diff options
Diffstat (limited to 'packages/squid.xml')
-rw-r--r-- | packages/squid.xml | 400 |
1 files changed, 400 insertions, 0 deletions
diff --git a/packages/squid.xml b/packages/squid.xml new file mode 100644 index 00000000..cc746c70 --- /dev/null +++ b/packages/squid.xml @@ -0,0 +1,400 @@ +<?xml version="1.0" encoding="utf-8" ?> + +<packagegui> + <name>squidng</name> + <title>Services: Squid Advanced Proxy</title> + <category>Security</category> + <version>2.5.10_4</version> + <configpath>installedpackages->package->squidng->configuration->settings</configpath> + + <aftersaveredirect>/pkg_edit.php?xml=squid.xml&id=0</aftersaveredirect> + + <menu> + <name>Squid Advanced Proxy</name> + <tooltiptext>Modify settings for Squid Advanced Proxy</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </menu> + + <!-- TODO: Add xml to parse proxy logs into readable format + <menu> + <name>Proxy Log</name> + <section>Status</section> + <configfile>squid_log.xml</configfile> + </menu> --> + + <files> + <file> + <type>package</type> + <location>ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/Latest/squid.tbz</location> + </file> + <file> + <type>package</type> + <location>ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/Latest/squidGuard.tbz</location> + </file> + + <!-- retrieves the configuration file for upstream proxy settings --> + + <file> + <type>configfile</type> + <location>http://www.pfsense.com/packages/config/squid_ng.inc</location> + </file> + + <file> + <type>configfile</type> + <location>http://www.pfsense.com/packages/config/squid_auth.inc</location> + </file> + + <file> + <type>configfile</type> + <location>http://www.pfsense.com/packages/config/squid_upstream.xml</location> + </file> + + <!-- retrieves the configuration file for cache management --> + <file> + <type>configfile</type> + <location>http://www.pfsense.com/packages/config/squid_cache.xml</location> + </file> + + <!-- retrieves the configuration file for network access control --> + <file> + <type>configfile</type> + <location>http://www.pfsense.com/packages/config/squid_nac.xml</location> + </file> + + <!-- retrieves the configuration file for traffic management --> + <file> + <type>configfile</type> + <location>http://www.pfsense.com/packages/config/squid_traffic.xml</location> + </file> + + <file> + <type>configfile</type> + <location>http://www.pfsense.com/packages/config/squid_auth.xml</location> + </file> + + <file> + <type>configfile</type> + <location>http://www.pfsense.com/packages/config/squid_extauth.xml</location> + </file> + + </files> + + <tabs> + <tab> + <text>General Settings</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + <active/> + </tab> + + <tab> + <text>Upstream Proxy</text> + <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + </tab> + + <tab> + <text>Cache Mgmt</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + + <tab> + <text>Network Access Control</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + + <tab> + <text>Auth Settings</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + + <tab> + <text>Extended Auth Settings</text> + <url>/pkg_edit.php?xml=squid_extauth.xml&id=0</url> + </tab> + </tabs> + + <fields> + <field> + <fielddescr>Proxy Listening Interface</fielddescr> + <fieldname>active_interface</fieldname> + <description>This defines the active listening interface to which the proxy server will listen for its requests.</description> + <type>interfaces_selection</type> + </field> + + <field> + <fielddescr>Transparent Proxy</fielddescr> + <fieldname>transparent_proxy</fieldname> + <description>If transparent mode is enabled; all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary.</description> + <type>checkbox</type> + </field> + + <field> + <fielddescr>Log Enabled</fielddescr> + <fieldname>log_enabled</fieldname> + <description>This enables the Web Proxy logging feature. All clients requests will be written to a log file viewable under Services -> Proxy Log.</description> + <type>checkbox</type> + </field> + + <field> + <fielddescr>URL Filtering Enabled</fielddescr> + <fieldname>urlfilter_enable</fieldname> + <description>This enables the advanced functionality in conjunction with squidGuard to provide an array of URL filtering options. This squidGuard functionality can be additionally configured from Services -> Advanced Proxy Filtering</description> + <type>checkbox</type> + </field> + + <field> + <fielddescr>Log Query Terms</fielddescr> + <fieldname>log_query_terms</fieldname> + <description>This will log the complete URL rather than the part of the URL containing dynamic queries.</description> + <type>checkbox</type> + </field> + + <field> + <fielddescr>Log User Agents</fielddescr> + <fieldname>log_user_agents</fieldname> + <description>This will enable the useragent string to be written to a separate log. The results are not shown in the GUI and should only be used for debugging purposes.</description> + <type>checkbox</type> + </field> + + <field> + <combinefieldsend>true</combinefieldsend> + <fielddescr>Proxy Port</fielddescr> + <fieldname>proxy_port</fieldname> + <description>This is the port the Proxy Server will listen for client requests on. The default is 3128.</description> + <size>4</size> + <type>input</type> + </field> + + <field> + <fielddescr>ICP Port</fielddescr> + <fieldname>icp_port</fieldname> + <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. The default value is 0, which means this function is disabled.</description> + <size>4</size> + <type>input</type> + </field> + + <field> + <fielddescr>Visible Hostname</fielddescr> + <fieldname>visible_hostname</fieldname> + <description>This URL is displayed on the Proxy Server error messages.</description> + <size>35</size> + <type>input</type> + </field> + + <field> + <fielddescr>Cache Administrator E-Mail</fielddescr> + <fieldname>cache_admin_email</fieldname> + <description>This E-Mail address is displayed on the Proxy Server error messages.</description> + <size>35</size> + <type>input</type> + </field> + + <field> + <fielddescr>Error Messages Language</fielddescr> + <fieldname>error_language</fieldname> + <description>Select the language in which the Proxy Server shall display error messages to users.</description> + <type>select</type> + <options> + <option><name>Bulgarian</name><value>Bulgarian</value></option> + <option><name>Catalan</name><value>Catalan</value></option> + <option><name>Czech</name><value>Czech</value></option> + <option><name>Danish</name><value>Danish</value></option> + <option><name>Dutch</name><value>Dutch</value></option> + <option><name>English</name><value>English</value></option> + <option><name>Estonian</name><value>Estonian</value></option> + <option><name>Finnish</name><value>Finnish</value></option> + <option><name>French</name><value>French</value></option> + <option><name>German</name><value>German</value></option> + <option><name>Hebrew</name><value>Hebrew</value></option> + <option><name>Hungarian</name><value>Hungarian</value></option> + <option><name>Italian</name><value>Italian</value></option> + <option><name>Japanese</name><value>Japanese</value></option> + <option><name>Korean</name><value>Korean</value></option> + <option><name>Lithuanian</name><value>Lithuanian</value></option> + <option><name>Polish</name><value>Polish</value></option> + <option><name>Portuguese</name><value>Portuguese</value></option> + <option><name>Romanian</name><value>Romanian</value></option> + <option><name>Russian-1251</name><value>Russian-1251</value></option> + <option><name>Russian-koi8-r</name><value>Russian-koi8-r</value></option> + <option><name>Serbian</name><value>Serbian</value></option> + <option><name>Simplify Chinese</name><value>Simplify Chinese</value></option> + <option><name>Slovak</name><value>Slovak</value></option> + <option><name>Spanish</name><value>Spanish</value></option> + <option><name>Swedish</name><value>Swedish</value></option> + <option><name>Traditional Chinese</name><value>Traditional Chinese</value></option> + <option><name>Turkish</name><value>Turkish</value></option> + </options> + </field> + + </fields> + + <!-- The below writes the configuration as defined by the GUI options --> + <custom_php_global_functions> + function write_static_squid_config() { + global $config; + $lancfg = $config['interfaces']['lan']; + $lanif = $lancfg['if']; + $lanip = $lancfg['ipaddr']; + $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); + $lansn = $lancfg['subnet']; + + $fout = fopen("/usr/local/etc/squid/squid.conf","w"); + fwrite($fout, "#\n"); + fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n"); + fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n"); + fwrite($fout, "#\n"); + fwrite($fout, "shutdown_lifetime 5 seconds\n"); + fwrite($fout, "icp_port 0\n"); + fwrite($fout, "\n"); + + fwrite($fout, "http_port 3128\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n"); + fwrite($fout, "no_cache deny QUERY\n"); + fwrite($fout, "\n"); + + fwrite($fout, "pid_filename /var/run/squid.pid\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_mem 8 MB\n"); + fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n"); + fwrite($fout, "\n"); + + fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n"); + fwrite($fout, "\n"); + + fwrite($fout, "memory_replacement_policy heap GDSF\n"); + fwrite($fout, "cache_replacement_policy heap GDSF\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_access_log /dev/null\n"); + fwrite($fout, "cache_log /dev/null\n"); + fwrite($fout, "cache_store_log none\n"); + fwrite($fout, "\n"); + + fwrite($fout, "log_mime_hdrs off\n"); + fwrite($fout, "emulate_httpd_log on\n"); + fwrite($fout, "forwarded_for off\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n"); + fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n"); + fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n"); + fwrite($fout, "acl Safe_ports port 80 # http\n"); + fwrite($fout, "acl Safe_ports port 21 # ftp\n"); + fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n"); + fwrite($fout, "acl Safe_ports port 70 # gopher\n"); + fwrite($fout, "acl Safe_ports port 210 # wais\n"); + fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n"); + fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n"); + fwrite($fout, "acl Safe_ports port 488 # gss-http\n"); + fwrite($fout, "acl Safe_ports port 591 # filemaker\n"); + fwrite($fout, "acl Safe_ports port 777 # multiling http\n"); + fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl CONNECT method CONNECT\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#access to squid; local machine; no restrictions\n"); + fwrite($fout, "http_access allow localnet\n"); + fwrite($fout, "http_access allow localhost\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Deny non web services\n"); + fwrite($fout, "http_access deny !Safe_ports\n"); + fwrite($fout, "http_access deny CONNECT\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Set custom configured ACLs\n"); + fwrite($fout, "http_access deny all\n"); + fwrite($fout, "visible_hostname pfSense\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_effective_user squid\n"); + fwrite($fout, "cache_effective_group squid\n"); + fwrite($fout, "\n"); + + fwrite($fout, "maximum_object_size 4096 KB\n"); + fwrite($fout, "minimum_object_size 0 KB\n"); + fwrite($fout, "\n"); + + fwrite($fout, "request_body_max_size 0 KB\n"); + fwrite($fout, "reply_body_max_size 0 allow all\n"); + fwrite($fout, "\n"); + + fwrite($fout, "httpd_accel_host virtual\n"); + fwrite($fout, "httpd_accel_port 80\n"); + fwrite($fout, "httpd_accel_with_proxy on\n"); + fwrite($fout, "httpd_accel_uses_host_header on\n"); + + fclose($fout); + } <!-- end function write_static_squid_config() --> + </custom_php_global_functions> + + <custom_add_php_command_late> + require_once("/usr/local/pkg/squid_ng.inc"); + + global_write_squid_config(); + mwexec_bg("/usr/local/sbin/squid -k reconfigure"); + </custom_add_php_command_late> + + <custom_php_install_command> + write_static_squid_config(); <!-- write initial static config for transparent proxy --> + + update_output_window("Creating Squid Advanced Proxy initialization scripts..."); + $fout = fopen("/usr/local/etc/rc.d/squid.sh","w"); + fwrite($fout, "#!/bin/sh\n"); + fwrite($fout, "#$pfSense: /usr/local/sbin/rc.d/squid.sh\n\n"); + fwrite($fout, "touch /tmp/ro_root_mount\n"); + fwrite($fout, "/usr/local/sbin/squid -D\n"); + fwrite($fout, "touch /tmp/filter_dirty\n"); + fclose($fout); + + chmod("/usr/local/etc/rc.d/squid.sh", 755); + + <!-- create log directory hierarchies if they don't exist --> + update_output_window("Creating required directory hierarchies..."); + + if (!file_exists("/var/squid/logs")) mwexec("mkdir -p /var/squid/logs"); + if (!file_exists("/var/squid/cache")) mwexec("mkdir -p /var/squid/cache"); + if (!file_exists("/usr/local/etc/squid/advanced/acls")) mwexec("mkdir -p /usr/local/etc/squid/advanced/acls"); + if (!file_exists("/usr/local/etc/squid/advanced/ncsa")) mwexec("mkdir -p /usr/local/etc/squid/advanced/ncsa"); + if (!file_exists("/usr/local/etc/squid/advanced/ntlm")) mwexec("mkdir -p /usr/local/etc/squid/advanced/ntlm"); + if (!file_exists("/usr/local/etc/squid/advanced/radius")) mwexec("mkdir -p /usr/local/etc/squid/advanced/radius"); + + update_output_window("Initializing Cache... This may take a moment..."); + exec("/usr/local/sbin/squid -z"); + + update_output_window("Starting Squid Advanced Proxy..."); + mwexec_bg("/usr/local/etc/rc.d/squid.sh"); + filter_configure(); + </custom_php_install_command> + + <custom_php_deinstall_command> + mwexec("rm -rf /usr/local/squid"); + mwexec("rm -rf /var/squid/cache"); + mwexec("rm -rf /usr/local/etc/squid"); + + unlink_if_exists("/usr/local/etc/rc.d/squid.sh"); + unlink_if_exists("/usr/local/etc/squid"); + unlink_if_exists("/usr/local/libexec/squid"); + + filter_configure(); + </custom_php_deinstall_command> + + <start_command>/usr/local/etc/rc.d/squid.sh</start_command> + + <process_kill_command>/usr/local/sbin/squid -k shutdown</process_kill_command> + +</packagegui> +
\ No newline at end of file |