diff options
Diffstat (limited to 'config/squid3/33')
-rwxr-xr-x | config/squid3/33/squid.inc | 18 | ||||
-rw-r--r-- | config/squid3/33/squid.xml | 14 |
2 files changed, 22 insertions, 10 deletions
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index e13e51d1..bc238a5d 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -1603,8 +1603,8 @@ function squid_resync_auth() { $conf.="# Package Integration\n".preg_replace($co_preg,$co_rep,$settingsconfig['custom_options'])."\n\n"; } - // Custom User Options - $conf .= "# Custom options\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n"; + // Custom User Options before authentication acls + $conf .= "# Custom options before auth\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n"; // Deny the banned guys before allowing the good guys if(! empty($settingsnac['banned_hosts'])) { @@ -1722,9 +1722,8 @@ function squid_resync_auth() { $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n"; break; case 'cp': - $conf .= "external_acl_type check_filter children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n"; - $conf .= "acl dgfilter external check_filter\n"; - $conf .= "http_access allow dgfilter\n"; + $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n"; + $conf .= "acl password external check_cp\n"; break; case 'msnt': $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n"; @@ -1740,6 +1739,9 @@ acl password proxy_auth REQUIRED EOD; } + // Custom User Options after authentication definition + $conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n"; + // Onto the ACLs $password = array('localnet', 'allowed_subnets'); $passwordless = array('unrestricted_hosts'); @@ -1756,7 +1758,7 @@ EOD; foreach ($passwordless as $acl) $conf .= "http_access allow $acl\n"; - if ($auth_method != 'cp'){ + //if ($auth_method != 'cp'){ // Include squidguard denied acl log in squid if ($settingsconfig['log_sqd']) $conf .="http_access deny password sglog\n"; @@ -1764,9 +1766,9 @@ EOD; // Allow the other ACLs as long as they authenticate foreach ($password as $acl) $conf .= "http_access allow password $acl\n"; - } + // } } - + $conf .= "# Default block all to be sure\n"; $conf .= "http_access deny allsrc\n"; diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml index ef5a9c94..1cbf2338 100644 --- a/config/squid3/33/squid.xml +++ b/config/squid3/33/squid.xml @@ -528,9 +528,19 @@ <rows>5</rows> </field> <field> - <fielddescr>Custom Options</fielddescr> + <fielddescr>Custom ACLS (Before_Auth)</fielddescr> <fieldname>custom_options_squid3</fieldname> - <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration.<br> + <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration before authetication acls(if any).<br> + <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> + <type>textarea</type> + <encoding>base64</encoding> + <cols>78</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>Custom ACLS (After_Auth)</fielddescr> + <fieldname>custom_options2_squid3</fieldname> + <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration after authetication definition(if any).<br> <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> <type>textarea</type> <encoding>base64</encoding> |