Hinzugefügt:

* AdvancedProxy Fähigkeiten
Geändert:
  * Kleiner Fehler im OpenVPN GUI verblieben und daher behoben.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@153 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/cfgroot/useragents

@@ -0,0 +1,20 @@
+APTGET,apt-get,(APT\-HTTP)
+AOL,AOL,(AOL)
+AVANT,AvantBrowser,(avantbrowser)
+FIREFOX,Firefox,(Firefox)
+FRONTPAGE,FrontPage,(FrontPage)
+GEARTH,Google Earth,(kh_lt\/LT)
+GECKO,Gecko compatible,(Gecko)
+GETRIGHT,GetRight,(GetRight)
+GOZILLA,Go!Zilla,(Go!Zilla)
+GOOGLE,Google Toolbar,(Google\sToolbar)
+JAVA,Java,(Java)
+KONQUEROR,Konqueror,(Konqueror)
+LYNX,Lynx,(Lynx)
+MSIE,Internet Explorer,(MSIE.*[)]$)
+NETSCAPE,Netscape,(^Mozilla\/4.[7|8])|(Netscape)
+OPERA,Opera,(Opera)
+WGA,WGA,(LegitCheck)
+WGET,Wget,(Wget)
+WINUPD,Windows Update,(Industry\sUpdate\sControl)|(Windows\sUpdate)|(Service\sPack\sSetup)|(Progressive\sDownload)|(Windows\-Update\-Agent)|(Microsoft\sBITS)
+WMP,Media Player,(Windows\-Media\-Player)|(NSPlayer)

config/httpd/httpd.conf

@@ -55,10 +55,14 @@ ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
     AuthType Basic
     AuthUserFile /var/ipfire/auth/users
     Require user admin
-#    <Files index.cgi>
-#        Satisfy Any
-#        Allow from All
-#    </Files>
+    <Files chpasswd.cgi>
+        Satisfy Any
+        Allow from All
+    </Files>
+    <Files webaccess.cgi>
+        Satisfy Any
+        Allow from All
+    </Files>
     <Files credits.cgi>
         Satisfy Any
         Allow from All

config/ovpn/verify

@@ -3,7 +3,7 @@ if [ $1 -eq 0 ]; then
     name2=`echo $2`
     name3=${name2##*/}
     name4=${name3##*CN=}
-    clientdisabled=`/bin/grep -iwc off,.*,$name4 /var/ipcop/ovpn/ovpnconfig`
+    clientdisabled=`/bin/grep -iwc off,.*,$name4 /var/ipfire/ovpn/ovpnconfig`
     if [ "$clientdisabled" = "1" ]; then
     exit 1
     fi

doc/packages-list.txt

@@ -196,6 +196,7 @@
   * spandsp-0.0.2pre25
   * speedtouch-1.2
   * squid-2.5.STABLE13
+  * squid-2.5.STABLE13_1st
   * squid-graph-3.1
   * startscripts
   * stund_0.96_Aug13

html/cgi-bin/chpasswd.cgi

@@ -0,0 +1,308 @@
+#!/usr/bin/perl
+
+#
+# $Id: chpasswd.cgi,v 1.0 2005/01/25 00:00:00 marco Exp $
+#
+
+use CGI qw(param);
+
+$swroot = "/var/ipcop";
+
+my %cgiparams;
+my %mainsettings;
+my %proxysettings;
+
+$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;
+
+### Initialize environment
+&readhash("${swroot}/main/settings", \%mainsettings);
+&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
+$language = $mainsettings{'LANGUAGE'};
+
+### Initialize language
+if ($language =~ /^(\w+)$/) {$language = $1;}
+ #
+ # Uncomment this to force a certain language:
+ # $language='en';
+ #
+require "${swroot}/langs/en.pl";
+require "${swroot}/langs/${language}.pl";
+
+my $userdb = "$swroot/proxy/advanced/ncsa/passwd";
+
+&readhash("$swroot/ethernet/settings", \%netsettings);
+
+my $success = 0;
+
+&getcgihash(\%cgiparams);
+
+if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
+{
+	if ($cgiparams{'USERNAME'} eq '')
+	{
+		$errormessage = $tr{'advproxy errmsg no username'};
+		goto ERROR;
+	}
+	if (($cgiparams{'OLD_PASSWORD'} eq '') || ($cgiparams{'NEW_PASSWORD_1'} eq '') || ($cgiparams{'NEW_PASSWORD_2'} eq ''))
+	{
+		$errormessage = $tr{'advproxy errmsg no password'};
+		goto ERROR;
+	}
+	if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'}))
+	{
+		$errormessage = $tr{'advproxy errmsg passwords different'};
+		goto ERROR;
+	}
+	if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'})
+	{
+		$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
+		goto ERROR;
+	}
+	if (! -z $userdb)
+	{
+		open FILE, $userdb;
+		@users = <FILE>;
+		close FILE;
+
+		$username = '';
+		$cryptpwd = '';
+
+		foreach (@users)
+		{
+ 			chomp;
+			@temp = split(/:/,$_);
+			if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i)
+			{
+				$username = $temp[0];
+				$cryptpwd = $temp[1];
+			}
+		}
+	}
+	if ($username eq '')
+	{
+		$errormessage = $tr{'advproxy errmsg invalid user'};
+		goto ERROR;
+	}
+	if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd))
+	{
+		$errormessage = $tr{'advproxy errmsg password incorrect'};
+		goto ERROR;
+	}
+	$returncode = system("/usr/bin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}");
+	if ($returncode == 0)
+	{
+		$success = 1;
+		undef %cgiparams;
+	} else {
+		$errormessage = $tr{'advproxy errmsg change fail'};
+		goto ERROR;
+	}
+}
+
+ERROR:
+
+print "Pragma: no-cache\n";
+print "Cache-control: no-cache\n";
+print "Connection: close\n";
+print "Content-type: text/html\n\n";
+
+print <<END
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+<title></title>
+</head>
+
+<body bgcolor="#FFFFFF">
+
+<center>
+
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+
+<table width="80%" cellspacing="10" cellpadding="5" border="0">
+
+<tr>
+	<td bgcolor="#C0C0C0">
+		<font face="verdana, arial, sans serif" color="#000000" size="2">
+		<b>&nbsp;</b>
+		</font>
+	</td>
+</tr>
+<tr>
+	<td bgcolor="#F4F4F4" align="center">
+		<table width="100%" cellspacing="10" cellpadding="10">
+		<tr>
+			<td nowrap bgcolor="#0050C0" align="center">
+			<font face="verdana, arial, sans serif" color="#FFFFFF" size="3">
+			<b>$tr{'advproxy chgwebpwd change web password'}</b>
+			</font>
+			</td>
+		</tr>
+		<tr>
+			<td align="center">
+				<table width="70%" cellspacing="7" cellpadding="7">
+				<tr>
+					<td nowrap bgcolor="#F4F4F4" align="left">
+					<font face="verdana, arial, sans serif" color="#000000" size="2">
+					<b>$tr{'advproxy chgwebpwd username'}:</b>
+					</font>
+					</td>
+					<td><input type="text" name="USERNAME" value="$cgiparams{'USERNAME'}" size="15"></td>
+				</tr>
+				<tr>
+					<td nowrap bgcolor="#F4F4F4" align="left">
+					<font face="verdana, arial, sans serif" color="#000000" size="2">
+					<b>$tr{'advproxy chgwebpwd old password'}:</b>
+					</font>
+					</td>
+					<td><input type="password" name="OLD_PASSWORD" value="$cgiparams{'OLD_PASSWORD'}" size="15"></td>
+				</tr>
+				<tr>
+					<td nowrap bgcolor="#F4F4F4" align="left">
+					<font face="verdana, arial, sans serif" color="#000000" size="2">
+					<b>$tr{'advproxy chgwebpwd new password'}:</b>
+					</font>
+					</td>
+					<td><input type="password" name="NEW_PASSWORD_1" value="$cgiparams{'NEW_PASSWORD_1'}" size="15"></td>
+				</tr>
+				<tr>
+					<td nowrap bgcolor="#F4F4F4" align="left">
+					<font face="verdana, arial, sans serif" color="#000000" size="2">
+					<b>$tr{'advproxy chgwebpwd new password confirm'}:</b>
+					</font>
+					</td>
+					<td><input type="password" name="NEW_PASSWORD_2" value="$cgiparams{'NEW_PASSWORD_2'}" size="15"></td>
+				</tr>
+				</table>
+				<table width="100%" cellspacing="7" cellpadding="7">
+				<tr>
+					<td align="center"><br><input type='submit' name='SUBMIT' value="$tr{'advproxy chgwebpwd change password'}"></td>
+				</tr>
+				</table>
+			</td>
+		</tr>
+END
+;
+
+if ($errormessage)
+{
+	print <<END
+	<tr>
+		<td nowrap bgcolor="#FF0000" align="center">
+		<font face="verdana, arial, sans serif" color="#FFFFFF" size="2">
+		<b>$tr{'advproxy chgwebpwd ERROR'}</b> $errormessage
+		</font>
+		</td>
+	</tr>
+END
+;
+}
+
+if ($success)
+{
+	print <<END
+	<tr>
+		<td nowrap bgcolor="#00C000" align="center">
+		<font face="verdana, arial, sans serif" color="#FFFFFF" size="2">
+		<b>$tr{'advproxy chgwebpwd SUCCESS'}</b> $tr{'advproxy errmsg change success'}
+		</font>
+		</td>
+	</tr>
+END
+;
+}
+
+
+print <<END
+
+	</td>
+</tr>
+</table>
+
+<tr>
+	<td bgcolor="#C0C0C0" align="right">
+		<a href="http://www.advproxy.net" target="_blank"><b>
+		<font face="verdana,arial,sans serif" color="#FFFFFF" size="1">Advanced Proxy</b></a> running on</font>
+		<a href="http://www.ipcop.org" target="_blank"><b>
+		<font face="verdana,arial,sans serif" color="#FFFFFF" size="1">IPCop</b></a></font>
+	</td>
+</tr>
+
+</table>
+
+</form>
+
+</center>
+
+</body>
+
+</html>
+END
+;
+
+# -------------------------------------------------------------------
+
+sub readhash
+{
+	my $filename = $_[0];
+	my $hash = $_[1];
+	my ($var, $val);
+
+	if (-e $filename)
+	{
+		open(FILE, $filename) or die "Unable to read file $filename";
+		while (<FILE>)
+		{
+			chop;
+			($var, $val) = split /=/, $_, 2;
+			if ($var)
+			{
+				$val =~ s/^\'//g;
+				$val =~ s/\'$//g;
+	
+				# Untaint variables read from hash
+				$var =~ /([A-Za-z0-9_-]*)/;        $var = $1;
+				$val =~ /([\w\W]*)/; $val = $1;
+				$hash->{$var} = $val;
+			}
+		}
+		close FILE;
+	}
+}
+
+# -------------------------------------------------------------------
+
+sub getcgihash
+{
+	my ($hash, $params) = @_;
+	my $cgi = CGI->new ();
+	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
+	if (!$params->{'wantfile'}) {
+		$CGI::DISABLE_UPLOADS = 1;
+		$CGI::POST_MAX        = 512 * 1024;
+	} else {
+		$CGI::POST_MAX = 10 * 1024 * 1024;
+	}
+
+	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
+	my $referer = $1;
+	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
+	my $servername = $1;
+	return if ($referer ne $servername);
+
+	### Modified for getting multi-vars, split by |
+	%temp = $cgi->Vars();
+	foreach my $key (keys %temp) {
+		$hash->{$key} = $temp{$key};
+		$hash->{$key} =~ s/\0/|/g;
+		$hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
+	}
+
+	if (($params->{'wantfile'})&&($params->{'filevar'})) {
+		$hash->{$params->{'filevar'}} = $cgi->upload
+					($params->{'filevar'});
+	}
+	return;
+}
+
+# -------------------------------------------------------------------

html/cgi-bin/webaccess.cgi

@@ -0,0 +1,377 @@
+#!/usr/bin/perl
+
+#
+# $Id: webaccess.cgi,v 2.0 2006/01/11 00:00:00 marco.s Exp $
+#
+
+use CGI;
+
+my $swroot = "/var/ipcop";
+my $apdir  = "$swroot/proxy/advanced";
+my $group_def_file = "$apdir/cre/classrooms";
+my $svhosts_file = "$apdir/cre/supervisors";
+my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl";
+my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl";
+
+my $banner = "A D V A N C E D   P R O X Y   -   W E B   A C C E S S   M A N A G E R";
+my %cgiparams;
+my %mainsettings;
+my %proxysettings;
+
+my %acl=();
+my @group_defs=();
+my @groups=();
+
+### Initialize environment
+&readhash("${swroot}/main/settings", \%mainsettings);
+&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
+$language = $mainsettings{'LANGUAGE'};
+
+### Initialize language
+if ($language =~ /^(\w+)$/) {$language = $1;}
+ #
+ # Uncomment this to force a certain language:
+ # $language='en';
+ #
+require "${swroot}/langs/en.pl";
+require "${swroot}/langs/${language}.pl";
+
+&getcgihash(\%cgiparams);
+
+&read_all_groups;
+&read_acl_groups;
+
+foreach (@groups)
+{
+	if ($cgiparams{$_} eq $tr{'advproxy mode deny'})  { $acl{$_}='on'; }
+	if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; }
+}
+
+&read_all_groups;
+
+my $is_supervisor=0;
+
+if ((-e $svhosts_file) && (!-z $svhosts_file))
+{
+	open (FILE, $svhosts_file);
+	while (<FILE>)
+	{
+		chomp;
+		if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; }
+	}
+	close (FILE);
+
+} else { $is_supervisor=1; }
+
+if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor))
+{
+	if (	($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || 
+		((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))
+	{
+		&write_acl;
+		system("/usr/local/bin/restartsquid");
+	}
+}
+
+&read_acl_groups;
+
+#undef(%cgiparams);
+
+# -------------------------------------------------------------------
+
+print <<END
+Pragma: no-cache
+Cache-control: no-cache
+Connection: close
+Content-type: text/html
+
+<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
+<html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
+<title>Advanced Proxy - Web Access Manager</title>
+<style type='text/css'>
+	a:link    { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
+	a:visited { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
+	a:hover   { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
+	a:active  { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#000000; }
+	a:focus   { text-decoration:none; font-family:verdana,arial,helvetica; font-weight:bold; color:#ffffff; }
+</style>
+</head>
+<body bgcolor='#FFFFFF'>
+
+<center>
+
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+
+<table width='720' cellspacing='10' cellpadding='5' border='0'>
+
+<tr>
+   <td bgcolor='#C0C0C0' height='20'></td>
+</tr>
+
+<tr>
+   <td bgcolor='#F4F4F4' align='center'>
+      <table width='100%' cellspacing='10' cellpadding='10' border='0'>
+
+         <tr>
+            <td nowrap bgcolor='#FFFFFF' align='center'>
+                <font face='verdana,arial,helvetica' color='#000000' size='3'>$banner</font>
+            </td>
+         </tr>
+
+END
+;
+if ($proxysettings{'CLASSROOM_EXT'} eq 'on')
+{
+if (@groups)
+{
+print <<END
+         <tr>
+            <td>
+               <table width='70%' cellspacing='2' cellpadding='2' border='0' align='center'>
+	<tr><td><input type='hidden' name='ACTION' value='submit'></td></tr>
+               <tr>
+END
+;
+if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))))
+{
+print <<END
+                  <td align='center'>
+                     <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy supervisor password'}:</font>
+                  </td>
+                  <td align='center'><input type='password' name='PASSWORD' size='15'></td>
+END
+;
+}
+print <<END
+               </tr>
+
+               </table>
+
+               <p>
+
+END
+;
+	foreach (@groups) {
+		if ($is_supervisor)
+		{
+			print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center' rules='groups'>";
+		} else {
+			print"<table width='50%' cellspacing='2' cellpadding='6' border='0' align='center' rules='groups'>";
+		}
+		print "<tr>\n";
+		if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
+		{
+			print " <td bgcolor='#D00000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>";
+		} else { print " <td bgcolor='#00A000' align='center'><font face='verdana,arial,helvetica' color='#FFFFFF' size='2'>$_</font>"; }
+		if ($is_supervisor)
+		{
+			if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
+			{
+			print "</td><td width='120' align='center'>";
+				print "<input type='submit' name='$_' value=' $tr{'advproxy mode allow'} '>";
+			print "</td><td width='16' bgcolor='#D00000'>&nbsp;</td>\n";
+			} else {
+			print "</td><td width='120' align='center'>";
+				print "<input type='submit' name='$_' value=' $tr{'advproxy mode deny'} '>";
+			print "</td><td width='16' bgcolor='#00A000'>&nbsp;</td>\n";
+			}
+		}
+		print "</tr>\n";
+		print "</table>\n";
+		print"<table width='65%' cellspacing='2' cellpadding='2' border='0' align='center'>";
+		print "<tr><td></td></tr>\n";
+		print "</table>\n";
+	}
+
+print <<END
+            </td>
+         </tr>
+END
+;
+} else {
+            print "      <tr>\n";
+            print "         <td align='center'>\n";
+            print "            <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy no cre groups'}</font>\n";
+            print "         </td>\n";
+            print "      </tr>\n";
+}
+} else {
+            print "      <tr>\n";
+            print "         <td align='center'>\n";
+            print "            <font face='verdana,arial,helvetica' color='#000000' size='2'>$tr{'advproxy cre disabled'}</font>\n";
+            print "         </td>\n";
+            print "      </tr>\n";
+}
+
+print <<END
+
+      </table>
+   </td>
+</tr>
+
+
+<tr>
+   <td bgcolor='#C0C0C0' align='right'>
+      <font face='verdana,arial,helvetica' color='#FFFFFF' size='1'>
+      <a href='http://www.advproxy.net' target='_blank'>Advanced Proxy</a> running on
+      <a href='http://www.ipcop.org' target='_blank'>IPCop</a>
+      </font>
+   </td>
+</tr>
+
+</table>
+
+</form>
+
+</center>
+
+</body>
+
+</html>
+END
+;
+
+# -------------------------------------------------------------------
+
+sub readhash
+{
+	my $filename = $_[0];
+	my $hash = $_[1];
+	my ($var, $val);
+
+	if (-e $filename)
+	{
+		open(FILE, $filename) or die "Unable to read file $filename";
+		while (<FILE>)
+		{
+			chop;
+			($var, $val) = split /=/, $_, 2;
+			if ($var)
+			{
+				$val =~ s/^\'//g;
+				$val =~ s/\'$//g;
+	
+				# Untaint variables read from hash
+				$var =~ /([A-Za-z0-9_-]*)/;        $var = $1;
+				$val =~ /([\w\W]*)/; $val = $1;
+				$hash->{$var} = $val;
+			}
+		}
+		close FILE;
+	}
+}
+
+# -------------------------------------------------------------------
+
+sub getcgihash
+{
+	my ($hash, $params) = @_;
+	my $cgi = CGI->new ();
+	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
+	if (!$params->{'wantfile'}) {
+		$CGI::DISABLE_UPLOADS = 1;
+		$CGI::POST_MAX        = 512 * 1024;
+	} else {
+		$CGI::POST_MAX = 10 * 1024 * 1024;
+	}
+
+	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
+	my $referer = $1;
+	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
+	my $servername = $1;
+	return if ($referer ne $servername);
+
+	### Modified for getting multi-vars, split by |
+	%temp = $cgi->Vars();
+	foreach my $key (keys %temp) {
+		$hash->{$key} = $temp{$key};
+		$hash->{$key} =~ s/\0/|/g;
+		$hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
+	}
+
+	if (($params->{'wantfile'})&&($params->{'filevar'})) {
+		$hash->{$params->{'filevar'}} = $cgi->upload
+					($params->{'filevar'});
+	}
+	return;
+}
+
+# -------------------------------------------------------------------
+
+sub read_acl_groups
+{
+	undef(%acl);
+	open (FILE,"$acl_src_noaccess_ips");
+	my @aclgroups = <FILE>;
+	close (FILE);
+	foreach (@aclgroups)
+	{
+		chomp;
+		if (/^\#/)
+		{
+			s/^\# //;
+			$acl{$_}='on';
+		}
+	}
+}
+
+# -------------------------------------------------------------------
+
+sub read_all_groups
+{
+	my $grpstr;
+
+	open (FILE,"$group_def_file");
+	@group_defs = <FILE>;
+	close (FILE);
+
+	undef(@groups);
+	foreach (@group_defs)
+	{
+		chomp;
+		if (/^\s*\[.*\]\s*$/)
+		{
+			$grpstr=$_;
+			$grpstr =~ s/^\s*\[\s*//;
+			$grpstr =~ s/\s*\]\s*$//;
+			push(@groups,$grpstr);
+		}
+	}
+}
+
+# -------------------------------------------------------------------
+
+sub write_acl
+{
+	my $is_blocked=0;
+
+	open (FILE_IPS,">$acl_src_noaccess_ips");
+	open (FILE_MAC,">$acl_src_noaccess_mac");
+	flock (FILE_IPS, 2);
+	flock (FILE_MAC, 2);
+	foreach (@group_defs)
+	{
+		if (/^\s*\[.*\]\s*$/)
+		{
+			s/^\s*\[\s*//;
+			s/\s*\]\s*$//;
+			if ((defined($acl{$_})) && ($acl{$_} eq 'on'))
+			{
+				print FILE_IPS "# $_\n";
+				print FILE_MAC "# $_\n";
+				$is_blocked=1;
+			} else { $is_blocked=0; }
+		} elsif (($is_blocked) && ($_))
+		{
+			s/^\s+//g; s/\s+$//g;
+			/^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n";
+		}
+	}
+
+	close (FILE_IPS);
+	close (FILE_MAC);
+}
+
+# -------------------------------------------------------------------

langs/de/cgi-bin/de.pl

@@ -1058,6 +1058,213 @@
 'add-route' => 'Additional push route',
 'subnet' => 'Subnet',
 'route subnet is invalid' => 'Additional push route subnet is invalid',
+'advproxy advanced proxy' => 'Advanced Proxy',
+'advproxy ssadvanced proxy' => 'advanced proxy',
+'advproxy advanced web proxy' => 'Advanced Web Proxy',
+'advproxy advanced web proxy configuration' => 'Advanced Web Proxy Konfiguration',
+'advproxy common settings' => 'Allgemeine Einstellungen',
+'advproxy enabled on' => 'Aktiviert auf',
+'advproxy transparent on' => 'Transparent auf',
+'advproxy proxy port' => 'Proxy Port',
+'advproxy visible hostname' => 'Sichtbarer Hostname',
+'advproxy admin mail' => 'Cache Administrator E-Mail',
+'advproxy error language' => 'Sprache der Fehlermeldungen',
+'advproxy upstream proxy' => 'Vorgelagerter Proxy',
+'advproxy via forwarding' => 'Proxy-Adresse weiterleiten',
+'advproxy client IP forwarding' => 'Client-IP-Adresse weiterleiten',
+'advproxy username forwarding' => ' Benutzernamen weiterleiten',
+'advproxy upstream proxy host:port' => 'Vorgelagerter Proxy (Host:Port)',
+'advproxy upstream username' => 'Proxy-Benutzername',
+'advproxy upstream password' => 'Proxy-Passwort',
+'advproxy log settings' => 'Protokolleinstellungen',
+'advproxy log enabled' => 'Protokoll aktiviert',
+'advproxy log query' => 'Protokolliere Query Terms',
+'advproxy log useragent' => 'Protokolliere Useragents',
+'advproxy cache management' => 'Cacheverwaltung',
+'advproxy hdd cache size' => 'Cachegröße auf der Festplatte (MB)',
+'advproxy ram cache size' => 'Cachegröße im Arbeitsspeicher (MB)',
+'advproxy min size' => 'Min. Objektgröße (KB)',
+'advproxy max size' => 'Max. Objektgröße (KB)',
+'advproxy memory replacement policy' => 'Speicher Ersetzungsrichtlinie',
+'advproxy cache replacement policy' => 'Cache Ersetzungsrichtlinie',
+'advproxy no cache sites' => 'Diese Domains nicht zwischenspeichern (eine pro Zeile)',
+'advproxy number of L1 dirs' => 'Anzahl der Level-1 Unterverzeichnisse',
+'advproxy offline mode' => 'Aktiviere Offline-Modus',
+'advproxy network based access' => 'Netzwerkbasierte Zugriffskontrolle',
+'advproxy allowed subnets' => 'Erlaubte Subnetze (eins pro Zeile)',
+'advproxy unrestricted ip clients' => 'Uneingeschränkte IP-Adressen (eine pro Zeile)',
+'advproxy unrestricted mac clients' => 'Uneingeschränkte MAC-Adressen (eine pro Zeile)',
+'advproxy banned ip clients' => 'Gesperrte IP-Adressen (eine pro Zeile)',
+'advproxy banned mac clients' => 'Gesperrte MAC-Adressen (eine pro Zeile)',
+'advproxy classroom extensions' => 'Erweiterungen für Klassenräume',
+'advproxy supervisor password' => 'Supervisor-Passwort',
+'advproxy no cre groups' => 'Es sind keine Zugriffsgruppen verfügbar',
+'advproxy cre disabled' => 'Die Verwaltungsoberfläche wurde vom Administrator deaktiviert',
+'advproxy cre group definitions' => 'Klassenraum-Gruppendefinitionen',
+'advproxy cre supervisors' => 'Supervisor IP-Adressen (eine pro Zeile)',
+'advproxy time restrictions' => 'Zeitbeschränkungen',
+'advproxy access' => 'Zugriff',
+'advproxy from' => 'Von',
+'advproxy to' => 'Bis',
+'advproxy mode allow' => 'Zulassen',
+'advproxy mode deny' => 'Verweigern',
+'advproxy monday' => 'Mon',
+'advproxy tuesday' => 'Die',
+'advproxy wednesday' => 'Mit',
+'advproxy thursday' => 'Don',
+'advproxy friday' => 'Fre',
+'advproxy saturday' => 'Sam',
+'advproxy sunday' => 'Son',
+'advproxy transfer limits' => 'Transfergrenzen',
+'advproxy max download size' => 'Max. Größe von Downloads (KB)',
+'advproxy max upload size' => 'Max. Größe von Uploads (KB)',
+'advproxy download throttling' => 'Download-Drosselung',
+'advproxy throttling total on' => 'Begrenzung insgesamt auf',
+'advproxy throttling per host on' => 'Begrenzung pro Host auf',
+'advproxy throttling unlimited' => 'unbegrenzt',
+'advproxy content based throttling' => 'Aktiviere inhaltsbasierte Drosselung',
+'advproxy throttle binary' => 'Binärdateien',
+'advproxy throttle dskimg' => 'CD-Images',
+'advproxy throttle mmedia' => 'Multimedia',
+'advproxy MIME filter' => 'MIME-Type Filter',
+'advproxy MIME block types' => ' Sperre diese MIME-Typen (einer pro Zeile)',
+'advproxy web browser' => 'Web-Browser',
+'advproxy allowed web browsers' => 'Zulässige Clients für Web-Zugriffe',
+'advproxy no clients defined' => 'Keine Clients definiert',
+'advproxy UA enable filter' => 'Aktiviere Web-Browser-Prüfung',
+'advproxy privacy' => 'Datenschutz',
+'advproxy fake useragent' => 'Gefälschter Useragent für externe Web-Sites',
+'advproxy fake referer' => 'Gefälschter Referer für externe Web-Sites',
+'advproxy url filter' => 'URL-Filter',
+'advproxy update accelerator' => 'Update-Beschleuniger',
+'advproxy enabled' => 'Aktiviert',
+'advproxy save and restart' => 'Speichern und Neustart',
+'advproxy clear cache' => 'Cache leeren',
+'advproxy reset' => 'Zurücksetzen',
+'advproxy back to main page' => 'Zurück zur Hauptseite',
+'advproxy AUTH method' => 'Authentifizierungsmethode',
+'advproxy AUTH global settings' => 'Globale Authentifizierungseinstellungen',
+'advproxy AUTH method none' => 'Keine',
+'advproxy AUTH method ncsa' => 'Lokal',
+'advproxy AUTH method ident' => 'identd',
+'advproxy AUTH method ldap' => 'LDAP',
+'advproxy AUTH method ntlm' => 'Windows',
+'advproxy AUTH method radius' => 'RADIUS',
+'advproxy AUTH limit of IP addresses' => 'Begrenzung von IP-Adressen pro Benutzer',
+'advproxy AUTH auth cache TTL' => 'Authentifizierungscache TTL (in Minuten)',
+'advproxy AUTH user IP cache TTL' => 'Benutzer/IP-Cache TTL (in Minuten)',
+'advproxy AUTH number of auth processes' => 'Anzahl der Authentifizierungsprozesse',
+'advproxy AUTH always required' => 'Authentifizierung für uneingeschränkte Quelladressen erforderlich',
+'advproxy AUTH realm' => 'Authentifizierungs-Realm Anzeige',
+'advproxy AUTH no auth' => 'Domains ohne Authentifizierung (eine pro Zeile)',
+'advproxy NCSA auth' => 'Lokale Benutzerauthentifizierung',
+'advproxy NCSA user management' => 'Benutzerverwaltung',
+'advproxy NCSA min password length' => 'Min. Passwordlänge',
+'advproxy NCSA redirector bypass' => 'Umleitung umgehen für Mitglieder der Gruppe',
+'advproxy NCSA create user' => 'Benutzer erstellen',
+'advproxy NCSA update user' => 'Benutzer aktualisieren',
+'advproxy NCSA user accounts' => 'Benutzerkonten',
+'advproxy NCSA no accounts' => 'Keine Benutzerkonten verfügbar',
+'advproxy NCSA username' => 'Benutzername',
+'advproxy NCSA password' => 'Passwort',
+'advproxy NCSA password confirm' => 'Passwort (Bestätigung)',
+'advproxy NCSA group' => 'Gruppe',
+'advproxy NCSA group membership' => 'Gruppenmitgliedschaft',
+'advproxy NCSA grp standard' => 'Standard',
+'advproxy NCSA grp extended' => 'Erweitert',
+'advproxy NCSA grp disabled' => 'Deaktiviert',
+'advproxy IDENT identd settings' => 'Allgemeine identd Einstellungen',
+'advproxy IDENT required' => 'Identd-Authentifizierung erforderlich',
+'advproxy IDENT timeout' => 'Timeout für ident (in Sekunden)',
+'advproxy IDENT aware hosts' => 'Ident-fähige Hosts (einer pro Zeile)',
+'advproxy IDENT user based access restrictions' => 'Benutzerbasierte Zugriffsbeschränkungen',
+'advproxy IDENT authorized users' => 'Autorisierte Benutzer (einer pro Zeile)',
+'advproxy IDENT unauthorized users' => 'Unautorisierte Benutzer (einer pro Zeile)',
+'advproxy IDENT use positive access list' => 'Verwende positive Zugriffskontrolle',
+'advproxy IDENT use negative access list' => 'Verwende negative Zugriffskontrolle',
+'advproxy LDAP auth' => 'LDAP Authentifizierung',
+'advproxy LDAP common settings' => 'Allgemeine LDAP-Einstellungen',
+'advproxy LDAP binddn settings' => 'Bind DN Einstellungen',
+'advproxy LDAP binddn username' => 'Bind DN Benutzername',
+'advproxy LDAP binddn password' => 'Bind DN Passwort',
+'advproxy LDAP basedn' => 'Base DN',
+'advproxy LDAP server' => 'LDAP-Server',
+'advproxy LDAP port' => 'Port',
+'advproxy LDAP group access control' => 'Gruppenbasierte Zugriffskontrolle',
+'advproxy LDAP group required' => 'Erforderliche Gruppe',
+'advproxy LDAP type' => 'LDAP-Typ',
+'advproxy LDAP ADS' => 'Active Directory',
+'advproxy LDAP NDS' => 'Novell eDirectory',
+'advproxy LDAP V2' => 'LDAP Version 2',
+'advproxy LDAP V3' => 'LDAP Version 3',
+'advproxy NTLM auth' => 'Windows NT/2003 Authentifizierung',
+'advproxy NTLM domain settings' => 'Allgemeine Domäneneinstellungen',
+'advproxy NTLM domain' => 'Domäne',
+'advproxy NTLM PDC hostname' => 'PDC Hostname',
+'advproxy NTLM BDC hostname' => 'BDC Hostname',
+'advproxy NTLM user based access restrictions' => 'Benutzerbasierte Zugriffsbeschränkungen',
+'advproxy NTLM auth mode' => 'Authentifizierungsmodus',
+'advproxy NTLM use integrated auth' => 'Aktiviere integrierte Windows-Authentifizierung',
+'advproxy NTLM authorized users' => 'Autorisierte Domänenbenutzer (einer pro Zeile)',
+'advproxy NTLM unauthorized users' => 'Unautorisierte Domänenbenutzer (einer pro Zeile)',
+'advproxy NTLM use positive access list' => 'Verwende positive Zugriffskontrolle',
+'advproxy NTLM use negative access list' => 'Verwende negative Zugriffskontrolle',
+'advproxy RADIUS radius settings' => 'Allgemeine RADIUS-Einstellungen',
+'advproxy RADIUS server' => 'RADIUS Server',
+'advproxy RADIUS port' => 'Port',
+'advproxy RADIUS identifier' => 'Kennung',
+'advproxy RADIUS secret' => 'Shared Secret',
+'advproxy RADIUS user based access restrictions' => 'Benutzerbasierte Zugriffsbeschränkungen',
+'advproxy RADIUS authorized users' => 'Autorisierte Benutzer (einer pro Zeile)',
+'advproxy RADIUS unauthorized users' => 'Unautorisierte Benutzer (einer pro Zeile)',
+'advproxy RADIUS use positive access list' => 'Verwende positive Zugriffskontrolle',
+'advproxy RADIUS use negative access list' => 'Verwende negative Zugriffskontrolle',
+'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für Upstream Proxy',
+'advproxy errmsg hdd cache size' => 'Ungültiger Wert f<>r die Größe des Festplatten-Cachespeichers (min. 10 MB erforderlich)',
+'advproxy errmsg mem cache size' => 'Ungültiger Wert f<>r die Größe des RAM-Cachespeichers',
+'advproxy errmsg time restriction' => 'Ungültige Zeitbeschränkung',
+'advproxy errmsg no browser' => 'Mindestens ein Browser oder Client muss für den Web-Zugriff zugelassen sein',
+'advproxy errmsg auth children' => 'Ungültige Anzahl Authentifizierungsprozesse',
+'advproxy errmsg auth cache ttl' => 'Ungültiger Wert für Authentifizierungscache TTL',
+'advproxy errmsg auth ipcache ttl' => 'Ungültiger Wert für Benutzer/IP-Cache TTL',
+'advproxy errmsg max userip' => 'Ungültige Anzahl von IP-Adressen pro Benutzer',
+'advproxy errmsg auth ipcache may not be null' => 'Authentifizierungscache TTL darf nicht 0 sein wenn IP-Adressbeschränkungen verwendet werden',
+'advproxy errmsg invalid ip or mask' => 'Ungültige IP-Adresse oder Subnetzmaske',
+'advproxy errmsg invalid mac' => 'Ungültige MAC-Adresse',
+'advproxy errmsg non-transparent proxy required' => 'Web Proxy muss für die Authentifizierung im Nicht-transparenten Modus laufen',
+'advproxy errmsg ident timeout' => 'Ungültiger ident Timeout',
+'advproxy errmsg ldap base dn' => 'LDAP base DN erforderlich',
+'advproxy errmsg ldap server' => 'Ungültige IP-Adresse für den LDAP-Server',
+'advproxy errmsg ldap port' => 'Ungültige LDAP Portnummer',
+'advproxy errmsg ldap bind dn' => 'LDAP bind DN Benutzername und Passwort erforderlich',
+'advproxy errmsg ntlm domain' => 'Windows Domänenname erforderlich',
+'advproxy errmsg ntlm pdc' => 'Hostname der Primary Domain Controllers erforderlich',
+'advproxy errmsg invalid pdc' => 'Ungültiger Hostname für den Primary Domain Controller',
+'advproxy errmsg invalid bdc' => 'Ungültiger Hostname für den Backup Domain Controller',
+'advproxy errmsg radius server' => 'Ungültige IP-Adresse für den RADIUS-Server',
+'advproxy errmsg radius port' => 'Ungültige RADIUS Portnummer',
+'advproxy errmsg radius secret' => 'Shared Secret erforderlich',
+'advproxy errmsg acl cannot be empty' => 'Zugriffskontrollliste darf nicht leer sein',
+'advproxy errmsg no username' => 'Benutzername darf nicht leer sein',
+'advproxy errmsg passwords different' => 'Passwörter stimmen nicht überein',
+'advproxy errmsg password length 1' => 'Passwort muss mindestens',
+'advproxy errmsg password length 2' => ' Zeichen enthalten',
+'advproxy errmsg password length' => 'Ungültiger Wert für Passwortlänge',
+'advproxy chgwebpwd change web password' => 'Ä n d e r u n g &nbsp; d e s &nbsp; P a s s w o r t e s &nbsp; f ü r &nbsp; d e n &nbsp; W e b z u g r i f f',
+'advproxy chgwebpwd username' => 'Benutzername',
+'advproxy chgwebpwd old password' => 'Aktuelles Passwort',
+'advproxy chgwebpwd new password' => 'Neues Passwort',
+'advproxy chgwebpwd new password confirm' => 'Neues Passwort (Bestätigung)',
+'advproxy chgwebpwd change password' => 'Passwort ändern',
+'advproxy errmsg no password' => 'Passwort kann nicht leer sein',
+'advproxy errmsg invalid user' => 'Benutzername existiert nicht',
+'advproxy errmsg password incorrect' => 'Falsches Passwort',
+'advproxy errmsg change fail' => 'Passwort konnte nicht geändert werden',
+'advproxy errmsg change success'  => 'Passwort für Webzugriff erfolgreich geändert',
+'advproxy chgwebpwd SUCCESS' => 'E R F O L G :',
+'advproxy chgwebpwd ERROR' => 'F E H L E R :',
+'advproxy update notification' => 'Update-Benachrichtigung!',
+'advproxy update information' => 'Eine aktualisierte Version steht zum Download bereit. Besuchen Sie <a href="http://www.advproxy.net" target="_blank">http://www.advproxy.net</a> für weitere Informationen.',
 
 ); 
 

langs/en/cgi-bin/en.pl

@@ -1091,5 +1091,212 @@
 'add-route' => 'Additional push route',
 'subnet' => 'Subnet',
 'route subnet is invalid' => 'Additional push route subnet is invalid',
+'advproxy advanced proxy' => 'Advanced Proxy',
+'advproxy ssadvanced proxy' => 'advanced proxy',
+'advproxy advanced web proxy' => 'Advanced Web Proxy',
+'advproxy advanced web proxy configuration' => 'Advanced web proxy configuration',
+'advproxy common settings' => 'Common settings',
+'advproxy enabled on' => 'Enabled on',
+'advproxy transparent on' => 'Transparent on',
+'advproxy proxy port' => 'Proxy port',
+'advproxy visible hostname' => 'Visible hostname',
+'advproxy admin mail' => 'Cache administrator e-mail',
+'advproxy error language' => 'Error messages language',
+'advproxy upstream proxy' => 'Upstream proxy',
+'advproxy via forwarding' => 'Proxy address forwarding',
+'advproxy client IP forwarding' => 'Client IP address forwarding',
+'advproxy username forwarding' => 'Username forwarding',
+'advproxy upstream proxy host:port' => 'Upstream proxy (host:port)',
+'advproxy upstream username' => 'Upstream username',
+'advproxy upstream password' => 'Upstream password',
+'advproxy log settings' => 'Log settings',
+'advproxy log enabled' => 'Log enabled',
+'advproxy log query' => 'Log query terms',
+'advproxy log useragent' => 'Log useragents',
+'advproxy cache management' => 'Cache management',
+'advproxy hdd cache size' => 'Harddisk cache size (MB)',
+'advproxy ram cache size' => 'Memory cache size (MB)',
+'advproxy min size' => 'Min object size (KB)',
+'advproxy max size' => 'Max object size (KB)',
+'advproxy memory replacement policy' => 'Memory replacement policy',
+'advproxy cache replacement policy' => 'Cache replacement policy',
+'advproxy no cache sites' => 'Do not cache these domains (one per line)',
+'advproxy number of L1 dirs' => 'Number of level-1 subdirectories',
+'advproxy offline mode' => 'Enable offline mode',
+'advproxy network based access' => 'Network based access control',
+'advproxy allowed subnets' => 'Allowed subnets (one per line)',
+'advproxy unrestricted ip clients' => 'Unrestricted IP addresses (one per line)',
+'advproxy unrestricted mac clients' => 'Unrestricted MAC addresses (one per line)',
+'advproxy banned ip clients' => 'Banned IP addresses (one per line)',
+'advproxy banned mac clients' => 'Banned MAC addresses (one per line)',
+'advproxy classroom extensions' => 'Classroom extensions',
+'advproxy supervisor password' => 'Supervisor password',
+'advproxy no cre groups' => 'There are no access groups available',
+'advproxy cre disabled' => 'The management interface has been disabled by the Administrator',
+'advproxy cre group definitions' => 'Classroom group definitions',
+'advproxy cre supervisors' => 'Supervisor IP addresses (one per line)',
+'advproxy time restrictions' => 'Time restrictions',
+'advproxy access' => 'Access',
+'advproxy from' => 'From',
+'advproxy to' => 'To',
+'advproxy mode allow' => 'allow',
+'advproxy mode deny' => 'deny',
+'advproxy monday' => 'Mon',
+'advproxy tuesday' => 'Tue',
+'advproxy wednesday' => 'Wed',
+'advproxy thursday' => 'Thu',
+'advproxy friday' => 'Fri',
+'advproxy saturday' => 'Sat',
+'advproxy sunday' => 'Sun',
+'advproxy transfer limits' => 'Transfer limits',
+'advproxy max download size' => 'Max download size (KB)',
+'advproxy max upload size' => 'Max upload size (KB)',
+'advproxy download throttling' => 'Download throttling',
+'advproxy throttling total on' => 'Overall limit on',
+'advproxy throttling per host on' => 'Limit per host on',
+'advproxy throttling unlimited' => 'unlimited',
+'advproxy content based throttling' => 'Enable content based throttling',
+'advproxy throttle binary' => 'Binary files',
+'advproxy throttle dskimg' => 'CD images',
+'advproxy throttle mmedia' => 'Multimedia',
+'advproxy MIME filter' => 'MIME type filter',
+'advproxy MIME block types' => ' Block these MIME types (one per line)',
+'advproxy web browser' => 'Web browser',
+'advproxy allowed web browsers' => 'Allowed clients for web access',
+'advproxy no clients defined' => 'No clients defined',
+'advproxy UA enable filter' => 'Enable browser check',
+'advproxy privacy' => 'Privacy',
+'advproxy fake useragent' => 'Fake useragent submitted to external sites',
+'advproxy fake referer' => 'Fake referer submitted to external sites',
+'advproxy url filter' => 'URL filter',
+'advproxy update accelerator' => 'Update accelerator',
+'advproxy enabled' => 'Enabled',
+'advproxy save and restart' => 'Save and restart',
+'advproxy clear cache' => 'Clear Cache',
+'advproxy reset' => 'Reset',
+'advproxy back to main page' => 'Back to main page',
+'advproxy AUTH method' => 'Authentication method',
+'advproxy AUTH global settings' => 'Global authentication settings',
+'advproxy AUTH method none' => 'None',
+'advproxy AUTH method ncsa' => 'Local',
+'advproxy AUTH method ident' => 'identd',
+'advproxy AUTH method ldap' => 'LDAP',
+'advproxy AUTH method ntlm' => 'Windows',
+'advproxy AUTH method radius' => 'RADIUS',
+'advproxy AUTH limit of IP addresses' => 'Limit of IP addresses per user',
+'advproxy AUTH auth cache TTL' => 'Authentication cache TTL (in minutes)',
+'advproxy AUTH user IP cache TTL' => 'User/IP cache TTL (in minutes)',
+'advproxy AUTH number of auth processes' => 'Number of authentication processes',
+'advproxy AUTH always required' => 'Require authentication for unrestricted source addresses',
+'advproxy AUTH realm' => 'Authentication realm prompt',
+'advproxy AUTH no auth' => 'Domains without authentication (one per line)',
+'advproxy NCSA auth' => 'Local user authentication',
+'advproxy NCSA user management' => 'User management',
+'advproxy NCSA min password length' => 'Min password length',
+'advproxy NCSA redirector bypass' => 'Bypass redirection for members of the group',
+'advproxy NCSA create user' => 'Create user',
+'advproxy NCSA update user' => 'Update user',
+'advproxy NCSA user accounts' => 'User accounts',
+'advproxy NCSA no accounts' => 'No user accounts available',
+'advproxy NCSA username' => 'Username',
+'advproxy NCSA password' => 'Password',
+'advproxy NCSA password confirm' => 'Password (confirm)',
+'advproxy NCSA group' => 'Group',
+'advproxy NCSA group membership' => 'Group membership',
+'advproxy NCSA grp standard' => 'Standard',
+'advproxy NCSA grp extended' => 'Extended',
+'advproxy NCSA grp disabled' => 'Disabled',
+'advproxy IDENT identd settings' => 'Common identd settings',
+'advproxy IDENT required' => 'Require identd authentication',
+'advproxy IDENT timeout' => 'Ident timeout (in seconds)',
+'advproxy IDENT aware hosts' => 'Ident aware hosts (one per line)',
+'advproxy IDENT user based access restrictions' => 'User based access restrictions',
+'advproxy IDENT authorized users' => 'Authorized users (one per line)',
+'advproxy IDENT unauthorized users' => 'Unauthorized users (one per line)',
+'advproxy IDENT use positive access list' => 'Use positive access control',
+'advproxy IDENT use negative access list' => 'Use negative access control',
+'advproxy LDAP auth' => 'LDAP authentication',
+'advproxy LDAP common settings' => 'Common LDAP settings',
+'advproxy LDAP binddn settings' => 'Bind DN settings',
+'advproxy LDAP binddn username' => 'Bind DN username',
+'advproxy LDAP binddn password' => 'Bind DN password',
+'advproxy LDAP basedn' => 'Base DN',
+'advproxy LDAP server' => 'LDAP Server',
+'advproxy LDAP port' => 'Port',
+'advproxy LDAP group access control' => 'Group based access control',
+'advproxy LDAP group required' => 'Required group',
+'advproxy LDAP type' => 'LDAP type',
+'advproxy LDAP ADS' => 'Active Directory',
+'advproxy LDAP NDS' => 'Novell eDirectory',
+'advproxy LDAP V2' => 'LDAP version 2',
+'advproxy LDAP V3' => 'LDAP version 3',
+'advproxy NTLM auth' => 'Windows NT/2003 authentication',
+'advproxy NTLM domain settings' => 'Common domain settings',
+'advproxy NTLM domain' => 'Domain',
+'advproxy NTLM PDC hostname' => 'PDC hostname',
+'advproxy NTLM BDC hostname' => 'BDC hostname',
+'advproxy NTLM user based access restrictions' => 'User based access restrictions',
+'advproxy NTLM auth mode' => 'Authentication mode',
+'advproxy NTLM use integrated auth' => 'Enable Windows integrated authentication',
+'advproxy NTLM authorized users' => 'Authorized domain users (one per line)',
+'advproxy NTLM unauthorized users' => 'Unauthorized domain users (one per line)',
+'advproxy NTLM use positive access list' => 'Use positive access control',
+'advproxy NTLM use negative access list' => 'Use negative access control',
+'advproxy RADIUS radius settings' => 'Common RADIUS settings',
+'advproxy RADIUS server' => 'RADIUS Server',
+'advproxy RADIUS port' => 'Port',
+'advproxy RADIUS identifier' => 'Identifier',
+'advproxy RADIUS secret' => 'Shared secret',
+'advproxy RADIUS user based access restrictions' => 'User based access restrictions',
+'advproxy RADIUS authorized users' => 'Authorized users (one per line)',
+'advproxy RADIUS unauthorized users' => 'Unauthorized users (one per line)',
+'advproxy RADIUS use positive access list' => 'Use positive access control',
+'advproxy RADIUS use negative access list' => 'Use negative access control',
+'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
+'advproxy errmsg hdd cache size' => 'Invalid value for harddisk cache size (min 10 MB required)',
+'advproxy errmsg mem cache size' => 'Invalid value for memory cache size',
+'advproxy errmsg time restriction' => 'Invalid time restriction',
+'advproxy errmsg no browser' => 'At least one browser or client must be selected for web access',
+'advproxy errmsg auth children' => 'Invalid number of authentication processes',
+'advproxy errmsg auth cache ttl' => 'Invalid value for authentication cache TTL',
+'advproxy errmsg auth ipcache ttl' => 'Invalid value for user/IP cache TTL',
+'advproxy errmsg max userip' => 'Invalid number of IP addresses per user',
+'advproxy errmsg auth ipcache may not be null' => 'Authentication cache TTL may not be 0 when using IP address limits',
+'advproxy errmsg invalid ip or mask' => 'Invalid IP address or network mask',
+'advproxy errmsg invalid mac' => 'Invalid MAC address',
+'advproxy errmsg non-transparent proxy required' => 'Web Proxy must be running in non-transparent mode for authentication',
+'advproxy errmsg ident timeout' => 'Invalid ident timeout',
+'advproxy errmsg ldap base dn' => 'LDAP base DN required',
+'advproxy errmsg ldap server' => 'Invalid IP address for LDAP Server',
+'advproxy errmsg ldap port' => 'Invalid LDAP port number',
+'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',
+'advproxy errmsg ntlm domain' => 'Windows domain name required',
+'advproxy errmsg ntlm pdc' => 'Hostname for Primary Domain Controller required',
+'advproxy errmsg invalid pdc' => 'Invalid hostname for Primary Domain Controller',
+'advproxy errmsg invalid bdc' => 'Invalid hostname for Backup Domain Controller',
+'advproxy errmsg radius server' => 'Invalid IP address for RADIUS Server',
+'advproxy errmsg radius port' => 'Invalid RADIUS port number',
+'advproxy errmsg radius secret' => 'RADIUS shared secret required',
+'advproxy errmsg acl cannot be empty' => 'Access control list cannot be empty',
+'advproxy errmsg no username' => 'Username can not be empty',
+'advproxy errmsg passwords different' => 'Passwords don\'t match',
+'advproxy errmsg password length 1' => 'Password must have at least ',
+'advproxy errmsg password length 2' => ' characters',
+'advproxy errmsg password length' => 'Invalid value for password length',
+'advproxy chgwebpwd change web password' => 'C h a n g e   w e b   a c c e s s   p a s s w o r d',
+'advproxy chgwebpwd username' => 'Username',
+'advproxy chgwebpwd old password' => 'Current password',
+'advproxy chgwebpwd new password' => 'New password',
+'advproxy chgwebpwd new password confirm' => 'New password (confirm)',
+'advproxy chgwebpwd change password' => 'Change password',
+'advproxy errmsg no password' => 'Password can not be empty',
+'advproxy errmsg invalid user' => 'Username does not exist',
+'advproxy errmsg password incorrect' => 'Password incorrect',
+'advproxy errmsg change fail' => 'Password could not be changed',
+'advproxy errmsg change success'  => 'Password for web access sucessfully changed',
+'advproxy chgwebpwd SUCCESS' => 'S U C C E S S :',
+'advproxy chgwebpwd ERROR' => 'E R R O R :',
+'advproxy update notification' => 'Update notification!',
+'advproxy update information' => 'There is an updated version available for download. Visit <a href="http://www.advproxy.net" target="_blank">http://www.advproxy.net</a> for more information.',
 
 );

lfs/configroot

@@ -52,7 +52,7 @@ $(TARGET) :
 	# Create all directories
 	for i in addon-lang alcatelusb auth backup backup/sets ca certs cnx_pci crls ddns dhcp dhcpc dmzholes \
 	    eagle-usb eciadsl ethernet isdn key langs logging main modem net-traffic optionsfw patches pakfire portfw \
-	    ppp private proxy red remote shaping snort time uplinks vpn wireless xtaccess ; do \
+	    ppp private proxy/advanced red remote shaping snort time uplinks vpn wireless xtaccess ; do \
 	        mkdir -p $(CONFIG_ROOT)/$$i; \
 	done
 
@@ -84,8 +84,8 @@ $(TARGET) :
 	cp $(DIR_SRC)/config/cfgroot/xtaccess-config		$(CONFIG_ROOT)/xtaccess/config
 	cp $(DIR_SRC)/config/cfgroot/time-settings		$(CONFIG_ROOT)/time/settings
 	cp $(DIR_SRC)/config/cfgroot/logging-settings		$(CONFIG_ROOT)/logging/settings
-#	cp $(DIR_SRC)/config/cfgroot/ipcop.gpg			$(CONFIG_ROOT)/key/
-	cp $(DIR_SRC)/langs/list				$(CONFIG_ROOT)/langs/
+	cp $(DIR_SRC)/config/cfgroot/useragents			$(CONFIG_ROOT)/proxy/advanced
+	cp $(DIR_SRC)/langs/list					$(CONFIG_ROOT)/langs/
 
 	# Oneliner configfiles
 	echo  "ENABLED=off"		> $(CONFIG_ROOT)/vpn/settings

lfs/squid

@@ -83,17 +83,19 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	   --datadir=/usr/lib/squid \
 	   --mandir=/usr/share/man --libexecdir=/usr/lib/squid \
 	   --localstatedir=/var --sysconfdir=/etc/squid \
-	   --disable-poll --disable-snmp --disable-icmp \
+	   --disable-poll --disable-snmp --disable-icmp --disable-wccp \
 	   --disable-http-violations --disable-ident-lookups \
 	   --enable-storeio="aufs,coss,diskd,ufs" --enable-ssl \
-	   --enable-underscores --enable-ntlm-fail-open \
+	   --enable-underscores --enable-ntlm-fail-open --enable-arp-acl \
+	   --enable-http-violations --enable-auth=basic,ntlm \
 	   --enable-removal-policies="heap,lru" \
 	   --enable-delay-pools --enable-linux-netfilter \
-	   --enable-basic-auth-helpers="NCSA,SMB,MSNT" \
-	   --enable-ntlm-auth-helpers="SMB,winbind" \
+	   --enable-basic-auth-helpers="NCSA,SMB,MSNT,LDAP,multi-domain-NTLM" \
+	   --enable-ntlm-auth-helpers="SMB" \
 	   --enable-useragent-log \
 	   --enable-referer-log \
-	   --with-pthreads
+	   --with-pthreads --with-dl
+
 	cd $(DIR_APP) && make -j 3
 	cd $(DIR_APP) && make install