clamm[1] = "@/local/(bin|sbin)@"; - $clamm[2] = "@/usr/local/etc@"; - $clamm[3] = "@enable:=NO@"; - $clamr[0] = SQUID_BASE . "/bin"; - $clamr[1] = "/bin"; - $clamr[2] = SQUID_LOCALBASE . "/etc"; - $clamr[3] = "enable:=YES"; - foreach ($rc_files as $rc_file) { - $clamav_rcfile = "/usr/local/etc/rc.d/{$rc_file}"; - if (file_exists($clamav_rcfile)) { - $sample_file = file_get_contents($clamav_rcfile); - file_put_contents($clamav_rcfile, preg_replace($clamm, $clamr, $sample_file), LOCK_EX); - } - } - if (is_process_running("clamd")) { - mwexec_bg("/usr/local/etc/rc.d/clamav-clamd reload"); - } else { - mwexec_bg("/usr/local/etc/rc.d/clamav-clamd start"); - } - } else { - // stop AV services and disable all C-ICAP/AV features - log_error("Squid antivirus features disabled."); - if (is_process_running("clamd")) { - log_error("Stopping ClamAV..."); - mwexec("/bin/ps awux | /usr/bin/grep '[c]lamd' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); - } - if (is_process_running("c-icap")) { - log_error("Stopping C-ICAP..."); - mwexec_bg("/usr/local/etc/rc.d/c-icap.sh stop"); - } - // freshclam cronjob - log_error("Removing freshclam cronjob..."); - squid_install_freshclam_cron(false); - - // check if clamav is enabled in rc.conf.local - // XXX: This whole thing sucks and should be redone to install/enable services in pfSense way - if (file_exists("/etc/rc.conf.local")) { - log_error("Removing antivirus services from /etc/rc.conf.local..."); - $sample_file = file_get_contents("/etc/rc.conf.local"); - $rcconf_local_m[0] = "@clamav_clamd_enable(.*)\n@"; - $rcconf_local_r[0] = ""; - file_put_contents("/etc/rc.conf.local", preg_replace($rcconf_local_m, $rcconf_local_r, $sample_file), LOCK_EX); - } } + // this will (re)start or stop/disable services as needed + // depending on whether Squid proxy and/or antivirus features are enabled + squid_restart_antivirus(); return $conf; } @@ -2163,7 +2128,6 @@ function squid_resync($via_rpc = "no") { } $conf = squid_resync_general() . "\n"; $conf .= squid_resync_cache() . "\n"; - $conf .= squid_resync_redirector() . "\n"; $conf .= squid_resync_upstream() . "\n"; $conf .= squid_resync_nac() . "\n"; $conf .= squid_resync_traffic() . "\n"; @@ -2205,11 +2169,38 @@ function squid_stop_monitor() { } function squid_start_monitor() { - if (!exec("/bin/ps auxw | /usr/bin/grep '[s]qpmon'")) { - log_error("Starting a proxy monitor script"); - mwexec_bg("/usr/local/etc/rc.d/sqp_monitor.sh start"); + if (squid_enabled()) { + if (!exec("/bin/ps auxw | /usr/bin/grep '[s]qpmon'")) { + log_error("Starting a proxy monitor script"); + mwexec_bg("/usr/local/etc/rc.d/sqp_monitor.sh start"); + } + sleep(1); + } else { + log_error("Squid is disabled. Not starting a proxy monitor script"); } - sleep(1); +} + +function squid_enabled() { + global $config, $proxy_enabled; + $proxy_enabled = false; + + if (is_array($config['installedpackages']['squid']['config'])) { + // check whether Squid is enabled ... + if ($config['installedpackages']['squid']['config'][0]['enable_squid'] == "on") { + // ... and has at least one interface configured ... + if ($config['installedpackages']['squid']['config'][0]['active_interface'] != "") { + $proxy_enabled = true; + } else { + // ... or has at least one reverse interface configured + if (is_array($config['installedpackages']['squidreversegeneral']['config'])) { + if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'] != "") { + $proxy_enabled = true; + } + } + } + } + } + return $proxy_enabled; } function squid_restart_services() { @@ -2219,20 +2210,8 @@ function squid_restart_services() { if (platform_booting()) { return; } - $squid_enabled = false; - if (is_array($config['installedpackages']['squid']['config'])) { - // check if Squid is enabled - if ($config['installedpackages']['squid']['config'][0]['active_interface'] != "") { - $squid_enabled = true; - } - } elseif (is_array($config['installedpackages']['squidreversegeneral']['config'])) { - // check if squidreverse is enabled - if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'] != "") { - $squid_enabled = true; - } - } - if ($squid_enabled) { + if (squid_enabled()) { /* kill any running proxy alarm scripts */ squid_stop_monitor(); @@ -2262,6 +2241,79 @@ function squid_restart_services() { } } +function squid_restart_antivirus() { + global $config; + if (is_array($config['installedpackages']['squidantivirus'])) { + $antivirus_config = $config['installedpackages']['squidantivirus']['config'][0]; + } else { + $antivirus_config = array(); + } + + // reconfigure and (re)start service as needed if enabled, otherwise stop them + // do not (re)start antivirus services on boot + if (platform_booting()) { + return; + } + + if (squid_enabled() && ($antivirus_config['enable'] == "on")) { + // Check clamav database + if (count(glob("/var/db/clamav/*d")) == 0) { + log_error("Squid - Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam in background."); + mwexec_bg(SQUID_BASE . "/bin/freshclam --config-file=" . SQUID_BASE . "/etc/freshclam.conf"); + } elseif ($antivirus_config['clamav_safebrowsing'] == "on" && !is_file("/var/db/clamav/safebrowsing.cvd")) { + log_error("Squid - Google Safe Browsing is enabled but missing safebrowsing.cvd definitions. Running freshclam in background."); + mwexec_bg(SQUID_BASE . "/bin/freshclam --config-file=" . SQUID_BASE . "/etc/freshclam.conf"); + } elseif ($antivirus_config['clamav_safebrowsing'] != "on" && is_file("/var/db/clamav/safebrowsing.cvd")) { + log_error("Squid - Google Safe Browsing is disabled. Removing safebrowsing.cvd definitions."); + mwexec("/bin/rm -f /var/db/clamav/safebrowsing.cvd"); + } + + // start/reload clamav + $clamd_rcfile = "/usr/local/etc/rc.d/clamd.sh"; + if (!file_exists($clamd_rcfile)) { + squid_write_clamd_rcfile(); + } + if (is_process_running("clamd")) { + log_error("Reloading ClamAV..."); + $reload_cmd = SQUID_BASE . "/bin/clamdscan --reload"; + mwexec_bg("{$reload_cmd}"); + } else { + log_error("Starting ClamAV..."); + mwexec_bg("{$clamd_rcfile} start"); + } + + // check c-icap rcfile + $c_icap_rcfile = "/usr/local/etc/rc.d/c-icap.sh"; + if (!file_exists($c_icap_rcfile)) { + squid_write_cicap_rcfile(); + } + if (is_process_running("c-icap")) { + mwexec_bg('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl'); + } else { + mwexec_bg("{$c_icap_rcfile} start"); + } + } else { + // stop AV services and disable all C-ICAP/AV features + log_error("Squid antivirus features disabled."); + if (is_process_running("clamd")) { + log_error("Stopping and disabling ClamAV..."); + mwexec("/usr/bin/killall clamd"); + } + unlink_if_exists("/usr/local/etc/rc.d/clamd.sh"); + + // freshclam cronjob + log_error("Removing freshclam cronjob..."); + squid_install_freshclam_cron(false); + + // check c-icap rcfile + if (is_process_running("c-icap")) { + log_error("Stopping and disabling C-ICAP..."); + mwexec('/bin/echo -n "stop" > /var/run/c-icap/c-icap.ctl'); + } + unlink_if_exists("/usr/local/etc/rc.d/c-icap.sh"); + } +} + function squid_print_javascript_auth() { global $config; $transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on'); @@ -2413,6 +2465,48 @@ function squid_print_javascript_auth2() { print("<script type=\"text/javascript\">on_auth_method_changed()</script>\n"); } +function squid_print_antivirus_advanced_config() { + $javascript = <<< EOD +<script type="text/javascript"> +//<![CDATA[ +function on_antivirus_advanced_config_changed() { + var field = document.iform.enable_advanced; + var enable_advanced = field.options[field.selectedIndex].value; + + if (enable_advanced === 'disabled') { + document.iform['client_info'].disabled = 0; + document.iform['clamav_safebrowsing'].disabled = 0; + document.iform['clamav_update'].disabled = 0; + document.iform['clamav_dbregion'].disabled = 0; + document.iform['clamav_dbservers'].disabled = 0; + document.iform['squidclamav'].disabled = 1; + document.iform['c-icap_conf'].disabled = 1; + document.iform['c-icap_magic'].disabled = 1; + document.iform['freshclam_conf'].disabled = 1; + } else { + document.iform['client_info'].disabled = 1; + document.iform['clamav_safebrowsing'].disabled = 1; + document.iform['clamav_update'].disabled = 1; + document.iform['clamav_dbregion'].disabled = 1; + document.iform['clamav_dbservers'].disabled = 1; + document.iform['squidclamav'].disabled = 0; + document.iform['c-icap_conf'].disabled = 0; + document.iform['c-icap_magic'].disabled = 0; + document.iform['freshclam_conf'].disabled = 0; + } +} +//]]> +</script> + +EOD; + print($javascript); + +} + +function squid_print_antivirus_advanced_config2() { + print('<script type="text/javascript">on_antivirus_advanced_config_changed()</script>\n'); +} + function squid_generate_rules($type) { global $config, $pfs_version; @@ -2422,7 +2516,7 @@ function squid_generate_rules($type) { $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); $cp_inc = file($cp_file); $new_cp_inc = ""; - $found_rule=0; + $found_rule = 0; foreach ($cp_inc as $line) { $new_line = $line; //remove applied squid patch @@ -2444,6 +2538,13 @@ function squid_generate_rules($type) { if ($found_rule > 0) { file_put_contents($cp_file, $new_cp_inc, LOCK_EX); } + + // do not install any firewall rules if Squid is disabled + if (!squid_enabled()) { + log_error("Squid is installed but disabled. Not installing \"{$type}\" rules."); + return; + } + // normal squid rule check if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) { return; @@ -2460,13 +2561,13 @@ function squid_generate_rules($type) { $transparent_ifaces = explode(",", $squid_conf['transparent_active_interface']); $transparent_ifaces = array_map('convert_friendly_interface_to_real_interface_name', $transparent_ifaces); } else { - $transparent_ifaces=array(); + $transparent_ifaces = array(); } if ($squid_conf['ssl_proxy'] == "on") { $ssl_ifaces = explode(",", $squid_conf['ssl_active_interface']); $ssl_ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ssl_ifaces); } else { - $ssl_ifaces=array(); + $ssl_ifaces = array(); } $port = ($squid_conf['proxy_port'] ? $squid_conf['proxy_port'] : 3128); @@ -2627,18 +2728,9 @@ fi /usr/bin/killall pinger 2>/dev/null EOD; - $rc['restart'] = <<< EOD -if [ -z "`ps auxw | /usr/bin/grep "[s]quid " | /usr/bin/awk '{print $2}'`" ]; then - {$squid_base}/sbin/squid -f {$squid_conffile_var} - else - {$squid_base}/sbin/squid -k reconfigure -f {$squid_conffile_var} - fi -EOD; conf_mount_rw(); write_rcfile($rc); - // force delete the PBI initscript that keeps creeping back - unlink_if_exists("/usr/local/etc/rc.d/squid"); conf_mount_ro(); } @@ -2656,8 +2748,37 @@ function squid_write_cicap_rcfile() { "stop" => "{$cicap_stop_cmd}" ) ); - // force delete the PBI initscript that keeps creeping back - unlink_if_exists("/usr/local/etc/rc.d/c-icap"); + conf_mount_ro(); +} + +function squid_write_clamd_rcfile() { + $squid_base = SQUID_BASE; + $rc = array(); + $rc['file'] = 'clamd.sh'; + $rc['start'] = <<< EOD + +if [ ! -f /var/db/clamav/main.cvd -a ! -f /var/db/clamav/main.cld ];then + echo "Missing /var/db/clamav/*.cvd or *.cld files. You must run freshclam first" + exit 1 +fi + +{$squid_base}/bin/clamd --config-file="{$squid_base}/local/etc/clamd.conf" + +EOD; + + $rc['stop'] = <<< EOD + +/usr/bin/killall clamd 2>/dev/null +# Just to be sure... +sleep 5 +if [ -n "`/bin/ps auxw | /usr/bin/grep "[c]lamd" | /usr/bin/awk '{print $2}'`" ]; then + /usr/bin/killall -9 clamd 2>/dev/null +fi + +EOD; + + conf_mount_rw(); + write_rcfile($rc); conf_mount_ro(); } @@ -2714,15 +2835,7 @@ function squid_sync_on_changes() { function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { global $config, $g; - if (!$username) { - return; - } - - if (!$password) { - return; - } - - if (!$sync_to_ip) { + if (!$username || !$password || !$sync_to_ip) { return; } @@ -2730,7 +2843,6 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $synctimeout = 250; } - $xmlrpc_sync_neighbor = $sync_to_ip; if ($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; @@ -2739,10 +2851,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $port = $config['system']['webgui']['port']; /* If port is empty let's rely on the protocol selection */ if ($port == "") { - if ($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; + $port = $config['system']['webgui']['protocol'] == "http" ? "80" : "443"; } $synchronizetoip .= $sync_to_ip; diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml index dda924f8..0f86bf84 100644 --- a/config/squid3/34/squid.xml +++ b/config/squid3/34/squid.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squid</name> - <version>0.3.7</version> + <version>0.3.8</version> <title>Proxy Server: General Settings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <menu> @@ -65,7 +65,7 @@ </service> <service> <name>clamd</name> - <rcfile>clamav-clamd</rcfile> + <rcfile>clamd.sh</rcfile> <executable>clamd</executable> <description>ClamAV Antivirus</description> </service> @@ -155,10 +155,6 @@ </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_general.xml</item> </additional_files_needed> <additional_files_needed> @@ -237,6 +233,29 @@ <type>listtopic</type> </field> <field> + <fielddescr>Enable Squid Proxy</fielddescr> + <fieldname>enable_squid</fieldname> + <description> + <![CDATA[ + Check to enable the Squid proxy.<br/> + Note: If unchecked, <strong>all</strong> Squid services will be disabled and stopped.<br/> + ]]> + </description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Keep Settings/Data</fielddescr> + <fieldname>keep_squid_data</fieldname> + <description> + <![CDATA[ + If enabled, the settings, logs, cache, AV defs and other data will be preserved across package reinstalls.<br/> + <strong><span class="errmsg">Note:</span> If disabled, all settings and data will be wiped on package uninstall/reinstall/upgrade.</strong> + ]]> + </description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> <fielddescr>Proxy Interface(s)</fielddescr> <fieldname>active_interface</fieldname> <description> @@ -496,23 +515,23 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enable Logging</fielddescr> + <fielddescr>Enable Access Logging</fielddescr> <fieldname>log_enabled</fieldname> <description> <![CDATA[ - This will enable the access log. + This will enable the <strong>access</strong> log. <strong>Warning:</strong> Do not switch this on if you don't have much disk space left. ]]> </description> <type>checkbox</type> - <enablefields>log_dir,log_rotate</enablefields> + <enablefields>log_rotate</enablefields> </field> <field> <fielddescr>Log Store Directory</fielddescr> <fieldname>log_dir</fieldname> <description> <![CDATA[ - The directory where the log will be stored.<br/> + The directory where the logs will be stored. This is also used for logs other than the Access Log above.<br/> Default: /var/squid/logs<br/> <strong>Note: Do NOT include the trailing / when setting a custom location.</strong> ]]> @@ -725,10 +744,11 @@ </custom_php_resync_config_command> <custom_php_install_command> <![CDATA[ - update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); squid_install_command(); unlink_if_exists("/usr/local/etc/rc.d/squid"); unlink_if_exists("/usr/local/etc/rc.d/c-icap"); + unlink_if_exists("/usr/local/etc/rc.d/clamav-clamd"); + unlink_if_exists("/usr/local/etc/rc.d/clamav-freshclam"); ]]> </custom_php_install_command> <custom_php_deinstall_command> diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml index a257891d..94c788a0 100755 --- a/config/squid3/34/squid_antivirus.xml +++ b/config/squid3/34/squid_antivirus.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squidantivirus</name> - <version>0.3.7</version> + <version>0.3.8</version> <title>Proxy server: Antivirus</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> @@ -99,6 +99,26 @@ <description>Enable Squid antivirus check using ClamAV.</description> <type>checkbox</type> </field> + <!-- + <field> + <fielddescr>Enable Manual Configuration</fielddescr> + <fieldname>enable_advanced</fieldname> + <description> + <![CDATA[ + When enabled, the options under 'ClamAV Anti-Virus Integration Using C-ICAP' no longer have any effect.<br/> + You must edit the configuration files directly in the 'Advanced Options'.<br/> + <strong><span class="errmsg">Warning:</span> Only enable this if you know what are you doing.</strong> + ]]> + </description> + <type>select</type> + <options> + <option><value>disabled</value><name>disabled</name></option> + <option><value>enabled</value><name>enabled</name></option> + </options> + <default_value>disabled</default_value> + <onchange>on_antivirus_advanced_config_changed()</onchange> + </field> + --> <field> <fielddescr>Client Forward Options</fielddescr> <fieldname>client_info</fieldname> @@ -238,6 +258,17 @@ <rows>15</rows> </field> </fields> + <!-- + <custom_php_after_head_command> + squid_print_antivirus_advanced_config(); + </custom_php_after_head_command> + <custom_php_before_form_command> + squid_print_antivirus_advanced_config2(); + </custom_php_before_form_command> + <custom_php_after_form_command> + squid_print_antivirus_advanced_config2(); + </custom_php_after_form_command> + --> <custom_php_validation_command> squid_validate_antivirus($_POST, $input_errors); </custom_php_validation_command> diff --git a/config/squid3/34/squid_reverse.xml b/config/squid3/34/squid_reverse.xml deleted file mode 100755 index 3617debc..00000000 --- a/config/squid3/34/squid_reverse.xml +++ /dev/null @@ -1,451 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> -<![CDATA[ -/* $Id$ */ -/* ====================================================================================== */ -/* - squid_reverse.xml - part of pfSense (https://www.pfSense.org/) - Copyright (C) 2012-2014 Marcello Coutinho - Copyright (C) 2015 ESF, LLC - All rights reserved. -*/ -/* ====================================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -/* ====================================================================================== */ - ]]> - </copyright> - <name>squidreverse</name> - <version>0.3.5</version> - <title>Proxy Server: Reverse Proxy</title> - <include_file>/usr/local/pkg/squid.inc</include_file> - <tabs> - <tab> - <text>General</text> - <url>/pkg_edit.php?xml=squid.xml&id=0</url> - </tab> - <tab> - <text>Upstream</text> - <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> - </tab> - <tab> - <text>Cache</text> - <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> - </tab> - <tab> - <text>ACLs</text> - <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> - </tab> - <tab> - <text>Traffic Mgmt</text> - <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> - </tab> - <tab> - <text>Reverse</text> - <url>/pkg_edit.php?xml=squid_reverse.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Authentication</text> - <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> - </tab> - <tab> - <text>Users</text> - <url>/pkg.php?xml=squid_users.xml</url> - </tab> - <tab> - <text>Real Time</text> - <url>/squid_monitor.php</url> - </tab> - <tab> - <text>Sync</text> - <url>/pkg_edit.php?xml=squid_sync.xml</url> - </tab> - </tabs> - <fields> - <field> - <name>Squid Reverse Proxy General Settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Reverse Proxy Interface</fielddescr> - <fieldname>reverse_interface</fieldname> - <description> - <![CDATA[ - The interface(s) the reverse-proxy server will bind to.<br/> - Use CTRL + click to select multiple interfaces. - ]]> - </description> - <type>interfaces_selection</type> - <required/> - <default_value>wan</default_value> - <multiple/> - </field> - <field> - <fielddescr>User Defined Reverse Proxy IPs</fielddescr> - <fieldname>reverse_ip</fieldname> - <description> - <![CDATA[ - Squid will additionally bind to these user-defined IPs for reverse proxy operation. Useful for virtual IPs such as CARP.<br/> - <strong>Note: Separate entries by semi-colons (;)</strong> - ]]> - </description> - <type>input</type> - <size>70</size> - </field> - <field> - <fielddescr>External FQDN</fielddescr> - <fieldname>reverse_external_fqdn</fieldname> - <description>The external fully qualified domain name of the WAN IP address.</description> - <type>input</type> - <required/> - <size>70</size> - </field> - <field> - <fielddescr>Reset TCP Connections on Unauthorized Requests</fielddescr> - <fieldname>deny_info_tcp_reset</fieldname> - <description>If checked, the reverse proxy will reset the TCP connection if the request is unauthorized.</description> - <type>checkbox</type> - <default_value>on</default_value> - </field> - <field> - <name>Squid Reverse HTTP Settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Enable HTTP Reverse Mode</fielddescr> - <fieldname>reverse_http</fieldname> - <description> - <![CDATA[ - If checked, the proxy server will act in HTTP reverse mode.<br/> - <strong>Note: You must add a proper firewall rule with destination 'WAN Address'.</strong> - ]]> - </description> - <type>checkbox</type> - <enablefields>reverse_http_port,reverse_http_defsite</enablefields> - <required/> - <default_value>off</default_value> - </field> - <field> - <fielddescr>Reverse HTTP Port</fielddescr> - <fieldname>reverse_http_port</fieldname> - <description> - <![CDATA[ - This is the port the HTTP reverse proxy will listen on. Default value will be used if left empty.<br/> - Default: 80 - ]]> - </description> - <type>input</type> - <size>5</size> - <default_value>80</default_value> - </field> - <field> - <fielddescr>Reverse HTTP Default Site</fielddescr> - <fieldname>reverse_http_defsite</fieldname> - <description> - <![CDATA[ - This is the HTTP reverse proxy default site.<br/> - Note: Leave empty to use 'External FQDN' value specified above. - ]]> - </description> - <type>input</type> - <size>60</size> - </field> - <field> - <name>Squid Reverse HTTPS Settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Enable HTTPS Reverse Proxy</fielddescr> - <fieldname>reverse_https</fieldname> - <description> - <![CDATA[ - If checked, the proxy server will act in HTTPS reverse mode.<br/> - <strong>Note: You must add a proper firewall rule with destination 'WAN Address'.</strong> - ]]> - </description> - <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> - <required/> - <default_value>off</default_value> - </field> - <field> - <fielddescr>Reverse HTTPS Port</fielddescr> - <fieldname>reverse_https_port</fieldname> - <description> - <![CDATA[ - This is the port the HTTPS reverse proxy will listen on. Default value will be used if left empty.<br/> - Default: 443 - ]]> - </description> - <type>input</type> - <size>5</size> - <default_value>443</default_value> - </field> - <field> - <fielddescr>Reverse HTTPS Default Site</fielddescr> - <fieldname>reverse_https_defsite</fieldname> - <description> - <![CDATA[ - This is the HTTPS reverse proxy default site.<br/> - Note: Leave empty to use 'External FQDN' value specified above. - ]]> - </description> - <type>input</type> - <size>60</size> - </field> - <field> - <fielddescr>Reverse SSL Certificate</fielddescr> - <fieldname>reverse_ssl_cert</fieldname> - <description>Choose the SSL Server Certificate here.</description> - <type>select_source</type> - <source>$config['cert']</source> - <source_name>descr</source_name> - <source_value>refid</source_value> - </field> - <field> - <fielddescr>Intermediate CA Certificate (If Needed)</fielddescr> - <fieldname>reverse_int_ca</fieldname> - <description> - <![CDATA[ - Paste a signed certificate in X.509 <strong>PEM format</strong> here. - ]]> - </description> - <type>textarea</type> - <cols>75</cols> - <rows>5</rows> - <encoding>base64</encoding> - </field> - <field> - <fielddescr>Ignore Internal Certificate Validation</fielddescr> - <fieldname>reverse_ignore_ssl_valid</fieldname> - <description>If checked, internal certificate validation will be ignored.</description> - <type>checkbox</type> - <default_value>on</default_value> - </field> - <field> - <name>OWA Reverse Proxy General Settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Enable OWA Reverse Proxy</fielddescr> - <fieldname>reverse_owa</fieldname> - <description>If checked, Squid will act as an accelerator/SSL offloader for Outlook Web App.</description> - <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> - </field> - <field> - <fielddescr>CAS-Array / OWA Frontend IP Address</fielddescr> - <fieldname>reverse_owa_ip</fieldname> - <description> - <![CDATA[ - These are the internal IPs of the CAS-Array (OWA frontend servers).<br/> - <strong>Note: Separate entries by semi-colons (;)</strong> - ]]> - </description> - <type>input</type> - <size>70</size> - </field> - <field> - <fielddescr>Enable ActiveSync</fielddescr> - <fieldname>reverse_owa_activesync</fieldname> - <description>If checked, ActiveSync will be enabled.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Enable Outlook Anywhere</fielddescr> - <fieldname>reverse_owa_rpchttp</fieldname> - <description>If checked, RPC over HTTP will be enabled.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Enable MAPI HTTP</fielddescr> - <fieldname>reverse_owa_mapihttp</fieldname> - <description> - <![CDATA[ - If checked, MAPI over HTTP will be enabled.<br/> - <strong>This feature is only available with at least Microsoft Exchange 2013 SP1</strong> - ]]> - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Enable Exchange WebServices</fielddescr> - <fieldname>reverse_owa_webservice</fieldname> - <description> - <![CDATA[ - If checked, Exchange WebServices will be enabled.<br/> - <strong>There are potential DoS side effects to its use. Please avoid unless really required.</strong> - ]]> - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Enable AutoDiscover</fielddescr> - <fieldname>reverse_owa_autodiscover</fieldname> - <description> - <![CDATA[ - If checked, AutoDiscover will be enabled.<br/> - <strong>You also should set up the autodiscover DNS record to point to you WAN IP.</strong> - ]]> - </description> - <type>checkbox</type> - </field> - <field> - <name>Squid Reverse Mappings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr> - <![CDATA[ - Peer Definitions<br/> - Publishing Hosts - ]]> - </fielddescr> - <fieldname>reverse_cache_peer</fieldname> - <description> - <![CDATA[ - Enter each peer definition on a new line. Directives have to be separated by a semicolon(;).<br/><br/> - Syntax: [peer alias];[internal ip address];[port];[HTTP/HTTPS]<br/> - Example: HOST1;192.168.0.1;80;HTTP<br/> - <strong><span class="errmsg">WARNING:</span> Wrong syntax usage will result in Squid not starting!</strong> - ]]> - </description> - <type>textarea</type> - <cols>60</cols> - <rows>10</rows> - <encoding>base64</encoding> - </field> - <field> - <fielddescr> - <![CDATA[ - URI Definitions<br/> - Published URIs - ]]> - </fielddescr> - <fieldname>reverse_uri</fieldname> - <description> - <![CDATA[ - Enter each reverse ACL definition on a separate line. Directives have to be separated by a semicolon(;)<br/><br/> - Syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn])<br/> - Example: URI1;public;server.example.com<br/><br/> - Notes:<br/> - - A group can contain multiple URIs<br/> - - If [vhost fqdn] is ommited, 'External FQDN' is used<br/> - - You also can specify http:// or https://<br/><br/> - <strong><span class="errmsg">WARNING:</span> Wrong syntax usage will result in Squid not starting!</strong> - ]]> - </description> - <type>textarea</type> - <cols>60</cols> - <rows>10</rows> - <encoding>base64</encoding> - </field> - <field> - <fielddescr> - <![CDATA[ - ACL Definitions<br/> - Published URIs - ]]> - </fielddescr> - <fieldname>reverse_acl</fieldname> - <description> - <![CDATA[ - Enter each reverse ACL definition on a new line. Directives have to be separated by a semicolon(;)<br/> - Syntax: [peer alias];[uri group alias]<br/> - Example: HOST1;URI1<br/> - <strong><span class="errmsg">WARNING:</span> Wrong syntax usage will result in Squid not starting!</strong> - ]]> - </description> - <type>textarea</type> - <cols>60</cols> - <rows>10</rows> - <encoding>base64</encoding> - </field> - <!-- - <field> - <fielddescr>Internal Hosts</fielddescr> - <type>rowhelper</type> - <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>reverse_cache_peer_ip</fieldname> - <type>input</type> - <size>15</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Protocol</fielddescr> - <fieldname>reverse_cache_peer_proto</fieldname> - <type>select</type> - <options> - <option><name>HTTP</name><value>HTTP</value></option> - <option><name>HTTPS</name><value>HTTPS</value></option> - </options> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Port</fielddescr> - <fieldname>reverse_cache_peer_port</fieldname> - <type>input</type> - <size>5</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Peer Name</fielddescr> - <fieldname>reverse_cache_peer_name</fieldname> - <type>input</type> - <size>25</size> - </rowhelperfield> - </rowhelper> - </field> - <field> - <fielddescr>Published URI</fielddescr> - <type>rowhelper</type> - <rowhelper> - <rowhelperfield> - <fielddescr>URI</fielddescr> - <fieldname>reverse_cache_peer_uri</fieldname> - <type>input</type> - <size>50</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Peer Name</fielddescr> - <fieldname>reverse_cache_peer</fieldname> - <type>input</type> - <size>25</size> - </rowhelperfield> - </rowhelper> - </field> - --> - </fields> - <custom_php_validation_command> - squid_validate_reverse($_POST, $input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - squid_resync(); - </custom_php_resync_config_command> -</packagegui> diff --git a/config/squid3/34/squid_reverse_general.xml b/config/squid3/34/squid_reverse_general.xml index 19c504f1..90babcd0 100755 --- a/config/squid3/34/squid_reverse_general.xml +++ b/config/squid3/34/squid_reverse_general.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squidreversegeneral</name> - <version>0.3.5</version> + <version>0.3.8</version> <title>Reverse Proxy Server: General</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> @@ -303,7 +303,12 @@ </field> </fields> <custom_php_validation_command> + <![CDATA[ + if (!empty($_POST) && !squid_enabled()) { + $input_errors[] = "Squid is disabled. You must enable Squid proxy under Services - Squid Proxy Server - General."; + } squid_validate_reverse($_POST, $input_errors); + ]]> </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/pkg_config.10.xml b/pkg_config.10.xml index d7d286ec..c21d0c34 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1052,7 +1052,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>0.3.7</version> + <version>0.3.8</version> <status>beta</status> <required_version>2.2</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> |