From 236fd6390a90e48a37a8c8eddec3cbdff94f26f0 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Wed, 4 Jun 2014 14:21:27 +0200 Subject: add MAPI over HTTP support MAPI over HTTP is supported on at lease Exchange 2013 SP1 --- config/squid3/31/squid_reverse.inc | 4 +++- config/squid3/31/squid_reverse.xml | 11 +++++++++-- config/squid3/31/squid_reverse_general.xml | 11 +++++++++-- config/squid3/33/squid_reverse.inc | 15 +++++++-------- config/squid3/33/squid_reverse.xml | 11 +++++++++-- config/squid3/33/squid_reverse_general.xml | 16 ++++++++++------ 6 files changed, 47 insertions(+), 21 deletions(-) (limited to 'config') diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 993508aa..53724fd6 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -170,7 +170,9 @@ function squid_resync_reverse() { array_push($owa_dirs,'Microsoft-Server-ActiveSync'); if($settings['reverse_owa_rpchttp']) array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); - if($settings['reverse_owa_webservice']){ + if($settings['reverse_owa_mapihttp']) + array_push($owa_dirs,'mapi'); + if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); $conf .= "ignore_expect_100 on\n"; } diff --git a/config/squid3/31/squid_reverse.xml b/config/squid3/31/squid_reverse.xml index 7c25c371..2e2124eb 100644 --- a/config/squid3/31/squid_reverse.xml +++ b/config/squid3/31/squid_reverse.xml @@ -165,7 +165,7 @@ reverse_https If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address") checkbox - reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain + reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain off @@ -214,7 +214,7 @@ reverse_owa If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App. checkbox - reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover + reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover OWA frontend IP address @@ -235,6 +235,13 @@ If this field is checked, RPC over HTTP will be enabled. checkbox + + Enable MAPI HTTP + reverse_owa_mapihttp + + This feature is only available with at least Exchange 2013 SP1]]> + checkbox + Enable Exchange WebServices reverse_owa_webservice diff --git a/config/squid3/31/squid_reverse_general.xml b/config/squid3/31/squid_reverse_general.xml index 2211bb20..595bf497 100644 --- a/config/squid3/31/squid_reverse_general.xml +++ b/config/squid3/31/squid_reverse_general.xml @@ -149,7 +149,7 @@ reverse_https If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address") checkbox - reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain + reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain off @@ -202,7 +202,7 @@ reverse_owa If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App. checkbox - reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover + reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover OWA frontend IP address @@ -223,6 +223,13 @@ If this field is checked, RPC over HTTP will be enabled. checkbox + + Enable MAPI HTTP + reverse_owa_mapihttp + + This feature is only available with at least Exchange 2013 SP1]]> + checkbox + Enable Exchange WebServices reverse_owa_webservice diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 34ff2366..53724fd6 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -89,9 +89,6 @@ function squid_resync_reverse() { if(!empty($settings['reverse_ip'])) { $reverse_ip = explode(";", ($settings['reverse_ip'])); foreach ($reverse_ip as $reip) { - //IPv6 Addresses need to be enclosed in brackets - if (strpos($reip, ':')) $reip = '[' . $reip . ']'; - //HTTP if (!empty($settings['reverse_http'])) $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; @@ -110,7 +107,7 @@ function squid_resync_reverse() { foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; @@ -173,10 +170,12 @@ function squid_resync_reverse() { array_push($owa_dirs,'Microsoft-Server-ActiveSync'); if($settings['reverse_owa_rpchttp']) array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); - if($settings['reverse_owa_webservice']){ + if($settings['reverse_owa_mapihttp']) + array_push($owa_dirs,'mapi'); + if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); - //$conf .= "ignore_expect_100 on\n"; Obsolete on 3.3 - } + $conf .= "ignore_expect_100 on\n"; + } } if (is_array($owa_dirs)) foreach ($owa_dirs as $owa_dir) @@ -186,7 +185,7 @@ function squid_resync_reverse() { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } - } + } //$conf .= "ssl_unclean_shutdown on"; if (is_array($reverse_maps)) foreach ($reverse_maps as $rm){ diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml index 7c25c371..2e2124eb 100755 --- a/config/squid3/33/squid_reverse.xml +++ b/config/squid3/33/squid_reverse.xml @@ -165,7 +165,7 @@ reverse_https If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address") checkbox - reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain + reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain off @@ -214,7 +214,7 @@ reverse_owa If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App. checkbox - reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover + reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover OWA frontend IP address @@ -235,6 +235,13 @@ If this field is checked, RPC over HTTP will be enabled. checkbox + + Enable MAPI HTTP + reverse_owa_mapihttp + + This feature is only available with at least Exchange 2013 SP1]]> + checkbox + Enable Exchange WebServices reverse_owa_webservice diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml index 374666d7..595bf497 100755 --- a/config/squid3/33/squid_reverse_general.xml +++ b/config/squid3/33/squid_reverse_general.xml @@ -149,7 +149,7 @@ reverse_https If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address") checkbox - reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain + reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain off @@ -200,12 +200,9 @@ Enable OWA reverse proxy reverse_owa -
- See also:
- How to configure SSL Offloading for Outlook Web Access in Exchange 2000 Server and in Exchange Server 2003 - ]]> + If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App. checkbox - reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover + reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover OWA frontend IP address @@ -226,6 +223,13 @@ If this field is checked, RPC over HTTP will be enabled. checkbox + + Enable MAPI HTTP + reverse_owa_mapihttp + + This feature is only available with at least Exchange 2013 SP1]]> + checkbox + Enable Exchange WebServices reverse_owa_webservice -- cgit v1.2.3 From ee145ac6f83563d78f362057433d6ca33320778e Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Wed, 4 Jun 2014 14:25:28 +0200 Subject: correct formatting --- config/squid3/31/squid_reverse.inc | 2 +- config/squid3/33/squid_reverse.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 53724fd6..f438b4e3 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -172,7 +172,7 @@ function squid_resync_reverse() { array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); if($settings['reverse_owa_mapihttp']) array_push($owa_dirs,'mapi'); - if($settings['reverse_owa_webservice']){ + if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); $conf .= "ignore_expect_100 on\n"; } diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 53724fd6..f438b4e3 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -172,7 +172,7 @@ function squid_resync_reverse() { array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); if($settings['reverse_owa_mapihttp']) array_push($owa_dirs,'mapi'); - if($settings['reverse_owa_webservice']){ + if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); $conf .= "ignore_expect_100 on\n"; } -- cgit v1.2.3 From 3156aabea6f8c49237c2f0bcf593dc0623cbdbae Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Wed, 4 Jun 2014 14:32:25 +0200 Subject: correct definition the CAS-Array is the server we want to reach... --- config/squid3/31/squid_reverse.xml | 4 ++-- config/squid3/31/squid_reverse_general.xml | 4 ++-- config/squid3/33/squid_reverse.xml | 4 ++-- config/squid3/33/squid_reverse_general.xml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) (limited to 'config') diff --git a/config/squid3/31/squid_reverse.xml b/config/squid3/31/squid_reverse.xml index 2e2124eb..28d8cbcf 100644 --- a/config/squid3/31/squid_reverse.xml +++ b/config/squid3/31/squid_reverse.xml @@ -217,9 +217,9 @@ reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover - OWA frontend IP address + CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the OWA frontend server. + This is the internal IP Address of the CAS-Array / OWA frontend server. input 15 diff --git a/config/squid3/31/squid_reverse_general.xml b/config/squid3/31/squid_reverse_general.xml index 595bf497..029072a6 100644 --- a/config/squid3/31/squid_reverse_general.xml +++ b/config/squid3/31/squid_reverse_general.xml @@ -205,9 +205,9 @@ reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover - OWA frontend IP address + CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the OWA frontend server. + This is the internal IP Address of the CAS-Array / OWA frontend server. input 15 diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml index 2e2124eb..28d8cbcf 100755 --- a/config/squid3/33/squid_reverse.xml +++ b/config/squid3/33/squid_reverse.xml @@ -217,9 +217,9 @@ reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover - OWA frontend IP address + CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the OWA frontend server. + This is the internal IP Address of the CAS-Array / OWA frontend server. input 15 diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml index 595bf497..029072a6 100755 --- a/config/squid3/33/squid_reverse_general.xml +++ b/config/squid3/33/squid_reverse_general.xml @@ -205,9 +205,9 @@ reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover - OWA frontend IP address + CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the OWA frontend server. + This is the internal IP Address of the CAS-Array / OWA frontend server. input 15 -- cgit v1.2.3 From 9d1e12beb5196e721e92d98458371e3342182d7b Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Wed, 4 Jun 2014 16:34:03 +0200 Subject: do not revert the round-robin patch 1bcfd29 --- config/squid3/31/squid_reverse.inc | 2 +- config/squid3/33/squid_reverse.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index f438b4e3..92bef0fb 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -107,7 +107,7 @@ function squid_resync_reverse() { foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin"; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index f438b4e3..92bef0fb 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -107,7 +107,7 @@ function squid_resync_reverse() { foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin"; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; -- cgit v1.2.3 From 60725ba2a9ec8b1b84c0008643c7cc7dc02499a1 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 6 Jun 2014 13:33:47 +0200 Subject: offload the whole auth process onto a backend peer. with squid-3.2+ you use login=PASSTHRU and *no* Squid auth setup to offload the whole auth process onto a backend peer. --- config/squid3/33/squid_reverse.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 92bef0fb..fe94f394 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -100,7 +100,7 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; + $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; $active_peers=array(); if (is_array($reverse_peers)) -- cgit v1.2.3 From 2768bbb36a730449c51654172c14ef87f9c2ea67 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 6 Jun 2014 13:48:24 +0200 Subject: offload reverse auth to backend --- config/squid3/33/squid_reverse.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index fe94f394..eca216a1 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -107,7 +107,7 @@ function squid_resync_reverse() { foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin"; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU round-robin"; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; -- cgit v1.2.3 From 23dcdaeb56f1b64aff37cf71eb26c0bc42e1dd42 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Sat, 7 Jun 2014 17:45:45 +0200 Subject: fix bungled config see https://forum.pfsense.org/index.php?topic=73301.msg424937#msg424937 --- config/squid3/31/squid_reverse.inc | 2 +- config/squid3/33/squid_reverse.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 92bef0fb..4ac7fe82 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -107,7 +107,7 @@ function squid_resync_reverse() { foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin"; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index eca216a1..669f47cd 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -107,7 +107,7 @@ function squid_resync_reverse() { foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU round-robin"; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; -- cgit v1.2.3 From ff5060af8732ef9bd55a95537f3705c7382e19e0 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Tue, 10 Jun 2014 10:01:48 +0200 Subject: Directive 'ignore_expect_100' is obsolete --- config/squid3/33/squid_reverse.inc | 1 - 1 file changed, 1 deletion(-) (limited to 'config') diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 669f47cd..6ae209b2 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -174,7 +174,6 @@ function squid_resync_reverse() { array_push($owa_dirs,'mapi'); if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); - $conf .= "ignore_expect_100 on\n"; } } if (is_array($owa_dirs)) -- cgit v1.2.3 From 2bbfbdd783fe46d584d91b6014ef6c86520a9097 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 13 Jun 2014 11:31:52 +0200 Subject: allow multiple CAS-servers, correct checks --- config/squid3/33/squid.inc | 20 ++++++++------------ config/squid3/33/squid_reverse.inc | 23 ++++++++++++++++++----- config/squid3/33/squid_reverse.xml | 4 ++-- config/squid3/33/squid_reverse_general.xml | 4 ++-- 4 files changed, 30 insertions(+), 21 deletions(-) (limited to 'config') diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index a97746e2..d006c0db 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -615,9 +615,8 @@ function squid_validate_reverse($post, $input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -639,15 +638,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 6ae209b2..69d461e4 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -100,14 +100,22 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; - + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU round-robin "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; @@ -210,8 +218,13 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml index 28d8cbcf..b0f6a614 100755 --- a/config/squid3/33/squid_reverse.xml +++ b/config/squid3/33/squid_reverse.xml @@ -219,9 +219,9 @@ CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the CAS-Array / OWA frontend server. + These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). input - 15 + 70 Enable ActiveSync diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml index 029072a6..9bff5d8e 100755 --- a/config/squid3/33/squid_reverse_general.xml +++ b/config/squid3/33/squid_reverse_general.xml @@ -207,9 +207,9 @@ CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the CAS-Array / OWA frontend server. + These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). input - 15 + 70 Enable ActiveSync -- cgit v1.2.3 From 47a250e0d2b516cc87c7b582fda6f548c33c3d73 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 13 Jun 2014 11:52:37 +0200 Subject: allow multiple CAS-servers, correct checks --- config/squid3/31/squid.inc | 21 +++++++++------------ config/squid3/31/squid_reverse.inc | 20 +++++++++++++++++--- config/squid3/31/squid_reverse.xml | 4 ++-- config/squid3/31/squid_reverse_general.xml | 4 ++-- 4 files changed, 30 insertions(+), 19 deletions(-) (limited to 'config') diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc index 0256d078..b8f1e3e1 100644 --- a/config/squid3/31/squid.inc +++ b/config/squid3/31/squid.inc @@ -402,6 +402,7 @@ function squid_validate_general($post, $input_errors) { if (!empty($icp_port) && !is_port($icp_port)) $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field'; + if (substr($post['log_dir'], -1, 1) == '/') $input_errors[] = 'You may not end log location with an / mark'; @@ -594,9 +595,8 @@ function squid_validate_reverse($post, $input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -618,15 +618,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 4ac7fe82..418220c3 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -100,8 +100,17 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ @@ -211,8 +220,13 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } diff --git a/config/squid3/31/squid_reverse.xml b/config/squid3/31/squid_reverse.xml index 28d8cbcf..b0f6a614 100644 --- a/config/squid3/31/squid_reverse.xml +++ b/config/squid3/31/squid_reverse.xml @@ -219,9 +219,9 @@ CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the CAS-Array / OWA frontend server. + These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). input - 15 + 70 Enable ActiveSync diff --git a/config/squid3/31/squid_reverse_general.xml b/config/squid3/31/squid_reverse_general.xml index 029072a6..9bff5d8e 100644 --- a/config/squid3/31/squid_reverse_general.xml +++ b/config/squid3/31/squid_reverse_general.xml @@ -207,9 +207,9 @@ CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the CAS-Array / OWA frontend server. + These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). input - 15 + 70 Enable ActiveSync -- cgit v1.2.3 From 15dd9887e6c3c4c2d78dddca38a6fda7f997ab88 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 13 Jun 2014 14:53:51 +0200 Subject: fixed reverse owa OWA does not work with round-robin --- config/squid3/31/squid_reverse.inc | 2 +- config/squid3/33/squid_reverse.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 418220c3..798fead0 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -106,7 +106,7 @@ function squid_resync_reverse() { $casnr = 0; foreach ($reverse_owa_ip as $reowaip) { $casnr++; - $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; } } diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 69d461e4..c2463102 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -106,7 +106,7 @@ function squid_resync_reverse() { $casnr = 0; foreach ($reverse_owa_ip as $reowaip) { $casnr++; - $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; } } -- cgit v1.2.3 From a1538e7d5450ca85fa2a2536086e0203b84beef6 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Tue, 17 Jun 2014 08:51:48 +0200 Subject: enable AutoDiscover HTTP --- config/squid3/31/squid_reverse.inc | 11 +++++++---- config/squid3/33/squid_reverse.inc | 10 +++++++--- 2 files changed, 14 insertions(+), 7 deletions(-) (limited to 'config') diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 798fead0..20e16739 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -106,8 +106,8 @@ function squid_resync_reverse() { $casnr = 0; foreach ($reverse_owa_ip as $reowaip) { $casnr++; - $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; - + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASS name=OWA_HOST_80_{$casnr}_pfs\n"; } } @@ -193,6 +193,7 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } } //$conf .= "ssl_unclean_shutdown on"; @@ -223,8 +224,10 @@ function squid_resync_reverse() { for($cascnt=1;$cascnt<$casnr+1;$cascnt++) { - $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; } $conf .= "never_direct allow OWA_URI_pfs\n"; diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index c2463102..5226e819 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -106,7 +106,8 @@ function squid_resync_reverse() { $casnr = 0; foreach ($reverse_owa_ip as $reowaip) { $casnr++; - $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on name=OWA_HOST_80_{$casnr}_pfs\n"; } } @@ -191,6 +192,7 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } } //$conf .= "ssl_unclean_shutdown on"; @@ -221,8 +223,10 @@ function squid_resync_reverse() { for($cascnt=1;$cascnt<$casnr+1;$cascnt++) { - $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; } $conf .= "never_direct allow OWA_URI_pfs\n"; -- cgit v1.2.3 From a579dfb326bb24443f0d7da0dbcde27a527cb9aa Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Tue, 17 Jun 2014 20:07:19 +0200 Subject: add autodiscover url for self-hosted domains as tested in microsoft-connectivity-analyzer --- config/squid3/31/squid_reverse.inc | 4 +++- config/squid3/33/squid_reverse.inc | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 20e16739..d2611c79 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -192,8 +192,10 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); - $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } } //$conf .= "ssl_unclean_shutdown on"; diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 5226e819..a6b81c0b 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -191,8 +191,10 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); - $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } } //$conf .= "ssl_unclean_shutdown on"; -- cgit v1.2.3 From 2092dc4865e008f703353be65f23e7389f527ab4 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Wed, 18 Jun 2014 12:39:51 -0300 Subject: Do a basic validation on useaddr value --- config/openvpn-client-export/vpn_openvpn_export.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'config') diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 8d002397..086c2a52 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -131,10 +131,14 @@ if (!empty($act)) { else $nokeys = false; - if (empty($_GET['useaddr'])) { + $useaddr = ''; + if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) + $useaddr = trim($_GET['useaddr']); + + if (!(is_ipaddr($useaddr) || is_hostname($useaddr) || + in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) $input_errors[] = "You need to specify an IP or hostname."; - } else - $useaddr = $_GET['useaddr']; + $advancedoptions = $_GET['advancedoptions']; $openvpnmanager = $_GET['openvpnmanager']; -- cgit v1.2.3 From 6048cbcf1b2e2029250f9eb5fe166627c89398fd Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 19 Jun 2014 15:04:39 -0300 Subject: Improve a bit user input parameters, also make sure referer starts with / to avoid sending users to external sites --- config/snort/snort_import_aliases.php | 4 ++-- config/snort/snort_rules_flowbits.php | 2 +- config/snort/snort_select_alias.php | 18 ++++++++++-------- 3 files changed, 13 insertions(+), 11 deletions(-) (limited to 'config') diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index 80b3bb1d..ba71c9bf 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -32,13 +32,13 @@ require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); // Retrieve any passed QUERY STRING or POST variables -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; elseif (isset($_GET['id']) && is_numericint($_GET['id'])) $id = htmlspecialchars($_GET['id']); if (isset($_POST['eng'])) - $eng = $_POST['eng']; + $eng = htmlspecialchars($_POST['eng']); elseif (isset($_GET['eng'])) $eng = htmlspecialchars($_GET['eng']); diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index daf1c4ef..3baa502c 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -53,7 +53,7 @@ if (is_null($id)) { // Set who called us so we can return to the correct page with // the RETURN ('cancel') button. -if ($_POST['referrer']) +if (isset($_POST['referrer']) && substr($_POST['referrer'], 0, 1) == '/') $referrer = $_POST['referrer']; else $referrer = $_SERVER['HTTP_REFERER']; diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index c632b388..e13d0cb4 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -47,29 +47,31 @@ else // Retrieve any passed QUERY STRING or POST variables if (isset($_POST['type'])) - $type = $_POST['type']; + $type = htmlspecialchars($_POST['type']); elseif (isset($_GET['type'])) $type = htmlspecialchars($_GET['type']); if (isset($_POST['varname'])) - $varname = $_POST['varname']; + $varname = htmlspecialchars($_POST['varname']); elseif (isset($_GET['varname'])) $varname = htmlspecialchars($_GET['varname']); if (isset($_POST['multi_ip'])) - $multi_ip = $_POST['multi_ip']; + $multi_ip = htmlspecialchars($_POST['multi_ip']); elseif (isset($_GET['multi_ip'])) $multi_ip = htmlspecialchars($_GET['multi_ip']); -if (isset($_POST['returl'])) +if (isset($_POST['returl'])) && substr($_POST['returl'], 0, 1) == '/') $referrer = urldecode($_POST['returl']); -elseif (isset($_GET['returl'])) +elseif (isset($_GET['returl'])) && substr($_GET['returl'], 0, 1) == '/') $referrer = urldecode($_GET['returl']); +else + $referrer = $_SERVER['HTTP_REFERER']; // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. if (is_null($type) || is_null($varname)) { - header("Location: http://{$referrer}?{$querystr}"); + header("Location: {$referrer}?{$querystr}"); exit; } @@ -132,8 +134,8 @@ include("head.inc"); - - + +
-- cgit v1.2.3 From 35b75b9b94a3f63c358c34fe98ee5ad7f7004a62 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 19 Jun 2014 17:01:59 -0300 Subject: Replicate last snort changes from 6048cbcf1 to suricata --- config/suricata/suricata_rules_flowbits.php | 2 +- config/suricata/suricata_select_alias.php | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) (limited to 'config') diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php index c5193a8b..f266875c 100644 --- a/config/suricata/suricata_rules_flowbits.php +++ b/config/suricata/suricata_rules_flowbits.php @@ -65,7 +65,7 @@ if (is_null($id)) { // Set who called us so we can return to the correct page with // the RETURN ('cancel') button. -if ($_POST['referrer']) +if ($_POST['referrer'] && substr($_POST['referrer'], 0, 1) == '/') $referrer = $_POST['referrer']; else $referrer = $_SERVER['HTTP_REFERER']; diff --git a/config/suricata/suricata_select_alias.php b/config/suricata/suricata_select_alias.php index 527412d1..c11802c2 100644 --- a/config/suricata/suricata_select_alias.php +++ b/config/suricata/suricata_select_alias.php @@ -47,29 +47,31 @@ else // Retrieve any passed QUERY STRING or POST variables if (isset($_POST['type'])) - $type = $_POST['type']; + $type = htmlspecialchars($_POST['type']); elseif (isset($_GET['type'])) $type = htmlspecialchars($_GET['type']); if (isset($_POST['varname'])) - $varname = $_POST['varname']; + $varname = htmlspecialchars($_POST['varname']); elseif (isset($_GET['varname'])) $varname = htmlspecialchars($_GET['varname']); if (isset($_POST['multi_ip'])) - $multi_ip = $_POST['multi_ip']; + $multi_ip = htmlspecialchars($_POST['multi_ip']); elseif (isset($_GET['multi_ip'])) $multi_ip = htmlspecialchars($_GET['multi_ip']); -if (isset($_POST['returl'])) +if (isset($_POST['returl']) && substr($_POST['returl'], 0, 1) == '/') $referrer = urldecode($_POST['returl']); -elseif (isset($_GET['returl'])) +elseif (isset($_GET['returl']) && substr($_GET['returl'], 0, 1) == '/') $referrer = urldecode($_GET['returl']); +else + $referrer = $_SERVER['HTTP_REFERER']; // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. if (is_null($type) || is_null($varname)) { - header("Location: http://{$referrer}?{$querystr}"); + header("Location: {$referrer}?{$querystr}"); exit; } @@ -132,8 +134,8 @@ include("head.inc"); - - + +
-- cgit v1.2.3 From b99aae7aa74edd45f65661940bd8b52d67b9e178 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Fri, 20 Jun 2014 12:53:06 -0300 Subject: Remove call-time pass by reference since dansguardian_validate_input() has the reference on its prototype --- config/dansguardian/dansguardian.xml | 2 +- config/dansguardian/dansguardian_antivirus_acl.xml | 4 ++-- config/dansguardian/dansguardian_blacklist.xml | 2 +- config/dansguardian/dansguardian_config.xml | 2 +- config/dansguardian/dansguardian_content_acl.xml | 4 ++-- config/dansguardian/dansguardian_file_acl.xml | 4 ++-- config/dansguardian/dansguardian_groups.xml | 4 ++-- config/dansguardian/dansguardian_header_acl.xml | 4 ++-- config/dansguardian/dansguardian_ldap.xml | 4 ++-- config/dansguardian/dansguardian_limits.xml | 2 +- config/dansguardian/dansguardian_log.xml | 2 +- config/dansguardian/dansguardian_phrase_acl.xml | 4 ++-- config/dansguardian/dansguardian_pics_acl.xml | 2 +- config/dansguardian/dansguardian_search_acl.xml | 4 ++-- config/dansguardian/dansguardian_site_acl.xml | 4 ++-- config/dansguardian/dansguardian_sync.xml | 2 +- config/dansguardian/dansguardian_url_acl.xml | 4 ++-- config/dansguardian/dansguardian_users_footer.template | 2 +- 18 files changed, 28 insertions(+), 28 deletions(-) (limited to 'config') diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml index 55860775..2f87259b 100644 --- a/config/dansguardian/dansguardian.xml +++ b/config/dansguardian/dansguardian.xml @@ -377,7 +377,7 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_antivirus_acl.xml b/config/dansguardian/dansguardian_antivirus_acl.xml index 563d3f13..95876032 100755 --- a/config/dansguardian/dansguardian_antivirus_acl.xml +++ b/config/dansguardian/dansguardian_antivirus_acl.xml @@ -231,9 +231,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_blacklist.xml b/config/dansguardian/dansguardian_blacklist.xml index e9cba862..c33b46f2 100644 --- a/config/dansguardian/dansguardian_blacklist.xml +++ b/config/dansguardian/dansguardian_blacklist.xml @@ -163,7 +163,7 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml index 342b52d7..399dec73 100644 --- a/config/dansguardian/dansguardian_config.xml +++ b/config/dansguardian/dansguardian_config.xml @@ -306,7 +306,7 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_content_acl.xml b/config/dansguardian/dansguardian_content_acl.xml index 8a1866af..cf5777e0 100755 --- a/config/dansguardian/dansguardian_content_acl.xml +++ b/config/dansguardian/dansguardian_content_acl.xml @@ -199,9 +199,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_file_acl.xml b/config/dansguardian/dansguardian_file_acl.xml index ed4866c6..0aa01e0e 100755 --- a/config/dansguardian/dansguardian_file_acl.xml +++ b/config/dansguardian/dansguardian_file_acl.xml @@ -239,9 +239,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml index aaa9bcd6..7d62d345 100755 --- a/config/dansguardian/dansguardian_groups.xml +++ b/config/dansguardian/dansguardian_groups.xml @@ -450,9 +450,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_header_acl.xml b/config/dansguardian/dansguardian_header_acl.xml index 9ddb0c23..346ebf1a 100755 --- a/config/dansguardian/dansguardian_header_acl.xml +++ b/config/dansguardian/dansguardian_header_acl.xml @@ -219,9 +219,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_ldap.xml b/config/dansguardian/dansguardian_ldap.xml index 4c2b60f7..5876bc65 100755 --- a/config/dansguardian/dansguardian_ldap.xml +++ b/config/dansguardian/dansguardian_ldap.xml @@ -164,9 +164,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml index 2c147f1b..12bc98fa 100644 --- a/config/dansguardian/dansguardian_limits.xml +++ b/config/dansguardian/dansguardian_limits.xml @@ -173,7 +173,7 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml index 97cd5b0b..326abf85 100644 --- a/config/dansguardian/dansguardian_log.xml +++ b/config/dansguardian/dansguardian_log.xml @@ -246,7 +246,7 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_phrase_acl.xml b/config/dansguardian/dansguardian_phrase_acl.xml index c32f7720..c979022c 100755 --- a/config/dansguardian/dansguardian_phrase_acl.xml +++ b/config/dansguardian/dansguardian_phrase_acl.xml @@ -262,9 +262,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_pics_acl.xml b/config/dansguardian/dansguardian_pics_acl.xml index c2f4b52c..7c192bc7 100644 --- a/config/dansguardian/dansguardian_pics_acl.xml +++ b/config/dansguardian/dansguardian_pics_acl.xml @@ -196,7 +196,7 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_search_acl.xml b/config/dansguardian/dansguardian_search_acl.xml index 9f9cfa49..71b0df7d 100755 --- a/config/dansguardian/dansguardian_search_acl.xml +++ b/config/dansguardian/dansguardian_search_acl.xml @@ -256,9 +256,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_site_acl.xml b/config/dansguardian/dansguardian_site_acl.xml index 7804d9f6..bc386e7a 100755 --- a/config/dansguardian/dansguardian_site_acl.xml +++ b/config/dansguardian/dansguardian_site_acl.xml @@ -292,9 +292,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml index 9401253c..11c13b87 100755 --- a/config/dansguardian/dansguardian_sync.xml +++ b/config/dansguardian/dansguardian_sync.xml @@ -158,7 +158,7 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_url_acl.xml b/config/dansguardian/dansguardian_url_acl.xml index 8adf46c0..8f266489 100755 --- a/config/dansguardian/dansguardian_url_acl.xml +++ b/config/dansguardian/dansguardian_url_acl.xml @@ -343,9 +343,9 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); - \ No newline at end of file + diff --git a/config/dansguardian/dansguardian_users_footer.template b/config/dansguardian/dansguardian_users_footer.template index 1288b919..1d1f054e 100644 --- a/config/dansguardian/dansguardian_users_footer.template +++ b/config/dansguardian/dansguardian_users_footer.template @@ -6,7 +6,7 @@ dansguardian_php_deinstall_command(); - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); sync_package_dansguardian(); -- cgit v1.2.3 From 0e308ae3683406ea0560fd2211093fb35b014296 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Fri, 20 Jun 2014 12:54:37 -0300 Subject: Remove call-time pass by reference since mailscanner_validate_input() has the reference on its prototype --- config/mailscanner/mailscanner.xml | 2 +- config/mailscanner/mailscanner_alerts.xml | 2 +- config/mailscanner/mailscanner_antispam.xml | 2 +- config/mailscanner/mailscanner_antivirus.xml | 2 +- config/mailscanner/mailscanner_attachments.xml | 2 +- config/mailscanner/mailscanner_content.xml | 2 +- config/mailscanner/mailscanner_report.xml | 2 +- config/mailscanner/mailscanner_sync.xml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) (limited to 'config') diff --git a/config/mailscanner/mailscanner.xml b/config/mailscanner/mailscanner.xml index a7115a5c..62f318cb 100644 --- a/config/mailscanner/mailscanner.xml +++ b/config/mailscanner/mailscanner.xml @@ -347,7 +347,7 @@ mailscanner_php_deinstall_command(); - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_alerts.xml b/config/mailscanner/mailscanner_alerts.xml index 9d80bae6..ddc1112b 100644 --- a/config/mailscanner/mailscanner_alerts.xml +++ b/config/mailscanner/mailscanner_alerts.xml @@ -150,7 +150,7 @@ mailscanner_php_deinstall_command(); - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_antispam.xml b/config/mailscanner/mailscanner_antispam.xml index 26295059..2902f36d 100644 --- a/config/mailscanner/mailscanner_antispam.xml +++ b/config/mailscanner/mailscanner_antispam.xml @@ -445,7 +445,7 @@ mailscanner_php_deinstall_command(); - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_antivirus.xml b/config/mailscanner/mailscanner_antivirus.xml index 590a61f6..a6b08f8c 100644 --- a/config/mailscanner/mailscanner_antivirus.xml +++ b/config/mailscanner/mailscanner_antivirus.xml @@ -181,7 +181,7 @@ mailscanner_php_deinstall_command(); - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_attachments.xml b/config/mailscanner/mailscanner_attachments.xml index e89fbd46..bcd14163 100644 --- a/config/mailscanner/mailscanner_attachments.xml +++ b/config/mailscanner/mailscanner_attachments.xml @@ -212,7 +212,7 @@ mailscanner_php_deinstall_command(); - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_content.xml b/config/mailscanner/mailscanner_content.xml index 07342dce..1efe84f5 100644 --- a/config/mailscanner/mailscanner_content.xml +++ b/config/mailscanner/mailscanner_content.xml @@ -234,7 +234,7 @@ mailscanner_php_deinstall_command(); - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_report.xml b/config/mailscanner/mailscanner_report.xml index e12ed341..2e0ca449 100644 --- a/config/mailscanner/mailscanner_report.xml +++ b/config/mailscanner/mailscanner_report.xml @@ -524,7 +524,7 @@ mailscanner_php_deinstall_command(); - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_sync.xml b/config/mailscanner/mailscanner_sync.xml index 46f7dbfe..2bcca7d0 100644 --- a/config/mailscanner/mailscanner_sync.xml +++ b/config/mailscanner/mailscanner_sync.xml @@ -151,7 +151,7 @@ mailscanner_php_deinstall_command(); - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); sync_package_mailscanner(); -- cgit v1.2.3 From 264e625fd51bdff804ff4dd01c83479d936ef7a0 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Fri, 20 Jun 2014 14:11:30 -0300 Subject: Remove call-time pass by reference since pfblocker_validate_input() has the reference on its prototype --- config/pf-blocker/pfblocker.php | 2 +- config/pf-blocker/pfblocker.xml | 2 +- config/pf-blocker/pfblocker_lists.xml | 2 +- config/pf-blocker/pfblocker_sync.xml | 2 +- config/pf-blocker/pfblocker_topspammers.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'config') diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php index 17fb10e7..50214142 100644 --- a/config/pf-blocker/pfblocker.php +++ b/config/pf-blocker/pfblocker.php @@ -249,7 +249,7 @@ $xml= << - pfblocker_validate_input(\$_POST, &\$input_errors); + pfblocker_validate_input(\$_POST, \$input_errors); sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml index 44658bcb..ffc138f5 100755 --- a/config/pf-blocker/pfblocker.xml +++ b/config/pf-blocker/pfblocker.xml @@ -241,7 +241,7 @@ pfblocker_php_deinstall_command(); - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml index f1798d36..50782ea1 100755 --- a/config/pf-blocker/pfblocker_lists.xml +++ b/config/pf-blocker/pfblocker_lists.xml @@ -246,7 +246,7 @@ pfblocker_php_deinstall_command(); - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker_sync.xml b/config/pf-blocker/pfblocker_sync.xml index e2e19567..67b49db1 100644 --- a/config/pf-blocker/pfblocker_sync.xml +++ b/config/pf-blocker/pfblocker_sync.xml @@ -138,7 +138,7 @@ pfblocker_php_deinstall_command(); - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker_topspammers.xml b/config/pf-blocker/pfblocker_topspammers.xml index 2536cf80..e7d95e21 100644 --- a/config/pf-blocker/pfblocker_topspammers.xml +++ b/config/pf-blocker/pfblocker_topspammers.xml @@ -158,7 +158,7 @@ pfblocker_php_deinstall_command(); - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); sync_package_pfblocker(); -- cgit v1.2.3 From a3e9d7da81031d5cdf72c0d534dac47695323869 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Fri, 20 Jun 2014 14:26:54 -0300 Subject: Remove call-time pass by reference since postfix_validate_input() has the reference on its prototype --- config/postfix/postfix.xml | 2 +- config/postfix/postfix_acl.xml | 2 +- config/postfix/postfix_antispam.xml | 2 +- config/postfix/postfix_domains.xml | 2 +- config/postfix/postfix_recipients.xml | 2 +- config/postfix/postfix_sync.xml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) (limited to 'config') diff --git a/config/postfix/postfix.xml b/config/postfix/postfix.xml index 59e58f41..46233828 100644 --- a/config/postfix/postfix.xml +++ b/config/postfix/postfix.xml @@ -354,7 +354,7 @@ postfix_php_deinstall_command(); - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); sync_package_postfix(); diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml index d704c189..60b23a22 100644 --- a/config/postfix/postfix_acl.xml +++ b/config/postfix/postfix_acl.xml @@ -221,7 +221,7 @@ postfix_php_deinstall_command(); - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); sync_package_postfix(); diff --git a/config/postfix/postfix_antispam.xml b/config/postfix/postfix_antispam.xml index 94f52f35..6c3f5911 100644 --- a/config/postfix/postfix_antispam.xml +++ b/config/postfix/postfix_antispam.xml @@ -279,7 +279,7 @@ postfix_php_deinstall_command(); - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); sync_package_postfix(); diff --git a/config/postfix/postfix_domains.xml b/config/postfix/postfix_domains.xml index 23d80e12..539ef60e 100644 --- a/config/postfix/postfix_domains.xml +++ b/config/postfix/postfix_domains.xml @@ -137,7 +137,7 @@ postfix_php_deinstall_command(); - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); sync_package_postfix(); diff --git a/config/postfix/postfix_recipients.xml b/config/postfix/postfix_recipients.xml index 2b07bae8..d8f9707e 100644 --- a/config/postfix/postfix_recipients.xml +++ b/config/postfix/postfix_recipients.xml @@ -192,7 +192,7 @@ postfix_php_deinstall_command(); - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); sync_package_postfix(); diff --git a/config/postfix/postfix_sync.xml b/config/postfix/postfix_sync.xml index 88617fbf..97a88e2c 100644 --- a/config/postfix/postfix_sync.xml +++ b/config/postfix/postfix_sync.xml @@ -193,7 +193,7 @@ postfix_php_deinstall_command(); - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); sync_package_postfix(); -- cgit v1.2.3 From 979db1fb94648714514fe2322597eb82c531645f Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Fri, 20 Jun 2014 14:27:25 -0300 Subject: Remove call-time pass by reference since sarg_validate_input() has the reference on its prototype --- config/sarg/sarg.xml | 2 +- config/sarg/sarg_schedule.xml | 2 +- config/sarg/sarg_sync.xml | 2 +- config/sarg/sarg_users.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'config') diff --git a/config/sarg/sarg.xml b/config/sarg/sarg.xml index a0162e3b..9266d211 100644 --- a/config/sarg/sarg.xml +++ b/config/sarg/sarg.xml @@ -363,7 +363,7 @@ sarg_php_deinstall_command(); - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); sync_package_sarg(); diff --git a/config/sarg/sarg_schedule.xml b/config/sarg/sarg_schedule.xml index 07e24d5c..6080e530 100644 --- a/config/sarg/sarg_schedule.xml +++ b/config/sarg/sarg_schedule.xml @@ -216,7 +216,7 @@ - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); sync_package_sarg(); diff --git a/config/sarg/sarg_sync.xml b/config/sarg/sarg_sync.xml index 6cff7b6d..354d9991 100755 --- a/config/sarg/sarg_sync.xml +++ b/config/sarg/sarg_sync.xml @@ -138,7 +138,7 @@ sarg_php_deinstall_command(); - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); sarg_resync(); diff --git a/config/sarg/sarg_users.xml b/config/sarg/sarg_users.xml index d038e5b3..39387007 100644 --- a/config/sarg/sarg_users.xml +++ b/config/sarg/sarg_users.xml @@ -211,7 +211,7 @@ - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); sync_package_sarg(); -- cgit v1.2.3 From 0314d512488e58437d788723b4c29fea15711b77 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Fri, 20 Jun 2014 14:29:07 -0300 Subject: Move reference to function prototype and remove call-time reference --- config/blinkled/blinkled.inc | 2 +- config/blinkled/blinkled.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/blinkled/blinkled.inc b/config/blinkled/blinkled.inc index 25403232..ffbc79b2 100644 --- a/config/blinkled/blinkled.inc +++ b/config/blinkled/blinkled.inc @@ -39,7 +39,7 @@ function blinkled_stop() { mwexec("/usr/bin/killall -9 blinkled"); } -function validate_form_blinkled($post, $input_errors) { +function validate_form_blinkled($post, &$input_errors) { /* Make sure both aren't using the same interface */ if (($post['iface_led2']) && ($post['iface_led3']) && (($post['enable_led2']) && ($post['enable_led3'])) && diff --git a/config/blinkled/blinkled.xml b/config/blinkled/blinkled.xml index fb0965c9..aa0c53e8 100644 --- a/config/blinkled/blinkled.xml +++ b/config/blinkled/blinkled.xml @@ -56,7 +56,7 @@ - validate_form_blinkled($_POST, &$input_errors); + validate_form_blinkled($_POST, $input_errors); sync_package_blinkled(); -- cgit v1.2.3 From a72404116dd45d1bd4d4ee738475d069c9a5e58a Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Fri, 20 Jun 2014 15:28:56 -0300 Subject: Move squidGuard-devel references to functions prototypes and remove call-time references --- config/squidGuard-devel/squidguard.inc | 54 +++++++++++----------- config/squidGuard-devel/squidguard.xml | 4 +- config/squidGuard-devel/squidguard_acl.xml | 4 +- .../squidGuard-devel/squidguard_configurator.inc | 50 ++++++++++---------- config/squidGuard-devel/squidguard_default.xml | 4 +- config/squidGuard-devel/squidguard_dest.xml | 4 +- config/squidGuard-devel/squidguard_log.php | 6 +-- config/squidGuard-devel/squidguard_rewr.xml | 2 +- config/squidGuard-devel/squidguard_time.xml | 2 +- 9 files changed, 65 insertions(+), 65 deletions(-) (limited to 'config') diff --git a/config/squidGuard-devel/squidguard.inc b/config/squidGuard-devel/squidguard.inc index d58dfb79..0be94a6f 100644 --- a/config/squidGuard-devel/squidguard.inc +++ b/config/squidGuard-devel/squidguard.inc @@ -101,12 +101,12 @@ sg_init(convert_pfxml_to_sgxml()); # ============================================================================== # Validations # ============================================================================== -function squidguard_validate($post, $input_errors) +function squidguard_validate($post, &$input_errors) { $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; # check config if 'Apply' - if ($submit === APPLY_BTN) sg_check_config_data(&$input_errors); + if ($submit === APPLY_BTN) sg_check_config_data($input_errors); } # ------------------------------------------------------------------------------ @@ -114,13 +114,13 @@ function squidguard_validate($post, $input_errors) # ------------------------------------------------------------------------------ function squidguard_validate_default($post, $input_errors) { - squidguard_validate_acl($post, &$input_errors); + squidguard_validate_acl($post, $input_errors); } # ------------------------------------------------------------------------------ # validate acl # ------------------------------------------------------------------------------ -function squidguard_validate_acl($post, $input_errors) +function squidguard_validate_acl(&$post, &$input_errors) { $pass_up = array(); $deny_up = array(); @@ -134,7 +134,7 @@ function squidguard_validate_acl($post, $input_errors) $name = trim($post[F_NAME]); if(!empty($name)) { # validate name format - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_ACLS, $name)) @@ -148,7 +148,7 @@ function squidguard_validate_acl($post, $input_errors) $sgx = array(); $sgx[F_NAME] = $post[F_NAME]; $sgx[F_SOURCE] = $post[F_SOURCE]; - sg_check_src($sgx, &$input_errors); + sg_check_src($sgx, $input_errors); } # store destinations to 'dest' value @@ -192,7 +192,7 @@ function squidguard_validate_acl($post, $input_errors) # check redirect $errmsg = ''; - if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], &$errmsg)) { + if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], $errmsg)) { $input_errors[] = "Redirect info error. $errmsg"; } } @@ -203,14 +203,14 @@ function squidguard_validate_acl($post, $input_errors) # date: