From 69645670dbac91bbc6eff5846124fb68f6458c9f Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Fri, 13 Apr 2012 20:11:05 -0300 Subject: squid3 - merge squid3 and squid-reverse in one package --- config/squid-reverse/squid_reverse.xml | 88 +++++++++++++++++++++------------- 1 file changed, 55 insertions(+), 33 deletions(-) (limited to 'config/squid-reverse/squid_reverse.xml') diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml index e3f57b13..ae0c0e8a 100644 --- a/config/squid-reverse/squid_reverse.xml +++ b/config/squid-reverse/squid_reverse.xml @@ -50,46 +50,49 @@ Proxy server: Reverse Proxy squid.inc - + General /pkg_edit.php?xml=squid.xml&id=0 - Upstream Proxy + Upstream /pkg_edit.php?xml=squid_upstream.xml&id=0 - Cache Mgmt + Cache /pkg_edit.php?xml=squid_cache.xml&id=0 - Access Control + ACLs /pkg_edit.php?xml=squid_nac.xml&id=0 Traffic Mgmt /pkg_edit.php?xml=squid_traffic.xml&id=0 - - - Reverse Proxy - /pkg_edit.php?xml=squid_reverse.xml&id=0 - - Reverse Settings + Reverse /pkg_edit.php?xml=squid_reverse.xml&id=0 - + - Auth Settings + Authentication /pkg_edit.php?xml=squid_auth.xml&id=0 - Local Users + Users /pkg.php?xml=squid_users.xml + + Sync + /pkg_edit.php?xml=squid_sync.xml + + + Squid Reverse proxy General Settings + listtopic + Reverse Proxy interface reverse_interface @@ -104,7 +107,7 @@ reverse_ip Squid will additionally bind to this user-defined IPs for reverse-proxy operation. Useful for virtual IPs such as CARP. Separate by semi-colons (;). input - 80 + 70 external FQDN @@ -112,7 +115,18 @@ The external full-qualified-domain-name of the WAN address. input - 80 + 70 + + + Reset TCP connections if request is unauthorized + deny_info_tcp_reset + If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized. + checkbox + on + + + Squid Reverse HTTP Settings + listtopic Enable HTTP reverse mode @@ -138,12 +152,16 @@ input 60 + + Squid Reverse HTTPS Settings + listtopic + Enable HTTPS reverse proxy reverse_https If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address") checkbox - reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid,reverse_ssl_chain + reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain off @@ -166,8 +184,8 @@ reverse SSL certificate reverse_ssl_cert Choose the SSL Server Certificate here. - select_source - + select_source + descr refid @@ -180,13 +198,6 @@ 5 base64 - - Reset TCP connections if request is unauthorized - deny_info_tcp_reset - If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized. - checkbox - on - Ignore internal Certificate validation reverse_ignore_ssl_valid @@ -223,7 +234,8 @@ Enable Exchange WebServices reverse_owa_webservice - If this field is checked, Exchange WebServices will be enabled. + + There are potential DoS side effects to its use, please avoid unless you must.]]> checkbox @@ -232,11 +244,17 @@ If this field is checked, AutoDiscover will be enabled. checkbox + + Squid Reverse Mappings + listtopic + <b>peer definitions</b> <br>publishing hosts reverse_cache_peer - Enter each peer definition on a new line. Directives have to be separated by a semicolon(;). <br>syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS] <br>example: HOST1;192.168.0.1;80;HTTP <br><i>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</i> - + + syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS]
+ example: HOST1;192.168.0.1;80;HTTP
+ WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING]]> textarea 60 10 @@ -244,9 +262,12 @@ <b>URI definitions</b> <br>published URIs - revrse_uri - Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;).<br>syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn]) <br>(a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://) <br>example: URI1;public;server.pfsense.org. <br><i>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</i> - + reverse_uri + + syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn])
+ (a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://)
+ example: URI1;public;server.pfsense.org.
+ WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING]]> textarea 60 10 @@ -255,8 +276,9 @@ <b>ACL definitions</b> <br>published URIs reverse_acl - Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;). <br>syntax: [peer alias];[uri group alias] <br>example: HOST1;URI1 <br><i>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</i> - + + syntax: [peer alias];[uri group alias]
example: HOST1;URI1
+ WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING]]> textarea 60 10 -- cgit v1.2.3