From 95800e02aaadf36dfe6b59866b0365a029b21521 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Tue, 14 May 2013 19:30:24 -0300 Subject: squid3-dev - remove buit-in acl declaration, fix real_interfaces array creation and replace old squidguard integration to url_rewrite_program --- config/squid3/33/squid.inc | 64 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 49 insertions(+), 15 deletions(-) diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index d89f5b8f..94c85a7e 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -819,31 +819,49 @@ function squid_resync_general() { $ssl_port = ($settings['ssl_proxy_port'] ? $settings['ssl_proxy_port'] : 3127); #Read assigned interfaces + $real_ifaces = array(); + if($settings['active_interface']) $proxy_ifaces = explode(",", $settings['active_interface']); else $proxy_ifaces=array("lan"); - if ($settings['transparent_proxy']=="on") + if ($settings['transparent_proxy']=="on"){ $transparent_ifaces = explode(",", $settings['transparent_active_interface']); - else + foreach ($transparent_ifaces as $t_iface){ + $t_iface_ip = squid_get_real_interface_address($t_iface); + if($t_iface_ip[0]) + $real_ifaces[]=$t_iface_ip; + } + } + else{ $transparent_ifaces=array(); + } - if ($settings['ssl_proxy']=="on") + if ($settings['ssl_proxy']=="on"){ $ssl_ifaces = explode(",", $settings['ssl_active_interface']); - else + foreach ($ssl_ifaces as $s_iface){ + $s_iface_ip = squid_get_real_interface_address($s_iface); + if($s_iface_ip[0]) + $real_ifaces[]=$s_iface_ip; + } + } + else{ $ssl_ifaces=array(); - - $real_ifaces = array(); + } + + #check all proxy interfaces selected foreach ($proxy_ifaces as $iface) { $iface_ip = squid_get_real_interface_address($iface); if($iface_ip[0]) { + $real_ifaces[]=$iface_ip; if (in_array($iface,$ssl_ifaces)) $conf .= "http_port {$iface_ip[0]}:{$port} {$ssl_interception}\n"; else $conf .= "http_port {$iface_ip[0]}:{$port}\n"; } } + if (($settings['transparent_proxy'] == 'on')) { if ($settings['ssl_proxy'] == "on" && count($ssl_ifaces)>0){ $conf .= "http_port 127.0.0.1:{$port} intercept {$ssl_interception}\n"; @@ -905,7 +923,8 @@ EOD; list($ip, $mask) = $iface; $ip = long2ip(ip2long($ip) & ip2long($mask)); $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2); - $src .= " $ip/$mask"; + if (!preg_match("@$ip/$mask@",$src)) + $src .= " $ip/$mask"; } $conf .= "# Allow local network(s) on interface(s)\n"; $conf .= "acl localnet src $src\n"; @@ -1038,6 +1057,7 @@ $disk_cache_opts minimum_object_size {$min_objsize} KB maximum_object_size {$max_objsize} offline_mode {$offline_mode} + EOD; if (!empty($settings['cache_swap_low'])) $conf .= "cache_swap_low {$settings['cache_swap_low']}\n"; @@ -1116,11 +1136,15 @@ function squid_resync_nac() { $conf = <<