From 2aae3aff464282d34087b390e89c3163b06badb8 Mon Sep 17 00:00:00 2001
From: Martin Fuchs <martin.fuchs@trendchiller.com>
Date: Fri, 30 Sep 2011 22:47:12 +0200
Subject: acls working

---
 config/squid-reverse/squid.inc         | 41 +++++++++++++++++++++++++++-------
 config/squid-reverse/squid_reverse.xml |  2 +-
 2 files changed, 34 insertions(+), 9 deletions(-)

(limited to 'config')

diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index 044cf10b..aa8cf691 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -503,6 +503,21 @@ function squid_validate_reverse($post, $input_errors) {
 		if (!empty($rowa) && !is_ipaddr($rowa))
 			$input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address';
 
+/*	
+  $contents = base64_decode($post['reverse_cache_peer']);
+	if(!empty($contents)) {
+    $defs = explode("\r\n", ($contents));
+      foreach ($defs as $def) {
+        $cfg = explode(";",($def));
+        if (!is_ipaddr($cfg[1])) 
+          $input_errors[] = "please choose a valid IP in the cache peer configuration.";
+        if (!is_port($cfg[2]))
+          $input_errors[] = "please choose a valid port in the cache peer configuration.";
+        if (($cfg[3] != 'HTTPS') && ($cfg[3] != 'HTTP'))
+          $input_errors[] = "please choose HTTP or HTTPS in the cache peer configuration.";
+  }}
+*/
+
 }
 
 function squid_validate_auth($post, $input_errors) {
@@ -1059,20 +1074,30 @@ function squid_resync_reverse() {
     $conf .= "http_access allow OWA_URI_pfs\n";        
 	  }
 
-
 	$contents = base64_decode($settings['reverse_acl']);
 	if(!empty($contents)) {
-$conf .= "# -= TESTING AREA =-\n";
     $defs = explode("\r\n", ($contents));
       foreach ($defs as $def) {
         $cfg = explode(";",($def));
         if (($cfg[0]) != '' && ($cfg[1]) != ''){
-          $conf .= "# cache_peer_access {$cfg[0]} allow {$cfg[1]}\n";
-          $conf .= "# cache_peer_access {$cfg[0]} deny all\n";
-          $conf .= "# never direct allow {$cfg[1]}\n";
-          $conf .= "# http_access allow {$cfg[1]}\n";                
-  }}}
-
+          $conf .= "cache_peer_access {$cfg[0]} allow {$cfg[1]}\n";
+      }}
+      foreach ($defs as $def) {
+        $cfg = explode(";",($def));
+        if (($cfg[0]) != '' && ($cfg[1]) != ''){
+          $conf .= "cache_peer_access {$cfg[0]} deny all\n";
+      }}
+      foreach ($defs as $def) {
+        $cfg = explode(";",($def));
+        if (($cfg[0]) != '' && ($cfg[1]) != ''){
+          $conf .= "never direct allow {$cfg[1]}\n";
+      }}
+      foreach ($defs as $def) {
+        $cfg = explode(";",($def));
+        if (($cfg[0]) != '' && ($cfg[1]) != ''){
+          $conf .= "http_access allow {$cfg[1]}\n";
+      }}      
+  }
 
   $conf .= "\n";
 
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
index cafa3ec7..d921254f 100644
--- a/config/squid-reverse/squid_reverse.xml
+++ b/config/squid-reverse/squid_reverse.xml
@@ -165,7 +165,7 @@
 			<source_value>refid</source_value>
 		</field>
     <field>
-			<fielddescr>intermediate CA certificate</fielddescr>
+			<fielddescr>intermediate CA certificate (if needed)</fielddescr>
 			<fieldname>reverse_int_ca</fieldname>
 			<description>Paste a signed certificate in X.509 PEM format here.</description>
 			<type>textarea</type>
-- 
cgit v1.2.3