From fcdf1908b0bd8bdfc99a92637fc53cc2c0f3f92b Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Mon, 13 May 2013 14:02:53 -0300 Subject: squid3-dev - squid 3.3 with ssl filtering first devel release --- config/squid3/33/squid_nac.xml | 191 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100755 config/squid3/33/squid_nac.xml (limited to 'config/squid3/33/squid_nac.xml') diff --git a/config/squid3/33/squid_nac.xml b/config/squid3/33/squid_nac.xml new file mode 100755 index 00000000..bffefb61 --- /dev/null +++ b/config/squid3/33/squid_nac.xml @@ -0,0 +1,191 @@ + + + + + + . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + squidnac + none + Proxy server: Access control + /usr/local/pkg/squid.inc + + + General + /pkg_edit.php?xml=squid.xml&id=0 + + + Remote Cache + /pkg.php?xml=squid_upstream.xml + + + Local Cache + /pkg_edit.php?xml=squid_cache.xml&id=0 + + + Antivirus + /pkg_edit.php?xml=squid_antivirus.xml&id=0 + + + ACLs + /pkg_edit.php?xml=squid_nac.xml&id=0 + + + + Traffic Mgmt + /pkg_edit.php?xml=squid_traffic.xml&id=0 + + + Authentication + /pkg_edit.php?xml=squid_auth.xml&id=0 + + + Users + /pkg.php?xml=squid_users.xml + + + Real time + /squid_monitor.php + + + Sync + /pkg_edit.php?xml=squid_sync.xml + + + + + Squid Access Control Lists + listtopic + + + Allowed subnets + allowed_subnets + Enter each subnet on a new line that is allowed to use the proxy. The subnets must be expressed as CIDR ranges (e.g.: 192.168.1.0/24). Note that the proxy interface subnet is already an allowed subnet. All the other subnets won't be able to use the proxy. + textarea + 50 + 5 + base64 + + + Unrestricted IPs + unrestricted_hosts + Enter unrestricted IP address / network(in CIDR format) on a new line that is not to be filtered out by the other access control directives set in this page. + textarea + 50 + 5 + base64 + + + Banned host addresses + banned_hosts + Enter each IP address / network(in CIDR format) on a new line that is not to be allowed to use the proxy. + textarea + 50 + 5 + base64 + + + Whitelist + whitelist + Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. You also can use regular expressions. + textarea + 50 + 5 + base64 + + + Blacklist + blacklist + Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions. + textarea + 50 + 5 + base64 + + + Block user agents + block_user_agent + Enter each user agent on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions. + textarea + 50 + 5 + base64 + + + Block MIME types (reply only) + block_reply_mime_type + Enter each MIME type on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions. Useful to block javascript (application/x-javascript). + textarea + 50 + 5 + base64 + + + Squid Allowed ports + listtopic + + + acl safeports + addtl_ports + This is a space-separated list of "safe ports" in addition to the already defined list: 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535 + input + 60 + + + + acl sslports + addtl_sslports + This is a space-separated list of ports to allow SSL "CONNECT" in addition to the already defined list: 443 563 + input + 60 + + + + + squid_validate_nac($_POST, &$input_errors); + + + squid_resync(); + + -- cgit v1.2.3