From 9f2521ca8351e454e03193ddccbf5eb2166ec1fd Mon Sep 17 00:00:00 2001 From: Daniel Stefan Haischt Date: Sat, 1 Sep 2007 04:10:13 +0000 Subject: * added copyright header to each file * added XSL stylesheet to each file * added DTD to some files (TODO: Add DTD to the remaining files and validate them against the DTD) * added a Document Type Definition which allows to validate package files --- packages/squid/squid.xml | 152 +++++++++++++++++++------------------- packages/squid/squid_auth.xml | 68 ++++++++--------- packages/squid/squid_cache.xml | 30 ++++---- packages/squid/squid_extauth.xml | 8 +- packages/squid/squid_nac.xml | 34 +++++---- packages/squid/squid_ng.xml | 79 ++++++++++---------- packages/squid/squid_traffic.xml | 40 +++++----- packages/squid/squid_upstream.xml | 10 ++- packages/squid/squid_users.xml | 18 +++-- 9 files changed, 226 insertions(+), 213 deletions(-) (limited to 'packages/squid') diff --git a/packages/squid/squid.xml b/packages/squid/squid.xml index f17c4be2..0370aff2 100644 --- a/packages/squid/squid.xml +++ b/packages/squid/squid.xml @@ -1,4 +1,5 @@ + @@ -46,7 +47,51 @@ Currently there are no FAQ items provided. squid 2.6.5_1-p15 + Proxy server: General settings /usr/local/pkg/squid.inc + + Proxy server + Modify the proxy server's settings +
Services
+ /pkg_edit.php?xml=squid.xml&id=0 + + + squid + squid.sh + squid + Proxy server Service + + + + General settings + /pkg_edit.php?xml=squid.xml&id=0 + + + + Upstream proxy + /pkg_edit.php?xml=squid_upstream.xml&id=0 + + + Cache management + /pkg_edit.php?xml=squid_cache.xml&id=0 + + + Access control + /pkg_edit.php?xml=squid_nac.xml&id=0 + + + Traffic management + /pkg_edit.php?xml=squid_traffic.xml&id=0 + + + Auth settings + /pkg_edit.php?xml=squid_auth.xml&id=0 + + + Local users + /pkg.php?xml=squid_users.xml + + /usr/local/pkg/ @@ -89,139 +134,94 @@ http://www.pfsense.org/packages/config/squid/squid_users.xml - http://www.pfsense.org/packages/config/squid/proxy_monitor.sh /usr/local/etc/rc.d/ 0755 + http://www.pfsense.org/packages/config/squid/proxy_monitor.sh - http://www.pfsense.org/packages/config/squid/squid_cache.xml /usr/local/pkg/ 0755 + http://www.pfsense.org/packages/config/squid/squid_cache.xml - - Proxy server - Modify the proxy server's settings -
Services
- /pkg_edit.php?xml=squid.xml&id=0 - - - squid - Proxy server Service - squid.sh - squid - - - Proxy server: General settings - - - General settings - /pkg_edit.php?xml=squid.xml&id=0 - - - - Upstream proxy - /pkg_edit.php?xml=squid_upstream.xml&id=0 - - - Cache management - /pkg_edit.php?xml=squid_cache.xml&id=0 - - - Access control - /pkg_edit.php?xml=squid_nac.xml&id=0 - - - Traffic management - /pkg_edit.php?xml=squid_traffic.xml&id=0 - - - Auth settings - /pkg_edit.php?xml=squid_auth.xml&id=0 - - - Local users - /pkg.php?xml=squid_users.xml - - - active_interface Proxy interface + active_interface The interface(s) the proxy server will bind to. - lan - interfaces_selection + + lan - allow_interface Allow users on interface + allow_interface If this field is checked, the users connected to the interface selected in the 'Proxy interface' field will be allowed to use the proxy, i.e., there will be no need to add the interface's subnet to the list of allowed subnets. This is just a shortcut. - on - checkbox + + on - transparent_proxy Transparent proxy + transparent_proxy If transparent mode is enabled, all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary. - checkbox + - log_enabled Enabled logging + log_enabled This will enable the access log. Don't switch this on if you don't have much disk space left. - log_query_terms,log_user_agents checkbox + log_query_terms,log_user_agents - log_dir Log store directory + log_dir The directory where the log will be stored (note: do not end with a / mark) - input 60 + /var/squid/log - proxy_port Proxy port + proxy_port This is the port the proxy server will listen on. - input 5 + 3128 - icp_port ICP port + icp_port This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. Leave this blank if you don't want the proxy server to communicate with neighbor caches through ICP. input 5 - visible_hostname Visible hostname + visible_hostname This is the URL to be displayed in proxy server error messages. - localhost input 60 + localhost - admin_email Administrator email + admin_email This is the email address displayed in error messages to the users. - admin@localhost input 60 + admin@localhost Language error_language Select the language in which the proxy server will display error messages to users. - English select + English Disable X-Forward @@ -240,37 +240,37 @@ uri_whitespace <b> strip:</b> The whitespace characters are stripped out of the URL. This is the behavior recommended by RFC2396. <p> <b> deny:</b> The request is denied. The user receives an "Invalid Request" message.<p> <b> allow:</b> The request is allowed and the URI is not changed. The whitespace characters remain in the URI.<p> <b> encode:</b> The request is allowed and the whitespace characters are encoded according to RFC1738.<p> <b> chop:</b> The request is allowed and the URI is chopped at the first whitespace. select + strip - strip - - squid_resync(); - squid_before_form_general(&$pkg); + + squid_resync(); + squid_validate_general($_POST, &$input_errors); diff --git a/packages/squid/squid_auth.xml b/packages/squid/squid_auth.xml index d763bb72..b3e7c5c1 100644 --- a/packages/squid/squid_auth.xml +++ b/packages/squid/squid_auth.xml @@ -1,4 +1,5 @@ + @@ -44,9 +45,10 @@ Describe your package here Describe your package requirements here Currently there are no FAQ items provided. - squid.inc squidauth + none Proxy server: Authentication + squid.inc General settings @@ -83,9 +85,9 @@ Authentication method auth_method Select an authentication method. This will allow users to be authenticated by local or external services. - none - select + + none @@ -96,128 +98,128 @@ on_auth_method_changed() - ldap_version LDAP version + ldap_version Enter LDAP protocol version (2 or 3). - 2 select + 2 - auth_server Authentication server + auth_server Enter here the IP or hostname of the server that will perform the authentication. input 60 - auth_server_port Authentication server port + auth_server_port Enter here the port to use to connect to the authentication server. Leave this field blank to use the authentication method's default port. input 60 - ldap_user LDAP server user DN + ldap_user Enter here the user DN to use to connect to the LDAP server. input 60 - ldap_pass LDAP password + ldap_pass Enter here the password to use to connect to the LDAP server. password 60 - ldap_basedomain LDAP base domain + ldap_basedomain For LDAP authentication, enter here the base domain in the LDAP server. input 60 - ldap_filter LDAP search filter - (&(objectClass=person)(uid=%s)) + ldap_filter Enter LDAP search filter. input 60 + (&(objectClass=person)(uid=%s)) - radius_secret RADIUS secret + radius_secret The RADIUS secret for RADIUS authentication. password 60 - msnt_secondary Secondary NT servers + msnt_secondary Comma-separated list of secondary servers to be used for NT domain authentication. input 60 - auth_prompt Authentication prompt + auth_prompt This string will be displayed at the top of the authentication request window. - Please enter your credentials to access the proxy input + Please enter your credentials to access the proxy - auth_processes Authentication processes + auth_processes The number of authenticator processes to spawn. If many authentications are expected within a short timeframe, increase this number accordingly. - 5 input 60 + 5 - auth_ttl Authentication TTL + auth_ttl This specifies for how long (in minutes) the proxy server assumes an externally validated username and password combination is valid (Time To Live). When the TTL expires, the user will be prompted for credentials again. - 60 input 60 + 60 - unrestricted_auth Requiere authentication for unrestricted hosts + unrestricted_auth If this option is enabled, even users tagged as unrestricted through access control are required to authenticate to use the proxy. checkbox - no_auth_hosts Subnets that don't need authentication + no_auth_hosts Enter each subnet or IP address on a new line (in CIDR format, e.g.: 10.5.0.0/16, 192.168.1.50/32) that should not be asked for authentication to access the proxy. textarea - base64 - 5 50 + 5 + base64 - - $transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on'); - if($transparent_proxy) - $input_errors[] = "Authentication cannot be enabled while transparent proxy mode is enabled"; - squid_print_javascript_auth(); - squid_validate_auth($_POST, &$input_errors); - - squid_print_javascript_auth2(); - squid_print_javascript_auth2(); squid_resync(); + + squid_print_javascript_auth2(); + + + $transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on'); + if($transparent_proxy) + $input_errors[] = "Authentication cannot be enabled while transparent proxy mode is enabled"; + squid_print_javascript_auth(); + diff --git a/packages/squid/squid_cache.xml b/packages/squid/squid_cache.xml index f70918a9..861f96b8 100644 --- a/packages/squid/squid_cache.xml +++ b/packages/squid/squid_cache.xml @@ -1,4 +1,5 @@ + @@ -44,9 +45,10 @@ Describe your package here Describe your package requirements here Currently there are no FAQ items provided. - squid.inc squidcache + none Proxy server: Cache management + squid.inc General settings @@ -83,49 +85,49 @@ Hard disk cache size harddisk_cache_size This is the amount of disk space (in megabytes) to use for cached objects. + input 100 - input Hard disk cache location harddisk_cache_location This is the directory where the cache will be stored. (note: do not end with a /). If you change this location, squid needs to make a new cache, this could take a while + input + 60 /var/squid/cache - 60 - input Memory cache size memory_cache_size This is the amount of physical RAM (in megabytes) to be used for negative cache and in-transit objects. This value should not exceed more than 50% of the installed RAM. The minimum value is 1MB. + input 8 - input Minimum object size minimum_object_size Objects smaller than the size specified (in kilobytes) will not be saved on disk. The default value is 0, meaning there is no minimum. - - 0 input + + 0 Maximum object size maximum_object_size Objects larger than the size specified (in kilobytes) will not be saved on disk. If you wish to increase speed more than you want to save bandwidth, this should be set to a low value. + input 4 - input Level 1 subdirectories level1_subdirs Each level-1 directory contains 256 subdirectories, so a value of 256 level-1 directories will use a total of 65536 directories for the hard disk cache. This will significantly slow down the startup process of the proxy service, but can speed up the caching under certain conditions. - 16 select + 16 @@ -140,8 +142,8 @@ Memory replacement policy memory_replacement The memory replacement policy determines which objects are purged from memory when space is needed. The default policy for memory replacement is GDSF. <p> <b> LRU: Last Recently Used Policy </b> - The LRU policies keep recently referenced objects. i.e., it replaces the object that has not been accessed for the longest time. <p> <b> Heap GDSF: Greedy-Dual Size Frequency </b> - The Heap GDSF policy optimizes object-hit rate by keeping smaller, popular objects in cache. It achieves a lower byte hit rate than LFUDA though, since it evicts larger (possibly popular) objects. <p> <b> Heap LFUDA: Least Frequently Used with Dynamic Aging </b> - The Heap LFUDA policy keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate since one large, popular object will prevent many smaller, slightly less popular objects from being cached. <p> <b> Heap LRU: Last Recently Used </b> - Works like LRU, but uses a heap instead. <p> Note: If using the LFUDA replacement policy, the value of Maximum Object Size should be increased above its default of 12KB to maximize the potential byte hit rate improvement of LFUDA. - heap GDSF select + heap GDSF @@ -153,8 +155,8 @@ Cache replacement policy cache_replacement The cache replacement policy decides which objects will remain in cache and which objects are replaced to create space for the new objects. The default policy for cache replacement is LFUDA. Please see the type descriptions specified in the memory replacement policy for additional detail. - heap LFUDA select + heap LFUDA @@ -167,16 +169,16 @@ donotcache Enter each domain or IP address on a new line that should never be cached. textarea - base64 - 5 50 + 5 + base64 Enable offline mode enable_offline Enable this option and the proxy server will never try to validate cached objects. The offline mode gives access to more cached information than the proposed feature would allow (stale cached versions, where the origin server should have been contacted). - checkbox + diff --git a/packages/squid/squid_extauth.xml b/packages/squid/squid_extauth.xml index a465f81d..745e85d5 100644 --- a/packages/squid/squid_extauth.xml +++ b/packages/squid/squid_extauth.xml @@ -1,4 +1,5 @@ + @@ -45,11 +46,9 @@ Describe your package requirements here Currently there are no FAQ items provided. squidextnoauth + none Services: Proxy Server -> Extended Authentication Settings - installedpackages->package->squidextnoauth->configuration->settings - /pkg_edit.php?xml=squid_extauth.xml&id=0 - General Settings @@ -88,11 +87,12 @@ - + installedpackages->package->squidextnoauth->configuration->settings No Authentication Defined no_auth + text diff --git a/packages/squid/squid_nac.xml b/packages/squid/squid_nac.xml index 4e68c062..435671a2 100644 --- a/packages/squid/squid_nac.xml +++ b/packages/squid/squid_nac.xml @@ -1,4 +1,5 @@ + @@ -44,9 +45,10 @@ Describe your package here Describe your package requirements here Currently there are no FAQ items provided. - squid.inc squidnac + none Proxy server: Access control + squid.inc General settings @@ -80,49 +82,49 @@ - allowed_subnets Allowed subnets + allowed_subnets Enter each subnet on a new line that is allowed to use the proxy. The subnets must be expressed as CIDR ranges (e.g.: 192.168.1.0/24). Note that the proxy interface subnet is already an allowed subnet. All the other subnets won't be able to use the proxy. textarea - base64 - 5 50 + 5 + base64 - unrestricted_hosts Unrestricted IPs + unrestricted_hosts Enter each unrestricted IP address on a new line that is not to be filtered out by the other access control directives set in this page. textarea - base64 - 5 50 + 5 + base64 - banned_hosts Banned host addresses + banned_hosts Enter each IP address on a new line that is not to be allowed to use the proxy. textarea - base64 - 5 50 + 5 + base64 - whitelist Whitelist + whitelist Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. textarea - base64 - 5 50 + 5 + base64 - blacklist Blacklist + blacklist Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy. textarea - base64 - 5 50 + 5 + base64 diff --git a/packages/squid/squid_ng.xml b/packages/squid/squid_ng.xml index 4c9667af..5949606e 100644 --- a/packages/squid/squid_ng.xml +++ b/packages/squid/squid_ng.xml @@ -1,4 +1,5 @@ + @@ -45,12 +46,11 @@ Describe your package requirements here Currently there are no FAQ items provided. squid + 2.5.12_4 Services: Proxy Server Security - 2.5.12_4 - /usr/local/pkg/squid_ng.inc - installedpackages->package->squidng->configuration->settings /pkg_edit.php?xml=squid_ng.xml&id=0 + /usr/local/pkg/squid_ng.inc Squid Modify settings for Proxy Server @@ -67,6 +67,38 @@ squid squid.sh + + + General Settings + /pkg_edit.php?xml=squid.xml&id=0 + + + + Upstream Proxy + /pkg_edit.php?xml=squid_upstream.xml&id=0 + + + Cache Mgmt + /pkg_edit.php?xml=squid_cache.xml&id=0 + + + Network Access Control + /pkg_edit.php?xml=squid_nac.xml&id=0 + + + Traffic Mgmt + /pkg_edit.php?xml=squid_traffic.xml&id=0 + + + Auth Settings + /pkg_edit.php?xml=squid_auth.xml&id=0 + + + Extended Auth Settings + /pkg_edit.php?xml=squid_extauth.xml&id=0 + + + installedpackages->package->squidng->configuration->settings /usr/local/pkg/ 0755 @@ -107,37 +139,6 @@ 0755 http://www.pfsense.com/packages/config/squid/squid_extauth.xml - - - General Settings - /pkg_edit.php?xml=squid.xml&id=0 - - - - Upstream Proxy - /pkg_edit.php?xml=squid_upstream.xml&id=0 - - - Cache Mgmt - /pkg_edit.php?xml=squid_cache.xml&id=0 - - - Network Access Control - /pkg_edit.php?xml=squid_nac.xml&id=0 - - - Traffic Mgmt - /pkg_edit.php?xml=squid_traffic.xml&id=0 - - - Auth Settings - /pkg_edit.php?xml=squid_auth.xml&id=0 - - - Extended Auth Settings - /pkg_edit.php?xml=squid_extauth.xml&id=0 - - Proxy Listening Interface @@ -176,33 +177,33 @@ checkbox - true Proxy Port proxy_port This is the port the Proxy Server will listen for client requests on. The default is 3128. - 4 input + 4 + true ICP Port icp_port This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. The default value is 0, which means this function is disabled. - 4 input + 4 Visible Hostname visible_hostname This URL is displayed on the Proxy Server error messages. - 35 input + 35 Cache Administrator E-Mail cache_admin_email This E-Mail address is displayed on the Proxy Server error messages. - 35 input + 35 Error Messages Language diff --git a/packages/squid/squid_traffic.xml b/packages/squid/squid_traffic.xml index bfad2c06..1556be66 100644 --- a/packages/squid/squid_traffic.xml +++ b/packages/squid/squid_traffic.xml @@ -1,4 +1,5 @@ + @@ -44,9 +45,10 @@ Describe your package here Describe your package requirements here Currently there are no FAQ items provided. - squid.inc squidtraffic + none Proxy server: Traffic management + squid.inc General settings @@ -80,66 +82,66 @@ - max_download_size Maximum download size + max_download_size Limit the maximum total download size to the size specified here (in kilobytes). Set to 0 to disable. - 0 - input + + 0 - max_upload_size Maximum upload size + max_upload_size Limit the maximum total upload size to the size specified here (in kilobytes). Set to 0 to disable. - 0 - input + + 0 - overall_throttling Overall bandwidth throttling + overall_throttling This value specifies (in kilobytes per second) the bandwidth throttle for downloads. Users will gradually have their download speed increased according to this value. Set to 0 to disable bandwidth throttling. - 0 - input + + 0 - perhost_throttling Per-host throttling + perhost_throttling This value specifies the download throttling per host. Set to 0 to disable this. - 0 - input + + 0 - throttle_specific Throttle only specific extensions + throttle_specific Leave this checked to be able to choose the extensions that throttling will be applied to. Otherwise, all files will be throttled. - on checkbox throttle_binaries,throttle_cdimages,throttle_multimedia,throttle_others + on - throttle_binaries Throttle binary files + throttle_binaries Check this to apply bandwidth throttle to binary files. This includes compressed archives and executables. checkbox - throttle_cdimages Throttle CD images + throttle_cdimages Check this to apply bandwidth throttle to CD image files. checkbox - throttle_multimedia Throttle multimedia files + throttle_multimedia Check this to apply bandwidth throttle to multimedia files, such as movies or songs. checkbox - throttle_others Throttle other extensions + throttle_others Comma-separated list of extensions to apply bandwidth throttle to. input 60 diff --git a/packages/squid/squid_upstream.xml b/packages/squid/squid_upstream.xml index 6abac9cf..1102c672 100644 --- a/packages/squid/squid_upstream.xml +++ b/packages/squid/squid_upstream.xml @@ -1,4 +1,5 @@ + @@ -44,9 +45,10 @@ Describe your package here Describe your package requirements here Currently there are no FAQ items provided. - squid.inc squidupstream + none Proxy server: Upstream proxy settings + squid.inc General settings @@ -83,9 +85,9 @@ Enable forwarding proxy_forwarding This option enables the proxy server to forward requests to an upstream server. - checkbox proxy_addr,proxy_port,icp_port,username,password + Hostname @@ -97,17 +99,17 @@ TCP port proxy_port Enter the port to use to connect to the upstream proxy. - 3128 input 5 + 3128 ICP port icp_port Enter the port to connect to the upstream proxy for the ICP protocol. Use port number 7 to disable ICP communication between the proxies. - 7 input 5 + 7 Username diff --git a/packages/squid/squid_users.xml b/packages/squid/squid_users.xml index 0854007c..34260817 100644 --- a/packages/squid/squid_users.xml +++ b/packages/squid/squid_users.xml @@ -1,4 +1,5 @@ + @@ -44,9 +45,10 @@ Describe your package here Describe your package requirements here Currently there are no FAQ items provided. - squid.inc squidusers + none Proxy server: Local users + squid.inc A proxy server user has been deleted. A proxy server user has been created/modified. @@ -82,32 +84,32 @@ - username Username + username - description Description + description - username Username + username Enter the username here. - input + - password Password + password Enter the password here. - password + - description Description + description You may enter a description here for your reference (not parsed). input -- cgit v1.2.3