From aa14c57c16cc25871e9d31d0e812ff502268f4d4 Mon Sep 17 00:00:00 2001 From: marcelloc Date: Sun, 10 Feb 2013 11:16:28 -0200 Subject: squid3 - bump version and include missing squid_reverse_redir.xml call on squid.xml additional_files_needed --- config/squid-reverse/squid.xml | 67 ++++++++++++++++++++++++++++++++++++++---- pkg_config.8.xml | 2 +- pkg_config.8.xml.amd64 | 2 +- 3 files changed, 63 insertions(+), 8 deletions(-) diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml index 72c10ab6..6bc40c6f 100644 --- a/config/squid-reverse/squid.xml +++ b/config/squid-reverse/squid.xml @@ -10,7 +10,7 @@ authng.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2007 to whom it may belong - Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012-2013 Marcello Coutinho All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -22,7 +22,7 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -47,7 +47,7 @@ Describe your package requirements here Currently there are no FAQ items provided. squid - 3.1.STABLE19 + 3.2.7 Proxy server: General settings /usr/local/pkg/squid.inc @@ -198,6 +198,11 @@ 0755 http://www.pfsense.org/packages/config/squid-reverse/swapstate_check.php + + /usr/local/pkg/ + 0755 + http://www.pfsense.org/packages/config/squid-reverse/squid_reverse_redir.xml + /usr/local/www/ 0755 @@ -254,11 +259,11 @@ on - Transparent proxy + Transparent HTTP proxy transparent_proxy - NOTE: Transparent mode does not filter ssl(port 443) or any other http/https port.
- To filter both http and https protocol without touching user config, enable WPAD/PAC options on your dns/dhcp.]]> + NOTE: Transparent mode will filter ssl(port 443) if enable men-in-the-middle options below.
+ To filter both http and https protocol without intercepting ssl connections, enable WPAD/PAC options on your dns/dhcp.]]> checkbox private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest @@ -302,6 +307,56 @@ If you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;). input 70 + + + SSL man in the middle Filtering + listtopic + + + HTTPS/SSL interception + ssl_proxy + + checkbox + dca,dcert,sslcrtd_children,check_certificate + + + SSL Proxy port + ssl_proxy_port + This is the port the proxy server will listen on to intercept ssl while using transparent proxy. + input + 5 + 3129 + + + Cert + dcert + + To create a Certificate on pfsense, go to system -> Cert Manager]]> + select_source + + descr + refid + + + sslcrtd children + sslcrtd_children + + if Squid is used in busy environments this may need to be increased, as well as the number of 'sslcrtd_children']]> + input + 2 + 5 + + + Remote Cert checks + interception_checks + Defaul is to do not select any of these options.]]> + select + + + + + + 3 Logging Settings diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 5c710d06..c4839470 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1246,7 +1246,7 @@ http://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.1.20 pkg 2.0.5_8 + 3.1.20 pkg 2.0.6 beta 2.0 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 29a657f0..7ed2207e 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1233,7 +1233,7 @@ http://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.1.20 pkg 2.0.5_8 + 3.1.20 pkg 2.0.6 beta 2.0 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org -- cgit v1.2.3