aboutsummaryrefslogtreecommitdiffstats
path: root/config/squid-reverse/squid_reverse.xml
diff options
context:
space:
mode:
Diffstat (limited to 'config/squid-reverse/squid_reverse.xml')
-rw-r--r--config/squid-reverse/squid_reverse.xml315
1 files changed, 315 insertions, 0 deletions
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
new file mode 100644
index 00000000..d921254f
--- /dev/null
+++ b/config/squid-reverse/squid_reverse.xml
@@ -0,0 +1,315 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ authng.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2007 to whom it may belong
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>squidreverse</name>
+ <version>none</version>
+ <title>Proxy server: Reverse Proxy</title>
+ <include_file>squid.inc</include_file>
+ <tabs>
+ <tab>
+ <text>General</text>
+ <url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Upstream Proxy</text>
+ <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Cache Mgmt</text>
+ <url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Access Control</text>
+ <url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Traffic Mgmt</text>
+ <url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Reverse Proxy</text>
+ <url>/pkg_edit.php?xml=squid_reverse.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Reverse Settings</text>
+ <url>/pkg_edit.php?xml=squid_reverse.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Auth Settings</text>
+ <url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Local Users</text>
+ <url>/pkg.php?xml=squid_users.xml</url>
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <fielddescr>Reverse Proxy interface</fielddescr>
+ <fieldname>reverse_interface</fieldname>
+ <description>The interface(s) the reverse-proxy server will bind to.</description>
+ <type>interfaces_selection</type>
+ <required/>
+ <default_value>wan</default_value>
+ <multiple/>
+ </field>
+ <field>
+ <fielddescr>external FQDN</fielddescr>
+ <fieldname>reverse_external_fqdn</fieldname>
+ <description>The external full-qualified-domain-name of the WAN address.</description>
+ <type>input</type>
+ <required/>
+ <size>80</size>
+ </field>
+ <field>
+ <fielddescr>Enable HTTP reverse mode</fielddescr>
+ <fieldname>reverse_http</fieldname>
+ <description>If this field is checked, the proxy-server will act in HTTP reverse mode. &lt;br&gt;(You have to add a rule with destination "WAN-address")</description>
+ <type>checkbox</type>
+ <enablefields>reverse_http_port,reverse_http_defsite</enablefields>
+ <required/>
+ <default_value>off</default_value>
+ </field>
+ <field>
+ <fielddescr>reverse HTTP port</fielddescr>
+ <fieldname>reverse_http_port</fieldname>
+ <description>This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80)</description>
+ <type>input</type>
+ <size>5</size>
+ <default_value>80</default_value>
+ </field>
+ <field>
+ <fielddescr>reverse HTTP default site</fielddescr>
+ <fieldname>reverse_http_defsite</fieldname>
+ <description>This is the HTTP reverse default site. (leave empty to use the external fqdn)</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>Enable HTTPS reverse proxy</fielddescr>
+ <fieldname>reverse_https</fieldname>
+ <description>If this field is checked, squid will act as an accelerator/SSL offload for Outlook Web Access.</description>
+ <type>checkbox</type>
+ <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid,reverse_ssl_chain</enablefields>
+ <required/>
+ <default_value>off</default_value>
+ </field>
+ <field>
+ <fielddescr>reverse HTTPS port</fielddescr>
+ <fieldname>reverse_https_port</fieldname>
+ <description>This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443)</description>
+ <type>input</type>
+ <size>5</size>
+ <default_value>443</default_value>
+ </field>
+ <field>
+ <fielddescr>reverse HTTPS default site</fielddescr>
+ <fieldname>reverse_https_defsite</fieldname>
+ <description>This is the HTTPS reverse default site. (leave empty to use the external fqdn)</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>reverse SSL certificate</fielddescr>
+ <fieldname>reverse_ssl_cert</fieldname>
+ <description>Choose the SSL Server Certificate here.</description>
+ <type>select_source</type>
+ <source><![CDATA[squid_get_server_certs()]]></source>
+ <source_name>descr</source_name>
+ <source_value>refid</source_value>
+ </field>
+ <field>
+ <fielddescr>intermediate CA certificate (if needed)</fielddescr>
+ <fieldname>reverse_int_ca</fieldname>
+ <description>Paste a signed certificate in X.509 PEM format here.</description>
+ <type>textarea</type>
+ <cols>50</cols>
+ <rows>5</rows>
+ <encoding>base64</encoding>
+ </field>
+ <field>
+ <fielddescr>Reset TCP connections if request is unauthorized</fielddescr>
+ <fieldname>deny_info_tcp_reset</fieldname>
+ <description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description>
+ <type>checkbox</type>
+ <default_value>on</default_value>
+ </field>
+ <field>
+ <fielddescr>Ignore internal Certificate validation</fielddescr>
+ <fieldname>reverse_ignore_ssl_valid</fieldname>
+ <description>If this field is checked, internal certificate validation will be ignored.</description>
+ <type>checkbox</type>
+ <default_value>on</default_value>
+ </field>
+ <field>
+ <fielddescr>Enable OWA reverse proxy</fielddescr>
+ <fieldname>reverse_owa</fieldname>
+ <description>If this field is checked, squid will act as an accelerator/SSL offload for Outlook Web Access.</description>
+ <type>checkbox</type>
+ <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp</enablefields>
+ </field>
+ <field>
+ <fielddescr>OWA frontend IP address</fielddescr>
+ <fieldname>reverse_owa_ip</fieldname>
+ <description>This is the internal IP Address of the OWA frontend server.</description>
+ <type>input</type>
+ <size>15</size>
+ <default_value>localhost</default_value>
+ </field>
+ <field>
+ <fielddescr>Enable ActiveSync</fielddescr>
+ <fieldname>reverse_owa_activesync</fieldname>
+ <description>If this field is checked, ActiveSync support will be enabled.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Enable Outlook Anywhere</fielddescr>
+ <fieldname>reverse_owa_rpchttp</fieldname>
+ <description>If this field is checked, RPC over HTTP support will be enabled.</description>
+ <type>checkbox</type>
+ <enablefields>extension_methods</enablefields>
+ </field>
+
+ <field>
+ <fielddescr>&lt;b&gt;peer definitions&lt;/b&gt; &lt;br&gt;publishing hosts</fielddescr>
+ <fieldname>reverse_cache_peer</fieldname>
+ <description>Enter each peer definition on a new line. Directives have to be separated by a semicolon(;). &lt;br&gt;syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS] &lt;br&gt;example: HOST1;192.168.0.1;80;HTTP &lt;br&gt;&lt;i&gt;WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING&lt;/i&gt;
+ </description>
+ <type>textarea</type>
+ <cols>60</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </field>
+ <field>
+ <fielddescr>&lt;b&gt;URI definitions&lt;/b&gt; &lt;br&gt;published URIs</fielddescr>
+ <fieldname>revrse_uri</fieldname>
+ <description>Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;).&lt;br&gt;syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn]) &lt;br&gt;(a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://) &lt;br&gt;example: URI1;public;server.pfsense.org. &lt;br&gt;&lt;i&gt;WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING&lt;/i&gt;
+ </description>
+ <type>textarea</type>
+ <cols>60</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </field>
+ <field>
+ <fielddescr>&lt;b&gt;ACL definitions&lt;/b&gt; &lt;br&gt;published URIs</fielddescr>
+ <fieldname>reverse_acl</fieldname>
+ <description>Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;). &lt;br&gt;syntax: [peer alias];[uri group alias] &lt;br&gt;example: HOST1;URI1 &lt;br&gt;&lt;i&gt;WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING&lt;/i&gt;
+ </description>
+ <type>textarea</type>
+ <cols>60</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </field>
+
+<!--
+ <field>
+ <fielddescr>internal hosts</fielddescr>
+ <type>rowhelper</type>
+ <rowhelper>
+ <rowhelperfield>
+ <fielddescr>IP address</fielddescr>
+ <fieldname>reverse_cache_peer_ip</fieldname>
+ <type>input</type>
+ <size>15</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Protocol</fielddescr>
+ <fieldname>reverse_cache_peer_proto</fieldname>
+ <type>select</type>
+ <options>
+ <option> <name>HTTP</name> <value>HTTP</value> </option>
+ <option> <name>HTTPS</name> <value>HTTPS</value> </option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>port</fielddescr>
+ <fieldname>reverse_cache_peer_port</fieldname>
+ <type>input</type>
+ <size>5</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>peer name</fielddescr>
+ <fieldname>reverse_cache_peer_name</fieldname>
+ <type>input</type>
+ <size>25</size>
+ </rowhelperfield>
+ </rowhelper>
+ </field>
+
+ <field>
+ <fielddescr>published URI</fielddescr>
+ <type>rowhelper</type>
+ <rowhelper>
+ <rowhelperfield>
+ <fielddescr>URI</fielddescr>
+ <fieldname>reverse_cache_peer_uri</fieldname>
+ <type>input</type>
+ <size>50</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>peer name</fielddescr>
+ <fieldname>reverse_cache_peer</fieldname>
+ <type>input</type>
+ <size>25</size>
+ </rowhelperfield>
+ </rowhelper>
+ </field>
+-->
+
+ </fields>
+ <custom_php_command_before_form>
+ squid_before_form_general(&amp;$pkg);
+ </custom_php_command_before_form>
+ <custom_php_validation_command>
+ squid_validate_reverse($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ squid_resync();
+ </custom_php_resync_config_command>
+</packagegui> \ No newline at end of file