From 2aae3aff464282d34087b390e89c3163b06badb8 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 30 Sep 2011 22:47:12 +0200 Subject: acls working --- config/squid-reverse/squid.inc | 41 +++++++++++++++++++++++++++------- config/squid-reverse/squid_reverse.xml | 2 +- 2 files changed, 34 insertions(+), 9 deletions(-) (limited to 'config/squid-reverse') diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 044cf10b..aa8cf691 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -503,6 +503,21 @@ function squid_validate_reverse($post, $input_errors) { if (!empty($rowa) && !is_ipaddr($rowa)) $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; +/* + $contents = base64_decode($post['reverse_cache_peer']); + if(!empty($contents)) { + $defs = explode("\r\n", ($contents)); + foreach ($defs as $def) { + $cfg = explode(";",($def)); + if (!is_ipaddr($cfg[1])) + $input_errors[] = "please choose a valid IP in the cache peer configuration."; + if (!is_port($cfg[2])) + $input_errors[] = "please choose a valid port in the cache peer configuration."; + if (($cfg[3] != 'HTTPS') && ($cfg[3] != 'HTTP')) + $input_errors[] = "please choose HTTP or HTTPS in the cache peer configuration."; + }} +*/ + } function squid_validate_auth($post, $input_errors) { @@ -1059,20 +1074,30 @@ function squid_resync_reverse() { $conf .= "http_access allow OWA_URI_pfs\n"; } - $contents = base64_decode($settings['reverse_acl']); if(!empty($contents)) { -$conf .= "# -= TESTING AREA =-\n"; $defs = explode("\r\n", ($contents)); foreach ($defs as $def) { $cfg = explode(";",($def)); if (($cfg[0]) != '' && ($cfg[1]) != ''){ - $conf .= "# cache_peer_access {$cfg[0]} allow {$cfg[1]}\n"; - $conf .= "# cache_peer_access {$cfg[0]} deny all\n"; - $conf .= "# never direct allow {$cfg[1]}\n"; - $conf .= "# http_access allow {$cfg[1]}\n"; - }}} - + $conf .= "cache_peer_access {$cfg[0]} allow {$cfg[1]}\n"; + }} + foreach ($defs as $def) { + $cfg = explode(";",($def)); + if (($cfg[0]) != '' && ($cfg[1]) != ''){ + $conf .= "cache_peer_access {$cfg[0]} deny all\n"; + }} + foreach ($defs as $def) { + $cfg = explode(";",($def)); + if (($cfg[0]) != '' && ($cfg[1]) != ''){ + $conf .= "never direct allow {$cfg[1]}\n"; + }} + foreach ($defs as $def) { + $cfg = explode(";",($def)); + if (($cfg[0]) != '' && ($cfg[1]) != ''){ + $conf .= "http_access allow {$cfg[1]}\n"; + }} + } $conf .= "\n"; diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml index cafa3ec7..d921254f 100644 --- a/config/squid-reverse/squid_reverse.xml +++ b/config/squid-reverse/squid_reverse.xml @@ -165,7 +165,7 @@ refid - intermediate CA certificate + intermediate CA certificate (if needed) reverse_int_ca Paste a signed certificate in X.509 PEM format here. textarea -- cgit v1.2.3