From ca0c95bd660bbc2780d933f50f47de3524d7dc10 Mon Sep 17 00:00:00 2001 From: Seth Mos Date: Tue, 9 Jan 2007 16:07:19 +0000 Subject: Enter version p8. first attempt at a working black and whitelisting scheme. The previous version had a http_access allow on both GET and POST request. Which ends up being the world. Has this ever worked? Removed the mac acl backend since it is not supported. Next step squidguard or danguardian --- packages/squid/squid.inc | 53 ++++++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 24 deletions(-) (limited to 'packages/squid/squid.inc') diff --git a/packages/squid/squid.inc b/packages/squid/squid.inc index a3c2b5d8..5a716747 100644 --- a/packages/squid/squid.inc +++ b/packages/squid/squid.inc @@ -369,7 +369,8 @@ function squid_resync_general() { global $g, $config, $valid_acls; $settings = $config['installedpackages']['squid']['config'][0]; - $conf = ''; + $conf = "# This file is automatically generated by pfSense\n"; + $conf = "# Do not edit manually!\n"; $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); $ifaces = ($settings['active_interface'] ? $settings['active_interface'] : 'lan'); @@ -407,7 +408,7 @@ error_directory $errordir visible_hostname $hostname cache_mgr $email -cache_access_log $logdir_access +access_log $logdir_access cache_log $logdir_cache cache_store_log none shutdown_lifetime 3 seconds @@ -421,16 +422,9 @@ EOD; $ip = long2ip(ip2long($ip) & ip2long($mask)); $src .= " $ip/$mask"; } + $conf .= "Allow local network(s) on interface(s)\n"; $conf .= "acl localnet src $src\n"; $valid_acls[] = 'localnet'; - $conf .= << 'src', - 'unrestricted_macs' => 'arp', 'banned_hosts' => 'src', - 'banned_macs' => 'arp', - 'whitelist' => 'url_regex -i', - 'blacklist' => 'url_regex -i', + 'whitelist' => 'dstdom_regex -i', + 'blacklist' => 'dstdom_regex -i', ); foreach ($options as $option => $directive) { $contents = trim(implode("\n", array_map('trim', explode(',', $settings[$option])))); @@ -539,7 +536,7 @@ EOD; } $conf .= <<