diff options
Diffstat (limited to 'packages/squid.xml')
-rw-r--r-- | packages/squid.xml | 218 |
1 files changed, 108 insertions, 110 deletions
diff --git a/packages/squid.xml b/packages/squid.xml index 7fd48654..8a6c5b4b 100644 --- a/packages/squid.xml +++ b/packages/squid.xml @@ -221,106 +221,106 @@ <custom_php_global_functions> function write_static_squid_config() { global $config; - $lancfg = $config['interfaces']['lan']; - $lanif = $lancfg['if']; - $lanip = $lancfg['ipaddr']; - $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); - $lansn = $lancfg['subnet']; - - $fout = fopen("/usr/local/etc/squid/squid.conf","w"); - fwrite($fout, "#\n"); - fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n"); - fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n"); - fwrite($fout, "#\n"); - fwrite($fout, "shutdown_lifetime 5 seconds\n"); - fwrite($fout, "icp_port 0\n"); - fwrite($fout, "\n"); - - fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n"); - fwrite($fout, "no_cache deny QUERY\n"); - fwrite($fout, "\n"); - - fwrite($fout, "pid_filename /var/run/squid.pid\n"); - fwrite($fout, "\n"); - - fwrite($fout, "cache_mem 8 MB\n"); - fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n"); - fwrite($fout, "\n"); - - fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n"); - fwrite($fout, "\n"); - - fwrite($fout, "memory_replacement_policy heap GDSF\n"); - fwrite($fout, "cache_replacement_policy heap GDSF\n"); - fwrite($fout, "\n"); - - fwrite($fout, "cache_access_log /dev/null\n"); - fwrite($fout, "cache_log /dev/null\n"); - fwrite($fout, "cache_store_log none\n"); - fwrite($fout, "\n"); - - fwrite($fout, "log_mime_hdrs off\n"); - fwrite($fout, "emulate_httpd_log on\n"); - fwrite($fout, "forwarded_for off\n"); - fwrite($fout, "\n"); - - fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n"); - fwrite($fout, "\n"); - - fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n"); - fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n"); - fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n"); - fwrite($fout, "acl SSL_ports port 443 563 873 # https, snews, rsync\n"); - fwrite($fout, "acl Safe_ports port 80 # http\n"); - fwrite($fout, "acl Safe_ports port 21 # ftp\n"); - fwrite($fout, "acl Safe_ports port 443 563 873 # https, snews, rsync\n"); - fwrite($fout, "acl Safe_ports port 70 # gopher\n"); - fwrite($fout, "acl Safe_ports port 210 # wais\n"); - fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n"); - fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n"); - fwrite($fout, "acl Safe_ports port 488 # gss-http\n"); - fwrite($fout, "acl Safe_ports port 591 # filemaker\n"); - fwrite($fout, "acl Safe_ports port 777 # multiling http\n"); - fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n"); - fwrite($fout, "\n"); - - fwrite($fout, "acl CONNECT method CONNECT\n"); - fwrite($fout, "\n"); - - fwrite($fout, "#access to squid; local machine; no restrictions\n"); - fwrite($fout, "http_access allow localnet\n"); - fwrite($fout, "http_access allow localhost\n"); - fwrite($fout, "\n"); - - fwrite($fout, "#Deny non web services\n"); - fwrite($fout, "http_access deny !Safe_ports\n"); - fwrite($fout, "http_access deny CONNECT !SSL_ports\n"); - fwrite($fout, "\n"); - - fwrite($fout, "#Set custom configured ACLs\n"); - fwrite($fout, "http_access deny all\n"); - fwrite($fout, "visible_hostname pfSense\n"); - fwrite($fout, "\n"); - - fwrite($fout, "cache_effective_user squid\n"); - fwrite($fout, "cache_effective_group squid\n"); - fwrite($fout, "\n"); - - fwrite($fout, "maximum_object_size 4096 KB\n"); - fwrite($fout, "minimum_object_size 0 KB\n"); - fwrite($fout, "\n"); - - fwrite($fout, "request_body_max_size 0 KB\n"); - fwrite($fout, "reply_body_max_size 0 allow all\n"); - fwrite($fout, "\n"); - - fwrite($fout, "httpd_accel_host virtual\n"); - fwrite($fout, "httpd_accel_port 80\n"); - fwrite($fout, "httpd_accel_with_proxy on\n"); - fwrite($fout, "httpd_accel_uses_host_header on\n"); - - fclose($fout); - } <!-- end function write_static_squid_config() --> + $lancfg = $config['interfaces']['lan']; + $lanif = $lancfg['if']; + $lanip = $lancfg['ipaddr']; + $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); + $lansn = $lancfg['subnet']; + + $fout = fopen("/usr/local/etc/squid/squid.conf","w"); + fwrite($fout, "#\n"); + fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n"); + fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n"); + fwrite($fout, "#\n"); + fwrite($fout, "shutdown_lifetime 5 seconds\n"); + fwrite($fout, "icp_port 0\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n"); + fwrite($fout, "no_cache deny QUERY\n"); + fwrite($fout, "\n"); + + fwrite($fout, "pid_filename /var/run/squid.pid\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_mem 8 MB\n"); + fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n"); + fwrite($fout, "\n"); + + fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n"); + fwrite($fout, "\n"); + + fwrite($fout, "memory_replacement_policy heap GDSF\n"); + fwrite($fout, "cache_replacement_policy heap GDSF\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_access_log /dev/null\n"); + fwrite($fout, "cache_log /dev/null\n"); + fwrite($fout, "cache_store_log none\n"); + fwrite($fout, "\n"); + + fwrite($fout, "log_mime_hdrs off\n"); + fwrite($fout, "emulate_httpd_log on\n"); + fwrite($fout, "forwarded_for off\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n"); + fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n"); + fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n"); + fwrite($fout, "acl SSL_ports port 443 563 873 # https, snews, rsync\n"); + fwrite($fout, "acl Safe_ports port 80 # http\n"); + fwrite($fout, "acl Safe_ports port 21 # ftp\n"); + fwrite($fout, "acl Safe_ports port 443 563 873 # https, snews, rsync\n"); + fwrite($fout, "acl Safe_ports port 70 # gopher\n"); + fwrite($fout, "acl Safe_ports port 210 # wais\n"); + fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n"); + fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n"); + fwrite($fout, "acl Safe_ports port 488 # gss-http\n"); + fwrite($fout, "acl Safe_ports port 591 # filemaker\n"); + fwrite($fout, "acl Safe_ports port 777 # multiling http\n"); + fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl CONNECT method CONNECT\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#access to squid; local machine; no restrictions\n"); + fwrite($fout, "http_access allow localnet\n"); + fwrite($fout, "http_access allow localhost\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Deny non web services\n"); + fwrite($fout, "http_access deny !Safe_ports\n"); + fwrite($fout, "http_access deny CONNECT !SSL_ports\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Set custom configured ACLs\n"); + fwrite($fout, "http_access deny all\n"); + fwrite($fout, "visible_hostname pfSense\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_effective_user squid\n"); + fwrite($fout, "cache_effective_group squid\n"); + fwrite($fout, "\n"); + + fwrite($fout, "maximum_object_size 4096 KB\n"); + fwrite($fout, "minimum_object_size 0 KB\n"); + fwrite($fout, "\n"); + + fwrite($fout, "request_body_max_size 0 KB\n"); + fwrite($fout, "reply_body_max_size 0 allow all\n"); + fwrite($fout, "\n"); + + fwrite($fout, "httpd_accel_host virtual\n"); + fwrite($fout, "httpd_accel_port 80\n"); + fwrite($fout, "httpd_accel_with_proxy on\n"); + fwrite($fout, "httpd_accel_uses_host_header on\n"); + + fclose($fout); + } </custom_php_global_functions> <custom_add_php_command_late> @@ -331,7 +331,7 @@ </custom_add_php_command_late> <custom_php_install_command> - write_static_squid_config(); <!-- write initial static config for transparent proxy --> + write_static_squid_config(); touch("/tmp/custom_php_install_command"); @@ -346,7 +346,7 @@ mwexec("chmod 755 /usr/local/etc/rc.d/squid.sh"); - <!-- create log directory hierarchies if they don't exist --> + /* create log directory hierarchies if they don't exist */ update_output_window("Creating required directory hierarchies..."); if (!file_exists("/var/squid/logs")) { @@ -354,7 +354,6 @@ } mwexec("/usr/sbin/chown squid:squid /var/squid/logs"); - if (!file_exists("/var/squid/cache")) { mwexec("mkdir -p /var/squid/cache"); } @@ -380,13 +379,14 @@ } mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/radius"); - <-- EmanuelG: update pf group ownership settings to enhance squid performance and correct issue relating --> - <-- to error message: parseHttpRequest: PF open failed: (13) Permission denied --> + /* EmanuelG: update pf group ownership settings to enhance squid performance and correct issue relating + * to error message: parseHttpRequest: PF open failed: (13) Permission denied + */ mwexec("chgrp squid /dev/pf"); mwexec("chmod g+rw /dev/pf"); $devfs_file = fopen("/etc/devfs.conf", "a"); - fwrite($devfs_file, "\n# Allow squid to query the packet filter bymaking is group-accessable. + fwrite($devfs_file, "\n# Allow squid to query the packet filter bymaking is group-accessable. "); fwrite($devfs_file, "own pf root:squid"); fwrite($devfs_file, "perm pf 0640"); fclose($devfs_file); @@ -407,10 +407,8 @@ $i++; } - if ($i == 30) { - $pid = shell_exec('nohup squid > /dev/null & echo $!'); - shell_exec('kill -9 ' . $pid . '/dev/null'); - } + /* brute force any remaining squid processes out */ + mwxec("/usr/bin/killall squid"); update_output_window("Recursively removing directories hierarchies..."); update_output_window("If existant, log files in /var/squid/logs will remain..."); |