webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 19:23:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

squid: Implement intercept mode.

Browse Source
This commit is contained in:
Michael Tremer
2013-10-14 13:54:24 +02:00
parent 6e77821da8
commit 0f6b606785
11 changed files with 56 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/language_issues.es
View File

@@ -506,6 +506,8 @@ WARNING: untranslated string: Set time on boot
WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg cache
WARNING: untranslated string: advproxy errmsg invalid upstream proxy WARNING: untranslated string: advproxy errmsg invalid upstream proxy
WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: age second WARNING: untranslated string: age second
WARNING: untranslated string: age seconds WARNING: untranslated string: age seconds
WARNING: untranslated string: age shour WARNING: untranslated string: age shour

2
doc/language_issues.fr
View File

@@ -505,6 +505,8 @@ WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg cache
WARNING: untranslated string: advproxy errmsg invalid upstream proxy WARNING: untranslated string: advproxy errmsg invalid upstream proxy
WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: age second WARNING: untranslated string: age second
WARNING: untranslated string: age seconds WARNING: untranslated string: age seconds
WARNING: untranslated string: age shour WARNING: untranslated string: age shour

2
doc/language_issues.nl
View File

@@ -506,6 +506,8 @@ WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: age second WARNING: untranslated string: age second
WARNING: untranslated string: age seconds WARNING: untranslated string: age seconds
WARNING: untranslated string: age shour WARNING: untranslated string: age shour

2
doc/language_issues.pl
View File

@@ -506,6 +506,8 @@ WARNING: untranslated string: Set time on boot
WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg cache
WARNING: untranslated string: advproxy errmsg invalid upstream proxy WARNING: untranslated string: advproxy errmsg invalid upstream proxy
WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: age second WARNING: untranslated string: age second
WARNING: untranslated string: age seconds WARNING: untranslated string: age seconds
WARNING: untranslated string: age shour WARNING: untranslated string: age shour

2
doc/language_issues.ru
View File

@@ -497,6 +497,8 @@ WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg cache
WARNING: untranslated string: advproxy errmsg invalid upstream proxy WARNING: untranslated string: advproxy errmsg invalid upstream proxy
WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: age second WARNING: untranslated string: age second
WARNING: untranslated string: age seconds WARNING: untranslated string: age seconds
WARNING: untranslated string: age shour WARNING: untranslated string: age shour

2
doc/language_issues.tr
View File

@@ -509,6 +509,8 @@ WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: bytes WARNING: untranslated string: bytes
WARNING: untranslated string: dnsforward WARNING: untranslated string: dnsforward
WARNING: untranslated string: dnsforward add a new entry WARNING: untranslated string: dnsforward add a new entry

8
doc/language_missings
View File

@@ -14,6 +14,8 @@
< advproxy cache-digest < advproxy cache-digest
< advproxy errmsg cache < advproxy errmsg cache
< advproxy errmsg invalid upstream proxy < advproxy errmsg invalid upstream proxy
< advproxy errmsg proxy ports equal
< advproxy proxy port transparent
< age second < age second
< age seconds < age seconds
< age shour < age shour
@@ -241,6 +243,8 @@
< advproxy cache-digest < advproxy cache-digest
< advproxy errmsg cache < advproxy errmsg cache
< advproxy errmsg invalid upstream proxy < advproxy errmsg invalid upstream proxy
< advproxy errmsg proxy ports equal
< advproxy proxy port transparent
< age second < age second
< age seconds < age seconds
< age shour < age shour
@@ -461,6 +465,8 @@
< advproxy cache-digest < advproxy cache-digest
< advproxy errmsg cache < advproxy errmsg cache
< advproxy errmsg invalid upstream proxy < advproxy errmsg invalid upstream proxy
< advproxy errmsg proxy ports equal
< advproxy proxy port transparent
< age second < age second
< age seconds < age seconds
< age shour < age shour
@@ -657,6 +663,8 @@
< advproxy cache-digest < advproxy cache-digest
< advproxy errmsg cache < advproxy errmsg cache
< advproxy errmsg invalid upstream proxy < advproxy errmsg invalid upstream proxy
< advproxy errmsg proxy ports equal
< advproxy proxy port transparent
< age second < age second
< age seconds < age seconds
< age shour < age shour

37
html/cgi-bin/proxy.cgi
View File

@@ -195,6 +195,7 @@ $proxysettings{'ENABLE_BLUE'} = 'off';
$proxysettings{'TRANSPARENT'} = 'off'; $proxysettings{'TRANSPARENT'} = 'off';
$proxysettings{'TRANSPARENT_BLUE'} = 'off'; $proxysettings{'TRANSPARENT_BLUE'} = 'off';
$proxysettings{'PROXY_PORT'} = '800'; $proxysettings{'PROXY_PORT'} = '800';
$proxysettings{'TRANSPARENT_PORT'} = '3128';
$proxysettings{'VISIBLE_HOSTNAME'} = ''; $proxysettings{'VISIBLE_HOSTNAME'} = '';
$proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
$proxysettings{'ADMIN_PASSWORD'} = ''; $proxysettings{'ADMIN_PASSWORD'} = '';
@@ -359,6 +360,15 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
goto ERROR; goto ERROR;
} }
if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
{
$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
goto ERROR;
}
if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
$errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
goto ERROR;
}
if (!($proxysettings{'UPSTREAM_PROXY'} eq '')) if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
{ {
my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'}); my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
@@ -956,8 +966,8 @@ print <<END
<tr> <tr>
<td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td> <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
<td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td> <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
<td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td> <td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:</td>
<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td> <td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
</tr> </tr>
<tr> <tr>
END END
@@ -969,7 +979,8 @@ if ($netsettings{'BLUE_DEV'}) {
print "<td colspan='2'>&nbsp;</td>"; print "<td colspan='2'>&nbsp;</td>";
} }
print <<END print <<END
<td colspan='2'>&nbsp;</td> <td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
</tr> </tr>
<tr> <tr>
END END
@@ -3078,17 +3089,27 @@ END
} }
print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}"; print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" }
if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
print FILE "\n"; print FILE "\n";
if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') { if ($proxysettings{'TRANSPARENT'} eq 'on') {
print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}"; print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { print FILE " transparent" }
if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
print FILE "\n"; print FILE "\n";
} }
if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
print FILE "\n";
if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
print FILE "\n";
}
}
if ($proxysettings{'CACHE_SIZE'} > 0) if ($proxysettings{'CACHE_SIZE'} > 0)
{ {
print FILE "\n"; print FILE "\n";
@@ -3457,7 +3478,7 @@ END
# Check if squidclamav is enabled. # Check if squidclamav is enabled.
if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') { if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
print FILE "\n#Settings for squidclamav:\n"; print FILE "\n#Settings for squidclamav:\n";
print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n"; print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
print FILE "acl purge method PURGE\n"; print FILE "acl purge method PURGE\n";
print FILE "http_access deny to_localhost\n"; print FILE "http_access deny to_localhost\n";
print FILE "http_access allow localhost\n"; print FILE "http_access allow localhost\n";

2
langs/de/cgi-bin/de.pl
View File

@@ -244,6 +244,7 @@
'advproxy errmsg password length 1' => 'Passwort muss mindestens', 'advproxy errmsg password length 1' => 'Passwort muss mindestens',
'advproxy errmsg password length 2' => ' Zeichen enthalten', 'advproxy errmsg password length 2' => ' Zeichen enthalten',
'advproxy errmsg passwords different' => 'Passwörter stimmen nicht überein', 'advproxy errmsg passwords different' => 'Passwörter stimmen nicht überein',
'advproxy errmsg proxy ports equal' => 'Der Proxy-Port darf nicht identisch mit dem transparenten Port sein.',
'advproxy errmsg radius port' => 'Ungültige RADIUS Portnummer', 'advproxy errmsg radius port' => 'Ungültige RADIUS Portnummer',
'advproxy errmsg radius secret' => 'Shared Secret erforderlich', 'advproxy errmsg radius secret' => 'Shared Secret erforderlich',
'advproxy errmsg radius server' => 'Ungültige IP-Adresse für den RADIUS-Server', 'advproxy errmsg radius server' => 'Ungültige IP-Adresse für den RADIUS-Server',
@@ -281,6 +282,7 @@
'advproxy on' => 'Proxy an', 'advproxy on' => 'Proxy an',
'advproxy privacy' => 'Datenschutz', 'advproxy privacy' => 'Datenschutz',
'advproxy proxy port' => 'Proxy-Port', 'advproxy proxy port' => 'Proxy-Port',
'advproxy proxy port transparent' => 'Transparenter Port',
'advproxy ram cache size' => 'Cachegröße im Arbeitsspeicher (MB)', 'advproxy ram cache size' => 'Cachegröße im Arbeitsspeicher (MB)',
'advproxy redirector children' => 'Anzahl der Filterprozesse', 'advproxy redirector children' => 'Anzahl der Filterprozesse',
'advproxy reset' => 'Zurücksetzen', 'advproxy reset' => 'Zurücksetzen',

2
langs/en/cgi-bin/en.pl
View File

@@ -244,6 +244,7 @@
'advproxy errmsg password length 1' => 'Password must have at least ', 'advproxy errmsg password length 1' => 'Password must have at least ',
'advproxy errmsg password length 2' => ' characters', 'advproxy errmsg password length 2' => ' characters',
'advproxy errmsg passwords different' => 'Passwords don\'t match', 'advproxy errmsg passwords different' => 'Passwords don\'t match',
'advproxy errmsg proxy ports equal' => 'The proxy port and the transparent port cannot be equal.',
'advproxy errmsg radius port' => 'Invalid RADIUS port number', 'advproxy errmsg radius port' => 'Invalid RADIUS port number',
'advproxy errmsg radius secret' => 'RADIUS shared secret required', 'advproxy errmsg radius secret' => 'RADIUS shared secret required',
'advproxy errmsg radius server' => 'Invalid IP address for RADIUS Server', 'advproxy errmsg radius server' => 'Invalid IP address for RADIUS Server',
@@ -281,6 +282,7 @@
'advproxy on' => 'Proxy on', 'advproxy on' => 'Proxy on',
'advproxy privacy' => 'Privacy', 'advproxy privacy' => 'Privacy',
'advproxy proxy port' => 'Proxy port', 'advproxy proxy port' => 'Proxy port',
'advproxy proxy port transparent' => 'Transparent port',
'advproxy ram cache size' => 'Memory cache size (MB)', 'advproxy ram cache size' => 'Memory cache size (MB)',
'advproxy redirector children' => 'Number of filter processes', 'advproxy redirector children' => 'Number of filter processes',
'advproxy reset' => 'Reset', 'advproxy reset' => 'Reset',

6
src/initscripts/init.d/squid
View File

@@ -15,8 +15,8 @@ transparent() {
eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings) eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
# If the proxy port is not set we set the default to 800. # If the proxy port is not set we set the default to 800.
if [ -z $PROXY_PORT ]; then if [ -z "${TRANSPARENT_PORT}" ]; then
PROXY_PORT=800 TRANSPARENT_PORT=800
fi fi
LOCALIP=`cat /var/ipfire/red/local-ipaddress | tr -d \n` LOCALIP=`cat /var/ipfire/red/local-ipaddress | tr -d \n`
@@ -43,7 +43,7 @@ transparent() {
iptables -t nat -A SQUID -i $1 -p tcp -d $LOCALIP --dport 80 -j RETURN iptables -t nat -A SQUID -i $1 -p tcp -d $LOCALIP --dport 80 -j RETURN
iptables -t nat -A SQUID -i $1 -p tcp --dport 80 -j REDIRECT --to-port $PROXY_PORT iptables -t nat -A SQUID -i $1 -p tcp --dport 80 -j REDIRECT --to-port "${TRANSPARENT_PORT}"
} }
case "$1" in case "$1" in