diff options
Diffstat (limited to 'packages/squid_ng.xml')
| -rw-r--r-- | packages/squid_ng.xml | 481 |
1 files changed, 408 insertions, 73 deletions
diff --git a/packages/squid_ng.xml b/packages/squid_ng.xml index f2ae25ac..0df323d5 100644 --- a/packages/squid_ng.xml +++ b/packages/squid_ng.xml @@ -1,12 +1,22 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> - <info> - <name>Squid</name> - <category>Security</category> - <version>2.5.10_4</version> - <status>Alpha</status> - </info> + <name>squidng</name> + <category>Security</category> + <version>2.5.10_4</version> + <title>Services: Squid Advanced Proxy</title> + + <!-- This defines the location where the config is stored within pfSense's + xml based global store --> + <configpath>['installedpackages']['package']['squidng']['configuration']['settings']</configpath> + <aftersaveredirect>/pkg_edit.php?xml=squid_ng.xml&id=0</aftersaveredirect> + + <!-- TODO: Add xml to parse proxy logs into readable format + <menu> + <name>Proxy Log</name> + <section>Status</section> + <configfile>squid_log.xml</configfile> + </menu> --> <files> <file> @@ -42,17 +52,19 @@ <location>http://www.pfsense.com/packages/config/squid_traffic.xml</location> </file> - <!-- retrieves the configuration file for authentication settings --> + <!-- TODO: retrieves the configuration file for authentication settings <file> <type>configfile</type> <location>http://www.pfsense.com/packages/config/squid_auth.xml</location> </file> + --> - <!-- retrieves the configuration file for user definitions --> + <!-- TODO: retrieves the configuration file for user definitions <file> <type>configfile</type> <location>http://www.pfsense.com/packages/config/squid_users.xml</location> </file> + --> </files> @@ -64,14 +76,10 @@ </menu> </menus> - <!-- This defines the location where the config is stored within pfSense's - xml based global store --> - <configpath>installedpackages->package->$packagename->configuration->settings</configpath> - <tabs> <tab> <text>General Settings</text> - <url>/pkg_edit.php?xml=squid1.xml&id=0</url> + <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url> <active/> </tab> @@ -95,6 +103,7 @@ <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> </tab> + <!-- <tab> <text>Authentication Settings</text> <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> @@ -104,11 +113,12 @@ <text>Users</text> <url>/pkg_edit.php?xml=squid_users.xml&id=0</url> </tab> + --> </tabs> <fields> <field> - <fielddescr>Listening Interface</fielddescr> + <fielddescr>Proxy Listening Interface</fielddescr> <fieldname>active_interface</fieldname> <description>This defines the active listening interface to which the proxy server will listen for its requests.</description> <type>interfaces_selection</type> @@ -129,6 +139,13 @@ </field> <field> + <fielddescr>URL Filtering Enabled</fielddescr> + <fieldname>urlfilter_enable</fieldname> + <description>This enables the advanced functionality in conjunction with squidGuard to provide an array of URL filtering options. This squidGuard functionality can be additionally configured from Services -> Advanced Proxy Filtering</description> + <type>checkbox</type> + </field> + + <field> <fielddescr>Log Query Terms</fielddescr> <fieldname>log_query_terms</fieldname> <description>This will log the complete URL rather than the part of the URL containing dynamic queries.</description> @@ -152,6 +169,14 @@ </field> <field> + <fielddescr>ICP Port</fielddescr> + <fieldname>icp_port</fieldname> + <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. The default value is 0, which means this function is disabled.</description> + <size>4</size> + <type>input</type> + </field> + + <field> <fielddescr>Visible Hostname</fielddescr> <fieldname>visible_hostname</fieldname> <description>This URL is displayed on the Proxy Server error messages.</description> @@ -209,97 +234,407 @@ <!-- The below writes the configuration as defined by the GUI options --> <custom_php_global_functions> - function write_squid_config() { - conf_mount_rw(); <!-- mounts filesystems in read/write mode --> - config_lock(); <!-- locks the config file --> - global $config; + function write_static_squid_config() { + global $config; + $lancfg = $config['interfaces']['lan']; + $lanif = $lancfg['if']; + $lanip = $lancfg['ipaddr']; + $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); + $lansn = $lancfg['subnet']; + + $fout = fopen("/usr/local/etc/squid/squid.conf.new","w"); + fwrite($fout, "#\n"); + fwrite($fout, "# This file was automatically generated by the pfSense package manager\n"); + fwrite($fout, "# This default policy enables transparent proxy with no local disk logging\n"); + fwrite($fout, "#\n"); + fwrite($fout, "shutdown_lifetime 5 seconds\n"); + fwrite($fout, "icp_port 0\n"); + fwrite($fout, "\n"); + + fwrite($fout, "http_port 3128\n"); + fwrite($fout, "\n"); - $fout = fopen("/usr/local/etc/squid/squid.conf","w"); + fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n"); + fwrite($fout, "no_cache deny QUERY\n"); + if ($domain != "") { + $aclout = fopen("/usr/local/etc/squid/dst_nocache.acl","w"); + $each_domain = explode(" ", $domain); + foreach ($each_domain as $line) { + fwrite($aclout, $line . "\n"); + } + fclose($aclout); + } + fwrite($fout, "\n"); + + fwrite($fout, "pid_filename /var/run/squid.pid\n"); + fwrite($fout, "\n"); - <!-- if listening interface is specified, identifies the ip address --> - if ($active_interface != "") { - lan_iface = $active_interface['if']; - listen_ip = $lan_iface['ipaddr']; - iface_subnet_address = gen_subnet($lan_iface['ipaddr'], $lan_iface['subnet']); - iface_subnet_network = $lan_iface['subnet']; - } - - <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - option shutdown_lifetime: - this puts squid into shutdown pending mode until all sockets are - closed. any active clients after the specified seconds will - receive a 'timeout'. - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> - fwrite($fout, "shutdown_lifetime 5 seconds\n"); - - <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - option icp_port: - the port where squid sends and receives ICP queries to and from - neighbor caches. a value of "0" disables this feature. default - is "3130". - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> - fwrite($fout, "icp_port 3130\n"); + fwrite($fout, "cache_mem 8 MB\n"); + fwrite($fout, "cache_dir aufs /usr/local/squid/cache 500 16 256\n"); + fwrite($fout, "\n"); + + fwrite($fout, "error_directory /usr/local/squid/etc/errors/English\n"); + fwrite($fout, "\n"); + + fwrite($fout, "memory_replacement_policy heap LRU\n"); + fwrite($fout, "cache_replacement_policy heap GSDF\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_access_log /dev/null\n"); + fwrite($fout, "cache_log /dev/null\n"); + fwrite($fout, "cache_store_log none\n"); + fwrite($fout, "\n"); + + fwrite($fout, "log_mime_hdrs off\n"); + fwrite($fout, "emulate_httpd_log on\n"); + fwrite($fout, "forwarded_for off\n"); fwrite($fout, "\n"); - <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - option http_port: - this specifies the ip address/port that squid will be listening - on for requests. the below evaluates if a value was entered for - the listening port and defines the value. - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> - if ($http_port == "") $http_port="3128"; - fwrite($fout, "http_port " . $listen_ip . " " . $proxy_port . "\n"); + fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n"); + fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n"); + fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n"); + fwrite($fout, "acl SSL_ports port 443 563\n"); + fwrite($fout, "acl Safe_ports port 80 # http\n"); + fwrite($fout, "acl Safe_ports port 21 # ftp\n"); + fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n"); + fwrite($fout, "acl Safe_ports port 70 # gopher\n"); + fwrite($fout, "acl Safe_ports port 210 # wais\n"); + fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n"); + fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n"); + fwrite($fout, "acl Safe_ports port 488 # gss-http\n"); + fwrite($fout, "acl Safe_ports port 591 # filemaker\n"); + fwrite($fout, "acl Safe_ports port 777 # multiling http\n"); + fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl CONNECT method CONNECT\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#access to squid; local machine; no restrictions\n"); + fwrite($fout, "http_access allow localnet\n"); + fwrite($fout, "http_access allow localhost\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Deny non web services\n"); + fwrite($fout, "http_access deny !Safe_ports\n"); + fwrite($fout, "http_access deny CONNECT\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Set custom configured ACLs\n"); + fwrite($fout, "http_access deny all\n"); + fwrite($fout, "visible_hostname pfSense\n"); + fwrite($fout, "httpd_accel_host virtual\n"); + fwrite($fout, "httpd_accel_port 80\n"); + fwrite($fout, "httpd_accel_with_proxy on\n"); + fwrite($fout, "httpd_accel_uses_host_header on\n"); + fwrite($fout, "cache_effective_user squid\n"); + fwrite($fout, "cache_effective_group squid\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Strip HTTP Header\n"); + fwrite($fout, "header_access X-Forwarded-For deny all\n"); + fwrite($fout, "header_access deny all\n"); + fwrite($fout, "\n"); + + fwrite($fout, "maximum_object_size 4096 KB\n"); + fwrite($fout, "minimum_object_size 0 KB\n"); + fwrite($fout, "\n"); + + fwrite($fout, "request_body_max_size 0 KB\n"); + fwrite($fout, "reply_body_max_size 0 allow all\n"); + fwrite($fout, "\n"); + + fclose($fout); + } <!-- end function write_static_squid_config() --> + + function global_write_squid_config() { + global $config; + + <!-- define squid configuration file in variable for replace function --> + $squidconfig = "/usr/local/etc/squid/squid.conf.new"; + + <!-- squid_ng.xml values --> + $active_interface = $config['installedpackages']['squidng']['config'][0]['active_interface']; + $transparent_proxy = $config['installedpackages']['squidng']['config'][0]['transparent_proxy']; + $log_enabled = $config['installedpackages']['squidng']['config'][0]['log_enabled']; + $urlfilter_enable = $config['installedpackages']['squidng']['config'][0]['urlfilter_enable']; + $log_query_terms = $config['installedpackages']['squidng']['config'][0]['log_query_terms']; + $log_user_agents = $config['installedpackages']['squidng']['config'][0]['log_user_agents']; + $proxy_port = $config['installedpackages']['squidng']['config'][0]['proxy_port']; + $visible_hostname = $config['installedpackages']['squidng']['config'][0]['visible_hostname']; + $cache_admin_email = $config['installedpackages']['squidng']['config'][0]['cache_admin_email']; + $error_language = $config['installedpackages']['squidng']['config'][0]['error_language']; + + <!-- squid_upstream.xml values --> + $proxy_forwarding = $config['installedpackages']['squidupstream']['config'][0]['proxy_forwarding']; + $client_ip_forwarding = $config['installedpackages']['squidupstream']['config'][0]['client_ip_forwarding']; + $user_forwarding = $config['installedpackages']['squidupstream']['config'][0]['user_forwarding']; + $upstream_proxy = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy']; + $upstream_proxy_port = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy_port']; + $upstream_username = $config['installedpackages']['squidupstream']['config'][0]['upstream_username']; + $upstream_password = $config['installedpackages']['squidupstream']['config'][0]['upstream_psasword']; + + <!-- squid_cache.xml values --> + $memory_cache_size = $config['installedpackages']['squidcache']['config'][0]['memory_cache_size']; + $harddisk_cache_size = $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size']; + $minimum_object_size = $config['installedpackages']['squidcache']['config'][0]['minimum_object_size']; + $maximum_object_size = $config['installedpackages']['squidcache']['config'][0]['maximum_object_size']; + $level_subdirs = $config['installedpackages']['squidcache']['config'][0]['level_subdirs']; + $memory_replacement = $config['installedpackages']['squidcache']['config'][0]['memory_replacement']; + $cache_replacement = $config['installedpackages']['squidcache']['config'][0]['cache_replacement']; + <!-- $domain <rowhelper> --> + $enable_offline = $config['installedpackages']['squidcache']['config'][0]['enable_offline']; + + <!-- squid_nac.xml values --> + $allowed_subnets = $config['installedpackages']['squidnac']['config'][0]['allowed_subnets']; + <!-- allowed_network_address <rowhelper --> + <!-- allowed_subnet_mask <rowhelper --> + $unrestricted_ip_address = $config['installedpackages']['squidnac']['config'][0]['unrestricted_ip_address']; + + <!-- squid_traffic.xml values --> + $max_download_size = $config['installedpackages']['squidtraffic']['config'][0]['max_download_size']; + $max_upload_size = $config['installedpackages']['squidtraffic']['config'][0]['max_upload_size']; + $dl_overall = $config['installedpackages']['squidtraffic']['config'][0]['dl_overall']; + $dl_per_host = $config['installedpackages']['squidtraffic']['config'][0]['dl_per_host']; + $throttle_binary_files = $config['installedpackages']['squidtraffic']['config'][0]['throttle_binary_files']; + $throttle_cd_image = $config['installedpackages']['squidtraffic']['config'][0]['throttle_cd_image']; + $throttle_multimedia = $config['installedpackages']['squidtraffic']['config'][0]['throttle_multimedia']; + + $fout = fopen($squidconfig,"w"); + + <!-- option: shutdown_lifetime --> + fwrite($fout, "shutdown_lifetime 5 seconds\n"); + fwrite($fout, "\n"); + + <!-- option: icp_port --> + if($icp_port == "") $icp_port="3130"; + fwrite($fout, "icp_port " . $icp_port . "\n"); + <!-- option: http_port --> + if($http_port == "") $http_port="3128"; + $int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['squidng']['config'][0]['active_interface']); + $listen_ip = find_interface_ip($int); + fwrite($fout, "http_port " . $listen_ip . ":" . $http_port . "\n"); fwrite($fout, "\n"); - <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - option acl QUERY urlpath_regex cgi-bin \?: - option non_cache deny QUERY: - this forces squid to never cache files in the below specified - directory for security and performance reasons. - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n"); fwrite($fout, "non_cache deny QUERY\n"); - <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - option cache_effective_user: - option cache_effective_group: - this specifies the UID/GID that the cache process will run on. - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> + + fwrite($fout, "\n"); + fwrite($fout, "cache_effective_user squid\n"); fwrite($fout, "cache_effective_group squid\n"); + fwrite($fout, "\n"); - <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - option pid_filename: - this specifies the path and filename to write the process-id to. - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> fwrite($fout, "pid_filename /var/run/squid.pid\n"); - + fwrite($fout, "\n"); + + if ($memory_cache_size == "") $memory_cache_size="8"; + fwrite($fout, "cache_mem " . $memory_cache_size . " MB\n"); + if ($harddisk_cache_size == "") $harddisk_cache_size="500"; + if ($level_subdirs == "") $level_subdirs="16"; + fwrite($fout, "cache_dirs aufs /usr/local/squid/cache " . $harddisk_cache_size . " " . $level_subdirs . " 256\n"); + fwrite($fout, "\n"); + + if ($error_language == "") $error_language="English"; + fwrite($fout, "error_directory /usr/local/squid/etc/errors/" . $error_language . "\n"); + fwrite($fout, "\n"); + + if ($offline_mode == "on") { + fwrite($fout, "offline_mode on\n"); + fwrite($fout, "\n"); + } + + if ($memory_replacement == "") $memory_replacement="heap GSDF"; + fwrite($fout, "memory_replacement_policy " . $memory_replacement . "\n"); + if ($cache_replacement == "") $cache_replacement="heap GSDF"; + fwrite($fout, "cache_replacement_policy " . $cache_replacement . "\n"); + fwrite($fout, "\n"); + + if ($log_enabled == "on" ) { + fwrite($fout, "cache_access_log /var/log/squid/access.log\n"); + fwrite($fout, "cache_log /var/log/squid/cache.log\n"); + fwrite($fout, "cache_store_log none\n"); + } else { + fwrite($fout, "cache_access_log /dev/null\n"); + fwrite($fout, "cache_log /dev/null\n"); + fwrite($fout, "cache_store_log none\n"); + } + + if ($log_query_terms == "on") { + fwrite($fout, "strip_query_terms off\n"); + } else { + fwrite($fout, "strip_query_terms on\n"); + } + + if ($log_user_agents == "on") { + fwrite($fout, "useragent_log /var/log/squid/useragent.log\n"); + } + fwrite($fout, "\n"); + + fwrite($fout, "log_mime_hdrs off\n"); + fwrite($fout, "emulate_httpd_log on\n"); + if ($client_ip_forwarding !== "on") { + fwrite($fout, "forwarded_for off\n"); + } elseif ($user_forwarding !== "on") { + fwrite($fout, "forwarded_for off\n"); + } else { + fwrite($fout, "forwarded_for on\n"); + } + fwrite($fout, "\n"); + + fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n"); + fwrite($fout, "\n"); + + <!-- obtain interface subnet and address for Squid rules --> + $lactive_interface = strtolower($active_interface); + + $lancfg = $config['interfaces'][$lactive_interface]; + $lanif = $lancfg['if']; + $lanip = $lancfg['ipaddr']; + $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); + $lansn = $lancfg['subnet']; + + fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n"); + fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n"); + fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n"); + fwrite($fout, "acl SSL_ports port 443 563\n"); + fwrite($fout, "acl Safe_ports port 80 # http\n"); + fwrite($fout, "acl Safe_ports port 21 # ftp\n"); + fwrite($fout, "acl Safe_ports port 443 563 # https, snews\n"); + fwrite($fout, "acl Safe_ports port 70 # gopher\n"); + fwrite($fout, "acl Safe_ports port 210 # wais\n"); + fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n"); + fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n"); + fwrite($fout, "acl Safe_ports port 488 # gss-http\n"); + fwrite($fout, "acl Safe_ports port 591 # filemaker\n"); + fwrite($fout, "acl Safe_ports port 777 # multiling http\n"); + fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl CONNECT method CONNECT\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#access to squid; local machine; no restrictions\n"); + fwrite($fout, "http_access allow localnet\n"); + fwrite($fout, "http_access allow localhost\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Deny non web services\n"); + fwrite($fout, "http_access deny !Safe_ports\n"); + fwrite($fout, "http_access deny CONNECT\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Set custom configured ACLs\n"); + fwrite($fout, "http_access deny all\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_effective_user squid\n"); + fwrite($fout, "cache_effective_group squid\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Strip HTTP Header\n"); + fwrite($fout, "header_access X-Forwarded-For deny all\n"); + fwrite($fout, "header_access deny all\n"); + fwrite($fout, "\n"); + + if ($urlfilter_enable == "on") { + fwrite($fout, "redirect_program /usr/sbin/squidGuard"); + fwrite($fout, "redirect_children 5"); + } + + if ($visible_hostname !== "") { + fwrite($fout, "visible_hostname " . $visible_hostname . "\n"); + } + + if ($cache_admin_email !== "") { + fwrite($fout, "cache_mgr " . $cache_admin_email . "\n"); + } + + if ($maximum_object_size == "") $maximum_object_size="4096"; + if ($minimum_object_size == "") $minimum_object_size="0"; + fwrite($fout, "maximum_object_size " . $maximum_object_size . " KB\n"); + fwrite($fout, "minimum_object_size " . $minimum_object_size . " KB\n"); + fwrite($fout, "\n"); + + if ($proxy_forwarding == "on") { + fwrite($fout, "cache_peer " . $upstream_proxy . "parent " . $upstream_proxy_port . "3130 login=" . upstream_username . ":" . upstream_password . " default no-query\n"); + fwrite($fout, "never_direct allow all\n"); + } + + if ($transparent_proxy == "on") { + fwrite($fout, "httpd_accel_host virtual\n"); + fwrite($fout, "httpd_accel_port 80\n"); + fwrite($fout, "httpd_accel_with_proxy on\n"); + fwrite($fout, "httpd_accel_uses_host_header on\n"); + fwrite($fout, "\n"); + } + fclose($fout); - } + } <!-- end function write_squid_config --> + </custom_php_global_functions> <custom_add_php_command> - function sync_package_squid; - write_squid_config(); + function sync_package_squid () { mwexec("/usr/local/sbin/squid -k reconfigure"); conf_mount_ro(); <!-- mounts filesystems in read only mode --> config_unlock(); <!-- unlock the config file --> - } + } <!-- end function sync_package_squid --> - sync_package_squid(); + global_write_squid_config(); + <!-- sync_package_squid(); --> </custom_add_php_command> <custom_php_resync_command> - function sync_package_squid; - write_squid_config(); + function sync_package_squid() { mwexec("/usr/local/sbin/squid -k reconfigure"); conf_mount_ro(); <!-- mounts filesystems in read only mode --> config_unlock(); <!-- unlock the config file --> } + global_write_squid_config(); sync_package_squid(); </custom_php_resync_command> + <custom_php_install_command> + write_static_squid_config(); <!-- write initial config to work --> + + $fout = fopen("/usr/local/etc/rc.d/squid.sh","w"); + fwrite($fout, "#!/bin/sh\n"); + fwrite($fout, "# PACKAGE: Squid\n); + fwrite($fout, "# EXECUTABLE: squid\n\n"); + fwrite($fout "# Alert system that we need the / mount rw\n"); + fwrite($fout, "touch /tmp/rw_root_mount\n\n"); + fwrite($fout, "/usr/local/sbin/squid -D\n\n"); + fwrite($fout, "touch /tmp/filter_dirty\n\n"); + fclose($fout); + + chmod("/usr/local/etc/rc.d/squid.sh", 755); + update_output_window("Configuring Squid... This may take a moment..."); + mwexec("/usr/local/sbin/squid -z"); + update_output_window("Starting Squid..."); + mwexec_bg("/usr/local/etc/rc.d/squid.sh"); + filter_configure(); + </custom_php_install_command> + + <custom_php_deinstall_command> + rmdir_recursive("/usr/local/squid"); + unlink_if_exists("/var/mail/squid"); + unlink_if_exists("/usr/local/etc/rc.d/squid"); + unlink_if_exists("/usr/local/etc/squid/squid.conf"); + unlink_if_exists("/usr/local/etc/squid"); + unlink_if_exists("/usr/local/libexec/squid"); + filter_configure(); + </custom_php_deinstall_command> + + <!-- <start_command>/usr/local/etc/rc.d/squid.sh</start_command> --> + + <process_kill_command>squid</process_kill_command> + </packagegui>
\ No newline at end of file |