aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/squid-reverse/squid.xml67
1 files changed, 61 insertions, 6 deletions
diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml
index 72c10ab6..6bc40c6f 100644
--- a/config/squid-reverse/squid.xml
+++ b/config/squid-reverse/squid.xml
@@ -10,7 +10,7 @@
authng.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2007 to whom it may belong
- Copyright (C) 2012 Marcello Coutinho
+ Copyright (C) 2012-2013 Marcello Coutinho
All rights reserved.
Based on m0n0wall (http://m0n0.ch/wall)
@@ -22,7 +22,7 @@
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
+ 1. Redistributions of source code MUST retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
@@ -47,7 +47,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>squid</name>
- <version>3.1.STABLE19</version>
+ <version>3.2.7</version>
<title>Proxy server: General settings</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<menu>
@@ -199,6 +199,11 @@
<item>http://www.pfsense.org/packages/config/squid-reverse/swapstate_check.php</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.org/packages/config/squid-reverse/squid_reverse_redir.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
<item>http://www.pfsense.org/packages/config/squid-reverse/squid_monitor.php</item>
@@ -254,11 +259,11 @@
<default_value>on</default_value>
</field>
<field>
- <fielddescr>Transparent proxy</fielddescr>
+ <fielddescr>Transparent HTTP proxy</fielddescr>
<fieldname>transparent_proxy</fieldname>
<description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br>
- <strong>NOTE:</strong> Transparent mode does not filter ssl(port 443) or any other http/https port.<br>
- To filter both http and https protocol without touching user config, enable WPAD/PAC options on your dns/dhcp.]]></description>
+ <strong>NOTE:</strong> Transparent mode will filter ssl(port 443) if enable men-in-the-middle options below.<br>
+ To filter both http and https protocol without intercepting ssl connections, enable WPAD/PAC options on your dns/dhcp.]]></description>
<type>checkbox</type>
<enablefields>private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields>
<required/>
@@ -303,6 +308,56 @@
<type>input</type>
<size>70</size>
</field>
+ <field>
+ <name>SSL man in the middle Filtering</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>HTTPS/SSL interception</fielddescr>
+ <fieldname>ssl_proxy</fieldname>
+ <description><![CDATA[Enable SSL filtering.]]></description>
+ <type>checkbox</type>
+ <enablefields>dca,dcert,sslcrtd_children,check_certificate</enablefields>
+ </field>
+ <field>
+ <fielddescr>SSL Proxy port</fielddescr>
+ <fieldname>ssl_proxy_port</fieldname>
+ <description>This is the port the proxy server will listen on to intercept ssl while using transparent proxy.</description>
+ <type>input</type>
+ <size>5</size>
+ <default_value>3129</default_value>
+ </field>
+ <field>
+ <fielddescr>Cert</fielddescr>
+ <fieldname>dcert</fieldname>
+ <description><![CDATA[Select Certificate to use in SSL interception<br>
+ To create a Certificate on pfsense, go to <strong>system -> Cert Manager<strong>]]></description>
+ <type>select_source</type>
+ <source><![CDATA[$config['cert']]]></source>
+ <source_name>descr</source_name>
+ <source_value>refid</source_value>
+ </field>
+ <field>
+ <fielddescr>sslcrtd children</fielddescr>
+ <fieldname>sslcrtd_children</fieldname>
+ <description><![CDATA[This is the number of ssl crt deamon children to start. Default value is 5.<br>
+ if Squid is used in busy environments this may need to be increased, as well as the number of 'sslcrtd_children']]></description>
+ <type>input</type>
+ <size>2</size>
+ <default_value>5</default_value>
+ </field>
+ <field>
+ <fielddescr>Remote Cert checks</fielddescr>
+ <fieldname>interception_checks</fieldname>
+ <description><![CDATA[Select remote ssl cert checks to do.<br>Defaul is to do not select any of these options.]]></description>
+ <type>select</type>
+ <options>
+ <option><name>Accept remote server certificate Erros</name><value>sslproxy_cert_error</value></option>
+ <option><name>Do not verify remote certificate</name><value>sslproxy_flags</value></option>
+ </options>
+ <multiple/>
+ <size>3</size>
+ </field>
<field>
<name>Logging Settings</name>
<type>listtopic</type>