diff options
Diffstat (limited to 'config/squid3/33')
| -rwxr-xr-x | config/squid3/33/squid.inc | 36 | ||||
| -rw-r--r-- | config/squid3/33/squid.xml | 4 | ||||
| -rwxr-xr-x | config/squid3/33/squid_auth.xml | 2 | ||||
| -rwxr-xr-x | config/squid3/33/squid_cache.xml | 2 | ||||
| -rwxr-xr-x | config/squid3/33/squid_nac.xml | 2 | ||||
| -rwxr-xr-x | config/squid3/33/squid_reverse.inc | 39 | ||||
| -rwxr-xr-x | config/squid3/33/squid_reverse.xml | 21 | ||||
| -rwxr-xr-x | config/squid3/33/squid_reverse_general.xml | 28 | ||||
| -rwxr-xr-x | config/squid3/33/squid_reverse_peer.xml | 6 | ||||
| -rwxr-xr-x | config/squid3/33/squid_traffic.xml | 2 | ||||
| -rwxr-xr-x | config/squid3/33/squid_upstream.xml | 2 |
11 files changed, 84 insertions, 60 deletions
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index a97746e2..d9bb1549 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -382,7 +382,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' and ... array_shift($values); @@ -406,7 +406,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; if (is_array($config['installedpackages']['squid'])) $settings = $config['installedpackages']['squid']['config'][0]; @@ -472,7 +472,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['enabled'] == 'on') { $addr = trim($post['proxyaddr']); if (empty($addr)) @@ -494,7 +494,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -533,7 +533,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -579,7 +579,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -610,14 +610,13 @@ function squid_validate_traffic($post, $input_errors) { } } -function squid_validate_reverse($post, $input_errors) { +function squid_validate_reverse($post, &$input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -639,15 +638,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { @@ -665,7 +661,7 @@ function squid_validate_reverse($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml index bf740221..7e13e456 100644 --- a/config/squid3/33/squid.xml +++ b/config/squid3/33/squid.xml @@ -555,13 +555,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_auth.xml b/config/squid3/33/squid_auth.xml index e71a7e8d..c79bf873 100755 --- a/config/squid3/33/squid_auth.xml +++ b/config/squid3/33/squid_auth.xml @@ -250,7 +250,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml index f60863c9..612e9b73 100755 --- a/config/squid3/33/squid_cache.xml +++ b/config/squid3/33/squid_cache.xml @@ -312,7 +312,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_nac.xml b/config/squid3/33/squid_nac.xml index bffefb61..2e94ae58 100755 --- a/config/squid3/33/squid_nac.xml +++ b/config/squid3/33/squid_nac.xml @@ -183,7 +183,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 34ff2366..a6b81c0b 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -89,9 +89,6 @@ function squid_resync_reverse() { if(!empty($settings['reverse_ip'])) { $reverse_ip = explode(";", ($settings['reverse_ip'])); foreach ($reverse_ip as $reip) { - //IPv6 Addresses need to be enclosed in brackets - if (strpos($reip, ':')) $reip = '[' . $reip . ']'; - //HTTP if (!empty($settings['reverse_http'])) $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; @@ -103,14 +100,23 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; - + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on name=OWA_HOST_80_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; @@ -173,10 +179,11 @@ function squid_resync_reverse() { array_push($owa_dirs,'Microsoft-Server-ActiveSync'); if($settings['reverse_owa_rpchttp']) array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); + if($settings['reverse_owa_mapihttp']) + array_push($owa_dirs,'mapi'); if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); - //$conf .= "ignore_expect_100 on\n"; Obsolete on 3.3 - } + } } if (is_array($owa_dirs)) foreach ($owa_dirs as $owa_dir) @@ -184,9 +191,12 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } - } + } //$conf .= "ssl_unclean_shutdown on"; if (is_array($reverse_maps)) foreach ($reverse_maps as $rm){ @@ -212,8 +222,15 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml index 7c25c371..b3a4c6cb 100755 --- a/config/squid3/33/squid_reverse.xml +++ b/config/squid3/33/squid_reverse.xml @@ -165,7 +165,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -214,14 +214,14 @@ <fieldname>reverse_owa</fieldname> <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -236,6 +236,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -346,10 +353,10 @@ </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml index 374666d7..47426c8e 100755 --- a/config/squid3/33/squid_reverse_general.xml +++ b/config/squid3/33/squid_reverse_general.xml @@ -149,7 +149,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -200,19 +200,16 @@ <field> <fielddescr>Enable OWA reverse proxy</fielddescr> <fieldname>reverse_owa</fieldname> - <description><![CDATA[If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.<br><br> - See also:<br> - <a target=_new href='http://support.microsoft.com/?scid=kb%3Ben-us%3B327800&x=17&y=16'>How to configure SSL Offloading for Outlook Web Access in Exchange 2000 Server and in Exchange Server 2003</a> - ]]></description> + <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -227,6 +224,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -241,12 +245,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/33/squid_reverse_peer.xml b/config/squid3/33/squid_reverse_peer.xml index abfbf19b..b5a340e7 100755 --- a/config/squid3/33/squid_reverse_peer.xml +++ b/config/squid3/33/squid_reverse_peer.xml @@ -156,12 +156,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/33/squid_traffic.xml b/config/squid3/33/squid_traffic.xml index 82e849c1..85822fef 100755 --- a/config/squid3/33/squid_traffic.xml +++ b/config/squid3/33/squid_traffic.xml @@ -200,7 +200,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_upstream.xml b/config/squid3/33/squid_upstream.xml index 407cedd8..f8e467b7 100755 --- a/config/squid3/33/squid_upstream.xml +++ b/config/squid3/33/squid_upstream.xml @@ -353,7 +353,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); |