diff options
Diffstat (limited to 'config/squid-reverse/squid_reverse.xml')
-rw-r--r-- | config/squid-reverse/squid_reverse.xml | 88 |
1 files changed, 55 insertions, 33 deletions
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml index e3f57b13..ae0c0e8a 100644 --- a/config/squid-reverse/squid_reverse.xml +++ b/config/squid-reverse/squid_reverse.xml @@ -50,47 +50,50 @@ <title>Proxy server: Reverse Proxy</title> <include_file>squid.inc</include_file> <tabs> - <tab> +<tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> - <text>Upstream Proxy</text> + <text>Upstream</text> <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> </tab> <tab> - <text>Cache Mgmt</text> + <text>Cache</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> <tab> - <text>Access Control</text> + <text>ACLs</text> <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> </tab> <tab> <text>Traffic Mgmt</text> <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> - </tab> - <tab> - <text>Reverse Proxy</text> - <url>/pkg_edit.php?xml=squid_reverse.xml&id=0</url> - <active/> </tab> <tab> - <text>Reverse Settings</text> + <text>Reverse</text> <url>/pkg_edit.php?xml=squid_reverse.xml&id=0</url> <active/> - </tab> + </tab> <tab> - <text>Auth Settings</text> + <text>Authentication</text> <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> </tab> <tab> - <text>Local Users</text> + <text>Users</text> <url>/pkg.php?xml=squid_users.xml</url> </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + </tab> </tabs> <fields> <field> + <name>Squid Reverse proxy General Settings</name> + <type>listtopic</type> + </field> + <field> <fielddescr>Reverse Proxy interface</fielddescr> <fieldname>reverse_interface</fieldname> <description>The interface(s) the reverse-proxy server will bind to.</description> @@ -104,7 +107,7 @@ <fieldname>reverse_ip</fieldname> <description>Squid will additionally bind to this user-defined IPs for reverse-proxy operation. Useful for virtual IPs such as CARP. Separate by semi-colons (;).</description> <type>input</type> - <size>80</size> + <size>70</size> </field> <field> <fielddescr>external FQDN</fielddescr> @@ -112,7 +115,18 @@ <description>The external full-qualified-domain-name of the WAN address.</description> <type>input</type> <required/> - <size>80</size> + <size>70</size> + </field> + <field> + <fielddescr>Reset TCP connections if request is unauthorized</fielddescr> + <fieldname>deny_info_tcp_reset</fieldname> + <description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <name>Squid Reverse HTTP Settings</name> + <type>listtopic</type> </field> <field> <fielddescr>Enable HTTP reverse mode</fielddescr> @@ -139,11 +153,15 @@ <size>60</size> </field> <field> + <name>Squid Reverse HTTPS Settings</name> + <type>listtopic</type> + </field> + <field> <fielddescr>Enable HTTPS reverse proxy</fielddescr> <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -166,8 +184,8 @@ <fielddescr>reverse SSL certificate</fielddescr> <fieldname>reverse_ssl_cert</fieldname> <description>Choose the SSL Server Certificate here.</description> - <type>select_source</type> - <source><![CDATA[squid_get_server_certs()]]></source> + <type>select_source</type> + <source><![CDATA[$config['cert']]]></source> <source_name>descr</source_name> <source_value>refid</source_value> </field> @@ -181,13 +199,6 @@ <encoding>base64</encoding> </field> <field> - <fielddescr>Reset TCP connections if request is unauthorized</fielddescr> - <fieldname>deny_info_tcp_reset</fieldname> - <description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description> - <type>checkbox</type> - <default_value>on</default_value> - </field> - <field> <fielddescr>Ignore internal Certificate validation</fielddescr> <fieldname>reverse_ignore_ssl_valid</fieldname> <description>If this field is checked, internal certificate validation will be ignored.</description> @@ -223,7 +234,8 @@ <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> - <description>If this field is checked, Exchange WebServices will be enabled.</description> + <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> + <strong>There are potential DoS side effects to its use, please avoid unless you must.</strong>]]></description> <type>checkbox</type> </field> <field> @@ -233,10 +245,16 @@ <type>checkbox</type> </field> <field> + <name>Squid Reverse Mappings</name> + <type>listtopic</type> + </field> + <field> <fielddescr><b>peer definitions</b> <br>publishing hosts</fielddescr> <fieldname>reverse_cache_peer</fieldname> - <description>Enter each peer definition on a new line. Directives have to be separated by a semicolon(;). <br>syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS] <br>example: HOST1;192.168.0.1;80;HTTP <br><i>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</i> - </description> + <description><![CDATA[Enter each peer definition on a new line. Directives have to be separated by a semicolon(;).<BR> + syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS]<br> + example: HOST1;192.168.0.1;80;HTTP<br> + <strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description> <type>textarea</type> <cols>60</cols> <rows>10</rows> @@ -244,9 +262,12 @@ </field> <field> <fielddescr><b>URI definitions</b> <br>published URIs</fielddescr> - <fieldname>revrse_uri</fieldname> - <description>Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;).<br>syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn]) <br>(a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://) <br>example: URI1;public;server.pfsense.org. <br><i>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</i> - </description> + <fieldname>reverse_uri</fieldname> + <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;)<BR> + syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn]) <BR> + (a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://)<BR> + example: URI1;public;server.pfsense.org.<BR> + <STRONG>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</STRONG>]]></description> <type>textarea</type> <cols>60</cols> <rows>10</rows> @@ -255,8 +276,9 @@ <field> <fielddescr><b>ACL definitions</b> <br>published URIs</fielddescr> <fieldname>reverse_acl</fieldname> - <description>Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;). <br>syntax: [peer alias];[uri group alias] <br>example: HOST1;URI1 <br><i>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</i> - </description> + <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;). <br> + syntax: [peer alias];[uri group alias] <br>example: HOST1;URI1 <br> + <strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description> <type>textarea</type> <cols>60</cols> <rows>10</rows> |