From fcdf1908b0bd8bdfc99a92637fc53cc2c0f3f92b Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Mon, 13 May 2013 14:02:53 -0300 Subject: squid3-dev - squid 3.3 with ssl filtering first devel release --- config/squid3/33/squid_reverse.xml | 357 +++++++++++++++++++++++++++++++++++++ 1 file changed, 357 insertions(+) create mode 100755 config/squid3/33/squid_reverse.xml (limited to 'config/squid3/33/squid_reverse.xml') diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml new file mode 100755 index 00000000..ce09f8e7 --- /dev/null +++ b/config/squid3/33/squid_reverse.xml @@ -0,0 +1,357 @@ + + + + + + . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + squidreverse + none + Proxy server: Reverse Proxy + squid.inc + + + General + /pkg_edit.php?xml=squid.xml&id=0 + + + Upstream + /pkg_edit.php?xml=squid_upstream.xml&id=0 + + + Cache + /pkg_edit.php?xml=squid_cache.xml&id=0 + + + ACLs + /pkg_edit.php?xml=squid_nac.xml&id=0 + + + Traffic Mgmt + /pkg_edit.php?xml=squid_traffic.xml&id=0 + + + Reverse + /pkg_edit.php?xml=squid_reverse.xml&id=0 + + + + Authentication + /pkg_edit.php?xml=squid_auth.xml&id=0 + + + Users + /pkg.php?xml=squid_users.xml + + + Real time + /squid_monitor.php + + + Sync + /pkg_edit.php?xml=squid_sync.xml + + + + + Squid Reverse proxy General Settings + listtopic + + + Reverse Proxy interface + reverse_interface + The interface(s) the reverse-proxy server will bind to. + interfaces_selection + + wan + + + + User-defined reverse-proxy IPs + reverse_ip + Squid will additionally bind to this user-defined IPs for reverse-proxy operation. Useful for virtual IPs such as CARP. Separate by semi-colons (;). + input + 70 + + + external FQDN + reverse_external_fqdn + The external full-qualified-domain-name of the WAN address. + input + + 70 + + + Reset TCP connections if request is unauthorized + deny_info_tcp_reset + If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized. + checkbox + on + + + Squid Reverse HTTP Settings + listtopic + + + Enable HTTP reverse mode + reverse_http + If this field is checked, the proxy-server will act in HTTP reverse mode. <br>(You have to add a rule with destination "WAN-address") + checkbox + reverse_http_port,reverse_http_defsite + + off + + + reverse HTTP port + reverse_http_port + This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80) + input + 5 + 80 + + + reverse HTTP default site + reverse_http_defsite + This is the HTTP reverse default site. (leave empty to use the external fqdn) + input + 60 + + + Squid Reverse HTTPS Settings + listtopic + + + Enable HTTPS reverse proxy + reverse_https + If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address") + checkbox + reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain + + off + + + reverse HTTPS port + reverse_https_port + This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443) + input + 5 + 443 + + + reverse HTTPS default site + reverse_https_defsite + This is the HTTPS reverse default site. (leave empty to use the external fqdn) + input + 60 + + + reverse SSL certificate + reverse_ssl_cert + Choose the SSL Server Certificate here. + select_source + + descr + refid + + + intermediate CA certificate (if needed) + reverse_int_ca + Paste a signed certificate in X.509 PEM format here. + textarea + 50 + 5 + base64 + + + Ignore internal Certificate validation + reverse_ignore_ssl_valid + If this field is checked, internal certificate validation will be ignored. + checkbox + on + + + Enable OWA reverse proxy + reverse_owa + If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App. + checkbox + reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover + + + OWA frontend IP address + reverse_owa_ip + This is the internal IP Address of the OWA frontend server. + input + 15 + + + Enable ActiveSync + reverse_owa_activesync + If this field is checked, ActiveSync will be enabled. + checkbox + + + Enable Outlook Anywhere + reverse_owa_rpchttp + If this field is checked, RPC over HTTP will be enabled. + checkbox + + + Enable Exchange WebServices + reverse_owa_webservice + + There are potential DoS side effects to its use, please avoid unless you must.]]> + checkbox + + + Enable AutoDiscover + reverse_owa_autodiscover + If this field is checked, AutoDiscover will be enabled. + checkbox + + + Squid Reverse Mappings + listtopic + + + <b>peer definitions</b> <br>publishing hosts + reverse_cache_peer + + syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS]
+ example: HOST1;192.168.0.1;80;HTTP
+ WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING]]> + textarea + 60 + 10 + base64 + + + <b>URI definitions</b> <br>published URIs + reverse_uri + + syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn])
+ (a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://)
+ example: URI1;public;server.pfsense.org.
+ WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING]]> + textarea + 60 + 10 + base64 + + + <b>ACL definitions</b> <br>published URIs + reverse_acl + + syntax: [peer alias];[uri group alias]
example: HOST1;URI1
+ WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING]]> + textarea + 60 + 10 + base64 + + + + + + + squid_before_form_general(&$pkg); + + + squid_validate_reverse($_POST, &$input_errors); + + + squid_resync(); + + \ No newline at end of file -- cgit v1.2.3