diff options
Diffstat (limited to 'packages/squid.xml')
-rw-r--r-- | packages/squid.xml | 458 |
1 files changed, 93 insertions, 365 deletions
diff --git a/packages/squid.xml b/packages/squid.xml index 1acb0dc4..b6fe58c5 100644 --- a/packages/squid.xml +++ b/packages/squid.xml @@ -1,434 +1,162 @@ -<?xml version="1.0" encoding="utf-8" ?> +<?xml version="1.0" encoding="utf-8"?> <packagegui> - <name>squid</name> - <title>Services: Proxy Server</title> - <category>Security</category> - <version>2.5.10_4</version> - <configpath>installedpackages->package->squidng->configuration->settings</configpath> - - <aftersaveredirect>/pkg_edit.php?xml=squid_ng.xml&id=0</aftersaveredirect> - - <menu> - <name>Squid</name> - <tooltiptext>Modify settings for Proxy Server</tooltiptext> - <section>Services</section> - <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url> - </menu> - - <!-- TODO: Add xml to parse proxy logs into readable format - <menu> - <name>Proxy Log</name> - <section>Status</section> - <configfile>squid_log.xml</configfile> - </menu> --> - + <include_file>squid.inc</include_file> + + <!-- Installation --> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid_cache.xml</item> + <item>http://www.pfsense.org/packages/config/squid.inc</item> </additional_files_needed> - - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid_nac.xml</item> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/squid_cache.xml</item> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/squid_nac.xml</item> </additional_files_needed> - - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid_ng.inc</item> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/squid_ng.xml</item> </additional_files_needed> - - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid_traffic.xml</item> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/squid_traffic.xml</item> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid_upstream.xml</item> + <item>http://www.pfsense.org/packages/config/squid_upstream.xml</item> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid_auth.xml</item> + <item>http://www.pfsense.org/packages/config/squid_auth.xml</item> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/squid_extauth.xml</item> + <item>http://www.pfsense.org/packages/config/squid_users.xml</item> </additional_files_needed> - + <custom_php_install_command> + squid_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + squid_deinstall_command(); + </custom_php_deinstall_command> + <menu> + <name>Proxy server</name> + <tooltiptext>Modify the proxy server's settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </menu> + <service> + <name>Squid</name> + <description>Web proxy cache.</description> + <rcfile>squid.sh</rcfile> + <executable>squid</executable> + </service> + + <!-- Interface --> + <name>squid</name> + <title>Proxy server: General settings</title> <tabs> <tab> - <text>General Settings</text> + <text>General settings</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> <active/> </tab> - <tab> - <text>Upstream Proxy</text> + <text>Upstream proxy</text> <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> </tab> - <tab> - <text>Cache Mgmt</text> + <text>Cache management</text> <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> </tab> - <tab> - <text>Network Access Control</text> + <text>Access control</text> <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> </tab> - <tab> - <text>Traffic Mgmt</text> + <text>Traffic management</text> <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> </tab> - <tab> - <text>Auth Settings</text> + <text>Auth settings</text> <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> </tab> - <tab> - <text>Extended Auth Settings</text> - <url>/pkg_edit.php?xml=squid_extauth.xml&id=0</url> + <text>Local users</text> + <url>/pkg.php?xml=squid_users.xml</url> </tab> </tabs> - - <fields> + <fields> <field> - <fielddescr>Proxy Listening Interface</fielddescr> <fieldname>active_interface</fieldname> - <description>This defines the active listening interface to which the proxy server will listen for its requests.</description> + <fielddescr>Proxy interface</fielddescr> + <description>The interface(s) the proxy server will bind to.</description> + <default_value>lan</default_value> + <required/> <type>interfaces_selection</type> + <multiple/> </field> - - <field> - <fielddescr>Transparent Proxy</fielddescr> - <fieldname>transparent_proxy</fieldname> - <description>If transparent mode is enabled; all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary.</description> - <type>checkbox</type> - </field> - - <field> - <fielddescr>Log Enabled</fielddescr> - <fieldname>log_enabled</fieldname> - <description>This enables the Web Proxy logging feature. All clients requests will be written to a log file viewable under Services -> Proxy Log.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>URL Filtering Enabled</fielddescr> - <fieldname>urlfilter_enable</fieldname> - <description>This enables the advanced functionality in conjunction with squidGuard to provide an array of URL filtering options. This squidGuard functionality can be additionally configured from Services -> Advanced Proxy Filtering</description> + <fieldname>allow_interface</fieldname> + <fielddescr>Allow users on interface</fielddescr> + <description>If this field is checked, the users connected to the interface selected in the 'Proxy interface' field will be allowed to use the proxy, i.e., there will be no need to add the interface's subnet to the list of allowed subnets. This is just a shortcut.</description> + <default_value>on</default_value> + <required/> <type>checkbox</type> </field> - <field> - <fielddescr>Log Query Terms</fielddescr> - <fieldname>log_query_terms</fieldname> - <description>This will log the complete URL rather than the part of the URL containing dynamic queries.</description> + <fieldname>transparent_proxy</fieldname> + <fielddescr>Transparent proxy</fielddescr> + <description>If transparent mode is enabled, all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary.</description> + <required/> <type>checkbox</type> </field> - <field> - <fielddescr>Log User Agents</fielddescr> - <fieldname>log_user_agents</fieldname> - <description>This will enable the useragent string to be written to a separate log. The results are not shown in the GUI and should only be used for debugging purposes.</description> + <fieldname>log_enabled</fieldname> + <fielddescr>Enabled logging</fielddescr> + <description>This will enable the access log. Don't switch this on if you don't have much disk space left.</description> + <enablefields>log_query_terms,log_user_agents</enablefields> <type>checkbox</type> </field> - <field> - <combinefieldsend>true</combinefieldsend> - <fielddescr>Proxy Port</fielddescr> <fieldname>proxy_port</fieldname> - <description>This is the port the Proxy Server will listen for client requests on. The default is 3128.</description> - <size>4</size> + <fielddescr>Proxy port</fielddescr> + <description>This is the port the proxy server will listen on.</description> + <required/> <type>input</type> + <size>5</size> + <default_value>3128</default_value> </field> - <field> - <fielddescr>ICP Port</fielddescr> <fieldname>icp_port</fieldname> - <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. The default value is 0, which means this function is disabled.</description> - <size>4</size> + <fielddescr>ICP port</fielddescr> + <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. Leave this blank if you don't want the proxy server to communicate with neighbor caches through ICP.</description> <type>input</type> + <size>5</size> </field> - <field> - <fielddescr>Visible Hostname</fielddescr> <fieldname>visible_hostname</fieldname> - <description>This URL is displayed on the Proxy Server error messages.</description> - <size>35</size> + <fielddescr>Visible hostname</fielddescr> + <description>This is the URL to be displayed in proxy server error messages.</description> + <default_value>localhost</default_value> <type>input</type> </field> - <field> - <fielddescr>Cache Administrator E-Mail</fielddescr> - <fieldname>cache_admin_email</fieldname> - <description>This E-Mail address is displayed on the Proxy Server error messages.</description> - <size>35</size> + <fieldname>admin_email</fieldname> + <fielddescr>Administrator email</fielddescr> + <description>This is the email address displayed in error messages to the users.</description> + <default_value>admin@localhost</default_value> <type>input</type> </field> - <field> - <fielddescr>Error Messages Language</fielddescr> + <fielddescr>Language</fielddescr> <fieldname>error_language</fieldname> - <description>Select the language in which the Proxy Server shall display error messages to users.</description> + <description>Select the language in which the proxy server will display error messages to users.</description> + <default_value>English</default_value> <type>select</type> - <options> - <option><name>Bulgarian</name><value>Bulgarian</value></option> - <option><name>Catalan</name><value>Catalan</value></option> - <option><name>Czech</name><value>Czech</value></option> - <option><name>Danish</name><value>Danish</value></option> - <option><name>Dutch</name><value>Dutch</value></option> - <option><name>English</name><value>English</value></option> - <option><name>Estonian</name><value>Estonian</value></option> - <option><name>Finnish</name><value>Finnish</value></option> - <option><name>French</name><value>French</value></option> - <option><name>German</name><value>German</value></option> - <option><name>Hebrew</name><value>Hebrew</value></option> - <option><name>Hungarian</name><value>Hungarian</value></option> - <option><name>Italian</name><value>Italian</value></option> - <option><name>Japanese</name><value>Japanese</value></option> - <option><name>Korean</name><value>Korean</value></option> - <option><name>Lithuanian</name><value>Lithuanian</value></option> - <option><name>Polish</name><value>Polish</value></option> - <option><name>Portuguese</name><value>Portuguese</value></option> - <option><name>Romanian</name><value>Romanian</value></option> - <option><name>Russian-1251</name><value>Russian-1251</value></option> - <option><name>Russian-koi8-r</name><value>Russian-koi8-r</value></option> - <option><name>Serbian</name><value>Serbian</value></option> - <option><name>Simplify Chinese</name><value>Simplify Chinese</value></option> - <option><name>Slovak</name><value>Slovak</value></option> - <option><name>Spanish</name><value>Spanish</value></option> - <option><name>Swedish</name><value>Swedish</value></option> - <option><name>Traditional Chinese</name><value>Traditional Chinese</value></option> - <option><name>Turkish</name><value>Turkish</value></option> - </options> </field> - </fields> - - <!-- The below writes the configuration as defined by the GUI options --> - <custom_php_global_functions> - function write_static_squid_config() { - global $config; - $lancfg = $config['interfaces']['lan']; - $lanif = $lancfg['if']; - $lanip = $lancfg['ipaddr']; - $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); - $lansn = $lancfg['subnet']; - - $fout = fopen("/usr/local/etc/squid/squid.conf","w"); - fwrite($fout, "#\n"); - fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n"); - fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n"); - fwrite($fout, "#\n"); - fwrite($fout, "shutdown_lifetime 5 seconds\n"); - fwrite($fout, "icp_port 0\n"); - fwrite($fout, "\n"); - - fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n"); - fwrite($fout, "no_cache deny QUERY\n"); - fwrite($fout, "\n"); - - fwrite($fout, "pid_filename /var/run/squid.pid\n"); - fwrite($fout, "\n"); - - fwrite($fout, "cache_mem 8 MB\n"); - fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n"); - fwrite($fout, "\n"); - - fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n"); - fwrite($fout, "\n"); - - fwrite($fout, "memory_replacement_policy heap GDSF\n"); - fwrite($fout, "cache_replacement_policy heap GDSF\n"); - fwrite($fout, "\n"); - - fwrite($fout, "cache_access_log /dev/null\n"); - fwrite($fout, "cache_log /dev/null\n"); - fwrite($fout, "cache_store_log none\n"); - fwrite($fout, "\n"); - - fwrite($fout, "log_mime_hdrs off\n"); - fwrite($fout, "emulate_httpd_log on\n"); - fwrite($fout, "forwarded_for off\n"); - fwrite($fout, "\n"); - - fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n"); - fwrite($fout, "\n"); - - fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n"); - fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n"); - fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n"); - fwrite($fout, "acl SSL_ports port 443 563 873 # https, snews, rsync\n"); - fwrite($fout, "acl Safe_ports port 80 # http\n"); - fwrite($fout, "acl Safe_ports port 21 # ftp\n"); - fwrite($fout, "acl Safe_ports port 443 563 873 # https, snews, rsync\n"); - fwrite($fout, "acl Safe_ports port 70 # gopher\n"); - fwrite($fout, "acl Safe_ports port 210 # wais\n"); - fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n"); - fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n"); - fwrite($fout, "acl Safe_ports port 488 # gss-http\n"); - fwrite($fout, "acl Safe_ports port 591 # filemaker\n"); - fwrite($fout, "acl Safe_ports port 777 # multiling http\n"); - fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n"); - fwrite($fout, "\n"); - - fwrite($fout, "acl CONNECT method CONNECT\n"); - fwrite($fout, "\n"); - - fwrite($fout, "#access to squid; local machine; no restrictions\n"); - fwrite($fout, "http_access allow localnet\n"); - fwrite($fout, "http_access allow localhost\n"); - fwrite($fout, "\n"); - - fwrite($fout, "#Deny non web services\n"); - fwrite($fout, "http_access deny !Safe_ports\n"); - fwrite($fout, "http_access deny CONNECT !SSL_ports\n"); - fwrite($fout, "\n"); - - fwrite($fout, "#Set custom configured ACLs\n"); - fwrite($fout, "http_access deny all\n"); - fwrite($fout, "visible_hostname pfSense\n"); - fwrite($fout, "\n"); - - fwrite($fout, "cache_effective_user squid\n"); - fwrite($fout, "cache_effective_group squid\n"); - fwrite($fout, "\n"); - - fwrite($fout, "maximum_object_size 4096 KB\n"); - fwrite($fout, "minimum_object_size 0 KB\n"); - fwrite($fout, "\n"); - - fwrite($fout, "request_body_max_size 0 KB\n"); - fwrite($fout, "reply_body_max_size 0 allow all\n"); - fwrite($fout, "\n"); - - fwrite($fout, "httpd_accel_host virtual\n"); - fwrite($fout, "httpd_accel_port 80\n"); - fwrite($fout, "httpd_accel_with_proxy on\n"); - fwrite($fout, "httpd_accel_uses_host_header on\n"); - - fclose($fout); - } - </custom_php_global_functions> - - <custom_add_php_command_late> - require_once("/usr/local/pkg/squid_ng.inc"); - - global_write_squid_config(); - mwexec("/usr/local/sbin/squid -k reconfigure"); - </custom_add_php_command_late> - - <custom_php_install_command> - write_static_squid_config(); - - touch("/tmp/custom_php_install_command"); - - update_output_window("Creating Proxy Server initialization scripts..."); - $fout = fopen("/usr/local/etc/rc.d/squid.sh","w"); - fwrite($fout, "#!/bin/sh\n"); - fwrite($fout, "#: /usr/local/etc/rc.d/squid.sh\n\n"); - fwrite($fout, "touch /tmp/ro_root_mount\n"); - fwrite($fout, "/usr/local/sbin/squid -D\n"); - fwrite($fout, "touch /tmp/filter_dirty\n"); - fclose($fout); - - mwexec("chmod 755 /usr/local/etc/rc.d/squid.sh"); - - /* create log directory hierarchies if they don't exist */ - update_output_window("Creating required directory hierarchies..."); - - if (!file_exists("/var/squid/logs")) { - mwexec("mkdir -p /var/squid/logs"); - } - mwexec("/usr/sbin/chown squid:squid /var/squid/logs"); - - if (!file_exists("/var/squid/cache")) { - mwexec("mkdir -p /var/squid/cache"); - } - mwexec("/usr/sbin/chown squid:squid /var/squid/cache"); - - if (!file_exists("/usr/local/etc/squid/advanced/acls")) { - mwexec("mkdir -p /usr/local/etc/squid/advanced/acls"); - } - mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/acls"); - - if (!file_exists("/usr/local/etc/squid/advanced/ncsa")) { - mwexec("mkdir -p /usr/local/etc/squid/advanced/ncsa"); - } - mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/ncsa"); - - if (!file_exists("/usr/local/etc/squid/advanced/ntlm")) { - mwexec("mkdir -p /usr/local/etc/squid/advanced/ntlm"); - } - mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/ntlm"); - - if (!file_exists("/usr/local/etc/squid/advanced/radius")) { - mwexec("mkdir -p /usr/local/etc/squid/advanced/radius"); - } - mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/radius"); - - /* EmanuelG: update pf group ownership settings to enhance squid performance and correct issue relating - * to error message: parseHttpRequest: PF open failed: (13) Permission denied - */ - mwexec("chgrp squid /dev/pf"); - mwexec("chmod g+rw /dev/pf"); - - $devfs_file = fopen("/etc/devfs.conf", "a"); - fwrite($devfs_file, "\n# Allow squid to query the packet filter bymaking is group-accessable. "); - fwrite($devfs_file, "own pf root:squid"); - fwrite($devfs_file, "perm pf 0640"); - fclose($devfs_file); - - update_output_window("Initializing Cache... This may take a moment..."); - mwexec("/usr/local/sbin/squid -z"); - - write_static_squid_config(); - - update_output_window("Starting Proxy Server..."); - mwexec("/usr/local/etc/rc.d/squid.sh"); - filter_configure(); - </custom_php_install_command> - - <custom_php_deinstall_command> - update_output_window("Stopping proxy service..."); - - do while ((file_exists("/var/run/squid.pid") or ($i == 30)) { - mwexec("/usr/local/sbin/squid -k shutdown"); - $i++; - } - - /* brute force any remaining squid processes out */ - mwxec("/usr/bin/killall squid"); - - update_output_window("Recursively removing directories hierarchies..."); - update_output_window("If existant, log files in /var/squid/logs will remain..."); - mwexec("rm -rf /usr/local/squid"); - mwexec("rm -rf /var/squid/cache"); - mwexec("rm -rf /usr/local/etc/squid"); - - update_output_window("Removing configuration files..."); - unlink_if_exists("/usr/local/etc/rc.d/squid.sh"); - unlink_if_exists("/usr/local/etc/squid"); - unlink_if_exists("/usr/local/libexec/squid"); - - filter_configure(); - </custom_php_deinstall_command> - - <start_command>/usr/local/etc/rc.d/squid.sh</start_command> - - <process_kill_command>/usr/local/sbin/squid -k shutdown</process_kill_command> - + <custom_php_command_before_form> + squid_before_form_general(&$pkg); + </custom_php_command_before_form> + <custom_php_validation_command> + squid_validate_general($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> </packagegui> - |