<?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>havp</name> <title>Antivirus: HTTP proxy (havp + clamav)</title> <category>Status</category> <version>0.88_03</version> <include_file>/usr/local/pkg/havp.inc</include_file> <menu> <name>Antivirus</name> <tooltiptext>Antivirus service</tooltiptext> <section>Services</section> <url>/antivirus.php</url> </menu> <service> <name>havp</name> <rcfile>havp.sh</rcfile> <executable>havp</executable> <description>Antivirus HTTP proxy Service</description> </service> <additional_files_needed> <item>http://www.pfsense.com/packages/config/havp/havp.inc</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <!--additional_files_needed> <item>http://www.pfsense.com/packages/config/havp/havp_fscan.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed--> <additional_files_needed> <item>http://www.pfsense.com/packages/config/havp/havp_avset.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>http://www.pfsense.com/packages/config/havp/antivirus.php</item> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> </additional_files_needed> <tabs> <tab> <text>General page</text> <url>/antivirus.php</url> </tab> <tab> <text>HTTP proxy</text> <url>/pkg_edit.php?xml=havp.xml&id=0</url> <active/> </tab> <!--tab> <text>Files Scanner</text> <url>/pkg_edit.php?xml=havp_fscan.xml&id=0</url> </tab--> <tab> <text>Settings</text> <url>/pkg_edit.php?xml=havp_avset.xml&id=0</url> </tab> </tabs> <fields> <field> <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> <description>Check this for enable proxy.</description> <type>checkbox</type> </field> <field> <fielddescr>Proxy mode</fielddescr> <fieldname>proxymode</fieldname> <description> Select interface mode: <br> <b> standard </b> - client(s) bind to the 'proxy port' on selected interface(s); <br> <b> parent for squid </b> - configure HAVP as parent for Squid proxy;<br> <b> transparent </b> - all HTTP requests on interface(s) will be directed to the HAVP proxy server without any client configuration necessary (works as parent for squid with transparent Squid proxy); <br> <b> internal </b> - HAVP will listen on the loopback (127.0.0.1) on configured 'proxy port.' Use you own traffic forwarding rules.<br> </description> <type>select</type> <default_value>standard</default_value> <options> <option><value>standard</value><name>Standard</name></option> <option><value>squid</value><name>Parent for Squid</name></option> <option><value>transparent</value><name>Transparent</name></option> <option><value>internal</value><name>Internal</name></option> </options> </field> <field> <fielddescr>Proxy interface(s)</fielddescr> <fieldname>proxyinterface</fieldname> <description>The interface(s) for client connections to the proxy. Use 'Ctrl' + L. Click for multiple selection.</description> <type>interfaces_selection</type> <required/> <multiple/> <default_value>lan</default_value> </field> <field> <fielddescr>Proxy port</fielddescr> <fieldname>proxyport</fieldname> <description> This is the port the proxy server will listen on (for example: 8080). This port must be different from Squid proxy. </description> <type>input</type> <size>10</size> <required/> <default_value>3125</default_value> </field> <field> <fielddescr>Parent proxy</fielddescr> <fieldname>parentproxy</fieldname> <description> Enter the parent (upstream) proxy settings as PROXY:PORT format or leave empty. </description> <type>input</type> <size>90</size> </field> <field> <fielddescr>Enable X-Forwarded-For</fielddescr> <fieldname>enablexforwardedfor</fieldname> <description> If client sent this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons. <br>Enable this if you use your own parent proxy after HAVP, so it will see the original client IP. <br>Disabling this also disables Via: header generation. </description> <type>checkbox</type> </field> <field> <fielddescr>Enable Forwarded IP</fielddescr> <fieldname>enableforwardedip</fieldname> <description> If HAVP is used as a parent proxy for some other proxy, this allows writing the real user's IP to log, instead of the proxy IP. </description> <type>checkbox</type> </field> <field> <fielddescr>Language</fielddescr> <fieldname>lang</fieldname> <description>Select the language in which the proxy server will display error messages to users.</description> <type>select</type> <value>en</value> <options> <option><value>br</value><name>Brazil</name></option> <option><value>de</value><name>Germany</name></option> <option><value>en</value><name>English</name></option> <option><value>es</value><name>Spain</name></option> <option><value>fr</value><name>French</name></option> <option><value>it</value><name>Italian</name></option> <option><value>nf</value><name>Norfolk Island</name></option> <option><value>pl</value><name>Poland</name></option> <option><value>ru</value><name>Russian</name></option> </options> </field> <field> <fielddescr>Max download size, Bytes</fielddescr> <fieldname>maxdownloadsize</fieldname> <description>Enter value (in Bytes) or leave empty. Downloads larger than 'Max download size' will be blocked if not whitelisted.</description> <type>input</type> <size>10</size> <default_value></default_value> </field> <field> <fielddescr>HTTP Range requests</fielddescr> <fieldname>range</fieldname> <description> Set this for allow HTTP Range requests, and broken downloads can be resumed. Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned. Whitelisted sites are allowed to use Range in any case. </description> <type>checkbox</type> </field> <field> <fielddescr>Whitelist</fielddescr> <fieldname>whitelist</fieldname> <description> Enter each destination URL on a new line that will be accessable to the users without scanning. Use '*' symbol for mask. Example: *.github.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc </description> <type>textarea</type> <cols>60</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> <fielddescr>Blacklist</fielddescr> <fieldname>blacklist</fieldname> <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy.</description> <type>textarea</type> <cols>60</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> <fielddescr>Block file if error scanning</fielddescr> <fieldname>failscanerror</fieldname> <description>If set, the proxy will block the files on which an error scanning.</description> <type>checkbox</type> </field> <field> <fielddescr>Enable RAM Disk</fielddescr> <fieldname>enableramdisk</fieldname> <description> This option allow use RAM disk for HAVP temp files for more quick traffic scan. RAM disk size depends on 'ScanMax' file size and available memory. This option can be ignored on systems with low memory. ( RAM disk size calculated as [1/4 available system memory] > [Scan max file size] * 100 ) </description> <type>checkbox</type> </field> <field> <fielddescr>Scan max file size</fielddescr> <fieldname>scanmaxsize</fieldname> <description> Select this value for limit maximum file size or leave '---(5M)'. Files larger than this limit won't be scanned. Small values increace scan speed and maximum new connections per second and allow RAM disk use. <br> NOTE: Setting limit is a security risk, because some archives like ZIP need all the data to be scanned properly! Use this only if you can't afford temporary space for big files. </description> <type>select</type> <value>0</value> <options> <option><value> 5000</value><name>--- (5M)</name></option> <option><value> 1</value><name> 1 K</name></option> <option><value> 2</value><name> 2 K</name></option> <option><value> 3</value><name> 3 K</name></option> <option><value> 5</value><name> 5 K</name></option> <option><value> 7</value><name> 7 K</name></option> <option><value> 10</value><name> 10 K</name></option> <option><value> 20</value><name> 20 K</name></option> <option><value> 30</value><name> 30 K</name></option> <option><value> 50</value><name> 50 K</name></option> <option><value> 70</value><name> 70 K</name></option> <option><value> 100</value><name> 100 K</name></option> <option><value> 200</value><name> 200 K</name></option> <option><value> 300</value><name> 300 K</name></option> <option><value> 500</value><name> 500 K</name></option> <option><value> 700</value><name> 700 K</name></option> <option><value> 1000</value><name> 1000 K</name></option> <option><value> 1500</value><name> 1500 K</name></option> <option><value> 2000</value><name> 2000 K</name></option> <option><value> 2500</value><name> 2500 K</name></option> <option><value> 3000</value><name> 3000 K</name></option> <option><value> 3500</value><name> 3500 K</name></option> <option><value> 4000</value><name> 4000 K</name></option> <option><value> 4500</value><name> 4500 K</name></option> <option><value> 5000</value><name> 5000 K</name></option> <option><value> 5500</value><name> 5500 K</name></option> <option><value> 6000</value><name> 6000 K</name></option> <option><value> 7000</value><name> 7000 K</name></option> <option><value> 8000</value><name> 8000 K</name></option> <option><value> 9000</value><name> 9000 K</name></option> <option><value>10000</value><name>10 000 K</name></option> </options> </field> <field> <fielddescr>Scan images</fielddescr> <fieldname>scanimg</fieldname> <description> Check this for scan image files. This option allows you to increase reliability, but also slows down the scanning process. </description> <type>checkbox</type> </field> <field> <fielddescr>Scan media stream</fielddescr> <fieldname>scanstream</fieldname> <description>Check this for scan media (audio/video) stream. Use this for additional scan exploits for players.</description> <type>checkbox</type> </field> <field> <fielddescr>Scan Broken Executables</fielddescr> <fieldname>scanbrokenexe</fieldname> <description>Check this to enable the Heuristic Broken Executable scan.</description> <type>checkbox</type> <default_value>on</default_value> </field> <field> <fielddescr>Log</fielddescr> <fieldname>log</fieldname> <description>Check this for enable log.</description> <type>checkbox</type> <enablefields>syslog</enablefields> </field> <field> <fielddescr>Syslog</fielddescr> <fieldname>syslog</fieldname> <description>Check this for enable Syslog.</description> <type>checkbox</type> </field> </fields> <custom_php_command_before_form> havp_before_form(&$pkg); </custom_php_command_before_form> <custom_php_validation_command> havp_validate_settings($_POST, &$input_errors); </custom_php_validation_command> <custom_php_resync_config_command> havp_resync(); </custom_php_resync_config_command> <custom_php_install_command> havp_install(); </custom_php_install_command> <custom_php_deinstall_command> havp_deinstall(); </custom_php_deinstall_command> </packagegui>