From 850a8d490efac19ce4af50057a0e4710ac682560 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 27 Aug 2015 21:31:35 +0200 Subject: havp code style cleanup - Add copyright header - Fix indentation/whitespace - Improve descriptions --- config/havp/havp.xml | 684 +++++++++++++++++++++++++++------------------------ 1 file changed, 369 insertions(+), 315 deletions(-) (limited to 'config/havp/havp.xml') diff --git a/config/havp/havp.xml b/config/havp/havp.xml index f5afc2fe..08ff873f 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -1,324 +1,378 @@ + + - havp - Antivirus: HTTP proxy (havp + clamav) - Status - 1.02 - /usr/local/pkg/havp.inc - - Antivirus - Antivirus service -
Services
- /antivirus.php - - + + + Copyright (C) 2014 Andrew Nikitin . + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + + havp + Antivirus: HTTP proxy (HAVP + ClamAV) + Status + 1.06 + /usr/local/pkg/havp.inc + + Antivirus + Antivirus service +
Services
+ /antivirus.php + + havp havp.sh havp - Antivirus HTTP proxy Service - - - https://packages.pfsense.org/packages/config/havp/havp.inc - /usr/local/pkg/ - 0755 - - - - https://packages.pfsense.org/packages/config/havp/havp_avset.xml - /usr/local/pkg/ - 0755 - - - https://packages.pfsense.org/packages/config/havp/antivirus.php - /usr/local/www/ - 0755 - - - - General page - /antivirus.php - - - HTTP proxy - /pkg_edit.php?xml=havp.xml&id=0 - - - - - Settings - /pkg_edit.php?xml=havp_avset.xml&id=0 - - - HAVP Log - /havp_log.php - - - - - Enable - enable - Check this for enable proxy. - checkbox - - - ClamAV mode - useclamd - - Select ClamAV running mode:<br> - <b>Daemon</b> - HAVP will use ClamAV as socket scanner daemon. Default option.<br> - <b>Library</b> - HAVP will use ClamAV as loaded library scanner. Note: this mode needs much more memory.<br> - - select - true - - - - - - - Proxy mode - proxymode - - Select interface mode: <br> - <b> standard </b> - client(s) bind to the 'proxy port' on selected interface(s); <br> - <b> parent for squid </b> - configure HAVP as parent for Squid proxy;<br> - <b> transparent </b> - all HTTP requests on interface(s) will be directed to the HAVP proxy server without any client configuration necessary (works as parent for squid with transparent Squid proxy); <br> - <b> internal </b> - HAVP will listen on the loopback (127.0.0.1) on configured 'proxy port.' Use you own traffic forwarding rules.<br> + Antivirus HTTP Proxy Service + + + https://packages.pfsense.org/packages/config/havp/havp.inc + /usr/local/pkg/ + + + + https://packages.pfsense.org/packages/config/havp/havp_avset.xml + /usr/local/pkg/ + + + https://packages.pfsense.org/packages/config/havp/antivirus.php + /usr/local/www/ + + + + General Page + /antivirus.php + + + HTTP Proxy + /pkg_edit.php?xml=havp.xml + + + + + Settings + /pkg_edit.php?xml=havp_avset.xml + + + HAVP Log + /havp_log.php + + + + + Enable + enable + Check this to enable AV proxy. + checkbox + + + ClamAV Mode + useclamd + + + Daemon - HAVP will use ClamAV as socket scanner daemon. (Default option.)
+ Library - HAVP will use ClamAV as loaded library scanner. Note: this mode needs much more memory.
+ ]]> - select - standard - - - - - - - - - Proxy interface(s) - proxyinterface - The interface(s) for client connections to the proxy. Use 'Ctrl' + L. Click for multiple selection. - interfaces_selection - - - lan - - - Proxy port - proxyport - - This is the port the proxy server will listen on (for example: 8080). This port must be different from Squid proxy. - - input - 10 - - 3125 - - - Parent proxy - parentproxy - - Enter the parent (upstream) proxy settings as PROXY:PORT format or leave empty. - - input - 90 - - - Enable X-Forwarded-For - enablexforwardedfor - - If client sent this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons. - <br>Enable this if you use your own parent proxy after HAVP, so it will see the original client IP. - <br>Disabling this also disables Via: header generation. - - checkbox - - - Enable Forwarded IP - enableforwardedip - - If HAVP is used as a parent proxy for some other proxy, this allows writing the real user's IP to log, instead of the proxy IP. - - checkbox - - - Language - lang - Select the language in which the proxy server will display error messages to users. - select - en - - - - - - - - - - - - - - Max download size, Bytes - maxdownloadsize - Enter value (in Bytes) or leave empty. Downloads larger than 'Max download size' will be blocked if not whitelisted. - input - 10 - - - - HTTP Range requests - range - - Set this for allow HTTP Range requests, and broken downloads can be resumed. - Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned. - Whitelisted sites are allowed to use Range in any case. - - checkbox - - - Whitelist - whitelist - - Enter each destination URL on a new line that will be accessable to the users without scanning. - Use '*' symbol for mask. Example: *.github.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc - - textarea - 60 - 5 - base64 - - - Blacklist - blacklist - Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. - textarea - 60 - 5 - base64 - - - Block file if error scanning - failscanerror - If set, the proxy will block the files on which an error scanning. - checkbox - - - Enable RAM Disk - enableramdisk - - This option allow use RAM disk for HAVP temp files for more quick traffic scan. - RAM disk size depends on 'ScanMax' file size and available memory. - This option can be ignored on systems with low memory. - ( RAM disk size calculated as [1/4 available system memory] > [Scan max file size] * 100 ) - - checkbox - - - Scan max file size - scanmaxsize - - Select this value for limit maximum file size or leave '---(5M)'. - Files larger than this limit won't be scanned. - Small values increace scan speed and maximum new connections per second and allow RAM disk use. - <br> - NOTE: Setting limit is a security risk, because some archives like - ZIP need all the data to be scanned properly! Use this only if you - can't afford temporary space for big files. - - select - 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Scan images - scanimg - - Check this for scan image files. - This option allows you to increase reliability, but also slows down the scanning process. - - checkbox - - - Scan media stream - scanstream - Check this for scan media (audio/video) stream. Use this for additional scan exploits for players. - checkbox - - - Scan Broken Executables - scanbrokenexe - Check this to enable the Heuristic Broken Executable scan. - checkbox - on - - - HAVP Log - log - Check this for enable HAVP log. - checkbox - syslog - - - HAVP Syslog - syslog - Check this for enable HAVP Syslog. - checkbox - - - - havp_before_form($pkg); - - - havp_validate_settings($_POST, $input_errors); - - - havp_resync(); - - + select + true + + + + + + + Proxy Mode + proxymode + + + Standard - clients bind to the 'proxy port' on selected interface(s)
+ Parent for Squid - configure HAVP as parent for Squid proxy
+ Transparent - all HTTP requests on interface(s) will be directed to the HAVP proxy server without any client configuration necessary. (Works as parent for Squid with transparent Squid proxy.)
+ Internal - HAVP will listen on the loopback (127.0.0.1) on configured 'Proxy Port.' Use your own firewall forwarding rules.
+ ]]> + + select + standard + + + + + + + + + Proxy Interface(s) + proxyinterface + The interface(s) for client connections to the proxy. Use 'Ctrl' + left click for multiple selection. + interfaces_selection + + + lan + + + Proxy Port + proxyport + + + Note: This port must be different from Squid proxy. + ]]> + + input + 10 + + 3125 + + + Parent Proxy + parentproxy + Enter the parent (upstream) proxy settings in PROXY:PORT format or leave empty. + input + 90 + + + Enable X-Forwarded-For + enablexforwardedfor + + + Enable this if you use your own parent proxy after HAVP, so it will see the original client's IP.
+ Note: Disabling this also disables Via: header generation.
+ ]]> + + checkbox + + + Enable Forwarded IP + enableforwardedip + If HAVP is used as a parent proxy for some other proxy, this allows writing the real user's IP to log, instead of the proxy IP. + checkbox + + + Language + lang + Select the language in which the HAVP proxy server will display error messages to users. + select + en + + + + + + + + + + + + + + Max Download Size + maxdownloadsize + + (in bytes) or leave empty. Downloads larger than 'Max Download Size' will be blocked if not whitelisted. + ]]> + + input + 10 + + + + HTTP Range Requests + range + + + Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned.
+ Note: Whitelisted sites are allowed to use HTTP Range in any case, regardless of this setting. + ]]> + + checkbox + + + Whitelist + whitelist + + separate line. The URLs will be accessible to users without AV scanning.
+ Use '*' symbol as wildcard mask. URL examples: *.github.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc + ]]> + + textarea + 60 + 5 + base64 + + + Blacklist + blacklist + + separate line, using the same syntax as 'Whitelist'.
+ Access to these URLs will be blocked for HAVP proxy users. + ]]> + + textarea + 60 + 5 + base64 + + + Block File on Scanning Error + failscanerror + If enabled, the proxy will block the files if an error occurs while scanning. + checkbox + + + Enable RAM Disk + enableramdisk + + + RAM disk size depends on 'Scan Max File Size' and available memory. This option should be ignored on systems with low memory.
+ Note: RAM disk size is calculated as [1/4 available system memory] > [Scan max file size] * 100 ). + ]]> + + checkbox + + + Scan Max File Size + scanmaxsize + + + Small values increase scan speed and maximum new connections per second and allow RAM disk use.
+ NOTE: Setting a low limit is a security risk, because some archives like ZIP need all the data to be scanned properly! Use this only if you + can't afford temporary space for large files. + ]]> + + select + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Scan Images + scanimg + Check this option to scan image files. This option allows you to increase reliability, but also slows down the scanning process. + checkbox + + + Scan Media Streams + scanstream + Check this option to scan media (audio/video) streams. + checkbox + + + Scan Broken Executables + scanbrokenexe + Check this to enable the Heuristic Broken Executable Scan. + checkbox + on + + + HAVP Log + log + Check this to enable HAVP logging. + checkbox + syslog + + + HAVP Syslog + syslog + Check this to enable HAVP logging to syslog. + checkbox + + + + havp_validate_settings($_POST, $input_errors); + + + havp_resync(); + + havp_install(); - - + + havp_deinstall(); - + -- cgit v1.2.3