From 05877b4ab13520f30c13e1f9909389f49eb2f29c Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 7 Nov 2015 12:54:56 +0100 Subject: Add input validation for 'Use RAM Disks' on full install boxes (Bug #4608) --- config/squidGuard/squidguard.inc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc index c4c47bcc..4b5b7f43 100644 --- a/config/squidGuard/squidguard.inc +++ b/config/squidGuard/squidguard.inc @@ -103,10 +103,17 @@ sg_init(convert_pfxml_to_sgxml()); # ============================================================================== function squidguard_validate(&$post, &$input_errors) { + global $config, $g; $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; # check config if 'Apply' - if ($submit === APPLY_BTN) sg_check_config_data($input_errors); + if ($submit === APPLY_BTN) { + // XXX:Bug #4608 + if (($g['platform'] == "pfSense") && isset($config['system']['use_mfs_tmpvar'])) { + $input_errors[] = "Please, disable 'Use RAM Disks' under System: Advanced: Miscellaneous to avoid SquidGuard configuration breakage on reboot."; + } + sg_check_config_data($input_errors); + } } # ------------------------------------------------------------------------------ -- cgit v1.2.3 From 6efaddfd3c3a5baaa0132b35fafe6f20996ed85d Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 7 Nov 2015 13:09:55 +0100 Subject: Add note about blacklists being unsupported on nanobsd --- config/squidGuard/squidguard.xml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml index e7514f63..f2d17d3f 100644 --- a/config/squidGuard/squidguard.xml +++ b/config/squidGuard/squidguard.xml @@ -244,8 +244,14 @@ Blacklist blacklist - + + + Do NOT enable this on NanoBSD installs! + ]]> + checkbox + blacklist_proxy,blacklist_url Blacklist proxy -- cgit v1.2.3 From dcb0cfe7d6b632db801bb1e0b2073024fa0a97df Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 7 Nov 2015 13:38:36 +0100 Subject: Add input validation to force disabling of blacklists on nanobsd --- config/squidGuard/squidguard.inc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc index 4b5b7f43..0747dd0c 100644 --- a/config/squidGuard/squidguard.inc +++ b/config/squidGuard/squidguard.inc @@ -112,6 +112,11 @@ function squidguard_validate(&$post, &$input_errors) if (($g['platform'] == "pfSense") && isset($config['system']['use_mfs_tmpvar'])) { $input_errors[] = "Please, disable 'Use RAM Disks' under System: Advanced: Miscellaneous to avoid SquidGuard configuration breakage on reboot."; } + if ($g['platform'] != "pfSense") { + if ($post['blacklist'] != "" || $post['blacklist_proxy'] != "" || $post['blacklist_url'] != "") { + $input_errors[] = "Blacklists usage is NOT supported on NanoBSD. Disable 'Blacklist' option in 'General settings'."; + } + } sg_check_config_data($input_errors); } } -- cgit v1.2.3 From b16e8009e60a1cd97ccfaebdcf4efbd90989d30f Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 7 Nov 2015 13:44:37 +0100 Subject: Bump squidGuard package version --- pkg_config.10.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg_config.10.xml b/pkg_config.10.xml index fe424b4e..7b94d647 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1184,7 +1184,7 @@ http://www.squidGuard.org/ dv_serg@mail.ru Network Management - 1.9.16 + 1.9.17 BETA 2.2 squidguard-1.4_7-##ARCH##.pbi -- cgit v1.2.3 From 4be183d22c16e2e9f2d71d4246c2009c5170d321 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 7 Nov 2015 13:45:14 +0100 Subject: Bump squidGuard package version --- pkg_config.8.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg_config.8.xml b/pkg_config.8.xml index c4e1c8d4..95080c77 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1252,7 +1252,7 @@ http://www.squidGuard.org/ dv_serg@mail.ru Network Management - 1.4_4 pkg v1.9.16 + 1.4_4 pkg v1.9.17 Beta 1.1 https://files.pfsense.org/packages/8/All/ -- cgit v1.2.3 From 68e2e10f9cc233111dea6ee69f6f50aebb924e7b Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 7 Nov 2015 13:45:47 +0100 Subject: Bump squidGuard package version --- pkg_config.8.xml.amd64 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 204e1e82..c7cea5a8 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1239,7 +1239,7 @@ http://www.squidGuard.org/ dv_serg@mail.ru Network Management - 1.4_4 pkg v1.9.16 + 1.4_4 pkg v1.9.17 Beta 1.1 https://files.pfsense.org/packages/amd64/8/All/ -- cgit v1.2.3 From 840707f24114d0d1054efc45f5dcfb5f912816eb Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 7 Nov 2015 18:58:33 +0100 Subject: XMLRPC sync fixes and improvements - Fix CARP/HA sync option (port/protocol) - Honor enable/disable checkboxes - Fix literal IPv6 handling for sync targets - Do settings validation and only try to sync when configuration is valid - Code cleanup --- config/squidGuard/squidguard.inc | 306 ++++++++++++++++++++------------------- 1 file changed, 155 insertions(+), 151 deletions(-) diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc index 0747dd0c..65e1ef50 100644 --- a/config/squidGuard/squidguard.inc +++ b/config/squidGuard/squidguard.inc @@ -1,36 +1,34 @@ Copyright (C) 2013 Marcello Coutinho - - part of pfSense (www.pfSense.com) - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -# ------------------------------------------------------------------------------ - require_once('globals.inc'); require_once('config.inc'); require_once('util.inc'); @@ -1482,100 +1480,114 @@ function squidguard_blacklist_list() return $res; } -// ##### The following part is based on the code of pfblocker ##### - /* Uses XMLRPC to synchronize the changes to a remote node */ function squidguard_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages']['squidguardsync'])){ + + if (is_array($config['installedpackages']['squidguardsync'])) { $synconchanges = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc']; - $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout']; - } - else - { + $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'] ?: '150'; + } else { return; } - // if checkbox is NOT checked do nothing - switch ($synconchanges){ + switch ($synconchanges) { case "manual": - if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])){ - $rs=$config['installedpackages']['squidguardsync']['config'][0]['row']; - } - else{ - log_error("[Squidguard] xmlrpc sync is enabled but there is no hosts to push on Squidguard config."); + if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])) { + $rs = $config['installedpackages']['squidguardsync']['config'][0]['row']; + } else { + log_error("[Squidguard] XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; - } + } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['varsyncdestinenable']="on"; - $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https"); - $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; - $rs[0]['varsyncpassword']=$system_carp['password']; - $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443"); - if (! is_ipaddr($system_carp['synchronizetoip'])){ - log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); - return; - } + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['varsyncusername'] = $system_carp['username']; + $rs[0]['varsyncpassword'] = $system_carp['password']; + $rs[0]['varsyncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == 'http') { + $rs[0]['varsyncprotocol'] = 'http'; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['varsyncprotocol'] = 'https'; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443'; } - else{ - log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + if ($system_carp['synchronizetoip'] == "") { + log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; + } else { + $rs[0]['varsyncdestinenable'] = TRUE; } - break; + } else { + log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } + break; default: return; - break; - } - if (is_array($rs)){ - log_error("[SquidGuard] xmlrpc sync is starting with timeout {$varsynctimeout} seconds."); - foreach($rs as $sh){ - if($sh['varsyncdestinenable']){ - $varsyncprotocol = $sh['varsyncprotocol']; - $sync_to_ip = $sh['varsyncipaddress']; - $password = $sh['varsyncpassword']; - $varsyncport = $sh['varsyncport']; - if($password && $sync_to_ip) - squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout); - else - log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!"); + break; + } + if (is_array($rs)) { + log_error("[SquidGuard] XMLRPC sync is starting with timeout {$varsynctimeout} seconds."); + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['varsyncdestinenable']) { + $varsyncprotocol = $sh['varsyncprotocol']; + $sync_to_ip = $sh['varsyncipaddress']; + $username = $sh['varsyncusername'] ?: 'admin'; + $password = $sh['varsyncpassword']; + $varsyncport = $sh['varsyncport']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; } - else { - log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; } + if (!is_port($varsyncport)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout); + } else { + log_error("[SquidGuard] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } else { + log_error("[SquidGuard] XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); } - log_error("[SquidGuard] xmlrpc sync is ending."); - } + } + log_error("[SquidGuard] XMLRPC sync is ending."); + } } /* Do the actual XMLRPC sync */ -function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) { +function squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout) { global $config, $g; - if($varsynctimeout == '' || $varsynctimeout == 0) - $varsynctimeout = 150; - - if(!$password) - return; - - if(!$sync_to_ip) - return; - - if(!$varsyncport) + if ($username == "" || $password == "" || $sync_to_ip == "" || $varsyncport == "" || $varsyncprotocol == "") { + log_error("[SquidGuard] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; + } - if(!$varsyncprotocol) - return; - - // Check and choose correct protocol type, port number and IP address - $synchronizetoip .= "$varsyncprotocol" . '://'; - $port = "$varsyncport"; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; + } - $synchronizetoip .= $sync_to_ip; + $url = "{$varsyncprotocol}://{$sync_to_ip}"; + $port = $varsyncport; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync. */ $xml = array(); $xml['squidguardgeneral'] = $config['installedpackages']['squidguardgeneral']; $xml['squidguardacl'] = $config['installedpackages']['squidguardacl']; @@ -1583,82 +1595,74 @@ function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn $xml['squidguarddest'] = $config['installedpackages']['squidguarddest']; $xml['squidguardrewrite'] = $config['installedpackages']['squidguardrewrite']; $xml['squidguardtime'] = $config['installedpackages']['squidguardtime']; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - log_error("SquidGuard: Beginning squidguard XMLRPC sync with {$url}:{$port}."); + + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); + + /* Set a few variables needed for sync code */ + log_error("[SquidGuard] Beginning XMLRPC sync with {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - if($g['debug']) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after $varsynctimeout seconds */ + $cli->setCredentials($username, $password); + if ($g['debug']) { + $cli->setDebug(1); + } + /* Send our XMLRPC message and timeout after $varsynctimeout seconds */ + $resp = $cli->send($msg, $varsynctimeout); + if (!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } elseif ($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); - if(!$resp) { - $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port}."; - log_error("SquidGuard: $error"); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $varsynctimeout); - $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error("SquidGuard: $error"); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } else { - log_error("SquidGuard: XMLRPC has synced data successfully with {$url}:{$port}."); - } - - /* tell squidguard to reload our settings on the destionation sync host. */ + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } else { + log_error("[SquidGuard] XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* Tell Squidguard to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/squidguard.inc');\n"; - // pfblocker just needed one fuction to reload after XMLRPC. squidguard needs more so we point to a fuction below which contains all fuctions + // Squidguard needs more functions; we point to a function below which contains all the required functions $execcmd .= "squidguard_all_after_XMLRPC_resync();"; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); - log_error("SquidGuard XMLRPC is reloading data on {$url}:{$port}."); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); + + log_error("[SquidGuard] XMLRPC is reloading data on {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $varsynctimeout); + if (!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (exec_php)."; + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } elseif ($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); - if(!$resp) { - $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port} (exec_php)."; - log_error($error); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $varsynctimeout); - $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } else { - log_error("SquidGuard: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); - } + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } else { + log_error("[SquidGuard] XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); + } } -// ##### The part above is based on the code of pfblocker ##### - -// This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files +// This function restarts all other needed functions after XMLRPC sync so that the content of .XML + .INC will be written in the files // Adding more functions will increase the time to sync function squidguard_all_after_XMLRPC_resync() { - + squidguard_resync_acl(); squidguard_resync_dest(); squidguard_resync(); - - log_error("SquidGuard: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); + + log_error("[SquidGuard] Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); } ?> -- cgit v1.2.3 From 08df0a690f47f029d236ef8f31dc222920b84995 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 7 Nov 2015 19:06:05 +0100 Subject: XMLRPC sync fixes and improvements - Tweak some descriptions - Fix copyright header, whitespace, remove useless tags --- config/squidGuard/squidguard_sync.xml | 118 +++++++++++++++++----------------- 1 file changed, 58 insertions(+), 60 deletions(-) diff --git a/config/squidGuard/squidguard_sync.xml b/config/squidGuard/squidguard_sync.xml index f0537faf..2d50ca24 100644 --- a/config/squidGuard/squidguard_sync.xml +++ b/config/squidGuard/squidguard_sync.xml @@ -1,54 +1,50 @@ - - - + + + - + -Copyright (C) 2013 Marcello Coutinho -based on pfblocker_sync.xml -All rights reserved. - -Based on m0n0wall (http://m0n0.ch/wall) -Copyright (C) 2003-2006 Manuel Kasper . -All rights reserved. + squidguardsync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Alexander Wilke + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. -1. Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -/* ========================================================================== */ -]]> - - Describe your package requirements here - Currently there are no FAQ items provided. +/* ====================================================================================== */ + ]]> + squidguardsync - 1.3_1 pkg v.1.9 - Proxy filter SquidGuard: XMLRPC Sync + 1.9.17 + SquidGuard Proxy Filter: XMLRPC Sync /usr/local/pkg/squidguard.inc @@ -97,11 +93,16 @@ POSSIBILITY OF SUCH DAMAGE. Enable Sync varsyncenablexmlrpc - - Important: While using "Sync to hosts defined below", only sync from host A to B, A to C but do not enable XMLRPC sync to A. This will result in a loop!]]> + +
+ Important: While using "Sync to host(s) defined below", only sync from host A to B, A to C but do not enable XMLRPC sync to A. + This will result in a loop! + ]]> + select - auto + disabled @@ -109,28 +110,28 @@ POSSIBILITY OF SUCH DAMAGE. - XMLRPC timeout + XMLRPC Timeout varsynctimeout - + XMLRPC timeout in seconds. (Default: 150) input - 150 + 150 5 - - Destination Server + Replication Targets none rowhelper Enable varsyncdestinenable + checkbox - GUI Protocol + Protocol varsyncprotocol - http or https]]> + select HTTP @@ -139,21 +140,21 @@ POSSIBILITY OF SUCH DAMAGE. - GUI IP-Address + IP Address/Hostname varsyncipaddress - + input - 15 + 40 - GUI Port + Port varsyncport - + input 3 - - GUI Admin Password + + Admin Password varsyncpassword password @@ -162,9 +163,6 @@ POSSIBILITY OF SUCH DAMAGE. - - squidguard_sync_on_changes(); - squidguard_sync_on_changes(); -- cgit v1.2.3 From f6e327dc11cde380729204fabdcf01618f29e3e0 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sun, 8 Nov 2015 17:15:07 +0100 Subject: Add instructions for Bug #4793 to the GUI as well. --- config/squidGuard/squidguard.xml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml index f2d17d3f..91922324 100644 --- a/config/squidGuard/squidguard.xml +++ b/config/squidGuard/squidguard.xml @@ -42,7 +42,7 @@ ]]> squidguardgeneral - 1.9.16 + 1.9.17 Proxy filter SquidGuard: General settings /usr/local/pkg/squidguard.inc @@ -148,7 +148,13 @@ Enable squidguard_enable - + + + Important: Please set up at least one category on the 'Target Categories' tab before enabling. + See this link for details. + ]]> + checkbox -- cgit v1.2.3