This patch adds a notice with a link to the Wiki-page https://wiki.ipfire.org/configuration/network/proxy/extend/wpad to the new WebGUI-Setion to make the user aware of the fact, that WPAD will only work correctly if he makes further adjustments:
- Add DHCP-Options for WPAD via DHCP
- Add HOST-Entries to DNS and Apache-vhost or haproxy-frontend/backend or firewall-redirect for WPAD via DNS
These additional options depend on the users environment and can not be shipped by default as they might break the users setups.
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds the missing Web-GUI for the WPAD-Exceptions to proxy.cgi
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This log is mainly needed for debugging the IPS. It writes some stats
every couple of seconds and will create some load on SD cards and other
cheap storage that we do not need.
Fixes#12056.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The output was written to stderr before and landed in apache's
error log where we do not want it.
Fixes: #12004
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In some cases, it might be useful to create an additional
host (i.e. for round robin loadbalancing) without assigning
another PTR to the IP address specified.
This patch introduces the ability to check or uncheck
PTR generation for each host individually.
Partially fixes#12030
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The script relied on the configuration being in lowercase.
If people manually editied their configuration file they might
not have paid attention to this and therefore this script now
also accepts uppercase MAC addresses.
Fixes: #12047
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The CGI script only compares mm/dd and does not care about the year.
Suricata, however, logs the year as well which has to be ignored here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
the bigger changes for suricata and kernel need longer time for test
so we insert a core with smaller but important fixes.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This was still using the old version of OpenSSL.
Instead of linking the module (which we should have found earlier)
the module uses dlopen :(
Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a regression from disabling charon.install_routes.
VPNs are routing fine as long as traffic is passing through
the firewall. Traps are not propertly used as long as these
routes are not present and therefore we won't trigger any
tunnels when traffic originates from the firewall.
Fixes: #12045
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
