aboutsummaryrefslogtreecommitdiffstats
path: root/config/squid3/34
diff options
context:
space:
mode:
Diffstat (limited to 'config/squid3/34')
-rw-r--r--config/squid3/34/check_ip.php56
-rwxr-xr-xconfig/squid3/34/squid.inc187
-rw-r--r--config/squid3/34/squid.xml23
-rwxr-xr-xconfig/squid3/34/squid_antivirus.xml1
-rw-r--r--config/squid3/34/squid_clwarn.php95
-rw-r--r--config/squid3/34/swapstate_check.php11
6 files changed, 250 insertions, 123 deletions
diff --git a/config/squid3/34/check_ip.php b/config/squid3/34/check_ip.php
index a3f07204..5865037b 100644
--- a/config/squid3/34/check_ip.php
+++ b/config/squid3/34/check_ip.php
@@ -3,7 +3,7 @@
/* $Id$ */
/*
check_ip.php
- Copyright (C) 2013-2014 Marcello Coutinho
+ Copyright (C) 2013-2015 Marcello Coutinho
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,7 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
+require_once("config.inc");
error_reporting(0);
// stdin loop
if (! defined(STDIN)) {
@@ -39,40 +40,24 @@ while( !feof(STDIN)){
$line = trim(fgets(STDIN));
// %SRC
-$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
unset($cp_db);
-if ($pf_version > 2.0){
- $dir="/var/db";
- $files=scandir($dir);
- foreach ($files as $file){
- if (preg_match("/captive.*db/",$file)){
- $dbhandle = sqlite_open("$dir/$file", 0666, $error);
- if ($dbhandle){
- $query = "select * from captiveportal";
- $result = sqlite_array_query($dbhandle, $query, SQLITE_ASSOC);
- if ($result){
- foreach ($result as $rownum => $row){
- $cp_db[$rownum]=implode(",",$row);
- }
- sqlite_close($dbhandle);
- }
- }
+$files=scandir($g['vardb_path']);
+foreach ($files as $file){
+ if (preg_match("/captive.*db/",$file)){
+ $result=squid_cp_read_db("{$g['vardb_path']}/{$file}");
+ foreach ($result as $rownum => $row){
+ $cp_db[$rownum]=implode(",",$row);
}
- }
+ }
}
-else{
- $filename="/var/db/captiveportal.db";
- if (file_exists($filename))
- $cp_db=file($filename);
-}
$usuario="";
- // 1376630450,2,172.16.3.65,00:50:56:9c:00:c7,admin,e1779ea20d0a11c7,,,,
+ //1419045939,1419045939,2000,2000,192.168.10.11,192.168.10.11,08:00:27:5c:e1:ee,08:00:27:5c:e1:ee,marcello,marcello,605a1f46e2d64556,605a1f46e2d64556,,,,,,,,,,,first,first
if (is_array($cp_db)){
foreach ($cp_db as $cpl){
$fields=explode(",",$cpl);
- if ($fields[2] != "" && $fields[2]==$line)
- $usuario=$fields[4];
+ if ($fields[4] != "" && $fields[4]==$line)
+ $usuario=$fields[8];
}
}
if ($usuario !="")
@@ -82,5 +67,22 @@ else{
fwrite (STDOUT, "{$resposta}\n");
unset($cp_db);
}
+
+/* read captive portal DB into array */
+function squid_cp_read_db($file) {
+ $cpdb = array();
+ $DB = new SQLite3($file);
+ if ($DB) {
+ $response = $DB->query("SELECT * FROM captiveportal");
+ if ($response != FALSE) {
+ while ($row = $response->fetchArray())
+ $cpdb[] = $row;
+ }
+ $DB->close();
+ }
+
+ return $cpdb;
+}
+
?>
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index 87232c2b..69a50125 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -42,15 +42,8 @@ if(!function_exists("filter_configure"))
require_once("filter.inc");
$shortcut_section = "squid";
-$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
-if (is_dir('/usr/pbi/squid-' . php_uname("m"))) {
- if ($pfs_version == 2.2)
- define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m")."/local");
- else
- define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m"));
-} else {
- define('SQUID_LOCALBASE','/usr/local');
-}
+define('SQUID_BASE', '/usr/pbi/squid-' . php_uname("m"));
+define('SQUID_LOCALBASE', SQUID_BASE . "/local");
define('SQUID_CONFBASE', SQUID_LOCALBASE .'/etc/squid');
define('SQUID_CONFFILE', SQUID_CONFBASE . '/squid.conf');
@@ -138,12 +131,12 @@ function squid_dash_z($cache_action='none') {
if(!is_dir($cachedir.'/00/')) {
log_error("Creating squid cache subdirs in $cachedir");
- mwexec(SQUID_LOCALBASE. "/sbin/squid -k shutdown -f " . SQUID_CONFFILE);
+ mwexec(SQUID_BASE. "/sbin/squid -k shutdown -f " . SQUID_CONFFILE);
sleep(5);
- mwexec(SQUID_LOCALBASE. "/sbin/squid -k kill -f " . SQUID_CONFFILE);
+ mwexec(SQUID_BASE. "/sbin/squid -k kill -f " . SQUID_CONFFILE);
// Double check permissions here, should be safe to recurse cache dir if it's small here.
mwexec("/usr/sbin/chown -R proxy:proxy $cachedir");
- mwexec(SQUID_LOCALBASE. "/sbin/squid -z -f " . SQUID_CONFFILE);
+ mwexec(SQUID_BASE. "/sbin/squid -z -f " . SQUID_CONFFILE);
}
if(file_exists("/var/squid/cache/swap.state")) {
@@ -176,7 +169,7 @@ function squid_install_command() {
$settingsgen = $config['installedpackages']['squid']['config'][0];
if (file_exists("/usr/local/pkg/check_ip.php"))
- rename("/usr/local/pkg/check_ip.php",SQUID_LOCALBASE . "/libexec/squid/check_ip.php");
+ rename("/usr/local/pkg/check_ip.php",SQUID_BASE . "/bin/check_ip.php");
/* Set storage system */
if ($g['platform'] == "nanobsd") {
$config['installedpackages']['squidcache']['config'][0]['harddisk_cache_system'] = 'null';
@@ -347,11 +340,11 @@ function squid_install_command() {
if (!is_service_running('squid')) {
update_status("Starting... One moment please...");
log_error("Starting Squid");
- mwexec_bg(SQUID_LOCALBASE. "/sbin/squid -f " . SQUID_CONFFILE);
+ mwexec_bg(SQUID_BASE. "/sbin/squid -f " . SQUID_CONFFILE);
} else {
update_status("Reloading Squid for configuration sync... One moment please...");
log_error("Reloading Squid for configuration sync");
- mwexec_bg(SQUID_LOCALBASE. "/sbin/squid -k reconfigure -f " . SQUID_CONFFILE);
+ mwexec_bg(SQUID_BASE. "/sbin/squid -k reconfigure -f " . SQUID_CONFFILE);
}
/* restart proxy alarm scripts */
@@ -409,6 +402,24 @@ function squid_before_form_general(&$pkg) {
for ($i = 0; $i < count($values) - 1; $i++)
$field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]);
}
+function squid_validate_antivirus($post, &$input_errors) {
+ global $config;
+ if ($post['enable']=="on"){
+ if($post['squidclamav'] && preg_match("/(\S+proxy.domain\S+)/",$post['squidclamav'],$a_match)){
+ $input_errors[] ="Squidclamav warns redirect points to sample config domain ({$a_match[1]})";
+ $input_errors[] ="Change redirect info on 'squidclamav.conf' field to pfsense gui or an external host. ";
+ }
+ if($post['c-icap_conf']) {
+ if( !preg_match("/squid_clamav/",$post['c-icap_conf'])){
+ $input_errors[] ="c-icap Squidclamav service definition is no present.";
+ $input_errors[] ="Add 'Service squid_clamav squidclamav.so'(without quotes) to 'c-icap.conf' field in order to get it working.";
+ }
+ if (preg_match("/(Manager:Apassword\S+)/",$post['c-icap_conf'],$c_match)){
+ $input_errors[] ="Remove ldap configuration'{$c_match[1]}' from 'c-icap.conf' field.";
+ }
+ }
+ }
+}
function squid_validate_general($post, &$input_errors) {
global $config;
@@ -615,7 +626,7 @@ function squid_validate_traffic($post, &$input_errors) {
}
function squid_validate_reverse($post, &$input_errors) {
-
+ global $config;
if(!empty($post['reverse_ip'])) {
$reverse_ip = explode(";", ($post['reverse_ip']));
foreach ($reverse_ip as $reip) {
@@ -628,13 +639,20 @@ function squid_validate_reverse($post, &$input_errors) {
$input_errors[] = 'The field \'external FQDN\' must contain a valid domain name';
$port = trim($post['reverse_http_port']);
+ preg_match("/(\d+)/",`sysctl net.inet.ip.portrange.first`,$portrange);
if (!empty($port) && !is_port($port))
$input_errors[] = 'The field \'reverse HTTP port\' must contain a valid port number';
-
+ if (!empty($port) && is_port($port) && $port < $portrange[1]){
+ $input_errors[] = "The field 'reverse HTTP port' must contain a port number higher than net.inet.ip.portrange.first sysctl value({$portrange[1]}).";
+ $input_errors[] = "To listen on low ports, change portrange.first sysctl value to 0 on system tunable options and restart squid daemon.";
+ }
$port = trim($post['reverse_https_port']);
if (!empty($port) && !is_port($port))
$input_errors[] = 'The field \'reverse HTTPS port\' must contain a valid port number';
-
+ if (!empty($port) && is_port($port) && $port < $portrange[1]){
+ $input_errors[] = "The field 'reverse HTTPS port' must contain a port number higher than net.inet.ip.portrange.first sysctl value({$portrange[1]}).";
+ $input_errors[] = "To listen on low ports, change portrange.first sysctl value to 0 on system tunable options and restart squid daemon.";
+ }
if ($post['reverse_ssl_cert'] == 'none')
$input_errors[] = 'A valid certificate for the external interface must be selected';
@@ -736,7 +754,7 @@ function squid_install_cron($should_install) {
$rotate_job_id=-1;
$swapstate_job_id=-1;
$cron_cmd=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : "");
- $cron_cmd .= SQUID_LOCALBASE."/sbin/squid -k rotate -f " . SQUID_CONFFILE;
+ $cron_cmd .= SQUID_BASE."/sbin/squid -k rotate -f " . SQUID_CONFFILE;
$need_write = false;
foreach($config['cron']['item'] as $item) {
if(strstr($item['task_name'], "squid_rotate_logs")) {
@@ -942,7 +960,12 @@ function squid_resync_general() {
}
$icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0);
$dns_v4_first= ($settings['dns_v4_first'] == "on" ? "on" : "off" );
- $pidfile = "{$g['varrun_path']}/squid.pid";
+ $piddir="{$g['varrun_path']}/squid";
+ $pidfile = "{$piddir}/squid.pid";
+ if (!is_dir($piddir)){
+ make_dirs($piddir);
+ squid_chown_recursive($piddir, 'proxy', 'wheel');
+ }
$language = ($settings['error_language'] ? $settings['error_language'] : 'en');
$icondir = SQUID_CONFBASE . '/icons';
$hostname = ($settings['visible_hostname'] ? $settings['visible_hostname'] : 'localhost');
@@ -1002,7 +1025,8 @@ EOD;
$conf .= "acl localnet src $src\n";
$valid_acls[] = 'localnet';
}
- if ($settings['disable_xforward']) $conf .= "forwarded_for off\n";
+ if ($settings['xforward_mode']) $conf .= "forwarded_for {$settings['xforward_mode']}\n";
+ else $conf .= "forwarded_for on\n"; //only used for first run
if ($settings['disable_via']) $conf .= "via off\n";
if ($settings['disable_squidversion']) $conf .= "httpd_suppress_version_string on\n";
if (!empty($settings['uri_whitespace'])) $conf .= "uri_whitespace {$settings['uri_whitespace']}\n";
@@ -1327,35 +1351,6 @@ function squid_resync_antivirus(){
}
if (is_array($config['installedpackages']['squid']))
$squid_config=$config['installedpackages']['squid']['config'][0];
- $clwarn="clwarn.cgi.en_EN";
- if (preg_match("/de/i",$squid_config['error_language']))
- $clwarn="clwarn.cgi.de_DE";
- if (preg_match("/ru/i",$squid_config['error_language']))
- $clwarn="clwarn.cgi.ru_RU";
- if (preg_match("/fr/i",$squid_config['error_language']))
- $clwarn="clwarn.cgi.fr_FR";
- if (preg_match("/pt_br/i",$squid_config['error_language']))
- $clwarn="clwarn.cgi.pt_BR";
- $clwarn_file="/usr/local/www/clwarn.cgi";
- copy(SQUID_LOCALBASE."/libexec/squidclamav/{$clwarn}",$clwarn_file);
-
- #fix perl path on clwarn.cgi
- $clwarn_file_new=file_get_contents($clwarn_file);
- $c_pattern[]="@/usr/\S+/perl@";
- $c_replacement[]=SQUID_LOCALBASE."/bin/perl";
- /*$c_pattern[]="@redirect \S+/clwarn.cgi@";
- $gui_proto=$config['system']['webgui']['protocol'];
- $gui_port=$config['system']['webgui']['port'];
- if($gui_port == "") {
- $gui_port($gui_proto == "http"?"80":"443");
- }
- $c_replacement[]=SQUID_LOCALBASE."redirect {$gui_proto}://127.0.0.1:{$gui_port}/clwarn.cgi";
- */
- $clwarn_file_new=preg_replace($c_pattern, $c_replacement,$clwarn_file_new);
- file_put_contents($clwarn_file, $clwarn_file_new,LOCK_EX);
-
- #fix clwarn.cgi file permission
- chmod($clwarn_file,0755);
$conf = <<< EOF
icap_enable on
@@ -1366,11 +1361,10 @@ icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
-icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
-icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
-
-adaptation_access service_req allow all
-adaptation_access service_resp allow all
+icap_service service_avi_req reqmod_precache icap://[::1]:1344/squid_clamav bypass=off
+adaptation_access service_avi_req allow all
+icap_service service_avi_resp respmod_precache icap://[::1]:1344/squid_clamav bypass=on
+adaptation_access service_avi_resp allow all
EOF;
#check if icap is enabled on rc.conf.local
@@ -1397,29 +1391,41 @@ EOF;
if (file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default")){
$sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default");
$clamav_m[0]="@/var/run/clamav/clamd.ctl@";
+ $clamav_m[1]="@cgi-bin/clwarn.cgi@";
$clamav_r[0]="/var/run/clamav/clamd.sock";
+ $clamav_r[1]="squid_clwarn.php";
file_put_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample",preg_replace($clamav_m,$clamav_r,$sample_file),LOCK_EX);
}
#c-icap.conf
if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample"))
if (file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.default")){
$sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.default");
- if (! preg_match ("/squidclamav/"))
- $sample_file.="\nService squidclamav squidclamav.so\n";
-
- file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample",$sample_file,LOCK_EX);
+ if (! preg_match("/squid_clamav/",$sample_file))
+ $sample_file.="\nService squid_clamav squidclamav.so\n";
+ $cicap_m[0]="@Manager:Apassword\S+@";
+ $cicap_r[0]="";
+ file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample",preg_replace($cicap_m,$cicap_r,$sample_file),LOCK_EX);
}
+ //check squidclamav files until pbis are gone(https://redmine.pfsense.org/issues/4197)
+ $ln_icap= array('bin/c-icap','bin/c-icap-client','c-icap-config','c-icap-libicapapi-config','c-icap-stretch','lib/c_icap','share/c_icap','etc/c-icap');
+ foreach ($ln_icap as $ln){
+ if (!file_exists("/usr/local/{$ln}") && file_exists(SQUID_LOCALBASE."/{$ln}"))
+ symlink(SQUID_LOCALBASE."/{$ln}","/usr/local/{$ln}");
+ }
+ if (!file_exists("/usr/local/lib/libicapapi.so.3") && file_exists(SQUID_LOCALBASE."/lib/libicapapi.so.3.0.5"))
+ symlink(SQUID_LOCALBASE."/lib/libicapapi.so.3.0.5","/usr/local/lib/libicapapi.so.3");
+
$loadsample=0;
if ($antivirus_config['squidclamav'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")){
- $config['installedpackages']['squidantivirus']['config'][0]['squidclamav']=base64_encode(file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample"));
+ $config['installedpackages']['squidantivirus']['config'][0]['squidclamav']=base64_encode(str_replace( "\r", "",file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")));
$loadsample++;
}
if ($antivirus_config['c-icap_conf'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")){
- $config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']=base64_encode(file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample"));
+ $config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']=base64_encode(str_replace( "\r", "",file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")));
$loadsample++;
}
- if ($antivirus_config['squidclamav'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.default")){
- $config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']=base64_encode(file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.default"));
+ if ($antivirus_config['c-icap_magic'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.sample")){
+ $config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']=base64_encode(str_replace( "\r", "",file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.sample")));
$loadsample++;
}
if($loadsample > 0){
@@ -1440,15 +1446,12 @@ EOF;
#Check clamav database
if (count(glob("/var/db/clamav/*d"))==0){
log_error("Squid - Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam on background.");
- mwexec_bg(SQUID_LOCALBASE."/bin/freshclam");
- }
- #check startup scripts on pfsense > 2.1
- if (preg_match("/usr.pbi/",SQUID_LOCALBASE)){
- $rcd_files = scandir(SQUID_LOCALBASE."/etc/rc.d");
- foreach($rcd_files as $rcd_file)
- if (!file_exists("/usr/local/etc/rc.d/{$rcd_file}"))
- symlink (SQUID_LOCALBASE."/etc/rc.d/{$rcd_file}","/usr/local/etc/rc.d/{$rcd_file}");
+ mwexec_bg(SQUID_BASE."/bin/freshclam");
}
+ $rcd_files = scandir(SQUID_LOCALBASE."/etc/rc.d");
+ foreach($rcd_files as $rcd_file)
+ if (!file_exists("/usr/local/etc/rc.d/{$rcd_file}"))
+ symlink (SQUID_LOCALBASE."/etc/rc.d/{$rcd_file}","/usr/local/etc/rc.d/{$rcd_file}");
#write advanced icap config files
file_put_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf",base64_decode($antivirus_config['squidclamav']),LOCK_EX);
@@ -1467,11 +1470,29 @@ EOF;
$sample_file=file_get_contents($c_icap_rcfile);
$cicapm[0]="@c_icap_user=.*}@";
$cicapr[0]='c_icap_user="clamav"}';
+ $cicapm[1]="@/usr/local@";
+ $cicapr[1]=SQUID_LOCALBASE;
file_put_contents($c_icap_rcfile,preg_replace($cicapm,$cicapr,$sample_file),LOCK_EX);
}
mwexec_bg("/usr/local/etc/rc.d/c-icap start");
}
- #check clamav
+ #check clamav/freshclam
+ $rc_files=array("clamav-freshclam","clamav-clamd");
+ $clamm[0]="@/usr/local/(bin|sbin)@";
+ $clamm[1]="@/local/(bin|sbin)@";
+ $clamm[2]="@/usr/local/etc@";
+ $clamm[3]="@enable:=NO@";
+ $clamr[0]=SQUID_BASE."/bin";
+ $clamr[1]="/bin";
+ $clamr[2]=SQUID_LOCALBASE."/etc";
+ $clamr[3]="enable:=YES";
+ foreach ($rc_files as $rc_file){
+ $clamav_rcfile="/usr/local/etc/rc.d/{$rc_file}";
+ if (file_exists($clamav_rcfile)){
+ $sample_file=file_get_contents($clamav_rcfile);
+ file_put_contents($clamav_rcfile,preg_replace($clamm,$clamr,$sample_file),LOCK_EX);
+ }
+ }
if (is_process_running("clamd"))
mwexec_bg("/usr/local/etc/rc.d/clamav-clamd reload");
else
@@ -1703,6 +1724,11 @@ function squid_resync_auth() {
$conf .="http_access deny sglog\n";
}
if ($auth_method == 'none' ) {
+ // SSL interception acl options part 2 without authentication
+ if ($settingsconfig['ssl_proxy'] == "on"){
+ $conf .= "always_direct allow all\n";
+ $conf .= "ssl_bump server-first all\n";
+ }
$conf .="# Setup allowed acls\n";
$allowed = array('allowed_subnets');
if ($settingsconfig['allow_interface'] == 'on') {
@@ -1738,7 +1764,7 @@ function squid_resync_auth() {
$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n";
break;
case 'cp':
- $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n";
+ $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_BASE . "/bin/check_ip.php\n";
$conf .= "acl password external check_cp\n";
break;
case 'msnt':
@@ -1898,12 +1924,12 @@ function squid_resync($via_rpc="no") {
if (!is_service_running('squid')) {
log_error("Starting Squid");
- mwexec(SQUID_LOCALBASE . "/sbin/squid -f " . SQUID_CONFFILE);
+ mwexec(SQUID_BASE . "/sbin/squid -f " . SQUID_CONFFILE);
}
else {
if (!isset($boot_process)){
log_error("Reloading Squid for configuration sync");
- mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure -f " . SQUID_CONFFILE);
+ mwexec(SQUID_BASE . "/sbin/squid -k reconfigure -f " . SQUID_CONFFILE);
}
}
@@ -2268,18 +2294,19 @@ function squid_write_rcfile() {
/* Declare a variable for the SQUID_CONFFILE constant. */
/* Then the variable can be referenced easily in the Heredoc text that generates the rc file. */
$squid_conffile_var = SQUID_CONFFILE;
- $squid_local_base = SQUID_LOCALBASE;
+ $squid_base = SQUID_BASE;
$rc = array();
$rc['file'] = 'squid.sh';
$rc['start'] = <<<EOD
+#sysctl net.inet.ip.portrange.reservedhigh=0
if [ -z "`ps auxw | grep "[s]quid "|awk '{print $2}'`" ];then
- {$squid_local_base}/sbin/squid -f {$squid_conffile_var}
+ {$squid_base}/sbin/squid -f {$squid_conffile_var}
fi
EOD;
$rc['stop'] = <<<EOD
-{$squid_local_base}/sbin/squid -k shutdown -f {$squid_conffile_var}
+{$squid_base}/sbin/squid -k shutdown -f {$squid_conffile_var}
# Just to be sure...
sleep 5
@@ -2294,9 +2321,9 @@ killall pinger 2>/dev/null
EOD;
$rc['restart'] = <<<EOD
if [ -z "`ps auxw | grep "[s]quid "|awk '{print $2}'`" ];then
- {$squid_local_base}/sbin/squid -f {$squid_conffile_var}
+ {$squid_base}/sbin/squid -f {$squid_conffile_var}
else
- {$squid_local_base}/sbin/squid -k reconfigure -f {$squid_conffile_var}
+ {$squid_base}/sbin/squid -k reconfigure -f {$squid_conffile_var}
fi
EOD;
diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml
index 970f093e..57dfc938 100644
--- a/config/squid3/34/squid.xml
+++ b/config/squid3/34/squid.xml
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>squid</name>
- <version>3.4.9</version>
+ <version>3.4.10_2 pkg 0.2.6</version>
<title>Proxy server: General settings</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<menu>
@@ -239,6 +239,11 @@
<item>https://packages.pfsense.org/packages/config/squid3/34/squid_log_parser.php</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_clwarn.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
<item>https://packages.pfsense.org/packages/config/squid3/34/pkg_squid.inc</item>
@@ -480,10 +485,18 @@
<default_value>en</default_value>
</field>
<field>
- <fielddescr>Disable X-Forward</fielddescr>
- <fieldname>disable_xforward</fieldname>
- <description>If not set, Squid will include your system's IP address or name in the HTTP requests it forwards.</description>
- <type>checkbox</type>
+ <fielddescr>X-Forward Mode</fielddescr>
+ <fieldname>xforward_mode</fieldname>
+ <description>&lt;p&gt;&lt;b&gt; on:&lt;/b&gt; Squid will append your client's IP address in the HTTP requests it forwards. (Default)&lt;p&gt; By default it looks like: X-Forwarded-For: 192.1.2.3 &lt;p&gt; &lt;b&gt; off:&lt;/b&gt; It will appear as: X-Forwarded-For: unknown&lt;p&gt; &lt;b&gt; transparent:&lt;/b&gt; Squid will not alter the X-Forwarded-For header in any way.&lt;p&gt; &lt;b&gt; delete:&lt;/b&gt; Squid will delete the entire X-Forwarded-For header.&lt;p&gt; &lt;b&gt; truncate:&lt;/b&gt; Squid will remove all existing X-Forwarded-For entries, and place the client IP as the sole entry.</description>
+ <type>select</type>
+ <default_value>on</default_value>
+ <options>
+ <option><name>(on)</name><value>on</value></option>
+ <option><name>off</name><value>off</value></option>
+ <option><name>transparent</name><value>transparent</value></option>
+ <option><name>delete</name><value>delete</value></option>
+ <option><name>truncate</name><value>truncate</value></option>
+ </options>
</field>
<field>
<fielddescr>Disable VIA</fielddescr>
diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml
index 2afb1ff1..c722598d 100755
--- a/config/squid3/34/squid_antivirus.xml
+++ b/config/squid3/34/squid_antivirus.xml
@@ -151,6 +151,7 @@
</field>
</fields>
<custom_php_validation_command>
+ squid_validate_antivirus($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
diff --git a/config/squid3/34/squid_clwarn.php b/config/squid3/34/squid_clwarn.php
new file mode 100644
index 00000000..0bd97d58
--- /dev/null
+++ b/config/squid3/34/squid_clwarn.php
@@ -0,0 +1,95 @@
+<?php
+/* ========================================================================== */
+/*
+ squid_clwarn.php
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2015 Marcello Coutinho
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+$VERSION = '6.10';
+ $url = $_REQUEST['url'];
+$virus=($_REQUEST['virus']?$_REQUEST['virus']:$_REQUEST['malware']);
+$source = preg_replace("@/-@","",$_REQUEST['source']);
+$user = $_REQUEST['user'];
+
+
+$TITLE_VIRUS = "SquidClamAv $VERSION: Virus detected!";
+$subtitle = 'Virus name';
+$errorreturn = 'This file cannot be downloaded.';
+$urlerror = 'contains a virus';
+if (preg_match("/Safebrowsing/",$virus)) {
+ $TITLE_VIRUS = "SquidClamAv $VERSION: Unsafe Browsing detected";
+ $subtitle = 'Malware / pishing type';
+ $urlerror = 'is listed as suspicious';
+ $errorreturn = 'This page can not be displayed';
+}
+
+# Remove clamd infos
+$vp[0]="/stream: /";
+$vp[1]="/ FOUND/";
+$vr[0]="";
+$vr[1]="";
+
+$virus = preg_replace($vp,$vr,$virus);
+
+
+?>
+<style type="text/css">
+ .visu {
+ border:1px solid #C0C0C0;
+ color:#FFFFFF;
+ position: relative;
+ min-width: 13em;
+ max-width: 52em;
+ margin: 4em auto;
+ border: 1px solid ThreeDShadow;
+ border-radius: 10px;
+ padding: 3em;
+ -moz-padding-start: 30px;
+ background-color: #8b0000;
+}
+.visu h2, .visu h3, .visu h4 {
+ font-size:130%;
+ font-family:"times new roman", times, serif;
+ font-style:normal;
+ font-weight:bolder;
+}
+</style>
+ <div class="visu">
+ <h2><?=$TITLE_VIRUS?></h2>
+ <hr>
+ <p>
+ The requested URL <?=$url?> <?=$urlerror?><br>
+ <?=$subtitle?>: <?=$virus?>
+ <p>
+ <?=$errorreturn?>
+ <p>
+ Origin: <?=$source?> / <?=$user?>
+ <p>
+ <hr>
+ <font color="blue"> Powered by <a href="http://squidclamav.darold.net/">SquidClamAv <?=$VERSION?></a>.</font>
+ </div>
diff --git a/config/squid3/34/swapstate_check.php b/config/squid3/34/swapstate_check.php
index b9f51ec1..7a7ccd27 100644
--- a/config/squid3/34/swapstate_check.php
+++ b/config/squid3/34/swapstate_check.php
@@ -30,17 +30,6 @@ require_once('config.inc');
require_once('util.inc');
require_once('squid.inc');
-$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
-if (is_dir('/usr/pbi/squid-' . php_uname("m"))) {
- if ($pfs_version == 2.2)
- define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m")."/local");
- else
- define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m"));
-} else {
- define('SQUID_LOCALBASE','/usr/local');
-}
-
-
$settings = $config['installedpackages']['squidcache']['config'][0];
// Only check the cache if Squid is actually caching.
// If there is no cache then quietly do nothing.