From d9da90aafffd420af84ac4dcf3fa4e779cb2faf3 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Tue, 18 Sep 2012 00:40:55 -0300 Subject: squid3 - fix a missing vhost config on https setup --- config/squid-reverse/squid_reverse.inc | 4 +-- pkg_config.8.xml | 48 +++++++++++++++++++++++++++++++++- pkg_config.8.xml.amd64 | 48 +++++++++++++++++++++++++++++++++- 3 files changed, 96 insertions(+), 4 deletions(-) diff --git a/config/squid-reverse/squid_reverse.inc b/config/squid-reverse/squid_reverse.inc index 6c34b4cb..21b6c668 100644 --- a/config/squid-reverse/squid_reverse.inc +++ b/config/squid-reverse/squid_reverse.inc @@ -79,7 +79,7 @@ function squid_resync_reverse() { $conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; //HTTPS if (!empty($settings['reverse_https'])) - $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite}\n"; + $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n"; } } @@ -91,7 +91,7 @@ function squid_resync_reverse() { $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; //HTTPS if (!empty($settings['reverse_https'])) - $conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite}\n"; + $conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n"; } } diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 87f58b84..f943d8be 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -175,6 +175,52 @@ haproxy-1.4.21.tbz haproxy-1.4.21-i386.pbi + + Apache+mod_security-dev + http://doc.pfsense.org/index.php/ProxyServerModSecurity_package + http://www.modsecurity.org/ + ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address. + Network Management + 0.2 + ALPHA + 2.0 + http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml + http://files.pfsense.org/packages/8/All/ + db42-4.2.52_5.tbz + gdbm-1.9.1.tbz + apr-ipv6-devrandom-gdbm-db42-1.4.5.1.3.12_1.tbz + ap22-mod_memcache-0.1.0_4.tbz + apache-2.2.22_5.tbz + ap22-mod_security-2.6.5_1.tbz + proxy_mod_security-2.2.22_6-i386.pbi + apache_virtualhost.xml + /usr/ports/devel/gettext + /usr/ports/misc/help2man + /usr/ports/devel/apr1 + /usr/ports/devel/pkg-config + /usr/ports/databases/db42 + /usr/ports/databases/gdbm + /usr/ports/www/apache22-worker-mpm + /usr/ports/www/mod_security + /usr/ports/www/mod_memcache + /usr/ports/www/p5-LWP-Protocol-https + /usr/ports/www/p5-LWP-UserAgent-Determined + /usr/ports/security/gnupg + /user/ports/net/spread + /user/ports/textproc/p5-XML-Smart + /user/ports/lang/p5-Switch + /user/ports/www/p5-Data-Validate-URI + /user/ports/devel/p5-Data-Types + /user/ports/devel/p5-Acme-Comment + + proxy_mod_security + devel/gettext misc/help2man databases/db42 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment + www/apache22-worker-mpm + www/mod_security www/mod_memcache + + WITH_MPM=worker WITH_THREADS=yes WITHOUT_MYSQL=yes WITHOUT_PGSQL=yes WITH_SQLITE=yes WITH_IPV6=yes WITHOUT_BDB=yes WITH_AUTH_BASIC=yes WITH_AUTH_DIGEST=yes WITH_AUTHN_FILE=yes WITHOUT_AUTHN_DBD=yes WITH_AUTHN_DBM=yes WITH_AUTHN_ANON=yes WITH_AUTHN_DEFAULT=yes WITH_AUTHN_ALIAS=yes WITH_AUTHZ_HOST=yes WITH_AUTHZ_GROUPFILE=yes WITH_AUTHZ_USER=yes WITH_AUTHZ_DBM=yes WITH_AUTHZ_OWNER=yes WITH_AUTHZ_DEFAULT=yes WITH_CACHE=yes WITH_DISK_CACHE=yes WITH_FILE_CACHE=yes WITH_MEM_CACHE=yes WITH_DAV=yes WITH_DAV_FS=yes WITHOUT_BUCKETEER=yes WITHOUT_CASE_FILTER=yes WITHOUT_CASE_FILTER_IN=yes WITHOUT_EXT_FILTER=yes WITHOUT_LOG_FORENSIC=yes WITHOUT_OPTIONAL_HOOK_EXPORT=yes WITHOUT_OPTIONAL_HOOK_IMPORT=yes WITHOUT_OPTIONAL_FN_IMPORT=yes WITHOUT_OPTIONAL_FN_EXPORT=yes WITHOUT_LDAP=yes WITHOUT_AUTHNZ_LDAP=yes WITH_ACTIONS=yes WITH_ALIAS=yes WITH_ASIS=yes WITH_AUTOINDEX=yes WITH_CERN_META=yes WITH_CGI=yes WITH_CHARSET_LITE=yes WITHOUT_DBD=yes WITH_DEFLATE=yes WITH_DIR=yes WITH_DUMPIO=yes WITH_ENV=yes WITH_EXPIRES=yes WITH_HEADERS=yes WITH_IMAGEMAP=yes WITH_INCLUDE=yes WITH_INFO=yes WITH_LOG_CONFIG=yes WITH_LOGIO=yes WITH_MIME=yes WITH_MIME_MAGIC=yes WITH_NEGOTIATION=yes WITH_REWRITE=yes WITH_SETENVIF=yes WITH_SPELING=yes WITH_STATUS=yes WITH_UNIQUE_ID=yes WITH_USERDIR=yes WITH_USERTRACK=yes WITH_VHOST_ALIAS=yes WITH_FILTER=yes WITHOUT_SUBSTITUTE=yes WITH_VERSION=yes WITH_PROXY=yes WITH_PROXY_CONNECT=yes WITH_PROXY_FTP=yes WITH_PROXY_HTTP=yes WITH_PROXY_AJP=yes WITH_PROXY_BALANCER=yes WITH_PROXY_SCGI=yes WITH_SSL=yes WITHOUT_SUEXEC=yes WITHOUT_SUEXEC_RSRCLIMIT=yes WITH_REQTIMEOUT=yes WITHOUT_CGID=yes + Please visit the ProxyServer settings tab and set the service up so that it may be started. + Proxy Server with mod_security http://doc.pfsense.org/index.php/ProxyServerModSecurity_package @@ -1187,7 +1233,7 @@ http://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.1.20 pkg 2.0.5_4 + 3.1.20 pkg 2.0.5_5 beta 2.0 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 940d50a0..6c19a678 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -162,6 +162,52 @@ haproxy-1.4.21.tbz haproxy-1.4.21-amd64.pbi + + apache+mod_security-dev + http://doc.pfsense.org/index.php/ProxyServerModSecurity_package + http://www.modsecurity.org/ + ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address. + Network Management + 0.2 + ALPHA + 2.0 + http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_virtualhost.xml + http://files.pfsense.org/packages/amd64/8/All/ + db42-4.2.52_5.tbz + gdbm-1.9.1.tbz + apr-ipv6-devrandom-gdbm-db42-1.4.5.1.3.12_1.tbz + ap22-mod_memcache-0.1.0_4.tbz + apache-2.2.22_5.tbz + ap22-mod_security-2.6.5_1.tbz + proxy_mod_security-2.2.22_6-amd64.pbi + apache_virtualhost.xml + /usr/ports/devel/gettext + /usr/ports/misc/help2man + /usr/ports/devel/apr1 + /usr/ports/devel/pkg-config + /usr/ports/databases/db42 + /usr/ports/databases/gdbm + /usr/ports/www/apache22-worker-mpm + /usr/ports/www/mod_security + /usr/ports/www/mod_memcache + /usr/ports/www/p5-LWP-Protocol-https + /usr/ports/www/p5-LWP-UserAgent-Determined + /usr/ports/security/gnupg + /user/ports/net/spread + /user/ports/textproc/p5-XML-Smart + /user/ports/lang/p5-Switch + /user/ports/www/p5-Data-Validate-URI + /user/ports/devel/p5-Data-Types + /user/ports/devel/p5-Acme-Comment + + proxy_mod_security + devel/gettext misc/help2man databases/db42 databases/gdbm devel/apr1 www/p5-LWP-UserAgent-Determined www/p5-LWP-Protocol-https security/gnupg security/p5-GnuPG net/spread textproc/p5-XML-Smart lang/p5-Switch www/p5-Data-Validate-URI devel/p5-Data-Types devel/p5-Acme-Comment + www/apache22-worker-mpm + www/mod_security www/mod_memcache + + WITH_MPM=worker WITH_THREADS=yes WITHOUT_MYSQL=yes WITHOUT_PGSQL=yes WITH_SQLITE=yes WITH_IPV6=yes WITHOUT_BDB=yes WITH_AUTH_BASIC=yes WITH_AUTH_DIGEST=yes WITH_AUTHN_FILE=yes WITHOUT_AUTHN_DBD=yes WITH_AUTHN_DBM=yes WITH_AUTHN_ANON=yes WITH_AUTHN_DEFAULT=yes WITH_AUTHN_ALIAS=yes WITH_AUTHZ_HOST=yes WITH_AUTHZ_GROUPFILE=yes WITH_AUTHZ_USER=yes WITH_AUTHZ_DBM=yes WITH_AUTHZ_OWNER=yes WITH_AUTHZ_DEFAULT=yes WITH_CACHE=yes WITH_DISK_CACHE=yes WITH_FILE_CACHE=yes WITH_MEM_CACHE=yes WITH_DAV=yes WITH_DAV_FS=yes WITHOUT_BUCKETEER=yes WITHOUT_CASE_FILTER=yes WITHOUT_CASE_FILTER_IN=yes WITHOUT_EXT_FILTER=yes WITHOUT_LOG_FORENSIC=yes WITHOUT_OPTIONAL_HOOK_EXPORT=yes WITHOUT_OPTIONAL_HOOK_IMPORT=yes WITHOUT_OPTIONAL_FN_IMPORT=yes WITHOUT_OPTIONAL_FN_EXPORT=yes WITHOUT_LDAP=yes WITHOUT_AUTHNZ_LDAP=yes WITH_ACTIONS=yes WITH_ALIAS=yes WITH_ASIS=yes WITH_AUTOINDEX=yes WITH_CERN_META=yes WITH_CGI=yes WITH_CHARSET_LITE=yes WITHOUT_DBD=yes WITH_DEFLATE=yes WITH_DIR=yes WITH_DUMPIO=yes WITH_ENV=yes WITH_EXPIRES=yes WITH_HEADERS=yes WITH_IMAGEMAP=yes WITH_INCLUDE=yes WITH_INFO=yes WITH_LOG_CONFIG=yes WITH_LOGIO=yes WITH_MIME=yes WITH_MIME_MAGIC=yes WITH_NEGOTIATION=yes WITH_REWRITE=yes WITH_SETENVIF=yes WITH_SPELING=yes WITH_STATUS=yes WITH_UNIQUE_ID=yes WITH_USERDIR=yes WITH_USERTRACK=yes WITH_VHOST_ALIAS=yes WITH_FILTER=yes WITHOUT_SUBSTITUTE=yes WITH_VERSION=yes WITH_PROXY=yes WITH_PROXY_CONNECT=yes WITH_PROXY_FTP=yes WITH_PROXY_HTTP=yes WITH_PROXY_AJP=yes WITH_PROXY_BALANCER=yes WITH_PROXY_SCGI=yes WITH_SSL=yes WITHOUT_SUEXEC=yes WITHOUT_SUEXEC_RSRCLIMIT=yes WITH_REQTIMEOUT=yes WITHOUT_CGID=yes + Please visit the ProxyServer settings tab and set the service up so that it may be started. + Proxy Server with mod_security http://doc.pfsense.org/index.php/ProxyServerModSecurity_package @@ -1174,7 +1220,7 @@ http://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.1.20 pkg 2.0.5_4 + 3.1.20 pkg 2.0.5_5 beta 2.0 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org -- cgit v1.2.3