From c7b1432ce5e49d061a182df0b09db5de36d787f5 Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Sun, 22 Apr 2012 04:11:38 +0000
Subject: squid3 - version 2.0.5 with transparent proxy fix and integration
 with captive portal for non transparent use.

---
 config/squid-reverse/squid.inc              |  37 +++++-
 config/squid-reverse/squid.xml              |  11 +-
 config/squid-reverse/squid_monitor.php      | 167 ++++++++++++++++++++++++++++
 config/squid-reverse/squid_monitor_data.php | 136 ++++++++++++++++++++++
 4 files changed, 349 insertions(+), 2 deletions(-)
 create mode 100644 config/squid-reverse/squid_monitor.php
 create mode 100644 config/squid-reverse/squid_monitor_data.php

(limited to 'config/squid-reverse')

diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index db3aafca..70127510 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -1525,7 +1525,42 @@ function squid_generate_rules($type) {
 	global $config;
 
 	$squid_conf = $config['installedpackages']['squid']['config'][0];
-
+	
+	//check captive portal option
+	$cp_file='/etc/inc/captiveportal.inc';
+	$pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version"));
+	$port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128);
+	$cp_inc = file($cp_file);
+	$new_cp_inc="";
+	$found_rule=0;
+	foreach ($cp_inc as $line){
+		$new_line=$line;
+		//remove applied squid patch
+		if (preg_match('/} set 1 skipto 65314/',$line)){
+			$found_rule++;
+			$new_line ="";
+			}
+		//add squid patch option based on current config	            
+		if (preg_match('/set 1 pass ip from any to/',$line) && $squid_conf['patch_cp']){
+			$found_rule++;
+			$new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from any to {$ips} '.$port.' in\n";'."\n";
+			$new_line .= $line;
+			}
+		if (preg_match('/set 1 pass ip from {/',$line) && $squid_conf['patch_cp']){
+			$found_rule++;
+			$new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from {$ips} '.$port.' to any out\n";'."\n";
+			$new_line .= $line;
+			}
+		$new_cp_inc .= $new_line;
+		}
+	if (!file_exists('/root/'.$pfsense_version.'.captiveportal.inc.backup')) {
+		copy ($cp_file,'/root/'.$pfsense_version.'.captiveportal.inc.backup');
+		}
+	if($found_rule > 0){
+		file_put_contents($cp_file,$new_cp_inc, LOCK_EX);
+		}
+	
+	//normal squid rule check
 	if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) {
 		return;
 	}
diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml
index 981c256c..764011ea 100644
--- a/config/squid-reverse/squid.xml
+++ b/config/squid-reverse/squid.xml
@@ -236,11 +236,20 @@
 		<field>
 			<fielddescr>Transparent proxy</fielddescr>
 			<fieldname>transparent_proxy</fieldname>
-			<description>If transparent mode is enabled, all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary.</description>
+			<description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br>
+						 <strong>NOTE:</strong> Transparent mode does not filter ssl(port 443) or any other http/https port.<br>
+						 To filter both http and https protocol without touching user config, enable WPAD/PAC options on your dns/dhcp.]]></description>
 			<type>checkbox</type>
 			<enablefields>private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields>			
 			<required/>
 		</field>
+		<field>
+			<fielddescr>Patch captive portal</fielddescr>
+			<fieldname>patch_cp</fieldname>
+			<description><![CDATA[Enable this option to force captive portal to non transparent proxy users.<br>
+						<strong>NOTE:</strong> You may need to reapply captive portal config after changing this option.]]></description>
+			<type>checkbox</type>
+		</field>
 		<field>
 			<fielddescr>Bypass proxy for Private Address Space (RFC 1918) destination</fielddescr>
 			<fieldname>private_subnet_proxy_off</fieldname>
diff --git a/config/squid-reverse/squid_monitor.php b/config/squid-reverse/squid_monitor.php
new file mode 100644
index 00000000..cbcc8918
--- /dev/null
+++ b/config/squid-reverse/squid_monitor.php
@@ -0,0 +1,167 @@
+<?php
+/* $Id$ */
+/* ========================================================================== */
+/*
+    squid_monitor.php
+    part of pfSense (http://www.pfSense.com)
+    Copyright (C) 2012 ccesario @ pfsense forum
+    All rights reserved.
+
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+
+
+require_once("/etc/inc/util.inc");
+require_once("/etc/inc/functions.inc");
+require_once("/etc/inc/pkg-utils.inc");
+require_once("/etc/inc/globals.inc");
+
+require_once("guiconfig.inc");
+
+
+
+$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
+if(strstr($pfSversion, "1.2"))
+	$one_two = true;
+
+$pgtitle = "Status: Proxy Monitor";
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+
+<?php if($one_two): ?>
+<p class="pgtitle"><?=$pgtitle?></font></p>
+<?php endif; ?>
+
+<?php if ($savemsg) print_info_box($savemsg); ?>
+
+<!-- Function to call squid logs -->
+<script language="JavaScript">
+    function ShowLog(content,url,program)
+    {
+        var v_maxlines  = $('maxlines').getValue();
+        var v_strfilter = $('strfilter').getValue();
+        var pars = 'maxlines='+escape(v_maxlines) + '&strfilter=' + escape(v_strfilter) + '&program=' + escape(program);
+    	new Ajax.Updater(content,url, {
+	    				method: 'post',
+                        parameters: pars,
+			    		onSuccess: function() {
+				    	    window.setTimeout( ShowLog(content,url,program), 100 );
+                        }
+        });
+    }
+
+
+</script>
+
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr>
+		<td id="mainarea">
+			<div class="tabcont">
+				<div id="param">
+					<form id="paramsForm" name="paramsForm" method="post">
+						<table width="100%" border="0" cellpadding=5" cellspacing="0">
+							<tr>
+								<td width="15%" valign="top" class="vncell"><?php echo "Max lines:"; ?></td>
+								<td width="85%" class="vtable">
+                                    <select name="maxlines" id="maxlines">
+                                        <option value="5">5 lines</option>
+                                        <option value="10" selected="selected">10 lines</option>
+                                        <option value="15">15 lines</option>
+                                        <option value="20">20 lines</option>
+                                        <option value="25">25 lines</option>
+                                        <option value="30">30 lines</option>
+                                    </select>
+                                    <br/>
+									<span class="vexpl">
+									   <?php echo "Max. lines to be displayed."; ?>
+									</span>
+								</td>
+							</tr>
+							<tr>
+								<td width="15%" valign="top" class="vncell"><?php echo "String filter:"; ?></td>
+								<td width="85%" class="vtable">
+									<input name="strfilter" type="text" class="formfld unknown" id="strfilter" size="50" value="">
+									<br/>
+									<span class="vexpl">
+									   <?php echo "Enter the string filter: eg. username or ip addr or url."; ?>
+									</span>
+								</td>
+							</tr>
+						</table>
+					</form>
+				</div>
+
+				<form>
+					<table width="100%" border="0" cellpadding="0" cellspacing="0">
+						<tr>
+							<td colspan="2" valign="top" class="listtopic">
+								<center>
+									Squid Proxy
+								</center>
+							</td>
+						</tr>
+						<tr>
+							<td>
+								<table iD="squidView" width="100%" border="0" cellpadding="0" cellspacing="0">
+									<script language="JavaScript">
+                                        ShowLog('squidView', 'squid_monitor_data.php','squid');
+									</script>
+								</table>
+							</td>
+						</tr>
+						<tr>
+							<td colspan="2" valign="top" class="listtopic">
+								<center>
+									SquidGuard
+								</center>
+							</td>
+						</tr>
+						<tr>
+							<td>
+								<table id="sguardView" width="100%" border="0" cellpadding="5" cellspacing="0">
+									<script language="JavaScript">
+										ShowLog('sguardView', 'squid_monitor_data.php','sguard');
+									</script>
+								</table>
+							</td>
+						</tr>
+					</table>
+				</form>
+			</div>
+		</td>
+	</tr>
+</table>
+
+<?php
+include("fend.inc");
+?>
+
+</body>
+</html>
+
diff --git a/config/squid-reverse/squid_monitor_data.php b/config/squid-reverse/squid_monitor_data.php
new file mode 100644
index 00000000..46280446
--- /dev/null
+++ b/config/squid-reverse/squid_monitor_data.php
@@ -0,0 +1,136 @@
+<?php 
+/* $Id$ */
+/* ========================================================================== */
+/*
+    squid_monitor_data.php
+    part of pfSense (http://www.pfSense.com)
+    Copyright (C) 2012 ccesario @ pfsense forum
+    All rights reserved.
+
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+if ($_POST) {
+    switch (strtolower($_POST['program'])) {
+       case 'squid':
+            showSquid();            
+       break;
+       case 'sguard';
+            showSGuard();
+       break;
+    }
+}
+
+
+
+// Show Squid Logs
+function showSquid() {
+    echo "<tr>";
+    echo "<td class=\"listhdrr\">Date</td>";
+    echo "<td class=\"listhdrr\">IP</td>";
+    echo "<td class=\"listhdrr\">Status</td>";
+    echo "<td class=\"listhdrr\">Address</td>";
+    echo "<td class=\"listhdrr\">User</td>";
+    echo "<td class=\"listhdrr\">Destination</td>";
+    echo "</tr>";
+    
+    // Get Data from form post
+    $lines = $_POST['maxlines'];
+    $filter = $_POST['strfilter'];
+
+    if ($filter != "") {
+        $exprfilter = "| grep -i $filter";
+    } else {
+        $exprfilter = "";
+    }
+
+    // TODO FIX:
+    // Remove the hard link (maybe, get from config)
+    //
+    exec("tail -r -n $lines /var/squid/logs/access.log $exprfilter",$logarr);
+
+    foreach ($logarr as $logent) { 
+        $logline  = preg_split("/\s+/", $logent);
+
+        if ($filter != "")
+            $logline = preg_replace("/$filter/","<spam style='color:red'>$filter</spam>",$logline);
+
+        echo "<tr>\n";
+        echo "<td class=\"listr\">".date("d/m/y H:i:s",$logline[0])."</td>\n";
+        echo "<td class=\"listr\">".$logline[2]."</td>\n";
+        echo "<td class=\"listr\">".$logline[3]."</td>\n";
+        echo "<td class=\"listr\" nowrap>".$logline[6]."</td>\n";
+        echo "<td class=\"listr\">".$logline[7]."</td>\n";
+        echo "<td class=\"listr\">".$logline[8]."</td>\n";
+        echo "</tr>\n";
+    }
+}
+
+// Show SquidGuard Logs
+function showSGuard() {
+
+
+	echo "<tr>";
+	echo "<td class=\"listhdrr\">Date</td>";
+	echo "<td class=\"listhdrr\">Hour</td>";
+	echo "<td class=\"listhdrr\">ACL</td>";
+	echo "<td class=\"listhdrr\">Address</td>";
+	echo "<td class=\"listhdrr\">Host</td>";
+	echo "<td class=\"listhdrr\">User</td>";
+	echo "</tr>";
+
+
+    // Get Data from form post
+    $lines = $_POST['maxlines'];
+    $filter = $_POST['strfilter'];
+
+    if ($filter != "") {
+        $exprfilter = "| grep -i $filter";
+    } else {
+        $exprfilter = "";
+    }
+
+    // TODO FIX:
+    // Remove the hard link (maybe, get from config)
+    //
+    exec("tail -r -n $lines /var/squidGuard/log/block.log $exprfilter",$logarr);
+
+    foreach ($logarr as $logent) { 
+        $logline  = preg_split("/\s+/", $logent);
+
+        if ($filter != "")
+            $logline = preg_replace("/$filter/","<spam style='color:red'>$filter</spam>",$logline);
+
+        echo "<tr>\n";
+        echo "<td class=\"listr\">".$logline[0]."</td>\n";
+        echo "<td class=\"listr\">".$logline[1]."</td>\n";
+        echo "<td class=\"listr\">".$logline[3]."</td>\n";
+        echo "<td class=\"listr\">".$logline[4]."</td>\n";
+        echo "<td class=\"listr\">".$logline[5]."</td>\n";
+        echo "<td class=\"listr\">".$logline[6]."</td>\n";
+        echo "</tr>\n";
+    }
+}
+
+?>
-- 
cgit v1.2.3