diff options
Diffstat (limited to 'config/squid-reverse/squid_upstream.xml')
| -rw-r--r-- | config/squid-reverse/squid_upstream.xml | 357 |
1 files changed, 0 insertions, 357 deletions
diff --git a/config/squid-reverse/squid_upstream.xml b/config/squid-reverse/squid_upstream.xml deleted file mode 100644 index 049d301c..00000000 --- a/config/squid-reverse/squid_upstream.xml +++ /dev/null @@ -1,357 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - squid_upstream.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>squidremote</name> - <version>none</version> - <title>Proxy server: Remote proxy settings</title> - <include_file>/usr/local/pkg/squid.inc</include_file> - <tabs> -<tab> - <text>General</text> - <url>/pkg_edit.php?xml=squid.xml&id=0</url> - </tab> - <tab> - <text>Remote Cache</text> - <url>/pkg.php?xml=squid_upstream.xml</url> - <active/> - </tab> - <tab> - <text>Local Cache</text> - <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> - </tab> - <tab> - <text>ACLs</text> - <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> - </tab> - <tab> - <text>Traffic Mgmt</text> - <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> - </tab> - <tab> - <text>Authentication</text> - <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> - </tab> - <tab> - <text>Users</text> - <url>/pkg.php?xml=squid_users.xml</url> - </tab> - <tab> - <text>Real time</text> - <url>/squid_monitor.php</url> - </tab> - <tab> - <text>Sync</text> - <url>/pkg_edit.php?xml=squid_sync.xml</url> - </tab> - </tabs> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Status</fielddescr> - <fieldname>enable</fieldname> - </columnitem> - <columnitem> - <fielddescr>name</fielddescr> - <fieldname>proxyaddr</fieldname> - </columnitem> - <columnitem> - <fielddescr>Port</fielddescr> - <fieldname>proxyport</fieldname> - </columnitem> - <columnitem> - <fielddescr>ICP</fielddescr> - <fieldname>icpport</fieldname> - </columnitem> - <columnitem> - <fielddescr>Peer type</fielddescr> - <fieldname>hierarchy</fieldname> - </columnitem> - <columnitem> - <fielddescr>Method</fielddescr> - <fieldname>peermethod</fieldname> - </columnitem> - </adddeleteeditpagefields> - - <fields> - <field> - <name>General Settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Enable</fielddescr> - <fieldname>enable</fieldname> - <description>This option enables the proxy server to forward requests to an upstream/neighbor server.</description> - <type>checkbox</type> - <required/> - </field> - <field> - <fielddescr>Hostname</fielddescr> - <fieldname>proxyaddr</fieldname> - <description>Enter here the IP address or host name of the upstream proxy.</description> - <type>input</type> - <size>35</size> - <required/> - </field> - <field> - <fielddescr>Name</fielddescr> - <fieldname>proxyname</fieldname> - <description>Unique name for the peer.Required if you have multiple peers on the same host but different ports.</description> - <type>input</type> - <size>35</size> - <required/> - </field> - <field> - <fielddescr>TCP port</fielddescr> - <fieldname>proxyport</fieldname> - <description>Enter the port to use to connect to the upstream proxy.</description> - <type>input</type> - <size>5</size> - <default_value>3128</default_value> - <required/> - </field> - <field> - <fielddescr>Timeout</fielddescr> - <fieldname>connecttimeout</fieldname> - <description>A peer-specific connect timeout. Also see the peer_connect_timeout directive.</description> - <type>input</type> - <size>5</size> - </field> - <field> - <fielddescr>Fail Limit</fielddescr> - <fieldname>connectfailLimit</fieldname> - <description>How many times connecting to a peer must fail before it is marked as down. Default is 10.</description> - <type>input</type> - <size>5</size> - <default_value>10</default_value> - </field> - <field> - <fielddescr>Max</fielddescr> - <fieldname>maxconn</fieldname> - <description>Limit the amount of connections Squid may open to this peer.</description> - <type>input</type> - <size>5</size> - </field> - <field> - <fielddescr>Allow Miss</fielddescr> - <fieldname>allowmiss</fieldname> - <description><![CDATA[<strong>allow-miss</strong> - Disable Squid's use of only-if-cached when forwarding requests to siblings. This is primarily useful when icp_hit_stale is used by the sibling.<br><br> - <strong>no-tproxy</strong> - Do not use the client-spoof TPROXY support when forwarding requests to this peer. Use normal address selection instead.<br><br> - <strong>proxy-only</strong> - Objects fetched from the peer will not be stored locally.]]></description> - <type>select</type> - <default_value>allow-miss</default_value> - <options> - <option><name>Allow Miss</name><value>allow-miss</value></option> - <option><name>No Tproxy</name><value>no-tproxy</value></option> - <option><name>Proxy Only</name><value>proxy-only</value></option> - </options> - <multiple/> - <size>4</size> - </field> - <field> - <name>Peer settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Hierarchy</fielddescr> - <fieldname>hierarchy</fieldname> - <description>Specify remote caches hierarchy.</description> - <type>select</type> - <default_value>parent</default_value> - <options> - <option><name>parent</name><value>parent</value></option> - <option><name>sibling</name><value>sibling</value></option> - <option><name>multicast</name><value>multicast</value></option> - </options> - </field> - <field> - <fielddescr>Select method</fielddescr> - <fieldname>peermethod</fieldname> - <description><![CDATA[The default peer selection method is ICP, with the first responding peer being used as source. These options can be used for better load balancing.<br><br> - <strong>default</strong> - This is a parent cache which can be used as a "last-resort" if a peer cannot be located by any of the peer-selection methods.<br> - If specified more than once, only the first is used.<br><br> - <strong>round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion in the absence of any ICP queries.<br>weight=N can be used to add bias.<br><br> - <strong>weighted-round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion with the frequency of each parent being based on the round trip time.<br> - Closer parents are used more often. Usually used for background-ping parents. weight=N can be used to add bias.<br><br> - <strong>carp</strong> - Load-Balance parents which should be used as a CARP array. The requests will be distributed among the parents based on the CARP load balancing hash function based on their weight.<br><br> - <strong>userhash</strong> - Load-balance parents based on the client proxy_auth or ident username.<br><br> - <strong>sourcehash</strong> - Load-balance parents based on the client source IP.<br><br> - <strong>multicast-siblings</strong> - To be used only for cache peers of type "multicast".<br> - ALL members of this multicast group have "sibling" relationship with it, not "parent". This is to a multicast group when the requested object would be fetched only from a "parent" cache, anyway.<br> - It's useful, e.g., when configuring a pool of redundant Squid proxies, being members of the same multicast group.]]></description> - <type>select</type> - <default_value>round-robin</default_value> - <options> - <option><name>round-robin</name><value>round-robin</value></option> - <option><name>default</name><value>default</value></option> - <option><name>weighted-round-robin</name><value>weighted-round-robin</value></option> - <option><name>carp</name><value>carp</value></option> - <option><name>userhash</name><value>userhash</value></option> - <option><name>sourcehash</name><value>sourcehash</value></option> - <option><name>multicast-sibling</name><value>multicast-sibling</value></option> - </options> - </field> - <field> - <fielddescr>weight</fielddescr> - <fieldname>weight</fieldname> - <description>Use to affect the selection of a peer during any weighted peer-selection mechanisms. The weight must be an integer; default is 1,larger weights are favored more.</description> - <type>input</type> - <size>5</size> - <default>1</default> - </field> - <field> - <fielddescr>basetime</fielddescr> - <fieldname>basetime</fieldname> - <description><![CDATA[Specify a base amount to be subtracted from round trip times of parents.<br> - It is subtracted before division by weight in calculating which parent to fectch from. If the rtt is less than the base time the rtt is set to a minimal value.]]></description> - <type>input</type> - <size>5</size> - <default>1</default> - </field> - <field> - <fielddescr>ttl</fielddescr> - <fieldname>ttl</fieldname> - <description><![CDATA[Specify a TTL to use when sending multicast ICP queries to this address<br> - Only useful when sending to a multicast group. Because we don't accept ICP replies from random hosts, you must configure other group members as peers with the 'multicast-responder' option.]]></description> - <type>input</type> - <size>5</size> - <default>1</default> - </field> - <field> - <fielddescr>no-delay</fielddescr> - <fieldname>nodelay</fieldname> - <description><![CDATA[To prevent access to this neighbor from influencing the delay pools.]]></description> - <type>checkbox</type> - </field> - <field> - <name>ICP settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>ICP port</fielddescr> - <fieldname>icpport</fieldname> - <description>Enter the port to connect to the upstream proxy for the ICP protocol. Use port number 7 to disable ICP communication between the proxies.</description> - <type>input</type> - <size>5</size> - <default_value>7</default_value> - </field> - <field> - <fielddescr>ICP Options</fielddescr> - <fieldname>icpoptions</fieldname> - <description><![CDATA[You MUST also set icp_port and icp_access explicitly when using these options.<br> - The defaults will prevent peer traffic using ICP<br><br> - <strong>no-query</strong> - Disable ICP queries to this neighbor.<br><br> - <strong>multicast-responder</strong> -Indicates the named peer is a member of a multicast group.<br> - ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.<br><br> - <strong>closest-only</strong> - Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.<br><br> - <strong>background-ping</strong> - To only send ICP queries to this neighbor infrequently.<br> - This is used to keep the neighbor round trip time updated and is usually used in conjunction with weighted-round-robin.]]></description> - <type>select</type> - <default_value>no-query</default_value> - <options> - <option><name>no-query</name><value>no-query</value></option> - <option><name>multicast-responder</name><value>multicast-responder</value></option> - <option><name>closest-only</name><value>closest-only</value></option> - <option><name>background-ping</name><value>background-ping</value></option> - </options> - </field> - <field> - <name>Auth settings</name> - <type>listtopic</type> - </field> - <field> - <fielddescr>Username</fielddescr> - <fieldname>username</fieldname> - <description>If the upstream proxy requires a username, specify it here.</description> - <type>input</type> - </field> - <field> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>If the upstream proxy requires a password, specify it here.</description> - <type>password</type> - </field> - <field> - <fielddescr>Authentication options</fielddescr> - <fieldname>authoption</fieldname> - <description><![CDATA[<br><strong>login=user:password</strong> - If this is a personal/workgroup proxy and your parent requires proxy authentication.<br><br> - <strong>login=PASSTHRU</strong> - Send login details received from client to this peer. Authentication is not required by Squid for this to work.<br> - This will pass any form of authentication but only Basic auth will work through a proxy unless the connection-auth options are also used.<br><br> - <strong>login=PASS</strong> - Send login details received from client to this peer.Authentication is not required by this option.<br> - To combine this with proxy_auth both proxies must share the same user database as HTTP only allows for a single login (one for proxy, one for origin server).<br> - Also be warned this will expose your users proxy password to the peer. USE WITH CAUTION<br><br> - <strong>login=*:password</strong> - Send the username to the upstream cache, but with a fixed password. This is meant to be used when the peer is in another administrative domain, but it is still needed to identify each user.<br><br> - <strong>login=NEGOTIATE</strong> - If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br> - The first principal from the default keytab or defined by the environment variable KRB5_KTNAME will be used.<br> - WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br> - <strong>login=NEGOTIATE:principal_name</strong>If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br> - The principal principal_name from the default keytab or defined by the environment variable KRB5_KTNAME will be used. - WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br> - <strong>connection-auth=on</strong> - Tell Squid that this peer does support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br> - Default is auto to automatically determine the status of the peer.<br><br> - <strong>connection-auth=off</strong> - Tell Squid that this peer does not support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br> - Default is auto to automatically determine the status of the peer.]]></description> - <type>select</type> - <default_value>login=*:password</default_value> - <options> - <option><name>login=*:password</name><value>login=*:password</value></option> - <option><name>login=user:password</name><value>login=user:password</value></option> - <option><name>login=PASSTHRU</name><value>login=PASSTHRU</value></option> - <option><name>login=PASS</name><value>login=PASS</value></option> - <option><name>login=NEGOTIATE</name><value>login=NEGOTIATE</value></option> - <option><name>login=NEGOTIATE:principal_name</name><value>login=NEGOTIATE:principal_name</value></option> - <option><name>connection-auth=on</name><value>connection-auth=on</value></option> - <option><name>connection-auth=off</name><value>connection-auth=off</value></option> - </options> - </field> - </fields> - <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - squid_resync(); - </custom_php_resync_config_command> -</packagegui> |