diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/squid-reverse/squid.xml | 67 |
1 files changed, 61 insertions, 6 deletions
diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml index 72c10ab6..6bc40c6f 100644 --- a/config/squid-reverse/squid.xml +++ b/config/squid-reverse/squid.xml @@ -10,7 +10,7 @@ authng.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2007 to whom it may belong - Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012-2013 Marcello Coutinho All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -22,7 +22,7 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -47,7 +47,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>squid</name> - <version>3.1.STABLE19</version> + <version>3.2.7</version> <title>Proxy server: General settings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <menu> @@ -199,6 +199,11 @@ <item>http://www.pfsense.org/packages/config/squid-reverse/swapstate_check.php</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squid-reverse/squid_reverse_redir.xml</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/squid-reverse/squid_monitor.php</item> @@ -254,11 +259,11 @@ <default_value>on</default_value> </field> <field> - <fielddescr>Transparent proxy</fielddescr> + <fielddescr>Transparent HTTP proxy</fielddescr> <fieldname>transparent_proxy</fieldname> <description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br> - <strong>NOTE:</strong> Transparent mode does not filter ssl(port 443) or any other http/https port.<br> - To filter both http and https protocol without touching user config, enable WPAD/PAC options on your dns/dhcp.]]></description> + <strong>NOTE:</strong> Transparent mode will filter ssl(port 443) if enable men-in-the-middle options below.<br> + To filter both http and https protocol without intercepting ssl connections, enable WPAD/PAC options on your dns/dhcp.]]></description> <type>checkbox</type> <enablefields>private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields> <required/> @@ -303,6 +308,56 @@ <type>input</type> <size>70</size> </field> + <field> + <name>SSL man in the middle Filtering</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>HTTPS/SSL interception</fielddescr> + <fieldname>ssl_proxy</fieldname> + <description><![CDATA[Enable SSL filtering.]]></description> + <type>checkbox</type> + <enablefields>dca,dcert,sslcrtd_children,check_certificate</enablefields> + </field> + <field> + <fielddescr>SSL Proxy port</fielddescr> + <fieldname>ssl_proxy_port</fieldname> + <description>This is the port the proxy server will listen on to intercept ssl while using transparent proxy.</description> + <type>input</type> + <size>5</size> + <default_value>3129</default_value> + </field> + <field> + <fielddescr>Cert</fielddescr> + <fieldname>dcert</fieldname> + <description><![CDATA[Select Certificate to use in SSL interception<br> + To create a Certificate on pfsense, go to <strong>system -> Cert Manager<strong>]]></description> + <type>select_source</type> + <source><![CDATA[$config['cert']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + </field> + <field> + <fielddescr>sslcrtd children</fielddescr> + <fieldname>sslcrtd_children</fieldname> + <description><![CDATA[This is the number of ssl crt deamon children to start. Default value is 5.<br> + if Squid is used in busy environments this may need to be increased, as well as the number of 'sslcrtd_children']]></description> + <type>input</type> + <size>2</size> + <default_value>5</default_value> + </field> + <field> + <fielddescr>Remote Cert checks</fielddescr> + <fieldname>interception_checks</fieldname> + <description><![CDATA[Select remote ssl cert checks to do.<br>Defaul is to do not select any of these options.]]></description> + <type>select</type> + <options> + <option><name>Accept remote server certificate Erros</name><value>sslproxy_cert_error</value></option> + <option><name>Do not verify remote certificate</name><value>sslproxy_flags</value></option> + </options> + <multiple/> + <size>3</size> + </field> <field> <name>Logging Settings</name> <type>listtopic</type> |