<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
        <copyright>
        <![CDATA[
/* $Id$ */
/* ========================================================================== */
/*
    authng.xml
    part of pfSense (http://www.pfSense.com)
    Copyright (C) 2007 to whom it may belong
    All rights reserved.

    Based on m0n0wall (http://m0n0.ch/wall)
    Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
    All rights reserved.
                                                                              */
/* ========================================================================== */
/*
    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

     1. Redistributions of source code must retain the above copyright notice,
        this list of conditions and the following disclaimer.

     2. Redistributions in binary form must reproduce the above copyright
        notice, this list of conditions and the following disclaimer in the
        documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
                                                                              */
/* ========================================================================== */
        ]]>
        </copyright>
    <description>Describe your package here</description>
    <requirements>Describe your package requirements here</requirements>
    <faq>Currently there are no FAQ items provided.</faq>
	<name>squidreverse</name>
	<version>none</version>
	<title>Proxy server: Reverse Proxy</title>
	<include_file>/usr/local/pkg/squid.inc</include_file>
	<tabs>
<tab>
			<text>General</text>
			<url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
		</tab>
		<tab>
			<text>Upstream</text>
			<url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
		</tab>
		<tab>
			<text>Cache</text>
			<url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
		</tab>
		<tab>
			<text>ACLs</text>
			<url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
		</tab>
		<tab>
			<text>Traffic Mgmt</text>
			<url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
		</tab>
		<tab>
			<text>Reverse</text>
			<url>/pkg_edit.php?xml=squid_reverse.xml&amp;id=0</url>
			<active/>
		</tab>
		<tab>
			<text>Authentication</text>
			<url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
		</tab>
		<tab>
			<text>Users</text>
			<url>/pkg.php?xml=squid_users.xml</url>
		</tab>
		<tab>
			<text>Real time</text>
			<url>/squid_monitor.php</url>
		</tab>
		<tab>
			<text>Sync</text>
			<url>/pkg_edit.php?xml=squid_sync.xml</url>
		</tab>
	</tabs>
	<fields>
		<field>
			<name>Squid Reverse proxy General Settings</name>
			<type>listtopic</type>
		</field>
		<field>
			<fielddescr>Reverse Proxy interface</fielddescr>
			<fieldname>reverse_interface</fieldname>
			<description>The interface(s) the reverse-proxy server will bind to.</description>
			<type>interfaces_selection</type>
			<required/>
			<default_value>wan</default_value>
			<multiple/>
		</field>
		<field>
			<fielddescr>User-defined reverse-proxy IPs</fielddescr>
			<fieldname>reverse_ip</fieldname>
			<description>Squid will additionally bind to this user-defined IPs for reverse-proxy operation. Useful for virtual IPs such as CARP. Separate by semi-colons (;).</description>
			<type>input</type>
			<size>70</size>
		</field>			
		<field>
			<fielddescr>external FQDN</fielddescr>
			<fieldname>reverse_external_fqdn</fieldname>
			<description>The external full-qualified-domain-name of the WAN address.</description>
			<type>input</type>
			<required/>
			<size>70</size>
		</field>
		<field>
			<fielddescr>Reset TCP connections if request is unauthorized</fielddescr>
			<fieldname>deny_info_tcp_reset</fieldname>
			<description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description>
			<type>checkbox</type>
			<default_value>on</default_value>
		</field>
		<field>
			<name>Squid Reverse HTTP Settings</name>
			<type>listtopic</type>
		</field>
		<field>
			<fielddescr>Enable HTTP reverse mode</fielddescr>
			<fieldname>reverse_http</fieldname>
			<description>If this field is checked, the proxy-server will act in HTTP reverse mode. &lt;br&gt;(You have to add a rule with destination "WAN-address")</description>
			<type>checkbox</type>
			<enablefields>reverse_http_port,reverse_http_defsite</enablefields>			
			<required/>
			<default_value>off</default_value>
		</field>
		<field>
			<fielddescr>reverse HTTP port</fielddescr>
			<fieldname>reverse_http_port</fieldname>
			<description>This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80)</description>
			<type>input</type>
			<size>5</size>
			<default_value>80</default_value>
		</field>
		<field>
			<fielddescr>reverse HTTP default site</fielddescr>
			<fieldname>reverse_http_defsite</fieldname>
			<description>This is the HTTP reverse default site. (leave empty to use the external fqdn)</description>
			<type>input</type>
			<size>60</size>
		</field>
		<field>
			<name>Squid Reverse HTTPS Settings</name>
			<type>listtopic</type>
		</field>
		<field>
			<fielddescr>Enable HTTPS reverse proxy</fielddescr>
			<fieldname>reverse_https</fieldname>
			<description>If this field is checked, the proxy-server will act in HTTPS reverse mode. &lt;br&gt;(You have to add a rule with destination "WAN-address")</description>
			<type>checkbox</type>
			<enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields>
			<required/>
			<default_value>off</default_value>
		</field> 
		<field>
			<fielddescr>reverse HTTPS port</fielddescr>
			<fieldname>reverse_https_port</fieldname>
			<description>This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443)</description>
			<type>input</type>
			<size>5</size>
			<default_value>443</default_value>
		</field>
		<field>
			<fielddescr>reverse HTTPS default site</fielddescr>
			<fieldname>reverse_https_defsite</fieldname>
			<description>This is the HTTPS reverse default site. (leave empty to use the external fqdn)</description>
			<type>input</type>
			<size>60</size>
		</field>
		<field>
			<fielddescr>reverse SSL certificate</fielddescr>
			<fieldname>reverse_ssl_cert</fieldname>
			<description>Choose the SSL Server Certificate here.</description>
	    	<type>select_source</type>
			<source><![CDATA[$config['cert']]]></source>
			<source_name>descr</source_name>
			<source_value>refid</source_value>
		</field>
		<field>
			<fielddescr>intermediate CA certificate (if needed)</fielddescr>
			<fieldname>reverse_int_ca</fieldname>
			<description>Paste a signed certificate in X.509 PEM format here.</description>
			<type>textarea</type>
			<cols>50</cols>
			<rows>5</rows>
			<encoding>base64</encoding>
		</field>
		<field>
			<fielddescr>Ignore internal Certificate validation</fielddescr>
			<fieldname>reverse_ignore_ssl_valid</fieldname>
			<description>If this field is checked, internal certificate validation will be ignored.</description>
			<type>checkbox</type>  
			<default_value>on</default_value>
		</field>
		<field>
			<fielddescr>Enable OWA reverse proxy</fielddescr>
			<fieldname>reverse_owa</fieldname>
			<description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description>
			<type>checkbox</type>
			<enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields>		
		</field>
		<field>
			<fielddescr>CAS-Array / OWA frontend IP address</fielddescr>
			<fieldname>reverse_owa_ip</fieldname>
			<description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description>
			<type>input</type>
			<size>70</size>
		</field>		
		<field>
			<fielddescr>Enable ActiveSync</fielddescr>
			<fieldname>reverse_owa_activesync</fieldname>
			<description>If this field is checked, ActiveSync will be enabled.</description>
			<type>checkbox</type>
		</field>
		<field>
			<fielddescr>Enable Outlook Anywhere</fielddescr>
			<fieldname>reverse_owa_rpchttp</fieldname>
			<description>If this field is checked, RPC over HTTP will be enabled.</description>
			<type>checkbox</type>
		</field>
		<field>
			<fielddescr>Enable MAPI HTTP</fielddescr>
			<fieldname>reverse_owa_mapihttp</fieldname>
			<description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br>
								<strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description>
			<type>checkbox</type>
		</field>
		<field>
			<fielddescr>Enable Exchange WebServices</fielddescr>
			<fieldname>reverse_owa_webservice</fieldname>
			<description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br>
								<strong>There are potential DoS side effects to its use, please avoid unless you must.</strong>]]></description>
			<type>checkbox</type>
		</field>
		<field>
			<fielddescr>Enable AutoDiscover</fielddescr>
			<fieldname>reverse_owa_autodiscover</fieldname>
			<description><![CDATA[If this field is checked, AutoDiscover will be enabled.<br>
								<strong>You also should set up the autodiscover DNS-record to point to you WAN-IP.</strong>]]></description>
			<type>checkbox</type>
		</field>
		<field>
			<name>Squid Reverse Mappings</name>
			<type>listtopic</type>
		</field>
		<field>
			<fielddescr>&lt;b&gt;peer definitions&lt;/b&gt; &lt;br&gt;publishing hosts</fielddescr>
			<fieldname>reverse_cache_peer</fieldname>
			<description><![CDATA[Enter each peer definition on a new line. Directives have to be separated by a semicolon(;).<BR>
								syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS]<br>
								example: HOST1;192.168.0.1;80;HTTP<br>
								<strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description>
			<type>textarea</type>
			<cols>60</cols>
			<rows>10</rows>
			<encoding>base64</encoding>
		</field>
		<field>
			<fielddescr>&lt;b&gt;URI definitions&lt;/b&gt; &lt;br&gt;published URIs</fielddescr>
			<fieldname>reverse_uri</fieldname>
      <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;)<BR>
      					syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn]) <BR>
      					(a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://)<BR>
      					example: URI1;public;server.pfsense.org.<BR>
      					<STRONG>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</STRONG>]]></description>
			<type>textarea</type>
			<cols>60</cols>
			<rows>10</rows>
			<encoding>base64</encoding>
		</field>		
		<field>
			<fielddescr>&lt;b&gt;ACL definitions&lt;/b&gt; &lt;br&gt;published URIs</fielddescr>
			<fieldname>reverse_acl</fieldname>
      <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;). <br>
      						syntax: [peer alias];[uri group alias] <br>example: HOST1;URI1 <br>
      						<strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description>
			<type>textarea</type>
			<cols>60</cols>
			<rows>10</rows>
			<encoding>base64</encoding>
		</field>	

<!--
		<field>
			<fielddescr>internal hosts</fielddescr>
			<type>rowhelper</type>
			<rowhelper>
				<rowhelperfield>
					<fielddescr>IP address</fielddescr>
					<fieldname>reverse_cache_peer_ip</fieldname>
					<type>input</type>
					<size>15</size>
				</rowhelperfield>
				<rowhelperfield>
					<fielddescr>Protocol</fielddescr>
					<fieldname>reverse_cache_peer_proto</fieldname>
					<type>select</type>
            <options>
              <option> <name>HTTP</name> <value>HTTP</value> </option>
              <option> <name>HTTPS</name> <value>HTTPS</value> </option>
            </options>
				</rowhelperfield>
				<rowhelperfield>
					<fielddescr>port</fielddescr>
					<fieldname>reverse_cache_peer_port</fieldname>
					<type>input</type>
					<size>5</size>
				</rowhelperfield>
				<rowhelperfield>
					<fielddescr>peer name</fielddescr>
					<fieldname>reverse_cache_peer_name</fieldname>
					<type>input</type>
					<size>25</size>
				</rowhelperfield>
			</rowhelper>
		</field>

		<field>
			<fielddescr>published URI</fielddescr>
			<type>rowhelper</type>
			<rowhelper>
				<rowhelperfield>
					<fielddescr>URI</fielddescr>
					<fieldname>reverse_cache_peer_uri</fieldname>
					<type>input</type>
					<size>50</size>
				</rowhelperfield>
				<rowhelperfield>
					<fielddescr>peer name</fielddescr>
					<fieldname>reverse_cache_peer</fieldname>
					<type>input</type>
					<size>25</size>
				</rowhelperfield>
			</rowhelper>
		</field>
-->

	</fields>
	<custom_php_command_before_form>
		squid_before_form_general($pkg);
	</custom_php_command_before_form>
	<custom_php_validation_command>
		squid_validate_reverse($_POST, $input_errors);
	</custom_php_validation_command>
	<custom_php_resync_config_command>
		squid_resync();
	</custom_php_resync_config_command>
</packagegui>