webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
16,838 Commits 2 Branches 1 Tag
4ff8a225668ebbe901a333ea1d25ac6e5ccdd34e
Commit Graph

2645 Commits

Author SHA1 Message Date
Stefan Schantl
274ca65bc5 ovpnmain.cgi: Fix typos. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-22 13:36:40 +00:00
Stefan Schantl
b959b9f5a6 ovpnmain.cgi: Call correct system_output() function. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-22 13:36:37 +00:00
Stefan Schantl
f560408053 ovpnmain.cgi: Fix detection of used DH key lenght. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-21 17:18:26 +00:00
Stefan Schantl
016859ffe4 vpnmain.cgi: Fix typo. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-21 17:16:41 +00:00
Stefan Schantl
8f73d902e3 pppsetup.cgi: Fix typos. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-21 17:16:00 +00:00
Stefan Schantl
5e99660d7d speed.cgi: Add requirement for general-functions.pl. 
The CGI now requires the general-functions library, because the
get_red_interface() function is used.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-20 12:37:33 +00:00
Stefan Schantl
6239e587f0 memory.cgi: Fix missing qoutes. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-20 12:37:29 +00:00
Peter Müller
e981b751d1 proxy.cgi: Suppress Squid version by default 
While hiding version information does not come with any _actual_
security improvements, it is generally a good thing to do so by default:
Attackers will still be able to reasonably guess or enumerate the
software version running, but need to conduct additional effort to do
so, hence more likely raising alerts and drawing attention on their
operation.

In addition, we suppress version details somewhere else in IPFire 2.x by
default, too (e. g. Unbound and Apache), so we can justify this patch by
aiming to stay consistent, I guess. :-)

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-18 08:47:36 +00:00
Michael Tremer
46443100e0 Merge branch 'perl-system' into next 2021-06-17 20:11:47 +00:00
Stefan Schantl
508547f98d hardwaregraphs.cgi: Perform all sensor lookups in pure perl. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
f6340997aa services.cgi: Redesign isautorun() because shell globbing cannot used anymore. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
e2839b1a2c remote.cgi: Fix splitting output from ssh-keygen. 
The split function requires an string as input.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
5410fcbc45 dhcp.cgi: Fix typo and displaying advanced options syntax. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
5153fcc9f1 fireinfo.cgi: Fix read-in profile data. 
To read-in the whole file content the data type needs to be an array.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
276f938b09 time.cgi: Get and manipuate date and time in pure perl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
82215f2d5f netexternal.cgi: Grab DNS servers in pure perl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
17ee1f135f mdstat.cgi: Print mdstat status in pure perl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
2ccb63bce8 fireinfo.cgi: Use new system methods 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
a81cbf6127 vpnmain.cgi: Use new system methods 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:11:37 +00:00
Stefan Schantl
1366526c0b pppsetup.cgi: Use new system methods 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:10:58 +00:00
Stefan Schantl
4abd5cd00e wireless.cgi: Use new system methods 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-17 20:10:24 +00:00
Peter Müller
6323e9086f proxy.cgi: drop options for faking Referer and User-Agent HTTP headers 
While maintaining privacy when accessing web sites probably has never
been more important than it is today, faking Referer and User-Agent
headers is both obsolete and counterproductive:

(a) Most web sites require HTTPS, thwarting manipulation attempts to
    HTTP headers in transit. Given todays' internet landscape, faking
    these headers is unlikely to work for the vast majority of web
    sites.

(b) It is trivial to detect faked HTTP User-Agent headers by obtaining
    corresponding browser information via JavaScript. Any difference
    most likely indicates (trivial) header manipulation attempts, hence
    rendering this feature useless if browsers do not behave in the same
    manner, which we cannot control on IPFire.

(c) Especially static Referer headers make users stick out like a sore
    thumb, as nobody else in the world is likely to have the same
    Referer set _all the time_.

    Modern browsers attempt to strip sensitive information from Referer
    headers, or ditch them completely, particularly to 3rd party sites.

Given the state of the web ecosystem as we know it today, enforcing
privacy in a centralised manner does not even come close to being
sufficient. Without gaining control over users' browsers, their
settings, and their infrastructure (such as setting up terminal
environments for accessing the web, preventing hardware
fingerprinting), a centralised attempt will at best fail, if not making
things worse, as highlighted in (c).

Therefore, removing these features from the Squid GUI is the least worse
option we have. We should not give our users a false sense of privacy.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-17 20:06:26 +00:00
Michael Tremer
7f6620986c ipsec: Prefer curve448 over curve25519 
Curve448 provides better cryptographic security. For more details see:

  https://bugzilla.ipfire.org/show_bug.cgi?id=12634

Fixes: #12634
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-14 13:29:09 +00:00
Michael Tremer
90d81a4b8a wlanap.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:28:53 +01:00
Michael Tremer
3eb7c08b89 wirelessclient.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:26:19 +01:00
Michael Tremer
d87928c091 wireless.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:25:44 +01:00
Michael Tremer
5617cb0d42 webaccess.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:25:02 +01:00
Michael Tremer
f57e1628f6 wakeonlan.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:24:29 +01:00
Michael Tremer
d22c7c1062 vpnmain.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:23:52 +01:00
Michael Tremer
7b7b3bb962 urlfilter.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:23:06 +01:00
Michael Tremer
9d2c1158c9 updatexlrator.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:08:23 +01:00
Michael Tremer
3404ea7df8 traffic.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:05:05 +01:00
Michael Tremer
c4a54c419d tor.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:01:36 +01:00
Michael Tremer
5b057b3f31 time.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 15:00:54 +01:00
Michael Tremer
66d6392492 shutdown.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:56:40 +01:00
Michael Tremer
150fadab40 services.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:55:52 +01:00
Michael Tremer
0fd1f8bba6 samba.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:54:52 +01:00
Michael Tremer
ed86307602 routing.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:46:29 +01:00
Michael Tremer
d57cecaafc remote.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:46:04 +01:00
Michael Tremer
5b8ecec9e8 qos.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:45:27 +01:00
Michael Tremer
661918881f proxy.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:41:24 +01:00
Michael Tremer
d10e04ec99 pppsetup.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:35:56 +01:00
Michael Tremer
3be1e3c6f7 optionsfw.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:35:09 +01:00
Michael Tremer
88985bcc6e mpfire.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:33:57 +01:00
Michael Tremer
88095fce90 modem.cgi: Use new perl system functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-06-10 14:32:44 +01:00
Stefan Schantl
2feacd9898 ovpnmain.cgi: Use new system methods 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-10 14:30:56 +01:00
Stefan Schantl
2a4b9f0eef gpl.cgi: Grab and GPLv3 license in pure perl. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-10 14:30:56 +01:00
Stefan Schantl
1e7c0108ab speed.cgi: Use new system methods 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-10 14:30:56 +01:00
Stefan Schantl
12317449d0 qos.cgi: Use new system methods 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-10 14:30:55 +01:00
Stefan Schantl
875041991c proxy.cgi: Use new system methods 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-06-10 14:30:55 +01:00