aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/apache_mod_security-dev/apache.template4
-rwxr-xr-xconfig/apache_mod_security-dev/apache_balancer.xml87
-rw-r--r--config/apache_mod_security-dev/apache_edit_virtualhost_location.php205
-rw-r--r--config/apache_mod_security-dev/apache_logs_data.php2
-rw-r--r--config/apache_mod_security-dev/apache_mod_security.inc231
-rw-r--r--config/apache_mod_security-dev/apache_mod_security.template4
-rw-r--r--config/apache_mod_security-dev/apache_mod_security_groups.xml20
-rw-r--r--config/apache_mod_security-dev/apache_mod_security_manipulation.xml2
-rw-r--r--config/apache_mod_security-dev/apache_mod_security_settings.xml3
-rwxr-xr-xconfig/apache_mod_security-dev/apache_mod_security_sync.xml26
-rwxr-xr-xconfig/apache_mod_security-dev/apache_mod_security_view_logs.php2
-rw-r--r--config/apache_mod_security-dev/apache_settings.xml30
-rw-r--r--config/apache_mod_security-dev/apache_view_logs.php6
-rw-r--r--config/apache_mod_security-dev/apache_virtualhost.xml195
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc6
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.xml2
-rw-r--r--config/openvpn-client-export/source/openvpn-postinstall64.nsi215
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php19
-rwxr-xr-xconfig/varnish3/pkg_varnish.inc11
-rw-r--r--config/varnish3/varnish.inc101
-rw-r--r--config/varnish3/varnish_backends.xml26
-rw-r--r--config/varnish3/varnish_custom_vcl.xml49
-rw-r--r--config/varnish3/varnish_lb_directors.xml3
-rw-r--r--config/varnish3/varnish_sync.xml33
24 files changed, 1016 insertions, 266 deletions
diff --git a/config/apache_mod_security-dev/apache.template b/config/apache_mod_security-dev/apache.template
index 12a36b69..ab981a9e 100644
--- a/config/apache_mod_security-dev/apache.template
+++ b/config/apache_mod_security-dev/apache.template
@@ -6,7 +6,7 @@
}
if($mods_settings['enablemodsecurity']=="on")
$mod_security_module= "LoadModule security2_module libexec/apache22/mod_security2.so\n";
-
+
$apache_dir=APACHEDIR;
$apache_config = <<<EOF
##################################################################################
@@ -513,4 +513,4 @@ Include etc/apache22/Includes/*.conf
EOF;
-?> \ No newline at end of file
+?>
diff --git a/config/apache_mod_security-dev/apache_balancer.xml b/config/apache_mod_security-dev/apache_balancer.xml
index 16779158..7cb9774b 100755
--- a/config/apache_mod_security-dev/apache_balancer.xml
+++ b/config/apache_mod_security-dev/apache_balancer.xml
@@ -75,7 +75,7 @@
<active/>
</tab>
<tab>
- <text>Virutal Hosts</text>
+ <text>Virtual Hosts</text>
<url>/pkg.php?xml=apache_virtualhost.xml</url>
<tab_level>2</tab_level>
</tab>
@@ -102,7 +102,7 @@
<columnitem>
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
- </columnitem>
+ </columnitem>
<movable>on</movable>
</adddeleteeditpagefields>
<fields>
@@ -136,65 +136,64 @@
<fieldname>proto</fieldname>
<description><![CDATA[Protocol listening on this internal server(s) port.]]></description>
<type>select</type>
- <options>
- <option> <name>HTTP</name> <value>http</value> </option>
- <option> <name>HTTPS</name> <value>https</value> </option>
- </options>
- </field> <field>
+ <options>
+ <option> <name>HTTP</name> <value>http</value> </option>
+ <option> <name>HTTPS</name> <value>https</value> </option>
+ </options>
+ </field>
+ <field>
<name><![CDATA[Internal Server(s)]]></name>
<type>listtopic</type>
</field>
-<field>
- <fielddescr>
- <![CDATA[Internal Servers]]>
- </fielddescr>
+ <field>
+ <fielddescr><![CDATA[Internal Servers]]></fielddescr>
<fieldname>additionalparameters</fieldname>
- <type>rowhelper</type>
+ <type>rowhelper</type>
<dontdisplayname/>
<usecolspan2/>
<movable>on</movable>
- <rowhelper>
+ <rowhelper>
<rowhelperfield>
- <fielddescr>fqdn or ip</fielddescr>
- <fieldname>host</fieldname>
- <description>Internal site IP or Hostnamesite</description>
- <type>input</type>
- <size>27</size>
+ <fielddescr>FQDN or IP Address</fielddescr>
+ <fieldname>host</fieldname>
+ <description>Internal site IP or Hostnamesite</description>
+ <type>input</type>
+ <size>27</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>port</fielddescr>
- <fieldname>port</fieldname>
- <description>Internal site port</description>
- <type>input</type>
- <size>5</size>
+ <fielddescr>port</fielddescr>
+ <fieldname>port</fieldname>
+ <description>Internal site port</description>
+ <type>input</type>
+ <size>5</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>routeid</fielddescr>
- <fieldname>routeid</fieldname>
- <description>id to define stick connections</description>
- <type>input</type>
- <size>6</size>
+ <fielddescr>routeid</fielddescr>
+ <fieldname>routeid</fieldname>
+ <description>ID to define sticky connections</description>
+ <type>input</type>
+ <size>6</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>weight</fielddescr>
- <fieldname>loadfactor</fieldname>
- <description>Server weight</description>
- <type>input</type>
- <size>6</size>
+ <fielddescr>weight</fielddescr>
+ <fieldname>loadfactor</fieldname>
+ <description>Server weight</description>
+ <type>input</type>
+ <size>4</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>ping</fielddescr>
- <fieldname>ping</fieldname>
- <description>Server ping test interval</description>
- <type>input</type>
- <size>6</size>
+ <fielddescr>ping</fielddescr>
+ <fieldname>ping</fieldname>
+ <description>Server ping test interval</description>
+ <type>input</type>
+ <size>6</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>ttl</fielddescr>
- <fieldname>ttl</fieldname>
- <description>Server pint ttl</description>
- <type>input</type>
- <size>6</size>
+ <fielddescr>ttl</fielddescr>
+ <fieldname>ttl</fieldname>
+ <description>Server ping TTL</description>
+ <type>input</type>
+ <size>6</size>
</rowhelperfield>
</rowhelper>
</field>
@@ -203,4 +202,4 @@
<custom_php_resync_config_command>
apache_mod_security_resync();
</custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/apache_mod_security-dev/apache_edit_virtualhost_location.php b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php
new file mode 100644
index 00000000..5448f850
--- /dev/null
+++ b/config/apache_mod_security-dev/apache_edit_virtualhost_location.php
@@ -0,0 +1,205 @@
+<?php
+/* ========================================================================== */
+/*
+ apache_view_logs.php
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2009, 2010 Scott Ullrich <sullrich@gmail.com>
+ Copyright (C) 2012 Marcello Coutinho
+ Copyright (C) 2012 Carlos Cesario
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code MUST retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form MUST reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+
+require_once("/etc/inc/util.inc");
+require_once("/etc/inc/functions.inc");
+require_once("/etc/inc/pkg-utils.inc");
+require_once("/etc/inc/globals.inc");
+require_once("guiconfig.inc");
+require_once("apache_mod_security.inc");
+
+$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
+if(strstr($pfSversion, "1.2"))
+ $one_two = true;
+
+$pgtitle = "Apache reverse proxy: Apache VirtualHost Location";
+
+$virtualhost_id = $_GET['virtualhost_id'];
+if (isset($_POST['virtualhost_id']))
+ $virtualhost_id = $_POST['virtualhost_id'];
+
+$backend_id = $_GET['backend_id'];
+if (isset($_POST['backend_id']))
+ $backend_id = $_POST['backend_id'];
+
+if (is_array($config['installedpackages']['apachevirtualhost']['config']) && is_array($config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id]))
+ $virtualhost = &$config['installedpackages']['apachevirtualhost']['config'][$virtualhost_id];
+if (is_array($virtualhost['row']) && is_array($virtualhost['row'][$backend_id]))
+ $backend = &$virtualhost['row'][$backend_id];
+
+/*
+ * Not having a virtualhost->backend entry means we can't do this.
+ */
+if (! $backend) {
+ $input_errors[] = gettext("Requested VirtualHost (ID={$virtualhost_id}) or Backend (ID={$backend_id}) does not exist.");
+}
+
+
+if ($_POST) {
+ unset($input_errors);
+
+ /*
+ * Check for a valid expirationdate if one is set at all (valid means,
+ * DateTime puts out a time stamp so any DateTime compatible time
+ * format may be used. to keep it simple for the enduser, we only
+ * claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
+ * like "+1 day", which will be converted to MM/DD/YYYY based on "now".
+ * Otherwhise such an entry would lead to an invalid expiration data.
+ */
+ if ($_POST['expires']) {
+ try {
+ $expdate = new DateTime($_POST['expires']);
+ //convert from any DateTime compatible date to MM/DD/YYYY
+ $_POST['expires'] = $expdate->format("m/d/Y");
+ } catch ( Exception $ex ) {
+ $input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
+ }
+ }
+
+ /* if this is an AJAX caller then handle via JSON */
+ if (isAjax() && is_array($input_errors)) {
+ input_errors2Ajax($input_errors);
+ exit;
+ }
+
+ if (!$input_errors) {
+ if ($_POST['custom'])
+ $backend['custom'] = base64_encode($_POST['custom']);
+ else
+ unset($backend['custom']);
+
+ write_config("Saved Location Custom Settings for location {$backend['sitepath']} on virtual host '{$virtualhost['primarysitehostname']}'");
+ apache_mod_security_resync();
+ pfSenseHeader("apache_edit_virtualhost_location.php?virtualhost_id={$virtualhost_id}&backend_id={$backend_id}");
+ }
+}
+
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+
+<?php if($one_two): ?>
+
+ <p class="pgtitle"><?=$pgtitle?></font></p>
+
+<?php endif; ?>
+
+<?php
+ if ($input_errors)
+ print_input_errors($input_errors);
+ if ($savemsg)
+ print_info_box($savemsg);
+?>
+
+<div id="mainlevel">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Apache"), true, "/pkg_edit.php?xml=apache_settings.xml&amp;id=0");
+ $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml");
+ $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=apache_mod_security_sync.xml");
+ display_top_tabs($tab_array);
+ ?>
+ </td></tr>
+ <tr><td>
+ <?php
+ unset ($tab_array);
+ $tab_array[] = array(gettext("Daemon Options"), false, "pkg_edit.php?xml=apache_settings.xml");
+ $tab_array[] = array(gettext("Backends / Balancers"), false, "/pkg.php?xml=apache_balancer.xml");
+ $tab_array[] = array(gettext("Virtual Hosts"), true, "/pkg.php?xml=apache_virtualhost.xml");
+ $tab_array[] = array(gettext("Logs"), false, "/apache_view_logs.php");
+ display_top_tabs($tab_array);
+ ?>
+ </td></tr>
+ <tr><td>
+ <div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; ">
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"><tbody>
+ <form action="apache_edit_virtualhost_location.php" id="paramsForm" name="paramsForm" method="post">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Primary Site Hostname</td>
+ <td width="78%" class="vtable">
+ <span class="vexpl">
+ <?=base64_decode($virtualhost['primarysitehostname']);?>
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Current Site Path</td>
+ <td width="78%" class="vtable">
+ <span class="vexpl">
+ <?=$backend['sitepath'];?>
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Location Custom Settings");?></td>
+ <td width="78%" class="vtable">
+ <textarea name='custom' rows='10' cols='65' id='custom'><?=base64_decode($backend['custom']);?></textarea>
+ <br/>
+ <span class="vexpl">
+ <?=gettext("Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.");?>
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+<?php if (isset($virtualhost_id)): ?>
+ <input name="virtualhost_id" type="hidden" value="<?=$virtualhost_id;?>" />
+<?php endif;?>
+<?php if (isset($backend_id)): ?>
+ <input name="backend_id" type="hidden" value="<?=$backend_id;?>" />
+<?php endif;?>
+ <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
+ <input id="cancel" name="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" />
+ </td>
+ </tr>
+ </form>
+ </tbody></table>
+ </div>
+ </td></tr>
+ </table>
+</div>
+
+
+<?php
+include("fend.inc");
+?>
+
+</body>
+</html>
diff --git a/config/apache_mod_security-dev/apache_logs_data.php b/config/apache_mod_security-dev/apache_logs_data.php
index 256ff144..fdcc04b0 100644
--- a/config/apache_mod_security-dev/apache_logs_data.php
+++ b/config/apache_mod_security-dev/apache_logs_data.php
@@ -92,7 +92,7 @@ if ($_GET) {
// Apply filter and color
if ($filter != "")
$line = preg_replace("@($filter)@i","<spam><font color='red'>$1</font></span>",$line);
- $agent_info="onmouseover=\"jQuery('#bowserinfo').empty().html('{$line[13]}');\"\n";
+ $agent_info="onmouseover=\"jQuery('#browserinfo').empty().html('{$line[13]}');\"\n";
echo "<tr valign=\"top\" $agent_info>\n";
echo "<td class=\"listlr\" align=\"center\" nowrap>{$line[5]}({$line[6]})</td>\n";
echo "<td class=\"listr\" align=\"center\">{$line[1]}</td>\n";
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index f21dcbdc..1129af6d 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -4,6 +4,7 @@
part of apache_mod_security package (http://www.pfSense.com)
Copyright (C) 2009, 2010 Scott Ullrich
Copyright (C) 2012-2013 Marcello Coutinho
+ Copyright (C) 2013 Stephane Lapie <stephane.lapie@asahinet.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -27,6 +28,7 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
+
$shortcut_section = "apache";
// Check to find out on which system the package is running
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
@@ -123,6 +125,7 @@ function apache_mod_security_resync() {
global $config, $g;
apache_mod_security_install();
$dirs=array("base", "experimental","optional", "slr");
+ log_error("apache_mod_security_package: configuration resync is starting.");
if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")){
exec ("/usr/local/bin/git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git ".APACHEDIR."/".MODSECURITY_DIR);
//chdir (APACHEDIR."/".MODSECURITY_DIR);
@@ -136,14 +139,165 @@ function apache_mod_security_resync() {
while (false !== ($entry = readdir($handle))) {
if (preg_match("/(\S+).conf$/",$entry,$matches))
$config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]);
- }
- closedir($handle);
- }
}
+ closedir($handle);
+ }
+ }
if ($write_config > 0)
write_config();
apache_mod_security_checkconfig();
apache_mod_security_restart();
+ log_error("apache_mod_security_package: configuration resync is ending.");
+
+ if (is_array($config['installedpackages']['apachesync']['config'])){
+ $apache_sync = $config['installedpackages']['apachesync']['config'][0];
+ $synconchanges = $apache_sync['synconchanges'];
+ $synctimeout = $apache_sync['synctimeout'];
+ switch ($synconchanges){
+ case "manual":
+ if (is_array($apache_sync[row])){
+ $rs = $apache_sync[row];
+ } else {
+ log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no hosts to push on apache config.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ // pfSense 2.0.x
+ $system_carp = $config['installedpackages']['carpsettings']['config'][0];
+ $rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['username'] = $system_carp['username'];
+ $rs[0]['password'] = $system_carp['password'];
+ } else if (is_array($config['hasync'])) { // pfSense 2.1
+ $system_carp = $config['hasync'];
+ $rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['username'] = $system_carp['username'];
+ $rs[0]['password'] = $system_carp['password'];
+ } else {
+ log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no system backup hosts to push apache config.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
+ }
+ }
+ if (is_array($rs)){
+ foreach($rs as $sh){
+ $sync_to_ip = $sh['ipaddress'];
+ $password = $sh['password'];
+ if ($sh['username'])
+ $username = $sh['username'];
+ else
+ $username = 'admin';
+ if ($password && $sync_to_ip)
+ apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout);
+ }
+ }
+}
+
+// Do the actual XMLRPC Sync
+function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
+ global $config, $g;
+
+ if(!$username)
+ return;
+
+ if(!$password)
+ return;
+
+ if(!$sync_to_ip)
+ return;
+
+ if(!$synctimeout)
+ $synctimeout=250;
+
+ $xmlrpc_sync_neighbor = $sync_to_ip;
+ if($config['system']['webgui']['protocol'] != "") {
+ $synchronizetoip = $config['system']['webgui']['protocol'];
+ $synchronizetoip .= "://";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if($port == "") {
+ if($config['system']['webgui']['protocol'] == "http")
+ $port = "80";
+ else
+ $port = "443";
+ }
+ $synchronizetoip .= $sync_to_ip;
+
+ /* xml will hold the sections to sync */
+ $xml = array();
+ $xml['apachesettings'] = $config['installedpackages']['apachesettings'];
+ $xml['apachemodsecurity'] = $config['installedpackages']['apachemodsecurity'];
+ $xml['apachemodsecuritysettings'] = $config['installedpackages']['apachemodsecuritysettings'];
+ $xml['apachebalancer'] = $config['installedpackages']['apachebalancer'];
+ $xml['apachevirtualhost'] = $config['installedpackages']['apachevirtualhost'];
+ $xml['apachelisten'] = $config['installedpackages']['apachelisten'];
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ /* set a few variables needed for sync code borrowed from filter.inc */
+ $url = $synchronizetoip;
+ log_error("apache_mod_security_package: Beginning apache_mod_security XMLRPC sync to {$url}:{$port}.");
+ $method = 'pfsense.merge_installedpackages_section_xmlrpc';
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials($username, $password);
+ if($g['debug'])
+ $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after defined sync timeout value*/
+ $resp = $cli->send($msg, $synctimeout);
+ if(!$resp) {
+ $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "apache_mod_security Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, $synctimeout);
+ $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "apache_mod_security Settings Sync", "");
+ } else {
+ log_error("apache_mod_security_package: XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+
+ /* tell apache_mod_security to reload our settings on the destination sync host. */
+ $method = 'pfsense.exec_php';
+ $execcmd = "require_once('/usr/local/pkg/apache_mod_security.inc');\n";
+ $execcmd .= "apache_mod_security_resync();";
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($execcmd)
+ );
+
+ log_error("apache_mod_security_package: XMLRPC reload data {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $synctimeout);
+ if(!$resp) {
+ $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error($error);
+ file_notice("sync_settings", $error, "apache_mod_security Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, $synctimeout);
+ $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "apache_mod_security Settings Sync", "");
+ } else {
+ log_error("apache_mod_security XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ }
+
+
}
function apache_mod_security_checkconfig() {
@@ -197,7 +351,9 @@ function generate_apache_configuration() {
file_notice("apache_mod_security", $error, "apache_mod_security", "");
}
// Set global listening directive and ensure nothing is listening on this port already
- $globalbind_ip = ($settings['globalbindtoipaddr'] ? $settings['globalbindtoipaddr'] : "*");
+ $iface_address = apache_get_real_interface_address($settings['globalbindtoipaddr']);
+ $ip=$iface_address[0];
+ $globalbind_ip = ($ip ? $ip : "*");
$globalbind_port = $settings['globalbindtoport'];
if ($globalbind_port == ""){
$globalbind_port ="80";
@@ -311,6 +467,7 @@ function generate_apache_configuration() {
//write balancer conf
file_put_contents(APACHEDIR."/etc/apache22/Includes/balancers.conf",$balancer_config,LOCK_EX);
}
+
// configure modsecurity group options
//chroot apache http://forums.freebsd.org/showthread.php?t=6858
if (is_array($config['installedpackages']['apachemodsecuritygroups'])){
@@ -327,31 +484,32 @@ function generate_apache_configuration() {
}
}
file_put_contents(RULES_DIRECTORY ."/modsecurity_{$mods_groups['name']}_crs_10_setup.conf",apache_textarea_decode($config['installedpackages']['apachemodsecuritygroups']['config'][$i]['crs10']),LOCK_EX);
-
+
foreach (split(",",$mods_groups['baserules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n";
- }
+ }
foreach (split(",",$mods_groups['optionalrules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/optional_rules/{$baserule}.conf\n";
- }
+ }
foreach (split(",",$mods_groups['slrrules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/slr_rules/{$baserule}.conf\n";
- }
+ }
foreach (split(",",$mods_groups['experimentalrules']) as $baserule){
$mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n";
- }
- $i++;
}
+ $i++;
+ }
if ($write_config > 0)
write_config("load crs 10 setup file to modsecurity group {$mods_groups['name']}");
}
//print "<PRE>";
//var_dump($mods_group);
-
+
//mod_security settings
if (is_array($config['installedpackages']['apachemodsecuritysettings'])){
$mods_settings=$config['installedpackages']['apachemodsecuritysettings']['config'][0];
}
+
//configure virtual hosts
$namevirtualhosts=array();
$namevirtualhosts[0]=$global_listen;
@@ -376,7 +534,7 @@ EOF;
$port=($virtualhost['port'] ? $virtualhost['port'] : $default_port[$virtualhost['proto']]);
if (!in_array("{$ip}:{$port}",$namevirtualhosts))
$namevirtualhosts[]="{$ip}:{$port}";
-
+
$vh_config.="# {$virtualhost['description']}\n";
$vh_config.="<VirtualHost {$ip}:{$port}>\n";
$vh_config.=" ServerName ". preg_replace ("/\r\n(\S+)/","\n ServerAlias $1",base64_decode($virtualhost['primarysitehostname'])) ."\n";
@@ -424,25 +582,28 @@ EOF;
#Check virtualhost locations
foreach ($virtualhost['row'] as $backend){
- $vh_config.=" <Location ".($backend['sitepath'] ? $backend['sitepath'] : "/").">\n";
- $vh_config.=" ProxyPass balancer://{$backend['balancer']}{$backend['backendpath']}\n";
- $vh_config.=" ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n";
- if ($backend['compress']== "no")
- $vh_config.=" SetInputFilter INFLATE\n SetOutputFilter INFLATE\n";
- if ($backend['modsecgroup']!="" && $backend['modsecgroup']!="none" && $mods_settings['enablemodsecurity']=="on"){
- $vh_config.=$mods_group[$backend['modsecgroup']];
- }
- if (is_array($config['installedpackages']['apachemodsecuritymanipulation']) && $mods_settings['enablemodsecurity']=="on"){
- foreach($config['installedpackages']['apachemodsecuritymanipulation']['config'] as $manipulation){
- if ($backend['modsecmanipulation'] == $manipulation['name']){
- if (is_array($manipulation['row']))
- foreach ($manipulation['row'] as $secrule)
- $vh_config.=" {$secrule['type']} {$secrule['value']}\n";
+ if ($backend['balancer'] != "none"){
+ $vh_config.=" <Location ".($backend['sitepath'] ? $backend['sitepath'] : "/").">\n";
+ $vh_config.=" ProxyPass balancer://{$backend['balancer']}{$backend['backendpath']}\n";
+ $vh_config.=" ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n";
+ if ($backend['compress']== "no")
+ $vh_config.=" SetInputFilter INFLATE\n SetOutputFilter INFLATE\n";
+ if ($backend['modsecgroup']!="" && $backend['modsecgroup']!="none" && $mods_settings['enablemodsecurity']=="on"){
+ $vh_config.=$mods_group[$backend['modsecgroup']];
+ }
+ if (is_array($config['installedpackages']['apachemodsecuritymanipulation']) && $mods_settings['enablemodsecurity']=="on"){
+ foreach($config['installedpackages']['apachemodsecuritymanipulation']['config'] as $manipulation){
+ if ($backend['modsecmanipulation'] == $manipulation['name']){
+ if (is_array($manipulation['row']))
+ foreach ($manipulation['row'] as $secrule)
+ $vh_config.=" {$secrule['type']} {$secrule['value']}\n";
+ }
}
}
- }
- $vh_config.=" </Location>\n\n";
+ $vh_config.= apache_textarea_decode($backend['custom'])."\n\n";
+ $vh_config.=" </Location>\n\n";
}
+ }
$vh_config.="</VirtualHost>\n";
}
}
@@ -469,7 +630,6 @@ EOF;
}
}
-
if ($mods_settings!="")
$SecGuardianLog="SecGuardianLog \"|".RULES_DIRECTORY."/util/httpd-guardian\"";
@@ -525,7 +685,7 @@ EOF;
// Read already configured addresses
if (is_array($settings['row'])){
foreach($settings['row'] as $row) {
- if ($row['ipaddress'] && $row['ipport'])
+ if ($row['interface'] && $row['ipport'])
$configuredaliases[] = $row;
}
}
@@ -544,22 +704,27 @@ EOF;
// Automatically add this to configuration
$aplisten=split(":",$namevirtualhost);
$config['installedpackages']['apachesettings']['config'][0]['row'][] = array('ipaddress' => $aplisten[0], 'ipport' => $aplisten[1]);
- }
}
+ }
// Process Status Page
$mod_status = "";
if ($settings['statuspage'] == "on") {
+ if($settings['extendedstatuspage']== "on"){
+ $extendedstatus="ExtendedStatus On";
+ }
+ $mod_status .= <<<EOF
$mod_status .= <<<EOF
+{$extendedstatus}
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
-
+
EOF;
$mod_status .= "Allow from ".($settings['netaccessstatus'] ? $settings['netaccessstatus'] : "All")."\n";
$mod_status .= "</Location>\n";
}
-
+
// update configuration with actual ip bindings
write_config($pkg['addedit_string']);
diff --git a/config/apache_mod_security-dev/apache_mod_security.template b/config/apache_mod_security-dev/apache_mod_security.template
index f6ad6e3e..d004a9ae 100644
--- a/config/apache_mod_security-dev/apache_mod_security.template
+++ b/config/apache_mod_security-dev/apache_mod_security.template
@@ -1,6 +1,6 @@
<?php
// Mod_security enabled?
-if($mods_settings['enablemodsecurity']=="on") {
+if($mods_settings['enablemodsecurity']=="on") {
$enable_mod_security = true;
$mod_security = <<< EOF
# -- Rule engine initialization ----------------------------------------------
@@ -209,4 +209,4 @@ SecArgumentSeparator &
SecCookieFormat 0
EOF;
-} \ No newline at end of file
+}
diff --git a/config/apache_mod_security-dev/apache_mod_security_groups.xml b/config/apache_mod_security-dev/apache_mod_security_groups.xml
index 315d2de0..c4651f45 100644
--- a/config/apache_mod_security-dev/apache_mod_security_groups.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_groups.xml
@@ -73,7 +73,7 @@
<tab_level>2</tab_level>
</tab>
</tabs>
- <adddeleteeditpagefields>
+ <adddeleteeditpagefields>
<movable>on</movable>
<columnitem>
<fielddescr>Name</fielddescr>
@@ -87,7 +87,7 @@
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
</columnitem>
-
+
</adddeleteeditpagefields>
<fields>
<field>
@@ -109,7 +109,7 @@
<type>input</type>
<size>45</size>
</field>
-
+
<field>
<fielddescr>Base Rules</fielddescr>
<fieldname>baserules</fieldname>
@@ -202,8 +202,8 @@
<description><![CDATA[<b>modsecurity_crs_10_setup.conf file.</b><br>Leave empty to load setup defaults.]]></description>
<type>textarea</type>
<encoding>base64</encoding>
- <rows>15</rows>
- <cols>90</cols>
+ <rows>15</rows>
+ <cols>90</cols>
</field>
<field>
<name>Custom mod_security ErrorDocument</name>
@@ -217,8 +217,8 @@
<description>Custom mod_security ErrorDocument.</description>
<type>textarea</type>
<encoding>base64</encoding>
- <rows>10</rows>
- <cols>90</cols>
+ <rows>10</rows>
+ <cols>90</cols>
</field>
<field>
<name>Custom mod_security rules</name>
@@ -232,12 +232,12 @@
<description>Paste any custom mod_security rules that you would like to use</description>
<type>textarea</type>
<encoding>base64</encoding>
- <rows>10</rows>
- <cols>90</cols>
+ <rows>10</rows>
+ <cols>90</cols>
</field>
</fields>
<custom_php_resync_config_command>
apache_mod_security_resync();
</custom_php_resync_config_command>
<include_file>/usr/local/pkg/apache_mod_security.inc</include_file>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml
index ab681c66..7477e540 100644
--- a/config/apache_mod_security-dev/apache_mod_security_manipulation.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_manipulation.xml
@@ -142,4 +142,4 @@
apache_mod_security_resync();
</custom_php_resync_config_command>
<include_file>/usr/local/pkg/apache_mod_security.inc</include_file>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/apache_mod_security-dev/apache_mod_security_settings.xml b/config/apache_mod_security-dev/apache_mod_security_settings.xml
index 985f6bcc..68581687 100644
--- a/config/apache_mod_security-dev/apache_mod_security_settings.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_settings.xml
@@ -101,7 +101,6 @@
<fielddescr>Max request per IP</fielddescr>
<fieldname>SecReadStateLimit</fieldname>
<description>
- //274
<![CDATA[This option limits number of POSTS accepted from same IP address and help prevent the effects of a Slowloris-type of attack.<br>
More info about this attack can be found here: http://en.wikipedia.org/wiki/Slowloris
]]>
@@ -164,4 +163,4 @@
apache_mod_security_resync();
</custom_php_resync_config_command>
<include_file>/usr/local/pkg/apache_mod_security.inc</include_file>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml
index 0d8d8c8f..3e1c0a9c 100755
--- a/config/apache_mod_security-dev/apache_mod_security_sync.xml
+++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml
@@ -68,8 +68,30 @@
<field>
<fielddescr>Automatically sync apache configuration changes</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>Automatically sync apache changes to the hosts defined below.</description>
- <type>checkbox</type>
+ <description>Select a sync method for Apache + ModSecurity.</description>
+ <type>select</type>
+ <required/>
+ <default_value>auto</default_value>
+ <options>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Sync timeout</fielddescr>
+ <fieldname>synctimeout</fieldname>
+ <description>Select sync max wait time</description>
+ <type>select</type>
+ <required/>
+ <default_value>250</default_value>
+ <options>
+ <option><name>250 seconds(Default)</name><value>250</value></option>
+ <option><name>120 seconds</name><value>120</value></option>
+ <option><name>90 seconds</name><value>90</value></option>
+ <option><name>60 seconds</name><value>60</value></option>
+ <option><name>30 seconds</name><value>30</value></option>
+ </options>
</field>
<field>
<fielddescr>Remote Server</fielddescr>
diff --git a/config/apache_mod_security-dev/apache_mod_security_view_logs.php b/config/apache_mod_security-dev/apache_mod_security_view_logs.php
index 1956a217..669c71f4 100755
--- a/config/apache_mod_security-dev/apache_mod_security_view_logs.php
+++ b/config/apache_mod_security-dev/apache_mod_security_view_logs.php
@@ -68,7 +68,7 @@ include("head.inc");
<?php
$tab_array = array();
$tab_array[] = array(gettext("Apache"), false, "/pkg_edit.php?xml=apache_settings.xml&amp;id=0");
- $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_setttings.xml");
+ $tab_array[] = array(gettext("ModSecurity"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=apache_mod_security_sync.xml");
$tab_array[] = array(gettext("Backends"), false, "/pkg.php?xml=apache_mod_security_backends.xml",2);
$tab_array[] = array(gettext("VirtualHosts"), false, "/pkg.php?xml=apache_mod_security.xml",2);
diff --git a/config/apache_mod_security-dev/apache_settings.xml b/config/apache_mod_security-dev/apache_settings.xml
index 2f089616..14415362 100644
--- a/config/apache_mod_security-dev/apache_settings.xml
+++ b/config/apache_mod_security-dev/apache_settings.xml
@@ -10,7 +10,7 @@
apache_mod_security_settings.xml
part of apache_mod_security package (http://www.pfSense.com)
Copyright (C) 2008, 2009, 2010 Scott Ullrich
- Copyright (C) 2012 Marcello Coutinho
+ Copyright (C) 2012-2013 Marcello Coutinho
All rights reserved.
*/
/* ========================================================================== */
@@ -68,7 +68,7 @@
<tab_level>2</tab_level>
</tab>
<tab>
- <text>Virutal Hosts</text>
+ <text>Virtual Hosts</text>
<url>/pkg.php?xml=apache_virtualhost.xml</url>
<tab_level>2</tab_level>
</tab>
@@ -102,17 +102,19 @@
<fielddescr>Default Bind to IP Address</fielddescr>
<fieldname>globalbindtoipaddr</fieldname>
<description>
- <![CDATA[This is the IP address the Proxy Server will listen on.<br/>
- NOTE: Leave blank to bind to *]]>
+ <![CDATA[This is the IP address the Proxy Server will listen on.]]>
</description>
- <type>input</type>
+ <type>interfaces_selection</type>
+ <showlistenall/>
+ <showvirtualips/>
+ <showips/>
</field>
<field>
<fielddescr>Default Bind to port</fielddescr>
<fieldname>globalbindtoport</fieldname>
<description>
<![CDATA[This is the port the Proxy Server will listen on.<br>
- NOTE: Leave blank to bind to 80]]>
+ NOTE: Leave blank to bind to 80]]>
</description>
<type>input</type>
<size>5</size>
@@ -281,19 +283,27 @@
<fielddescr>Status Page</fielddescr>
<fieldname>statuspage</fieldname>
<description>
- <![CDATA[Enable a status page for Apache and Mod_proxy. Access http://DefaultBindIP:DefaultBindPort/status-server]]>
+ <![CDATA[Enable a status page for Apache and Mod_proxy. Access http://DefaultBindIP:DefaultBindPort/status-server]]>
</description>
- <type>select</type>
+ <type>select</type>
<options>
<option><name>Disabled (Default)</name><value>off</value></option>
<option><name>Enabled</name><value>on</value></option>
</options>
</field>
<field>
- <fielddescr>Network Access Status Page</fielddescr>
+ <fielddescr>Extended Status</fielddescr>
+ <fieldname>extendedstatuspage</fieldname>
+ <description>
+ <![CDATA[Keep track of extended status information for each request]]>
+ </description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Status Page ACL</fielddescr>
<fieldname>netaccessstatus</fieldname>
<description>
- <![CDATA[Networks that can access apache status page. Ex: 172.16.1.0/24<br/>
+ <![CDATA[Networks that can access apache status page. Ex: 172.16.1.0/24<br>
NOTE: Leave blank to allow access from any ip.(Not recommended for security reasons)]]>
</description>
<type>input</type>
diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php
index 77c14176..494f37cd 100644
--- a/config/apache_mod_security-dev/apache_view_logs.php
+++ b/config/apache_mod_security-dev/apache_view_logs.php
@@ -42,7 +42,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
if(strstr($pfSversion, "1.2"))
$one_two = true;
-$pgtitle = "Status: Apache Vhosts Logs";
+$pgtitle = "Status: Apache VirtualHost Logs";
include("head.inc");
?>
@@ -171,8 +171,8 @@ function showLog(content,url,logtype)
</tbody>
</table>
</form>
- <div id="bowserinfo" style='padding: 5px; border: 1px dashed #990000; font-weight:bold; font-size: 0.9em; text-align: center; margin: 1px; display:block; height: 12px;'>
- <span><span>
+ <div id="browserinfo" style='padding: 5px; border: 1px dashed #990000; font-weight:bold; font-size: 0.9em; text-align: center; margin: 1px; display:block; height: 12px;'>
+ <span></span>
</div>
<!-- Squid Table -->
<table width="100%" border="0" cellpadding="0" cellspacing="0">
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index b3653bdf..53478721 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -4,40 +4,41 @@
<packagegui>
<copyright>
<![CDATA[
- /* $Id$ */
- /* ========================================================================== */
- /*
- apache_virtualhost.xml
- part of apache_mod_security package (http://www.pfSense.com)
- Copyright (C)2009, 2010 Scott Ullrich
- Copyright (C)2012 Marcello Coutinho
- All rights reserved.
- */
- /* ========================================================================== */
- /*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+/* $Id$ */
+/* ========================================================================== */
+/*
+ apache_virtualhost.xml
+ part of apache_mod_security package (http://www.pfSense.com)
+ Copyright (C)2009, 2010 Scott Ullrich
+ Copyright (C)2012 Marcello Coutinho
+ Copyright (C)2013 Stephane Lapie <stephane.lapie@asahinet.com>
+ All rights reserved.
+*/
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code MUST retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code MUST retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form MUST reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form MUST reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
- /* ========================================================================== */
- ]]>
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ========================================================================== */
+]]>
</copyright>
<name>apachevirtualhost</name>
<version>1.0</version>
@@ -143,7 +144,7 @@
<tab_level>2</tab_level>
</tab>
<tab>
- <text>Virutal Hosts</text>
+ <text>Virtual Hosts</text>
<url>/pkg.php?xml=apache_virtualhost.xml</url>
<tab_level>2</tab_level>
<active/>
@@ -201,17 +202,14 @@
<description>Select protocols that this virtual host will accept connections</description>
<type>select</type>
<options>
- <option><name>HTTP</name><value>http</value></option>
- <option><name>HTTPS</name><value>https</value></option>
+ <option><name>HTTP</name><value>http</value></option>
+ <option><name>HTTPS</name><value>https</value></option>
</options>
</field>
<field>
<fielddescr>Server Name(s)</fielddescr>
<fieldname>primarysitehostname</fieldname>
- <description>
- <![CDATA[Enter hostnames one per line in FQDN format for this website (e.g. www.example.com)<br/>
- Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]>
- </description>
+ <description><![CDATA[Enter hostnames one per line in FQDN format for this website (e.g. www.example.com)<br/>Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy)]]></description>
<cols>40</cols>
<rows>2</rows>
<type>textarea</type>
@@ -238,27 +236,21 @@
<fielddescr>Site Webmaster E-Mail address</fielddescr>
<fieldname>siteemail</fieldname>
<size>50</size>
- <description>
- <![CDATA[
- Enter the Webmaster E-Mail address for this site.
- ]]>
- </description>
+ <description><![CDATA[Enter the Webmaster E-Mail address for this site.]]></description>
<type>input</type>
</field>
<field>
<fielddescr>Site description</fielddescr>
<fieldname>description</fieldname>
<size>50</size>
- <description>
- <![CDATA[Enter a site description]]>
- </description>
+ <description><![CDATA[Enter a site description]]></description>
<type>input</type>
</field>
<field>
<fielddescr>HTTPS SSL certificate</fielddescr>
<fieldname>ssl_cert</fieldname>
<description>Choose the SSL Server Certificate here.</description>
- <type>select_source</type>
+ <type>select_source</type>
<source><![CDATA[$config['cert']]]></source>
<source_name>descr</source_name>
<source_value>refid</source_value>
@@ -283,62 +275,62 @@
<![CDATA[Location(s)]]>
</fielddescr>
<fieldname>locations</fieldname>
- <type>rowhelper</type>
- <dontdisplayname/>
+ <type>rowhelper</type>
+ <dontdisplayname/>
<usecolspan2/>
<movable>on</movable>
- <rowhelper>
+ <rowhelper>
<rowhelperfield>
- <fielddescr><![CDATA[gzip?]]></fielddescr>
- <fieldname>compress</fieldname>
- <description>Compress data to save bandwidth?</description>
+ <fielddescr><![CDATA[gzip?]]></fielddescr>
+ <fieldname>compress</fieldname>
+ <description>Compress data to save bandwidth?</description>
<type>select</type>
<options>
- <option><name>yes</name><value>yes</value></option>
- <option><name>no</name><value>no</value></option>
+ <option><name>yes</name><value>yes</value></option>
+ <option><name>no</name><value>no</value></option>
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr><![CDATA[site path]]></fielddescr>
- <fieldname>sitepath</fieldname>
- <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description>
- <type>input</type>
- <size>12</size>
+ <fielddescr><![CDATA[Site Path]]></fielddescr>
+ <fieldname>sitepath</fieldname>
+ <description><![CDATA[Site path to publish.<br>leave blank to use /]]></description>
+ <type>input</type>
+ <size>12</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr><![CDATA[Balancer]]></fielddescr>
- <fieldname>balancer</fieldname>
- <description>Server balancer / pool</description>
+ <fieldname>balancer</fieldname>
+ <description>Server balancer / pool</description>
<source><![CDATA[$config['installedpackages']['apachebalancer']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
<show_disable_value>none</show_disable_value>
<type>select_source</type>
- <size>5</size>
+ <size>5</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LbMethod</a>]]></fielddescr>
- <fieldname>lbmethod</fieldname>
- <description>Server balance method</description>
- <type>select</type>
- <options>
- <option><name>byrequests</name><value>byrequests</value></option>
- <option><name>bytraffic</name><value>bytraffic</value></option>
- <option><name>bybusyness</name><value>bybusyness</value></option>
+ <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>LB Method</a>]]></fielddescr>
+ <fieldname>lbmethod</fieldname>
+ <description>Server balance method</description>
+ <type>select</type>
+ <options>
+ <option><name>byrequests</name><value>byrequests</value></option>
+ <option><name>bytraffic</name><value>bytraffic</value></option>
+ <option><name>bybusyness</name><value>bybusyness</value></option>
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>Backend path</fielddescr>
- <fieldname>backendpath</fieldname>
- <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description>
- <type>input</type>
- <size>12</size>
+ <fielddescr>Backend Path</fielddescr>
+ <fieldname>backendpath</fieldname>
+ <description><![CDATA[Backend redirect path.<br>Leave blank to use /]]></description>
+ <type>input</type>
+ <size>12</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr><![CDATA[ModSecurity]]></fielddescr>
<fieldname>modsecgroup</fieldname>
- <description>Choose Modsecurity group to use on this virtual host.</description>
- <type>select_source</type>
+ <description>Choose ModSecurity group to use on this virtual host.</description>
+ <type>select_source</type>
<source><![CDATA[$config['installedpackages']['apachemodsecuritygroups']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
@@ -348,20 +340,29 @@
<fielddescr><![CDATA[Manipulations]]></fielddescr>
<fieldname>modsecmanipulation</fieldname>
<description>Choose Modsecurity group to use on this virtual host.</description>
- <type>select_source</type>
+ <type>select_source</type>
<source><![CDATA[$config['installedpackages']['apachemodsecuritymanipulation']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
<show_disable_value>none</show_disable_value>
</rowhelperfield>
<rowhelperfield>
- <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>&nbsp;&nbsp;Balancer options</a>]]></fielddescr>
- <fieldname>options</fieldname>
- <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description>
- <type>input</type>
- <size>11</size>
+ <fielddescr><![CDATA[<a href='https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass'>&nbsp;&nbsp;Balancer options</a>]]></fielddescr>
+ <fieldname>options</fieldname>
+ <description><![CDATA[Additional proxypass options for this path.<br>ex: ttl=60 stickysession='JSESSIONID']]></description>
+ <type>input</type>
+ <size>11</size>
</rowhelperfield>
- </rowhelper>
+ <rowhelperfield>
+ <fielddescr>Location Custom Settings</fielddescr>
+ <fieldname>custom</fieldname>
+ <description><![CDATA[Pass extra Apache config for this Location. This is useful for SSLRequire rules for example.]]></description>
+ <type>textarea</type>
+ <cols>65</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </rowhelperfield>
+ </rowhelper>
</field>
<field>
<name>Logging</name>
@@ -370,25 +371,19 @@
<field>
<fielddescr>Preserve Proxy hostname</fielddescr>
<fieldname>preserveproxyhostname</fieldname>
- <description>
- <![CDATA[
- When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address.
- ]]>
- </description>
+ <description><![CDATA[When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address.]]></description>
<type>checkbox</type>
</field>
<field>
<fielddescr>Log file</fielddescr>
<fieldname>logfile</fieldname>
- <description>
- <![CDATA[Enable access and error log for this virtual host.]]>
- </description>
+ <description><![CDATA[Enable access and error log for this virtual host.]]></description>
<type>select</type>
- <options>
- <option><name>Log to default apache log file</name><value>default</value></option>
- <option><name>Create a log file for this site</name><value>create</value></option>
- <option><name>Do not not this website</name><value>disabled</value></option>
- </options>
+ <options>
+ <option><name>Log to default apache log file</name><value>default</value></option>
+ <option><name>Create a log file for this site</name><value>create</value></option>
+ <option><name>Do not log this website</name><value>disabled</value></option>
+ </options>
</field>
<field>
<name>Custom Options</name>
@@ -397,7 +392,7 @@
<field>
<fielddescr>Custom Options</fielddescr>
<fieldname>custom</fieldname>
- <description>Paste extra apache config for this virtualhost. This is usefull for rewrite rules for example.</description>
+ <description>Pass extra Apache config for this VirtualHost. This is useful for Rewrite rules for example.</description>
<type>textarea</type>
<cols>90</cols>
<rows>10</rows>
@@ -415,4 +410,4 @@
apache_mod_security_resync();
</custom_php_resync_config_command>
<include_file>/usr/local/pkg/apache_mod_security.inc</include_file>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 4c283410..de27b907 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -471,7 +471,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quot
$client_install_exe = "openvpn-install-2.3-x86_64.exe";
break;
default:
- $client_install_exe = "openvpn-install-2.2.exe";
+ $client_install_exe = "openvpn-install-2.3-i686.exe";
}
$ovpndir = "/usr/local/share/openvpn";
@@ -499,6 +499,8 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quot
exec("cp -r {$workdir}/template/* {$tempdir}");
// and put the required installer exe in place
exec("/bin/cp {$tempdir}/{$client_install_exe} {$tempdir}/openvpn-install.exe");
+ if (stristr($openvpn_version, "x64"))
+ rename("{$tempdir}/openvpn-postinstall64.exe", "{$tempdir}/openvpn-postinstall.exe");
// write configuration file
$prefix = openvpn_client_export_prefix($srvid, $usrid, $crtid);
@@ -544,8 +546,6 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $quot
if ($openvpnmanager)
$files .= "openvpnmanager ";
- unlink("openvpn-postinstall.exe");
- rename("openvpnmanager/openvpn-postinstall.exe","openvpn-postinstall.exe");
$files .= "openvpn-install.exe ";
$files .= "openvpn-postinstall.exe ";
if ($usetoken)
diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml
index 9a59ab27..04ffcec7 100755
--- a/config/openvpn-client-export/openvpn-client-export.xml
+++ b/config/openvpn-client-export/openvpn-client-export.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
<name>OpenVPN Client Export</name>
- <version>1.1.5</version>
+ <version>1.2</version>
<title>OpenVPN Client Export</title>
<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
<backup_file></backup_file>
diff --git a/config/openvpn-client-export/source/openvpn-postinstall64.nsi b/config/openvpn-client-export/source/openvpn-postinstall64.nsi
new file mode 100644
index 00000000..b962ddff
--- /dev/null
+++ b/config/openvpn-client-export/source/openvpn-postinstall64.nsi
@@ -0,0 +1,215 @@
+;--------------------------------
+; OpenVPN NSIS Post-Installer
+;--------------------------------
+
+;--------------------------------
+;Include Modern UI
+
+Var /GLOBAL mui.FinishPage.Run
+!define MUI_FINISHPAGE_RUN_VARIABLES
+
+ !include "MUI2.nsh"
+ !include "FileFunc.nsh"
+ !include "LogicLib.nsh"
+
+;--------------------------------
+; General
+;--------------------------------
+
+ Name "OpenVPN Configuration"
+ OutFile "openvpn-postinstall64.exe"
+ SetCompressor /SOLID lzma
+
+ ShowInstDetails show
+
+ !include "dotnet2.nsh"
+ !include "x64.nsh"
+;--------------------------------
+;Include Settings
+;--------------------------------
+
+ !define MUI_ICON "openvpn-postinstall.ico"
+ !define MUI_ABORTWARNING
+
+;--------------------------------
+;Pages
+;--------------------------------
+
+!define WELCOME_TITLE 'Welcome to OpenVPN installer.'
+
+!define WELCOME_TEXT "This wizard will guide you through the installation of the OpenVPN client and configuration.$\r$\n$\r$\n\
+This wil automaticaly install the configuration files needed for your connection. \
+And if needed install the required DotNet2 framework."
+ !define MUI_WELCOMEPAGE_TITLE '${WELCOME_TITLE}'
+ ;!define MUI_WELCOMEPAGE_TITLE_3LINES
+ !define MUI_WELCOMEPAGE_TEXT '${WELCOME_TEXT}'
+ !insertmacro MUI_PAGE_WELCOME
+
+ !insertmacro MUI_PAGE_INSTFILES
+
+
+ !define MUI_FINISHPAGE_RUN "C:\User\test.lnk"
+ !define MUI_FINISHPAGE_RUN_TEXT "Start OpenVPNManager."
+ !define MUI_FINISHPAGE_RUN_FUNCTION "LaunchLink"
+ !define MUI_PAGE_CUSTOMFUNCTION_SHOW finish_show
+ !insertmacro MUI_PAGE_FINISH
+
+ !insertmacro Locate
+ !insertmacro GetParameters
+ !insertmacro GetOptions
+
+;--------------------------------
+;Languages
+;--------------------------------
+
+ !insertmacro MUI_LANGUAGE "English"
+
+;--------------------------------
+;Functions
+;--------------------------------
+
+Function .onInit
+ Var /GLOBAL BINPATH
+ Var /GLOBAL CONFPATH
+ Var /GLOBAL OpenVPNManager
+
+ ; If we are running on a 64-bit OS with a 64-bit payload then we must operate in the 64-bit registry
+ ; This should not be done if the payload is a 32-bit OpenVPN even on a 64-bit OS.
+ ${If} ${RunningX64}
+ SetRegView 64
+ ${EndIf}
+ IfFileExists ".\OpenVPNManager" InstallOpenVPNManager1 DontInstallOpenVPNManager1
+ InstallOpenVPNManager1:
+ strcpy $OpenVPNManager true
+ !insertmacro CheckForDotNET2
+ Goto OpenVPNManagerDone1
+ DontInstallOpenVPNManager1:
+ strcpy $OpenVPNManager false
+ OpenVPNManagerDone1:
+FunctionEnd
+
+Function CopyConfFile
+ CopyFiles $R9 $CONFPATH\$R7
+ Push $0
+FunctionEnd
+
+Function ImportConfFile
+ ExecWait "rundll32.exe cryptext.dll,CryptExtAddPFX $R9"
+ Push $0
+FunctionEnd
+
+Function CopyOpenVPNManager
+ DetailPrint "Installing OpenVPNManager..."
+ DetailPrint "Installing in: $BINPATH\OpenVPNManager\"
+ CreateDirectory "$BINPATH\OpenVPNManager"
+ CreateDirectory "$BINPATH\OpenVPNManager\config"
+ CopyFiles ".\OpenVPNManager\*.*" "$BINPATH\OpenVPNManager"
+ CreateShortcut "$desktop\OpenVPNManager.lnk" "$BINPATH\OpenVPNManager\OpenVPNManager.exe"
+ Push $0
+FunctionEnd
+
+Function finish_show
+ ${If} $OpenVPNManager != "true"
+ ;If OpenVPNManager is not installed then dont give the option to run it. (hide and uncheck the checkbox)
+ ShowWindow $mui.FinishPage.Run 0
+ ${NSD_Uncheck} $mui.FinishPage.Run
+ ${EndIf}
+FunctionEnd
+
+Function LaunchLink
+ ExecShell "" "$desktop\OpenVPNManager.lnk"
+FunctionEnd
+;--------------------------------
+;Installer Sections
+;--------------------------------
+
+Section "Import Configuration" SectionImport
+ ${If} $OpenVPNManager == "true"
+ ; OpenVPNManager needs dotnet2
+ !insertmacro InstallDotNet2
+ ${Endif}
+
+ ClearErrors
+ ReadRegStr $BINPATH HKLM "Software\OpenVPN" ""
+ IfErrors OpenVPNInstall OpenVPNAlreadyInstalled
+ OpenVPNInstall:
+ DetailPrint "Pausing installation while OpenVPN installer runs."
+ ExecWait '".\openvpn-install.exe"' $1
+ ${if} $OpenVPNManager == "true"
+ SetShellVarContext all
+ Delete "$desktop\OpenVPN GUI.lnk"
+ SetShellVarContext current
+ ${Endif}
+ Pop $0
+ OpenVPNAlreadyInstalled:
+
+ ClearErrors
+ ReadRegStr $BINPATH HKLM "Software\OpenVPN" ""
+ IfErrors OpenVPNnotFound OpenVPNok
+ OpenVPNnotFound:
+ Abort "OpenVPN installation not found, installation aborted."
+ OpenVPNok:
+ DetailPrint "Completed OpenVPN installation."
+
+ ${If} $OpenVPNManager == "true"
+ strcpy $OpenVPNManager true
+ StrCpy $CONFPATH "$BINPATH\OpenVPNManager\config"
+ call "CopyOpenVPNManager"
+ ${Else}
+ strcpy $OpenVPNManager false
+ ClearErrors
+ ReadRegStr $CONFPATH HKLM "Software\OpenVPN" "config_dir"
+ IfErrors configNotFound configFound
+ configNotFound:
+ ReadRegStr $CONFPATH HKLM "Software\OpenVPN" ""
+ StrCpy $CONFPATH "$CONFPATH\config"
+ configFound:
+
+ ${Endif}
+
+ DetailPrint "Installing configuration files ..."
+ ${Locate} ".\config" "/L=F /M=*.ovpn" "CopyConfFile"
+
+ DetailPrint "Installing certificate and key files ..."
+ ${Locate} ".\config" "/L=F /M=*.crt" "CopyConfFile"
+ ${Locate} ".\config" "/L=F /M=*.key" "CopyConfFile"
+
+ ${If} $OpenVPNManager == "true"
+ DetailPrint "Registering OpenVPNManager service..."
+ ExecWait '"$BINPATH\OpenVPNManager\OpenVPNManager.exe" /install'
+ DetailPrint "Starting OpenVPNManager service..."
+ SimpleSC::StartService "OpenVPNManager" "" 30
+ Pop $0
+ ${Else}
+ ;DetailPrint "Starting OpenVPN Service..."
+ ;SimpleSC::StartService "OpenVPNService" "" 30
+ ;Pop $0
+ ${Endif}
+
+ ${GetParameters} $R0
+ ${GetOptions} $R0 "/Import" $R1
+ IfErrors p12_copy p12_import
+ p12_copy:
+ ${Locate} ".\config" "/L=F /M=*.p12" "CopyConfFile"
+ Goto p12_done
+ p12_import:
+ ${Locate} ".\config" "/L=F /M=*.p12" "ImportConfFile"
+ Goto p12_done
+ p12_done:
+
+SectionEnd
+;--------------------------------
+;Descriptions
+;--------------------------------
+
+ ;Language strings
+ LangString DESC_SectionImport ${LANG_ENGLISH} "Import OpenVPN Configurations and Key Files."
+
+ ;Assign language strings to sections
+ !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN
+ !insertmacro MUI_DESCRIPTION_TEXT ${SectionImport} $(DESC_SectionImport)
+ !insertmacro MUI_FUNCTION_DESCRIPTION_END
+
+;--------------------------------
+; END
+;--------------------------------
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index ad6c65da..f0bcbee2 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -434,11 +434,9 @@ function server_changed() {
cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ", -1)'>Others<\/a>";
cell2.innerHTML += "<br\/>- Windows Installers:<br\/>";
cell2.innerHTML += "&nbsp;&nbsp; ";
- cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ", -1)'>2.2<\/a>";
- cell2.innerHTML += "&nbsp;&nbsp; ";
cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ", -1)'>2.3-x86<\/a>";
-// cell2.innerHTML += "&nbsp;&nbsp; ";
-// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ", -1)'>2.3-x64<\/a>";
+ cell2.innerHTML += "&nbsp;&nbsp; ";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ", -1)'>2.3-x64<\/a>";
cell2.innerHTML += "<br\/>- Mac OSX:<br\/>";
cell2.innerHTML += "&nbsp;&nbsp; ";
cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ", -1)'>Viscosity Bundle<\/a>";
@@ -471,11 +469,9 @@ function server_changed() {
cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\", -1," + j + ")'>Others<\/a>";
cell2.innerHTML += "<br\/>- Windows Installers:<br\/>";
cell2.innerHTML += "&nbsp;&nbsp; ";
- cell2.innerHTML += "<a href='javascript:download_begin(\"inst\", -1," + j + ")'>2.2<\/a>";
- cell2.innerHTML += "&nbsp;&nbsp; ";
cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\", -1," + j + ")'>2.3-x86<\/a>";
-// cell2.innerHTML += "&nbsp;&nbsp; ";
-// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\", -1," + j + ")'>2.3-x64<\/a>";
+ cell2.innerHTML += "&nbsp;&nbsp; ";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\", -1," + j + ")'>2.3-x64<\/a>";
cell2.innerHTML += "<br\/>- Mac OSX:<br\/>";
cell2.innerHTML += "&nbsp;&nbsp; ";
cell2.innerHTML += "<a href='javascript:download_begin(\"visc\", -1," + j + ")'>Viscosity Bundle<\/a>";
@@ -515,11 +511,9 @@ function server_changed() {
cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Others<\/a>";
cell2.innerHTML += "<br\/>- Windows Installers:<br\/>";
cell2.innerHTML += "&nbsp;&nbsp; ";
- cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>2.2<\/a>";
- cell2.innerHTML += "&nbsp;&nbsp; ";
cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ")'>2.3-x86<\/a>";
-// cell2.innerHTML += "&nbsp;&nbsp; ";
-// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ")'>2.3-x64<\/a>";
+ cell2.innerHTML += "&nbsp;&nbsp; ";
+ cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ")'>2.3-x64<\/a>";
cell2.innerHTML += "<br\/>- Mac OSX:<br\/>";
cell2.innerHTML += "&nbsp;&nbsp; ";
cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ")'>Viscosity Bundle<\/a>";
@@ -806,6 +800,7 @@ function useproxy_changed(obj) {
This will change the generated .ovpn configuration to allow for usage of the management interface.
And include the OpenVPNManager program in the "Windows Installers". With this OpenVPN can be used also by non-administrator users.
This is also useful for Windows Vista/7/8 systems where elevated permissions are needed to add routes to the system.
+ <br/><br/>NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.
</span>
</td>
</tr>
diff --git a/config/varnish3/pkg_varnish.inc b/config/varnish3/pkg_varnish.inc
new file mode 100755
index 00000000..509f24e5
--- /dev/null
+++ b/config/varnish3/pkg_varnish.inc
@@ -0,0 +1,11 @@
+<?php
+
+global $shortcuts;
+
+$shortcuts['varnish'] = array();
+$shortcuts['varnish']['main'] = "pkg.php?xml=varnish_backends.xml";
+$shortcuts['varnish']['log'] = "diag_logs.php";
+$shortcuts['varnish']['status'] = "status_services.php";
+$shortcuts['varnish']['service'] = "varnish";
+
+?> \ No newline at end of file
diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc
index 4adf0575..983804c9 100644
--- a/config/varnish3/varnish.inc
+++ b/config/varnish3/varnish.inc
@@ -4,7 +4,7 @@
varnish.inc
part of pfSense (http://www.pfSense.com)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
- Copyright (C) 2011 Marcello Coutinho
+ Copyright (C) 2011-2013 Marcello Coutinho
Copyright (C) 2012 Marcio Carlos Antao
All rights reserved.
*/
@@ -32,6 +32,14 @@
POSSIBILITY OF SUCH DAMAGE.
*/
/* ========================================================================== */
+$shortcut_section = "varnish";
+
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version > 2.0)
+ define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m"));
+else
+ define('VARNISH_LOCALBASE','/usr/local');
+
function varnish_settings_post_validate($post, $input_errors) {
if( !is_numeric($post['storagesize']))
@@ -244,7 +252,6 @@ mkdir -p /var/varnish
rm /var/varnish/storage.bin 2>/dev/null
killall varnishd 2>/dev/null
sleep 1
-sysctl kern.ipc.nmbclusters=65536
sysctl kern.ipc.somaxconn=16384
sysctl kern.maxfiles=131072
sysctl kern.maxfilesperproc=104856
@@ -641,7 +648,15 @@ sub vcl_fini {
}
EOF;
-
+ file_put_contents("/var/etc/default.vcl",$varnish_config_file,LOCK_EX);
+ $cc_file="/usr/local/bin/cc";
+ foreach (glob(VARNISH_LOCALBASE."/bin/gcc*") as $bin_file) {
+ $gcc_file=$bin_file;
+ }
+ if (!file_exists($cc_file) && file_exists($gcc_file)){
+ symlink($gcc_file,$cc_file);
+ }
+
$fd = fopen("/var/etc/default.vcl", "w");
fwrite($fd, $varnish_config_file);
fclose($fd);
@@ -652,29 +667,67 @@ EOF;
/* Uses XMLRPC to synchronize the changes to a remote node */
function varnish_sync_on_changes() {
global $config, $g;
- log_error("[varnish] varnish_xmlrpc_sync.php is starting.");
- $synconchanges = $config['installedpackages']['varnishsync']['config'][0]['synconchanges'];
- if(!$synconchanges)
- return;
- foreach ($config['installedpackages']['varnishsync']['config'] as $rs ){
- foreach($rs['row'] as $sh){
- $sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- if($password && $sync_to_ip)
- varnish_do_xmlrpc_sync($sync_to_ip, $password);
+ if (is_array($config['installedpackages']['varnishsync']['config'])){
+ $varnish_sync=$config['installedpackages']['varnishsync']['config'][0];
+ $synconchanges = $varnish_sync['synconchanges'];
+ $synctimeout = $varnish_sync['synctimeout'];
+ switch ($synconchanges){
+ case "manual":
+ if (is_array($varnish_sync[row])){
+ $rs=$varnish_sync[row];
+ }
+ else{
+ log_error("[varnish] xmlrpc sync is enabled but there is no hosts to push on varnish config.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['hasync'])){
+ $hasync=$config['hasync'][0];
+ $rs[0]['ipaddress']=$hasync['synchronizetoip'];
+ $rs[0]['username']=$hasync['username'];
+ $rs[0]['password']=$hasync['password'];
+ }
+ else{
+ log_error("[varnish] xmlrpc sync is enabled but there is no system backup hosts to push varnish config.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
}
- }
- log_error("[varnish] varnish_xmlrpc_sync.php is ending.");
+ if (is_array($rs)){
+ log_error("[varnish] xmlrpc sync is starting.");
+ foreach($rs as $sh){
+ $sync_to_ip = $sh['ipaddress'];
+ $password = $sh['password'];
+ if($sh['username'])
+ $username = $sh['username'];
+ else
+ $username = 'admin';
+ if($password && $sync_to_ip)
+ varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout);
+ }
+ log_error("[varnish] xmlrpc sync is ending.");
+ }
+ }
}
/* Do the actual XMLRPC sync */
-function varnish_do_xmlrpc_sync($sync_to_ip, $password) {
+function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) {
global $config, $g;
-
+
+ if(!$username)
+ return;
+
if(!$password)
return;
if(!$sync_to_ip)
return;
+
+ if(!$synctimeout)
+ $synctimeout=25;
$xmlrpc_sync_neighbor = $sync_to_ip;
if($config['system']['webgui']['protocol'] != "") {
@@ -710,18 +763,18 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $password) {
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
if($g['debug'])
$cli->setDebug(1);
- /* send our XMLRPC message and timeout after 250 seconds */
- $resp = $cli->send($msg, "250");
+ /* send our XMLRPC message and timeout after $synctimeout seconds */
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting varnish XMLRPC sync with {$url}:{$port}.";
log_error($error);
file_notice("sync_settings", $error, "varnish Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting varnish XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "varnish Settings Sync", "");
@@ -742,15 +795,15 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $password) {
log_error("varnish XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- $resp = $cli->send($msg, "250");
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting varnish XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "varnish Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting varnish XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "varnish Settings Sync", "");
diff --git a/config/varnish3/varnish_backends.xml b/config/varnish3/varnish_backends.xml
index e480a8d6..28e7caca 100644
--- a/config/varnish3/varnish_backends.xml
+++ b/config/varnish3/varnish_backends.xml
@@ -9,7 +9,7 @@
varnish_backends.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
- Copyright (C) 2011 Marcello Coutinho
+ Copyright (C) 2011-2013 Marcello Coutinho
All rights reserved.
/*/
/* ========================================================================== */
@@ -85,6 +85,11 @@
<chmod>0755</chmod>
<item>http://www.pfsense.com/packages/config/varnish3/varnishstat.php</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/shortcuts/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.org/packages/config/varnish3/pkg_varnish.inc</item>
+ </additional_files_needed>
<menu>
<name>Varnish</name>
<tooltiptext>Varnish</tooltiptext>
@@ -129,14 +134,23 @@
</tab>
</tabs>
<adddeleteeditpagefields>
+ <movable>on</movable>
<columnitem>
<fielddescr>IPAddress</fielddescr>
<fieldname>ipaddress</fieldname>
</columnitem>
<columnitem>
+ <fielddescr>Port</fielddescr>
+ <fieldname>port</fieldname>
+ </columnitem>
+ <columnitem>
<fielddescr>Name</fielddescr>
<fieldname>backendname</fieldname>
- </columnitem>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Description</fielddescr>
+ <fieldname>description</fieldname>
+ </columnitem>
</adddeleteeditpagefields>
<fields>
<field>
@@ -163,9 +177,17 @@
<fieldname>port</fieldname>
<description>Enter the TCP/IP port of the webserver.</description>
<type>input</type>
+ <size>6</size>
<validate>^[0-9]+$</validate>
</field>
<field>
+ <fielddescr>Description</fielddescr>
+ <fieldname>description</fieldname>
+ <description>Enter the description for this Backend.</description>
+ <type>input</type>
+ <size>40</size>
+ </field>
+ <field>
<fielddescr>PerformanceMetrics</fielddescr>
<fieldname>PerformanceMetrics</fieldname>
<type>listtopic</type>
diff --git a/config/varnish3/varnish_custom_vcl.xml b/config/varnish3/varnish_custom_vcl.xml
index 86a9cdca..c0bb0e80 100644
--- a/config/varnish3/varnish_custom_vcl.xml
+++ b/config/varnish3/varnish_custom_vcl.xml
@@ -9,6 +9,7 @@
varnish_settings.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
+ Copyright (C) 2013 Marcello Coutinho
All rights reserved.
*/
/* ========================================================================== */
@@ -78,56 +79,92 @@
</tabs>
<fields>
<field>
+ <type>listtopic</type>
+ <name>vcl_recv_early</name>
+ </field>
+ <field>
<fielddescr>vcl_recv_early</fielddescr>
<fieldname>vcl_recv_early</fieldname>
+ <dontdisplayname/>
+ <usecolspan2/>
<description>Paste your custom <![CDATA[<a target=_new href='http://varnish-cache.org/wiki/VCL'>vcl_recv</a>]]> code here. This code will be included at the beginning of the vcl_recv function.</description>
<type>textarea</type>
- <cols>50</cols>
+ <cols>90</cols>
<rows>10</rows>
<encoding>base64</encoding>
</field>
<field>
+ <type>listtopic</type>
+ <name>vcl_recv_late</name>
+ </field>
+ <field>
<fielddescr>vcl_recv_late</fielddescr>
<fieldname>vcl_recv_late</fieldname>
+ <dontdisplayname/>
+ <usecolspan2/>
<description>Paste your custom <![CDATA[<a target=_new href='http://varnish-cache.org/wiki/VCL'>vcl_recv</a>]]> code here. This code will be included at the end of the vcl_recv function.</description>
<type>textarea</type>
- <cols>50</cols>
+ <cols>90</cols>
<rows>10</rows>
<encoding>base64</encoding>
</field>
<field>
+ <type>listtopic</type>
+ <name>vcl_fetch_early</name>
+ </field>
+ <field>
<fielddescr>vcl_fetch_early</fielddescr>
<fieldname>vcl_fetch_early</fieldname>
+ <dontdisplayname/>
+ <usecolspan2/>
<description>Paste your custom <![CDATA[<a target=_new href='http://varnish-cache.org/wiki/VCL'>vcl_fetch</a>]]> code here. This code will be included at the beginning of the vcl_fetch function.</description>
<type>textarea</type>
- <cols>50</cols>
+ <cols>90</cols>
<rows>10</rows>
<encoding>base64</encoding>
</field>
<field>
+ <type>listtopic</type>
+ <name>vcl_fetch_late</name>
+ </field>
+ <field>
<fielddescr>vcl_fetch_late</fielddescr>
<fieldname>vcl_fetch_late</fieldname>
+ <dontdisplayname/>
+ <usecolspan2/>
<description>Paste your custom <![CDATA[<a target=_new href='http://varnish-cache.org/wiki/VCL'>vcl_fetch</a>]]> code here. This code will be included at the end of the vcl_fetch function.</description>
<type>textarea</type>
- <cols>50</cols>
+ <cols>90</cols>
<rows>10</rows>
<encoding>base64</encoding>
</field>
<field>
+ <type>listtopic</type>
+ <name>vcl_pipe_early</name>
+ </field>
+ <field>
<fielddescr>vcl_pipe_early</fielddescr>
<fieldname>vcl_pipe_early</fieldname>
+ <dontdisplayname/>
+ <usecolspan2/>
<description>Paste your custom <![CDATA[<a target=_new href='http://varnish-cache.org/wiki/VCL'>vcl_pipe</a>]]> code here. This code will be included at the beginning of the vcl_pipe function.</description>
<type>textarea</type>
- <cols>50</cols>
+ <cols>90</cols>
<rows>10</rows>
<encoding>base64</encoding>
</field>
<field>
+ <type>listtopic</type>
+ <name>vcl_pipe_late</name>
+ </field>
+ <field>
<fielddescr>vcl_pipe_late</fielddescr>
<fieldname>vcl_pipe_late</fieldname>
+ <dontdisplayname/>
+ <usecolspan2/>
<description>Paste your custom <![CDATA[<a target=_new href='http://varnish-cache.org/wiki/VCL'>vcl_pipe</a>]]> code here. This code will be included at the end of the vcl_pipe function.</description>
<type>textarea</type>
- <cols>50</cols>
+ <cols>90</cols>
<rows>10</rows>
<encoding>base64</encoding>
</field>
diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml
index 0912e267..b9d8cc24 100644
--- a/config/varnish3/varnish_lb_directors.xml
+++ b/config/varnish3/varnish_lb_directors.xml
@@ -9,7 +9,7 @@
varnish_lb_directors.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
- Copyright (C) 2011 Marcello Coutinho
+ Copyright (C) 2011-2013 Marcello Coutinho
All rights reserved.
*/
@@ -99,6 +99,7 @@
</tab>
</tabs>
<adddeleteeditpagefields>
+ <movable>on</movable>
<columnitem>
<fielddescr>Director name</fielddescr>
<fieldname>directorname</fieldname>
diff --git a/config/varnish3/varnish_sync.xml b/config/varnish3/varnish_sync.xml
index 02434389..fd387fdb 100644
--- a/config/varnish3/varnish_sync.xml
+++ b/config/varnish3/varnish_sync.xml
@@ -9,7 +9,7 @@
varnish_sync.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
- Copyright (C) 2011 Marcello Coutinho
+ Copyright (C) 2011-2013 Marcello Coutinho
All rights reserved.
*/
/* ========================================================================== */
@@ -82,12 +82,34 @@
<type>listtopic</type>
<fieldname>temp</fieldname>
<name>Enable Varnish configuration sync</name>
- </field>
+ </field>
<field>
<fielddescr>Automatically sync Varnish configuration changes</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>pfSense will automatically sync changes to the hosts defined below.</description>
- <type>checkbox</type>
+ <description>Select a sync method for bind.</description>
+ <type>select</type>
+ <required/>
+ <default_value>auto</default_value>
+ <options>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Sync timeout</fielddescr>
+ <fieldname>synctimeout</fieldname>
+ <description>Select sync max wait time</description>
+ <type>select</type>
+ <required/>
+ <default_value>25</default_value>
+ <options>
+ <option><name>30 seconds(Default)</name><value>30</value></option>
+ <option><name>60 seconds</name><value>60</value></option>
+ <option><name>90 seconds</name><value>90</value></option>
+ <option><name>250 seconds</name><value>250</value></option>
+ <option><name>120 seconds</name><value>120</value></option>
+ </options>
</field>
<field>
<fielddescr>Remote Server</fielddescr>
@@ -111,8 +133,7 @@
</rowhelper>
</field>
</fields>
- <custom_php_resync_config_command>
- varnish_sync_on_changes();
+ <custom_php_resync_config_command>
</custom_php_resync_config_command>
<custom_php_command_before_form>
unset($_POST['temp']);