.
All rights reserved.
*/
/* ========================================================================== */
/*
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code MUST retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
/* ========================================================================== */
]]>
Describe your package hereDescribe your package requirements hereCurrently there are no FAQ items provided.squid3.4.10_2 pkg 0.2.4Proxy server: General settings/usr/local/pkg/squid.incsquidsquid.shsquidProxy server Serviceclamdclamav-clamdclamdClamav Antivirusc-icapc-icapc-icapIcap inteface for squid and clamav integrationGeneral/pkg_edit.php?xml=squid.xml&id=0Remote Cache/pkg.php?xml=squid_upstream.xmlLocal Cache/pkg_edit.php?xml=squid_cache.xml&id=0Antivirus/pkg_edit.php?xml=squid_antivirus.xml&id=0ACLs/pkg_edit.php?xml=squid_nac.xml&id=0Traffic Mgmt/pkg_edit.php?xml=squid_traffic.xml&id=0Authentication/pkg_edit.php?xml=squid_auth.xml&id=0Users/pkg.php?xml=squid_users.xmlReal time/squid_monitor.phpSync/pkg_edit.php?xml=squid_sync.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid.inc/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_general.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_peer.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_uri.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_sync.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_sync.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_cache.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_nac.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_ng.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_ng.inc/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_traffic.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_upstream.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.inc/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_auth.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_users.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/sqpmon.sh/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/swapstate_check.php/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_redir.xml/usr/local/www/0755https://packages.pfsense.org/packages/config/squid3/34/squid_monitor.php/usr/local/www/0755https://packages.pfsense.org/packages/config/squid3/34/squid_monitor_data.php/usr/local/www/0755https://packages.pfsense.org/packages/config/squid3/34/squid_log_parser.php/usr/local/www/0755https://packages.pfsense.org/packages/config/squid3/34/squid_clwarn.php/usr/local/www/shortcuts/0755https://packages.pfsense.org/packages/config/squid3/34/pkg_squid.inc/usr/local/pkg/0755https://packages.pfsense.org/packages/config/squid3/34/check_ip.phpSquid General SettingslisttopicProxy interface(s)active_interfaceThe interface(s) the proxy server will bind to.interfaces_selectionlanProxy portproxy_portThis is the port the proxy server will listen on.input53128ICP porticp_portThis is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. Leave this blank if you don't want the proxy server to communicate with neighbor caches through ICP.input5Allow users on interfaceallow_interfaceIf this field is checked, the users connected to the interface selected in the 'Proxy interface' field will be allowed to use the proxy, i.e., there will be no need to add the interface's subnet to the list of allowed subnets. This is just a shortcut.checkboxonPatch captive portalpatch_cpNOTE: You may need to reapply captive portal config after changing this option.]]>checkboxResolv dns v4 firstdns_v4_firstcheckboxDisable ICMPdisable_pingercheckboxUse alternate DNS-servers for the proxy-serverdns_nameserversIf you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;).input70Transparent Proxy SettingslisttopicTransparent HTTP proxytransparent_proxyNOTE: Transparent mode will filter ssl(port 443) if enable men-in-the-middle options below.
To filter both http and https protocol without intercepting ssl connections, enable WPAD/PAC options on your dns/dhcp.]]>checkboxtransparent_active_interface,private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_destTransparent Proxy interface(s)transparent_active_interfaceThe interface(s) the proxy server will transparent intercept requests.interfaces_selectionlanBypass proxy for Private Address destinationprivate_subnet_proxy_offDo not forward traffic to Private Address Space (RFC 1918) <b>destination</b> through the proxy server but directly through the firewall.checkboxBypass proxy for these source IPsdefined_ip_proxy_offDo not forward traffic from these <b>source</b> IPs, CIDR nets, hostnames, or aliases through the proxy server but directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]input70Bypass proxy for these destination IPsdefined_ip_proxy_off_destDo not proxy traffic going to these <b>destination</b> IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]input70SSL man in the middle FilteringlisttopicHTTPS/SSL interceptionssl_proxycheckboxssl_active_interface,dcert,sslcrtd_children,ssl_proxy_port,interception_checksSSL Intercept interface(s)ssl_active_interfaceThe interface(s) the proxy server will intercept ssl requests.interfaces_selectionlanSSL Proxy portssl_proxy_portThis is the port the proxy server will listen on to intercept ssl while using transparent proxy.input53129CAdca
To create a CA on pfsense, go to system -> Cert Manager
Install the CA crt as an trusted ca on each computer you want to filter ssl to avoid ssl error on each connection.]]>select_sourcedescrrefidsslcrtd childrensslcrtd_children
if Squid is used in busy environments this may need to be increased, as well as the number of 'sslcrtd_children']]>input25Remote Cert checksinterception_checksDefaul is to do not select any of these options.]]>select3Certificate adaptinterception_adaptHint: Set subject CN wiki doc with reference]]>select3Logging SettingslisttopicEnabled logginglog_enabledThis will enable the access log. Don't switch this on if you don't have much disk space left.checkboxlog_query_terms,log_user_agentsLog store directorylog_dirThe directory where the log will be stored (note: do not end with a / mark)input60/var/squid/logsLog rotatelog_rotateDefines how many days of logfiles will be kept. Rotation is disabled if left empty.input5Visible hostnamevisible_hostnameThis is the URL to be displayed in proxy server error messages.input60localhostAdministrator emailadmin_emailThis is the email address displayed in error messages to the users.input60admin@localhostLanguageerror_languageSelect the language in which the proxy server will display error messages to users.selectenX-Forward Modexforward_mode<p><b> on:</b> Squid will append your client's IP address in the HTTP requests it forwards. (Default)<p> By default it looks like: X-Forwarded-For: 192.1.2.3 <p> <b> off:</b> It will appear as: X-Forwarded-For: unknown<p> <b> transparent:</b> Squid will not alter the X-Forwarded-For header in any way.<p> <b> delete:</b> Squid will delete the entire X-Forwarded-For header.<p> <b> truncate:</b> Squid will remove all existing X-Forwarded-For entries, and place the client IP as the sole entry.selectonDisable VIAdisable_viaIf not set, Squid will include a Via header in requests and replies as required by RFC2616.checkboxLog denied pages by squidguardlog_sqdNote: This option only will work if you include this code on your sgerror.php file to force client browser send a second request to squid with denied string on url.
removing extra space on iframe html code.]]>checkboxWhat to do with requests that have whitespace characters in the URIuri_whitespace<b> strip:</b> The whitespace characters are stripped out of the URL. This is the behavior recommended by RFC2396. <p> <b> deny:</b> The request is denied. The user receives an "Invalid Request" message.<p> <b> allow:</b> The request is allowed and the URI is not changed. The whitespace characters remain in the URI.<p> <b> encode:</b> The request is allowed and the whitespace characters are encoded according to RFC1738.<p> <b> chop:</b> The request is allowed and the URI is chopped at the first whitespace.selectstripSuppress Squid Versiondisable_squidversionIf set, suppress Squid version string info in HTTP headers and HTML error pages.checkboxCustom SettingslisttopicIntegrationscustom_optionstextarea785Custom ACLS (Before_Auth)custom_options_squid3They need to be squid.conf native options, otherwise squid will NOT work.]]>textareabase647810Custom ACLS (After_Auth)custom_options2_squid3They need to be squid.conf native options, otherwise squid will NOT work.]]>textareabase647810
squid_before_form_general($pkg);
squid_resync();
squid_validate_general($_POST, $input_errors);
squid_resync();
unlink_if_exists("/usr/local/etc/rc.d/squid");
update_status("Checking Squid cache... One moment please...");
update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process.");
squid_install_command();
squid_resync();
exec("/bin/rm -f /usr/local/etc/rc.d/squid");
squid_deinstall_command();
exec("/bin/rm -f /usr/local/etc/rc.d/squid*");
squid_generate_rules