From c7b1432ce5e49d061a182df0b09db5de36d787f5 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Sun, 22 Apr 2012 04:11:38 +0000 Subject: squid3 - version 2.0.5 with transparent proxy fix and integration with captive portal for non transparent use. --- config/squid-reverse/squid.inc | 37 +++++- config/squid-reverse/squid.xml | 11 +- config/squid-reverse/squid_monitor.php | 167 ++++++++++++++++++++++++++++ config/squid-reverse/squid_monitor_data.php | 136 ++++++++++++++++++++++ pkg_config.8.xml | 4 +- pkg_config.8.xml.amd64 | 4 +- 6 files changed, 353 insertions(+), 6 deletions(-) create mode 100644 config/squid-reverse/squid_monitor.php create mode 100644 config/squid-reverse/squid_monitor_data.php diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index db3aafca..70127510 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -1525,7 +1525,42 @@ function squid_generate_rules($type) { global $config; $squid_conf = $config['installedpackages']['squid']['config'][0]; - + + //check captive portal option + $cp_file='/etc/inc/captiveportal.inc'; + $pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version")); + $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); + $cp_inc = file($cp_file); + $new_cp_inc=""; + $found_rule=0; + foreach ($cp_inc as $line){ + $new_line=$line; + //remove applied squid patch + if (preg_match('/} set 1 skipto 65314/',$line)){ + $found_rule++; + $new_line =""; + } + //add squid patch option based on current config + if (preg_match('/set 1 pass ip from any to/',$line) && $squid_conf['patch_cp']){ + $found_rule++; + $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from any to {$ips} '.$port.' in\n";'."\n"; + $new_line .= $line; + } + if (preg_match('/set 1 pass ip from {/',$line) && $squid_conf['patch_cp']){ + $found_rule++; + $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from {$ips} '.$port.' to any out\n";'."\n"; + $new_line .= $line; + } + $new_cp_inc .= $new_line; + } + if (!file_exists('/root/'.$pfsense_version.'.captiveportal.inc.backup')) { + copy ($cp_file,'/root/'.$pfsense_version.'.captiveportal.inc.backup'); + } + if($found_rule > 0){ + file_put_contents($cp_file,$new_cp_inc, LOCK_EX); + } + + //normal squid rule check if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) { return; } diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml index 981c256c..764011ea 100644 --- a/config/squid-reverse/squid.xml +++ b/config/squid-reverse/squid.xml @@ -236,11 +236,20 @@ Transparent proxy transparent_proxy - If transparent mode is enabled, all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary. + + NOTE: Transparent mode does not filter ssl(port 443) or any other http/https port.
+ To filter both http and https protocol without touching user config, enable WPAD/PAC options on your dns/dhcp.]]> checkbox private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest + + Patch captive portal + patch_cp + + NOTE: You may need to reapply captive portal config after changing this option.]]> + checkbox + Bypass proxy for Private Address Space (RFC 1918) destination private_subnet_proxy_off diff --git a/config/squid-reverse/squid_monitor.php b/config/squid-reverse/squid_monitor.php new file mode 100644 index 00000000..cbcc8918 --- /dev/null +++ b/config/squid-reverse/squid_monitor.php @@ -0,0 +1,167 @@ + + + + + + +

+ + + + + + + + + + + + +

+ +

+ + +

+ + + + + + diff --git a/config/squid-reverse/squid_monitor_data.php b/config/squid-reverse/squid_monitor_data.php new file mode 100644 index 00000000..46280446 --- /dev/null +++ b/config/squid-reverse/squid_monitor_data.php @@ -0,0 +1,136 @@ +"; + echo "Date"; + echo "IP"; + echo "Status"; + echo "Address"; + echo "User"; + echo "Destination"; + echo ""; + + // Get Data from form post + $lines = $_POST['maxlines']; + $filter = $_POST['strfilter']; + + if ($filter != "") { + $exprfilter = "| grep -i $filter"; + } else { + $exprfilter = ""; + } + + // TODO FIX: + // Remove the hard link (maybe, get from config) + // + exec("tail -r -n $lines /var/squid/logs/access.log $exprfilter",$logarr); + + foreach ($logarr as $logent) { + $logline = preg_split("/\s+/", $logent); + + if ($filter != "") + $logline = preg_replace("/$filter/","$filter",$logline); + + echo "\n"; + echo "".date("d/m/y H:i:s",$logline[0])."\n"; + echo "".$logline[2]."\n"; + echo "".$logline[3]."\n"; + echo "".$logline[6]."\n"; + echo "".$logline[7]."\n"; + echo "".$logline[8]."\n"; + echo "\n"; + } +} + +// Show SquidGuard Logs +function showSGuard() { + + + echo ""; + echo "Date"; + echo "Hour"; + echo "ACL"; + echo "Address"; + echo "Host"; + echo "User"; + echo ""; + + + // Get Data from form post + $lines = $_POST['maxlines']; + $filter = $_POST['strfilter']; + + if ($filter != "") { + $exprfilter = "| grep -i $filter"; + } else { + $exprfilter = ""; + } + + // TODO FIX: + // Remove the hard link (maybe, get from config) + // + exec("tail -r -n $lines /var/squidGuard/log/block.log $exprfilter",$logarr); + + foreach ($logarr as $logent) { + $logline = preg_split("/\s+/", $logent); + + if ($filter != "") + $logline = preg_replace("/$filter/","$filter",$logline); + + echo "\n"; + echo "".$logline[0]."\n"; + echo "".$logline[1]."\n"; + echo "".$logline[3]."\n"; + echo "".$logline[4]."\n"; + echo "".$logline[5]."\n"; + echo "".$logline[6]."\n"; + echo "\n"; + } +} + +?> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 52cce4f0..ceb3ee74 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1010,11 +1010,11 @@ http://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.1.19 pkg 2.0.4 + 3.1.19 pkg 2.0.5 beta 2.0 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org - http://files.pfsense.org/packages/8/All/ + http://e-sac.siteseguro.ws/packages/8/All/ squid-3.1.19.tbz WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_CARP=true WITH_SQUID_SSL=true WITHOUT_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITH_SQUID_WCCP=true WITHOUT_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITHOUT_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITH_SQUID_AUFS=true WITH_SQUID_COSS=true WITH_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index f4a7d9b8..b51305a3 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -118,11 +118,11 @@ http://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.1.19 pkg 2.0.4 + 3.1.19 pkg 2.0.5 beta 2.0 fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org - http://files.pfsense.org/packages/amd64/8/All/ + http://e-sac.siteseguro.ws/packages/amd64/8/All/ squid-3.1.19.tbz WITH_SQUID_KERB_AUTH=true WITH_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITH_SQUID_SASL_AUTH=true WITH_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_CARP=true WITH_SQUID_SSL=true WITHOUT_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITH_SQUID_HTCP=true WITH_SQUID_VIA_DB=true WITH_SQUID_CACHE_DIGESTS=true WITH_SQUID_WCCP=true WITHOUT_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true WITH_SQUID_IDENT=true WITH_SQUID_REFERER_LOG=true WITHOUT_SQUID_USERAGENT_LOG=true WITH_SQUID_ARP_ACL=true WITH_SQUID_PF=true WITHOUT_SQUID_IPFILTER=true WITH_SQUID_FOLLOW_XFF=true WITH_SQUID_AUFS=true WITH_SQUID_COSS=true WITH_SQUID_KQUEUE=true WITH_SQUID_LARGEFILE=true WITHOUT_SQUID_STACKTRACES=true -- cgit v1.2.3