diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-09-18 12:29:20 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-09-18 12:29:20 +0000 |
commit | 28fb85a4404b102e9660c306c2c71e0633c03ddb (patch) | |
tree | f36f93b7c620fc290b54e76e862c1015750b79f3 | |
parent | 77b5c04c6b5c6aa966c558fc6e63cd2283205dc9 (diff) | |
download | acf-squid-28fb85a4404b102e9660c306c2c71e0633c03ddb.tar.bz2 acf-squid-28fb85a4404b102e9660c306c2c71e0633c03ddb.tar.xz |
Rewrote squid to remove dependence on tags in config file. Removed ntlm settings, which will have to be implemented in winbindd acf. No support yet for advanced config.
git-svn-id: svn://svn.alpinelinux.org/acf/squid/trunk@1475 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | config.mk | 1 | ||||
-rw-r--r-- | squid-authentication-html.lsp | 85 | ||||
-rw-r--r-- | squid-basic-html.lsp | 91 | ||||
-rw-r--r-- | squid-config-html.lsp | 10 | ||||
-rw-r--r-- | squid-controller.lua | 107 | ||||
-rw-r--r-- | squid-dep-html.lsp | 16 | ||||
-rw-r--r-- | squid-digest-html.lsp | 36 | ||||
-rw-r--r-- | squid-model.lua | 955 | ||||
-rw-r--r-- | squid.conf.template | 111 | ||||
-rw-r--r-- | squid.menu | 6 | ||||
-rw-r--r-- | squid.roles | 2 |
12 files changed, 304 insertions, 1122 deletions
@@ -6,7 +6,7 @@ APP_DIST=\ squid* \ -EXTRA_DIST=README Makefile config.mk squid.conf.template +EXTRA_DIST=README Makefile config.mk DISTFILES=$(APP_DIST) $(EXTRA_DIST) @@ -15,7 +15,6 @@ TAR=tar P=$(PACKAGE)-$(VERSION) tarball=$(P).tar.bz2 install_dir=$(DESTDIR)/$(appdir)/$(APP_NAME) -install_dir_squid=$(DESTDIR)/$(squid-cfg-dir) all: clean: @@ -24,9 +23,8 @@ clean: dist: $(tarball) install: - mkdir -p "$(install_dir)" "$(install_dir_squid)" + mkdir -p "$(install_dir)" cp -a $(APP_DIST) "$(install_dir)" - cp -a squid.conf.template "$(install_dir_squid)" $(tarball): $(DISTFILES) rm -rf $(P) @@ -8,4 +8,3 @@ cgibindir=${acfdir}/cgi-bin appdir=${acfdir}/app acflibdir=${acfdir}/lib sessionsdir=${localstatedir}/lib/acf/sessions -squid-cfg-dir=/etc/squid diff --git a/squid-authentication-html.lsp b/squid-authentication-html.lsp deleted file mode 100644 index 7e662a7..0000000 --- a/squid-authentication-html.lsp +++ /dev/null @@ -1,85 +0,0 @@ -<% -require("viewfunctions") - - local form, viewlibrary = ... - local config = form.service.config - -%> - -<% if viewlibrary and viewlibrary.dispatch_component then - viewlibrary.dispatch_component("status") -end %> - -<h1>Configuration</h1> -<h2>Authentication Scheme</h2> -<form action="" method="POST"> -<p> -Choose the desired authentication mechanisms and their order. -</p> - -<input type="hidden" name="authmethod" value="<% io.write( config.authmethod.value ) %>"> -<table style="width:100px;"> -<tr> - <td valign="middle"> - <table> - <tr> - <td><input class="submit" type="submit" value="^"></td> - </tr><tr> - <td><input class="submit" type="submit" value="v"></td> - </tr> - </table> - </td><td> - <b>Active</b><br> - <select class="select" name="tmpauth" size="5" style="width:150px;"> - <% - local lap = 1 - local method = config.authmethod.value - if #config.authmethod.value > 0 then - while lap <= #config.authmethod.value do - if string.sub( method, lap, lap ) == "D" then - io.write( "<option value=\"D\">Digest</option>\n" ) - elseif string.sub( method, lap, lap ) == "N" then - io.write( "<option value=\"N\">NTLM</option>\n" ) - elseif string.sub( method, lap, lap ) == "B" then - io.write( "<option value=\"B\">Basic</option>\n" ) - end - lap = lap + 1 - end - end - %> - </select> - </td><td> - <table><tr><td> - <input class="submit" type="submit" name="inout" value=" << "> - </td></tr><tr><td> - <input class="submit" type="submit" name="inout" value=" >> "> - </td></tr></table> - </td><td> - <b>Selectable</b><br> - <select name="tmpempty" size="5" style="width:150px;"> -<% - if string.match( config.authmethod.value, "D" ) == nil then - io.write( "<option value=\"D\">Digest</option>\n" ) - end - if string.match( config.authmethod.value, "N" ) == nil then - io.write( "<option value=\"N\">NTLM</option>\n" ) - end - if string.match( config.authmethod.value, "B" ) == nil then - io.write( "<option value=\"B\">Basic</option>\n" ) - end -%> - </select> - </td> -</tr> -</table> -<h2>Information</h2> -<DL> -<dt>Process information</dt><dd>This process runs as a service. When you make -and save changes, the configuration files for the service are changed. However, -the changes will not be <i>applied</i> until you restart the service.</dd> -</DL> -</form> - -<% if viewlibrary and viewlibrary.dispatch_component then - viewlibrary.dispatch_component("startstop") -end %> diff --git a/squid-basic-html.lsp b/squid-basic-html.lsp deleted file mode 100644 index 8822f87..0000000 --- a/squid-basic-html.lsp +++ /dev/null @@ -1,91 +0,0 @@ -<% -require("viewfunctions") - - local form, viewlibrary = ... - local service = form.service - local config = form.service.config - - local ifthen = function( variable, value, result ) - if variable == value then - io.write( result ) - end - end - -%> - -<% if viewlibrary and viewlibrary.dispatch_component then - viewlibrary.dispatch_component("status") -end %> - -<h1>Configuration</h1> -<form action="" method="POST"> -<h2>Primary Listener service</h2> -<p>These parameters define the interface and port that the web proxy uses to accept connections.</p> - -<dl> -<dt>proxyip</dt> -<dd><input class="text" type="text" name="proxyip" value="<% io.write( config.proxyip.value ) %>"></dd> -<dt>proxyport</dt> -<dd><input class="text" type="text" name="proxyport" value="<% io.write( config.proxyport.value ) %>"></dd> -</dl> - -<h2>Filter Service</h2> -<p>These parameters define the ip address and port that the web proxy forwards requests to. -This is typically the address that DansGuardian (Web Content Filter) is listening on. -If you want this web proxy to handle retrieving the content, then leave these blank.</p> -<p>Filtering is a cpu-intensive process. The FilterRegex is a list of regular expressions that qualify -for filtering. Anything not matching the regular expression filter will bypass the content filter. -It is safe to leave this at the default settings.</p> - -<dl> -<dt>filterip</dt><dd><input class="text" type="text" name="filterip" value="<% io.write( config.filterip.value ) %>"</dd> -<dt>filterport</dt><dd><input class="text" type="text" name="filterport" value="<% io.write( config.filterport.value ) %>"></dd> -<dt>FilterRegex</dt><dd><input class="text" type="text" name="filterregex" value="<% io.write( config.filterregex.value ) %>"></dd> -</dl> - -<h2>Access Logs</h2> -<p>This determines if the visited sites are logged or not.</p> -<dl> -<dt>Log visited sites</dt> -<dd><input type="radio" name="accesslog" value="no"<% ifthen( config.accesslog.value, "no", " checked" ); %>> No access log -<input type="radio" name="accesslog" value="yes"<% ifthen( config.accesslog.value, "yes", " checked" ); %>> Use access log</dd> -</dl> - -<h2>Disk Cache Parameters</h2> -<p>This determines if the disk is used for caching. This can speed up web surfing when many clients are accessing the Internet, -but it requires a local hard disk.</p> - -<dl> -<dt>Enable disk caching</dt> -<dd><input class="radio" type="radio" name="diskcache" value="no"<% ifthen( config.diskcache.value, "no", " checked" ); %>>No -<input class="radio" type="radio" name="diskcache" value="yes"<% ifthen( config.diskcache.value, "yes", " checked" ); %>>Yes</dd> -</dl> - -<h2>Allowed Ports</h2> -<p>Web servers typically run on port 80; SSL (https) servers typically run on port 443. Some web -servers run on other ports as well. These fields list all ports and port ranges that are considered -"safe" for the web proxy to handle.</p> -<p>It is safe to leave these values at their default values.</p> - -<dl> -<dt>Safe_ports</dt><dd><input class="text" type="text" name="safeports" value="<% io.write( config.safeports.value ) %>"></dd> -<dt>SSL_ports</dt><dd><input class="text" type="text" name="sslports" value="<% io.write( config.sslports.value ) %>"></dd> -</dl> - -<h2>Save changes</h2> -<dl> -<DT>Save above changes</DT><DD><input class="submit" type="submit" name="cmd" value="save"></DD> -<% if #service.error > 0 then %> -<DT>Config status</DT><DD class="error"><% io.write(service.error ) %></DD> -<% end %> -<DT>Process information</DT><DD>This process runs as a service. When you make and save changes, the configuration -files for the service are changed. However, the changes will not be <i>applied</i> -until you restart the service.</DD> - -</dl> -</form> - -<% if viewlibrary and viewlibrary.dispatch_component then - viewlibrary.dispatch_component("startstop") -end %> - diff --git a/squid-config-html.lsp b/squid-config-html.lsp new file mode 100644 index 0000000..d43f684 --- /dev/null +++ b/squid-config-html.lsp @@ -0,0 +1,10 @@ +<% local form, viewlibrary, page_info = ... +require("viewfunctions") +%> + +<H1><%= form.label %></H1> +<% + form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action + local order = {"httpports", "accesslog", "diskcache", "authmethod"} + displayform(form, order) +%> diff --git a/squid-controller.lua b/squid-controller.lua index b16bbd8..cda4b7f 100644 --- a/squid-controller.lua +++ b/squid-controller.lua @@ -6,22 +6,6 @@ require("controllerfunctions") default_action = "status" -dep = function( self ) - - if self.model.dependancy_ok() then - redirect(self) - end - - if self.clientdata.cmd then - if self.clientdata.cmd == "create file" then - self.model.create_cfg_from_template() - redirect(self) - end - end - - return -end - status = function( self ) return self.model.getstatus() end @@ -30,87 +14,22 @@ startstop = function( self ) return controllerfunctions.handle_startstop(self, self.model.startstop_service, self.model.getstatus, self.clientdata) end -basic = function( self ) - - local service = {} - - if not self.model.dependancy_ok() then - redirect(self, "dep") - end - - if self.clientdata.cmd then - local cmd = self.clientdata.cmd - if cmd == "save" then - local newconfig = { proxyip = { value=self.clientdata.proxyip, type="text", label="" }, - proxyport = { value=self.clientdata.proxyport, type="text", label="" }, - filterip = { value=self.clientdata.filterip, type="text", label="" }, - filterport = { value=self.clientdata.filterport, type="text", label="" }, - filterregex = { value=self.clientdata.filterregex, type="text", label="" }, - safeports = { value=self.clientdata.safeports, type="text", label="" }, - sslports = { value=self.clientdata.sslports, type="text", label="" }, - accesslog = { value=self.clientdata.accesslog, type="select", label="", option={ "yes", "no" } }, - diskcache = { value=self.clientdata.diskcache, type="select", label="", option={ "yes", "no" } }, - authmethod = { value=self.clientdata.authmethod, type="text", label="" } - } - - self.model.update_basic_config( newconfig ) - end - end - - service.config, service.error = self.model.get_basic_config() - - return ( cfe ({ service = service }) ) +config = function( self ) + return controllerfunctions.handle_form(self, self.model.read_config, self.model.update_config, self.clientdata, "Save", "Edit Config", "Configuration Set") end -authentication = function( self ) +digest = function( self ) + return controllerfunctions.handle_form(self, self.model.read_digest_userlist, self.model.update_digest_userlist, self.clientdata, "Save", "Edit User List", "User List Set") +end - local service = {} - - if self.clientdata.inout then - local newauth = "" - if self.clientdata.inout == " << " then - if self.clientdata.tmpempty then - newauth = self.clientdata.authmethod .. self.clientdata.tmpempty - else - newauth = self.clientdata.authmethod - end - elseif self.clientdata.inout == " >> " then - local tmpauth = self.clientdata.authmethod - local lap = 1 - while lap <= #tmpauth do - if string.sub( tmpauth, lap, lap ) ~= self.clientdata.tmpauth then - newauth = newauth .. string.sub( tmpauth, lap, lap ) - end - lap = lap + 1 - end - end - self.model.upd_authmethod(newauth) - end - - service.config, service.error = self.model.get_basic_config() - - return ( cfe ({ service = service }) ) +enabledigestlist = function( self ) + return self:redirect_to_referrer(self.model.enable_digest_userlist()) end expert = function( self ) return controllerfunctions.handle_form(self, self.model.get_configfile, self.model.update_configfile, self.clientdata, "Save", "Edit Config", "Configuration Set") end - -digest = function( self ) - - local service = { message="", status="", config="" } - - if self.clientdata.cmd then - if self.clientdata.cmd == "save" then - service.message = self.model.update_digest_userlist( self.clientdata.userlist ) - end - end - - service.config = self.model.get_digest_userlist() - - return ( cfe ({ service = service }) ) -end - +--[[ saccess = function( self ) local service = { message="", status="", config="" } @@ -130,5 +49,15 @@ saccess = function( self ) return ( cfe ({ service = service }) ) end +listacls = function( self ) + return self.model.read_acls() +end +editacl = function( self ) + return controllerfunctions.handle_form(self, function() return self.model.read_acl(self.clientdata.linenum) end, self.model.update_acl, self.clientdata, "Save", "Edit ACL", "ACL Saved") +end +deleteacl = function( self ) + return self:redirect_to_referrer(self.model.delete_acl(self.clientdata.linenum)) +end +--]] diff --git a/squid-dep-html.lsp b/squid-dep-html.lsp deleted file mode 100644 index 30d727e..0000000 --- a/squid-dep-html.lsp +++ /dev/null @@ -1,16 +0,0 @@ -<% -%> -<h1>Web Proxy Configuration</h1> -<h2>Dependancy Check - Failed!</h2> -<p> -squid-acf needs some tags inside the squid.conf file to be able to properly distinguish between -what it is supposed to touch and what not. -</p> -<p>These tags have not been found in your config file.</p> -<p> -If you press the button below a template config file will be created which holds all the tags. You can -then modify this config file as you like, just leave the tags where they are. -</p> -<form action="" method="POST"> -<dl><dt>Action</dt><dd><input class="submit" type="submit" name="cmd" value="create file"></dd></dl> -</form> diff --git a/squid-digest-html.lsp b/squid-digest-html.lsp index fb8aab6..c5049c9 100644 --- a/squid-digest-html.lsp +++ b/squid-digest-html.lsp @@ -1,21 +1,21 @@ -<% - local form = ... - local service = form.service - -%> -<h1>Web Proxy Configuration</h1> -<h2>General Information</h2> -<p> - This panel allows you to edit the list of usernames allowed to access the internet through the squid web proxy. - This list is active only for digest authentication. If you are using NTLM authentication, all domain users are - allowed to use the web proxy. -</p> -<h2>User List</h2> -<form action="" method="POST"> -<textarea name="userlist"><% io.write( service.config ) %></textarea> +<% local form, viewlibrary, page_info, session = ... %> +<% require("viewfunctions") %> + +<% displaycommandresults({"enabledigestlist"}, session) %> -<h3>Save Changes</h3> +<H1>Digest User List Status</H1> <DL> -<dt>Save the contents of the box above</dt><dd><input class="submit" type="submit" name="cmd" value="save"></dd> +<% + displayitem(form.value.status) + if form.value.status.errtxt then %> +<dt></dt><dd><form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/enabledigestlist" %>"> +<input class="submit" type="submit" value="Enable"></form></dd> +<% end +%> </DL> -</form> + +<% +local pattern = string.gsub(page_info.prefix..page_info.controller, "[%(%)%.%%%+%-%*%?%[%]%^%$]", "%%%1") +local func = haserl.loadfile(page_info.viewfile:gsub(pattern..".*$", "/") .. "filedetails-html.lsp") +func(form, viewlibrary, page_info, session) +%> diff --git a/squid-model.lua b/squid-model.lua index 101a279..9eeb11d 100644 --- a/squid-model.lua +++ b/squid-model.lua @@ -1,58 +1,37 @@ -- acf model for squid --- Copyright(c) 2007 A. Brodmann - Licensed under terms of GPL2 module (..., package.seeall) -- Load libraries require("modelfunctions") +require("validator") require("format") +require("parser") -- Set variables local squidconf = "/etc/squid/squid.conf" -local squidtempl = "/etc/squid/squid.conf.template" +local squiddigestusers = "/etc/squid/users.list" local processname = "squid" local packagename = "squid" ---- the tokenizer functions - must be dislocated into a library later -tokenizer = {} +local config, configcontent -tokenizer.new = function( str, delim ) - local token = {} - token.value = str; - token.delim = delim; - token.pos = 1 - return token -end - -tokenizer.pos = function( value, substr, pos ) - local retval = pos - local done = false - while not done and retval <= #value do - if string.sub( value, retval, retval ) == substr then - done = true - else - retval = retval + 1 +local validate_config = function(newconfig) + local success = true + success = modelfunctions.validatemulti(newconfig.value.authmethod) + for i,val in ipairs(newconfig.value.httpports.value) do + local before, after = string.match(val, "^([^:]+):([^:]+)$") + if not (before and after) then + after = val end + if not validator.is_port(after) then + newconfig.value.httpports.errtxt = "Invalid port" + success = false + break + end end - return retval -end - -tokenizer.next = function( token ) - if token.pos > #token.value then - return token, nil - end - - local strpos = tokenizer.pos( token.value, token.delim, token.pos ) - retval = string.sub(token.value, token.pos, strpos-1) - if retval == token.delim then - retval = "" - token.pos = token.pos + 1 - else - token.pos = strpos + 1 - end - - return token, retval + + return success, newconfig end ---- getstatus = function() return modelfunctions.getstatus(processname, packagename, "Squid status") @@ -62,101 +41,81 @@ startstop_service = function(action) return modelfunctions.startstop_service(processname, action) end -get_winbind_version = function() +get_configfile = function() + return modelfunctions.getfiledetails(squidconf) +end - local retval = "" - - local ptr = io.popen( "/usr/sbin/winbindd -V" ) - if ptr ~= nil then - retval = ptr:read( "*l" ) - ptr:close() - else - retval = "Error - can't retrieve winbindd version" - end - - return retval +update_configfile = function( filedetails ) + filedetails.value.filename.value = squidconf + return modelfunctions.setfiledetails(filedetails) end -get_status_winbindd = function() +read_digest_userlist = function() + local retval = modelfunctions.getfiledetails(squiddigestusers) + retval.value.filecontent.descr = "List of username:password entries" - local retval = "Disabled" + -- check to see if the file is being used + configcontent = configcontent or fs.read_file(squidconf) + config = config or parser.parseconfigfile(configcontent) - local ptr = io.popen( "/bin/pidof winbindd" ) - local pid = ptr:read( "*a" ) - ptr:close() - if pid ~= nil then - if #pid > 1 then - retval = "Enabled" + retval.value.status = cfe({ errtxt="Digest authentication not enabled", label="User list status" }) + for i,line in ipairs(config) do + if line[1] == "auth_param" and line[2] == "digest" and line[3] == "program" then + if line[5] == squiddigestusers then + retval.value.status.value = "User list in use" + retval.value.status.errtxt = nil + else + retval.value.status.errtxt = "Digest authentication not using this user list" + end end end return retval end -service_control_winbindd = function( control ) - - local retval = "" - - local ptr = io.popen( "/etc/init.d/winbindd " .. control, "r" ) - if ptr ~= nil then - local retmsg = ptr:read( "*a" ) - ptr:close() - if retmsg ~= nil then - retval = retmsg - else - retval = "service_control(): Failed to read output from initscript!\n" - end - else - retval = "service_control(): Failed to start/stop/restart service!\n" - end - - return retval +update_digest_userlist = function( userlistdetails ) + userlistdetails.value.filename.value = squiddigestusers + return modelfunctions.updatefiledetails(userlistdetails) end -get_winbindd_config = function() - - local error = "" - local config = { domain = { value="", type="text", label="domain" }, - dcnetbiosname = { value="", type="text", label="DC NetBIOS name" }, - dcipaddress = { value="", type="text", label="DC IP Address" }, - interface = { value="", type="text", label="interfaces" }, - loglevel = { value="", type="text", label="0" }, - account = { value="", type="text", label="account" }, - password = { value="", type="text", label="password" } - } - - local ptr = io.open( "/etc/samba/smb.conf" ) - if ptr ~= nil then - ptr:close() - else - +enable_digest_userlist = function() + configcontent = configcontent or fs.read_file(squidconf) + + local newline = "auth_param digest program /usr/sbin/digest_pw_auth "..squiddigestusers + local lastauth, authline + local lines = {} + -- first loop to comment out / uncomment existing lines + local linenum = 0 + for line in string.gmatch(configcontent, "([^\n]*)\n?") do + linenum = linenum + 1 + if not authline and not string.match(line, "^[%s#]*$") then + local first, second, third = string.match(line, "([^%s#]+)%s+(%S+)%s+(%S+)") + if first == "auth_param" then + lastauth = linenum + if second == "digest" and third == "program" then + authline = linenum + line = string.gsub(line, "^[%s#]+", "") + local fifth = string.match(line, "^%S+%s+%S+%s+%S+%s+%S+%s+(%S+)") + line = string.gsub(line, fifth, squiddigestusers) + end + end + end + lines[#lines+1] = line end - - return config -end - -get_configfile = function() - return modelfunctions.getfiledetails(squidconf) -end - -get_digest_userlist = function() - - local retval = "" - - local ptr = io.open( "/etc/squid/users.list" ) - if ptr ~= nil then - local retcfg = ptr:read( "*a" ) - ptr:close() - if retcfg == nil then - retval = "\n\n Error: Failed to read user/password list!\n\n" + if not authline then + if not lastauth then + lines[#lines+1] = newline else - retval = retcfg + table.insert(lines, lastauth+1, newline) end end - - return retval + fs.write_file(squidconf, string.gsub(table.concat(lines, "\n"), "\n+$", "")) + config = nil + configcontent = nil + return cfe({ value="Successfully enabled user list", label="Enable disgest user list result" }) end +--[[ get_saccess = function() local config = {} @@ -203,631 +162,223 @@ get_file_contents = function( name ) return retval end - -update_configfile = function( filedetails ) - filedetails.value.filename.value = squidconf - return modelfunctions.setfiledetails(filedetails) -end - -update_digest_userlist = function( config ) - - local retval = "Successfully updated user list!" - - local ptr = io.open( "/etc/squid/users.list", "wb+" ) - if ptr ~= nil then - ptr:write( format.dostounix( config ) ) - ptr:close() - else - retval = "Update Digest User List: Error, failed to open /etc/squid/users.list!\n" - end -end - -get_conf_tag = function( tag, gat ) - - local retval = "" - local error = "" - local found = false - local done = false - - local fptr = io.open( squidconf, "r" ) - if fptr == nil then - return "", "Failed to open squid config file!" - end - - while not found and not done do - local line = fptr:read( "*l" ) - if line == nil then - done = true - else - if string.sub( line, 1, 22 ) == tag then - found = true +--]] + +read_config = function() + local retval = { + httpports = { type="list", value={}, label="HTTP Ports", descr="List of port, IP:port, or hostname:port entries that Squid will listen on" }, + accesslog = { type="boolean", value=false, label="Log Access" }, + diskcache = { type="boolean", value=false, label="Disk Cache" }, + authmethod = { type="multi", value={}, label="Authentication Methods", option={"negotiate", "ntlm", "digest", "basic"} }, + } + + configcontent = configcontent or fs.read_file(squidconf) + config = config or parser.parseconfigfile(configcontent) + + if config then + for i,line in ipairs(config) do + if line[1] == "http_port" then + table.insert(retval.httpports.value, line[2]) + elseif line[1] == "access_log" then + retval.accesslog.value = (line[2] ~= "none") + elseif line[1] == "cache_dir" then + retval.diskcache.value = (line[2] ~= "null") + elseif line[1] == "auth_param" and line[3] == "program" then + table.insert(retval.authmethod.value, line[2]) end end end - - if done then - fptr:close() - return "", "TAG not found in squid config!" - end - - found = false - done = false - - while not found and not done do - local line = fptr:read( "*l" ) - if line == nil then - done = true - elseif string.sub( line, 1, 22 ) == gat then - found = true - else - retval = retval .. "\n" .. line - end - end - - if done then - fptr:close() - return "", "End TAG (GAT) not found in squid config! '" .. gat .. "'" - end - - fptr:close() - - return retval, error -end -get_basic_config = function() - - local error = "" - local config = { proxyip = { value="empty", type="text", label="Proxy IP" }, - proxyport = { value="", type="text", label="Proxy Port" }, - filterip = { value="", type="text", label="Filter IP" }, - filterport = { value="", type="text", label="Filter Port" }, - filterregex = { value="", type="text", label="FilterRegex" }, - safeports = { value="", type="text", label="Safe_ports" }, - sslports = { value="", type="text", label="SSL_ports" }, - accesslog = { value="", type="select", label="Access Logs", option={ "yes", "no" } }, - diskcache = { value="", type="select", label="Disk Cache Parameters", option={ "yes", "no" } }, - authmethod = { value="", type="text", label="Authentication Method" } - } - - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0001", "### ACF-SQUID-GAT-0001" ) - if #error > 0 then - return config, error - end + return cfe({ type="group", value=retval, label="Squid Config" }) +end - local cfg1tok = "" - local cfg2tok = "" - local cfg3tok = "" - - --- get proxyip, proxyport - cfg1tok = tokenizer.new( cfg1, "\n" ) - local done = false - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'http_port' statement!" - else - if string.sub( str1, 1, 10 ) == "http_port " then - local str2 = "" - local ipport = "" - local ip = "" - local port = "" - cfg2tok = tokenizer.new( str1, " " ) - cfg2tok, ipport = tokenizer.next( cfg2tok ) - cfg2tok, ipport = tokenizer.next( cfg2tok ) - if ipport == nil then - return config, "Corrupt squid.conf! Missing parameter #1 for 'http_port' statement!" - end - cfg3tok = tokenizer.new( ipport, ":" ) - cfg3tok, ip = tokenizer.next( cfg3tok ) - cfg3tok, port = tokenizer.next( cfg3tok ) - if port == nil then - port = ip - ip = "" - end - - config.proxyip.value = ip - config.proxyport.value = port - done = true - end - end - end - cfg1tok = nil - cfg2tok = nil - cfg3tok = nil - - --- get filterip, filterport - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0007", "### ACF-SQUID-GAT-0007" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - done = false - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'cache_peer' statement!" - else - if string.sub( str1, 1, 11 ) == "cache_peer " then - local str2 = "" - local tmp = "" - local ip = "" - local port = "" - cfg2tok = tokenizer.new( str1, " " ) - cfg2tok, tmp = tokenizer.next( cfg2tok ) - cfg2tok, ip = tokenizer.next( cfg2tok ) - cfg2tok, tmp = tokenizer.next( cfg2tok ) - cfg2tok, port = tokenizer.next( cfg2tok ) - if ip == nil or port == nil then - return config, "Corrupt squid.conf! Missing parameters #2 and/or #4 for 'cache_peer' statement!" +update_config = function(newconfig) + local success, newconfig = validate_config(newconfig) + if success then + configcontent = configcontent or fs.read_file(squidconf) + + local lastport, lastlog, lastcache, lastauth + local didports = {} + local didlog, didcache + local didauths = {} + local reverseports = {} for i,port in ipairs(newconfig.value.httpports.value) do reverseports[port] = i end + local reverseauths = {} for i,auth in ipairs(newconfig.value.authmethod.value) do reverseauths[auth] = i end + + local lines = {} + -- first loop to comment out / uncomment existing lines + local linenum = 0 + for line in string.gmatch(configcontent, "([^\n]*)\n?") do + linenum = linenum + 1 + if not string.match(line, "^[%s#]*$") then + local first, second = string.match(line, "([^%s#]+)%s+(%S+)") + if first == "http_port" then + lastport = linenum + line = string.gsub(line, "^[%s#]+", "") + if not reverseports[second] then + line = "# "..line + else + didports[second] = true + end + elseif first == "access_log" then + lastlog = linenum + line = string.gsub(line, "^[%s#]+", "") + if (newconfig.value.accesslog.value and second == "none") + or (not newconfig.value.accesslog.value and second ~= "none") then + line = "# "..line + else + didlog = true + end + elseif first == "cache_dir" then + lastcache = linenum + line = string.gsub(line, "^[%s#]+", "") + if (newconfig.value.diskcache.value and second == "null") + or (not newconfig.value.diskcache.value and second ~= "null") then + line = "# "..line + else + didcache = true + end + elseif first == "auth_param" and string.match(line, "[^%s#]+%s+%S+%s+(%S+)") == "program" then + lastauth = linenum + line = string.gsub(line, "^[%s#]+", "") + if not reverseauths[second] then + line = "# "..line + else + didauths[second] = true + end end - config.filterip.value = ip - config.filterport.value = port - done = true end + lines[#lines+1] = line end - end - cfg1tok = nil - cfg2tok = nil - cfg3tok = nil - - --- get diskcache - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0002", "### ACF-SQUID-GAT-0002" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - done = false - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'cache_dir' statement!" - else - if string.sub( str1, 1, 15 ) == "cache_dir diskd" then - config.diskcache.value = "yes" - done = true - elseif string.sub( str1, 1, 14 ) == "cache_dir null" then - config.diskcache.value = "no" - done = true - end - - end - end - cfg1tok = nil - - --- get cache_access log - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0003", "### ACF-SQUID-GAT-0003" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - done = false - local str1 = "" - while str1 ~= nil do - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 ~= nil then - if string.sub( str1, 1, 16 ) == "cache_access_log" then - config.accesslog.value = "yes" - elseif string.sub( str1, 1, 17 ) == "#cache_access_log" or - string.sub( str1, 1, 18 ) == "# cache_access_log" then - config.accesslog.value = "no" - end - end - end - if config.accesslog.value == "" then - return nil, "Corrupt squid.conf! Missing 'cache_access_log' statement!" - end - cfg1tok = nil - - --- authentication method - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0004", "### ACF-SQUID-GAT-0004" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - local done = false - local auth = "" - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - done = true - else - if string.sub( str1, 1, 18 ) == "auth_param digest " then - if string.match( auth, "D" ) == nil then - auth = auth .. "D" - end - elseif string.sub( str1, 1, 16 ) == "auth_param ntlm " then - if string.match( auth, "N" ) == nil then - auth = auth .. "N" - end - elseif string.sub( str1, 1, 17 ) == "auth_param basic " then - if string.match( auth, "B" ) == nil then - auth = auth .. "B" + + -- We've gone through the file, now check to see if everything is done + local tobedone = {} + local line + for i,port in ipairs(newconfig.value.httpports.value) do + if not didports[port] then + line = "http_port "..port + if lastport then + table.insert(tobedone, {linenum=lastport+1, line=line}) + else + table.insert(lines, line) end end end - end - config.authmethod.value = auth - cfg1tok = nil - - --- get filterregex - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0005", "### ACF-SQUID-GAT-0005" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - done = false - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'acl ContentFilter urlpath_regex -i' statement!" - else - if string.sub( str1, 1, 35 ) == "acl ContentFilter urlpath_regex -i " then - config.filterregex.value = string.sub( str1, 36 ) - done = true - end - end - end - cfg1tok = nil - cfg2tok = nil - cfg3tok = nil - - --- get SSL_ports, Safe_ports - local done1 = false - local done2 = false - cfg1tok = tokenizer.new( cfg1, "\n" ) - while not done1 or not done2 do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'acl SSL_ports/Safe_ports' statement!" - else - if string.sub( str1, 1, 19 ) == "acl SSL_ports port " then - config.sslports.value = string.sub( str1, 20 ) - done1 = true - elseif string.sub( str1, 1, 20 ) == "acl Safe_ports port " then - config.safeports.value = string.sub( str1, 21 ) - done2 = true + if not didlog then + if newconfig.value.accesslog.value then + line = "access_log /var/log/squid/access.log" + else + line = "access_log none" end - end - end - cfg1tok = nil - - return config, error -end - -config_preblock_copy = function( fromfile, tofile, tag ) - - local done = false - local line = "" - while not done do - line = fromfile:read( "*l" ) - tofile:write( line .. "\n" ) - if string.sub( line, 1, #tag ) == tag then - done = true - end - end -end - -config_postblock_copy = function( fromfile, tofile ) - - local done = false - local line = "" - while not done do - line = fromfile:read( "*l" ) - if line ~= nil then - tofile:write( line .. "\n" ) - else - done = true - end - end -end - -update_basic_config = function( config ) - - local error = "" - - --- put proxyip, proxyport - local tmpfilename = os.tmpname() - local tmpfile = io.open( tmpfilename, "w+" ) - local cfgfile = io.open( squidconf, "r" ) - local done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0001" ) - - local don2 = false - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 22 ) == "### ACF-SQUID-GAT-0001" then - done = true - end - if don2 then - tmpfile:write( line .. "\n" ) - else - if string.sub( line, 1, 10 ) == "http_port " then - don2 = true - tmpfile:write( "http_port " .. config.proxyip.value .. ":" .. config.proxyport.value .. "\n" ) + if lastlog then + table.insert(tobedone, {linenum=lastlog+1, line=line}) else - tmpfile:write( line .. "\n" ) + table.insert(lines, line) end end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - --- put filterip, filterport - tmpfilename = os.tmpname() - tmpfile = io.open( tmpfilename, "w+" ) - cfgfile = io.open( squidconf, "r" ) - done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0007" ) - - local don2 = false - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 22 ) == "### ACF-SQUID-GAT-0007" then - done = true - end - if don2 then - tmpfile:write( line .. "\n" ) - else - if string.sub( line, 1, 11 ) == "cache_peer " then - don2 = true - local lap = 1 - local cfg2tok = tokenizer.new( line, " " ) - local tmpval = "" - local newstr = "" - local tmparr = {} - cfg2tok, tmpval = tokenizer.next( cfg2tok ) - while tmpval ~= nil do - tmparr[lap] = tmpval - if lap == 2 then - newstr = newstr .. config.filterip.value .. " " - elseif lap == 4 then - newstr = newstr .. config.filterport.value .. " " - else - newstr = newstr .. tmpval .. " " - end - lap = lap + 1 - cfg2tok, tmpval = tokenizer.next( cfg2tok ) - end - - tmpfile:write( newstr .. "\n" ) + if not didcache then + if newconfig.value.diskcache.value then + line = "cache_dir diskd /var/cache/squid 400 16 256" else - tmpfile:write( line .. "\n" ) + line = "cache_dir null" end - end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - --- disk cache parameters - tmpfilename = os.tmpname() - tmpfile = io.open( tmpfilename, "w+" ) - cfgfile = io.open( squidconf, "r" ) - done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0002" ) - - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 7 ) == "### ACF" then - done = true - tmpfile:write( line .. "\n" ) - else - if config.diskcache.value == "yes" then - if string.sub( line, 1, 16 ) == "#cache_dir diskd" then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - elseif string.sub( line, 1, 14 ) == "cache_dir null" then - tmpfile:write( "#" .. line .. "\n" ) - else - tmpfile:write( line .. "\n" ) - end + if lastcache then + table.insert(tobedone, {linenum=lastcache+1, line=line}) else - if string.sub( line, 1, 15 ) == "cache_dir diskd" then - tmpfile:write( "#" .. line .. "\n" ) - elseif string.sub( line, 1, 15 ) == "#cache_dir null" then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - else - tmpfile:write( line .. "\n" ) - end + table.insert(lines, line) end end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - --- cache access log parameters - tmpfilename = os.tmpname() - tmpfile = io.open( tmpfilename, "w+" ) - cfgfile = io.open( squidconf, "r" ) - done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0003" ) - - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 7 ) == "### ACF" then - done = true - tmpfile:write( line .. "\n" ) - else - if config.accesslog.value == "yes" then - if string.sub( line, 1, 17 ) == "#cache_access_log" then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - elseif string.sub( line, 1, 18 ) == "# cache_access_log" then - tmpfile:write( string.sub( line, 3 ) .. "\n" ) - else - tmpfile:write( line .. "\n" ) + for i,auth in ipairs(newconfig.value.authmethod.value) do + if not didauths[auth] then + line = "auth_param "..auth.." program " + -- These entries have not been tested and probably don't work + if auth == "basic" then line = line .. "/usr/libexec/ncsa_auth /usr/etc/passwd" + elseif auth == "digest" then line = line .. "/usr/sbin/digest_pw_auth /etc/squid/users.list" + elseif auth == "ntlm" then line = line .. "/usr/sbin/wb_ntlmauth" + elseif auth == "negotiate" then line = line .. "/usr/sbin/ntlm_auth --helper-protocol=gss-spnego" end - else - if string.sub( line, 1, 16 ) == "cache_access_log" then - tmpfile:write( "#" .. line .. "\n" ) + if lastauth then + table.insert(tobedone, {linenum=lastauth+1, line=line}) else - tmpfile:write( line .. "\n" ) + table.insert(lines, line) end end - end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - --- cache access log parameters - tmpfilename = os.tmpname() - tmpfile = io.open( tmpfilename, "w+" ) - cfgfile = io.open( squidconf, "r" ) - done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0005" ) - - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 7 ) == "### ACF" then - done = true - tmpfile:write( line .. "\n" ) - else - if string.sub( line, 1, 18 ) == "acl SSL_ports port" then - tmpfile:write( "acl SSL_ports port " .. config.sslports.value .. "\n" ) - elseif string.sub( line, 1, 19 ) == "acl Safe_ports port" then - tmpfile:write( "acl Safe_ports port " .. config.safeports.value .. "\n" ) - elseif string.sub( line, 1, 34 ) == "acl ContentFilter urlpath_regex -i" then - tmpfile:write( "acl ContentFilter urlpath_regex -i " .. config.filterregex.value .. "\n" ) - else - tmpfile:write( line .. "\n" ) + if #tobedone > 0 then + table.sort(tobedone, function(a,b) return (a.linenum > b.linenum) end) + for i,entry in ipairs(tobedone) do + table.insert(lines, entry.linenum, entry.line) end end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - return error -end -upd_authmethod = function( method ) + -- finally, write the file + fs.write_file(squidconf, string.gsub(table.concat(lines, "\n"), "\n+$", "")) + config = nil + configcontent = nil + else + newconfig.errtxt = "Failed to set config" + end - local tmpfilename = os.tmpname() - local tmpfile = io.open( tmpfilename, "w+" ) - local cfgfile = io.open( squidconf, "r" ) - local error = "" - local line = "" - local done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0004" ) - - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 7 ) == "### ACF" then - done = true - tmpfile:write( line .. "\n" ) - else - if string.sub( line, 1, 17 ) == "auth_param digest" then - if string.find( method, "D" ) ~= nil then - tmpfile:write( line .. "\n" ) - else - tmpfile:write( "#" .. line .. "\n" ) - end - elseif string.sub( line, 1, 18 ) == "#auth_param digest" then - if string.find( method, "D" ) ~= nil then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - else - tmpfile:write( line .. "\n" ) - end - elseif string.sub( line, 1, 15 ) == "auth_param ntlm" then - if string.find( method, "N" ) ~= nil then - tmpfile:write( line .. "\n" ) - else - tmpfile:write( "#" .. line .. "\n" ) - end - elseif string.sub( line, 1, 16 ) == "#auth_param ntlm" then - if string.find( method, "N" ) ~= nil then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - else - tmpfile:write( line .. "\n" ) - end - else - tmpfile:write( line .. "\n" ) - end + return newconfig +end +--[[ +read_acls = function() + local acls = cfe({ type="structure", value={}, label="Squid Access Lists" }) + configcontent = configcontent or fs.read_file(squidconf) + config = config or parser.parseconfigfile(configcontent) + for i,line in ipairs(config) do + if line[1] == "acl" then + table.insert(acls.value, {line=line.line, linenum=line.linenum}) end end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - return error + return acls end -dependancy_ok = function() - - local retval = false - local cfgfile = io.open( squidconf ) - local line = "" - - if cfgfile ~= nil then - line = cfgfile:read( "*l" ) - if line ~= nil then - if string.sub( line, 1, 19 ) == "### ACF-SQUID-MAGIC" then - retval = true - end - end - end - - return retval +read_acl = function(linenum) + local line = cfe({ label="Squid Access List" }) + local linecfe = cfe({ value=linenum, label="Line number" }) + configcontent = configcontent or fs.read_file(squidconf) + line.value = parser.getline(configcontent, linenum) or "" + return cfe({ type="group", value={line=line, linenum=linecfe}, label="Squid Access List" }) end -create_cfg_from_template = function() +update_acl = function(acl) +-- local success, acl = validate_acl(acl) + configcontent = configcontent or fs.read_file(squidconf) + configcontent = parser.replaceline(configcontent, acl.value.linenum.value, acl.value.line.value) + fs.write_file(squidconf, string.gsub(configcontent, "\n+$", "")) + config = nil + configcontent = nil + return acl +end - local from = io.open( squidtempl ) - local to = io.open( squidconf, "wb+" ) - local line = "" - - while line ~= nil do - line = from:read( "*l" ) - if line ~= nil then - to:write( line .. "\n" ) +create_acl = function(acl) +-- local success, acl = validate_acl(acl) + configcontent = configcontent or fs.read_file(squidconf) + config = config or parser.parseconfigfile(configcontent) + local linenum = -1 + for i=#config,1,-1 do + if config[i][1] == "acl" then + linenum = config[i].linenum + configcontent = parser.insertline(configcontent, linenum, acl.value.line.value) + break end end - - from:close() - to:close() - - return + if linenum == -1 then + configcontent = string.gsub(configcontent, "\n?$", "\n") .. acl.value.line.value + end + fs.write_file(squidconf, string.gsub(configcontent, "\n+$", "")) + config = nil + configcontent = nil + return acl end +delete_acl = function(linenum) + configcontent = configcontent or fs.read_file(squidconf) + configcontent = parser.replaceline(configcontent, linenum) + fs.write_file(squidconf, string.gsub(configcontent, "\n+$", "")) + config = nil + configcontent = nil + return acl +end +--]] diff --git a/squid.conf.template b/squid.conf.template deleted file mode 100644 index 1b55448..0000000 --- a/squid.conf.template +++ /dev/null @@ -1,111 +0,0 @@ -### ACF-SQUID-MAGIC ### DO NOT REMOVE THIS LINE - -cache_effective_user squid -cache_effective_group squid - -### ACF-SQUID-TAG-0001 ### DO NOT REMOVE THIS LINE -http_port 192.168.1.1:8080 -http_port 127.0.0.1:3128 -visible_hostname services -cache_mem 8 MB -### ACF-SQUID-GAT-0001 ### DO NOT REMOVE THIS LINE - -hierarchy_stoplist cgi-bin \? - -### ACF-SQUID-TAG-0002 ### DO NOT REMOVE THIS LINE -# Examples: -# :cache_dir diskd /var/cache/squid 900 16 256 -# :cache_dir null -cache_dir diskd /var/cache/squid 900 16 256 -#cache_dir null -### ACF-SQUID-GAT-0002 ### DO NOT REMOVE THIS LINE - -### ACF-SQUID-TAG-0003 ### DO NOT REMOVE THIS LINE -cache_access_log /var/log/squid/cache_access.log -cache_log /var/log/squid/cache.log -cache_store_log none -### ACF-SQUID-GAT-0003 ### DO NOT REMOVE THIS LINE - -pid_filename /var/run/squid.pid - -debug_options 29,9 -debug_options 28,9 -debug_options 84,9 - -# Web auditors want to see the full uri, even with the query terms -strip_query_terms off - -### ACF-SQUID-TAG-0004 ### DO NOT REMOVE THIS LINE -auth_param digest program /usr/libexec/squid/digest_pw_auth /etc/squid/users.list -auth_param digest children 5 -auth_param digest realm Squid proxy-caching web server -auth_param digest nonce_garbage_interval 5 minutes -auth_param digest nonce_max_duration 30 minutes -auth_param digest nonce_max_count 50 -#auth_param ntlm program /usr/libexec/squid/wb_ntlmauth -#auth_param ntlm children 30 -#auth_param ntlm max_challenge_reuses 3 -#auth_param ntlm max_challenge_lifetime 2 minutes -### ACF-SQUID-GAT-0004 ### DO NOT REMOVE THIS LINE - -authenticate_cache_garbage_interval 1 hour -authenticate_ttl 1 hour - -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern . 0 20% 4320 - -### ACF-SQUID-TAG-0008 ### DO NOT REMOVE THIS LINE -acl QUERY urlpath_regex cgi-bin \? -acl all src 0.0.0.0/0.0.0.0 -acl manager proto cache_object -acl localhost src 127.0.0.1/255.255.255.255 -acl to_localhost dst 127.0.0.0/8 -# Special access acls -acl AnonBrowsers browser "/etc/squid/anonbrowserlist" -acl AnonIPAddrs src "/etc/squid/anoniplist" -acl AnonDomain url_regex "/etc/squid/anondomainlist" -acl CONNECT method CONNECT -### ACF-SQUID-GAT-0008 ### DO NOT REMOVE THIS LINE - -### ACF-SQUID-TAG-0005 ### DO NOT REMOVE THIS LINE -acl SSL_ports port 443 563 8004 9000 -acl Safe_ports port 21 70 80 81 210 280 443 563 499 591 777 1025-65535 -acl ContentFilter urlpath_regex -i \.html$ \.htm$ \.php$ \.asp$ \.jsp$ \? ^http:\/\/[^\/]*\.[a-z]*$ /$ -### ACF-SQUID-GAT-0005 ### DO NOT REMOVE THIS LINE - -### ACF-SQUID-TAG-0006 ### DO NOT REMOVE THIS LINE -acl userlist proxy_auth REQUIRED -### ACF-SQUID-GAT-0006 ### DO NOT REMOVE THIS LINE - -# This is for the "second pass" squid -no_cache deny localhost -always_direct allow CONNECT -http_access allow localhost - -# These force us to use an upstream proxy - like DansGuardian -# except if its not an html looking uri - like, say isos, mp3s, etc. -# DG chews up *way* too many resources for large downloads -### ACF-SQUID-TAG-0007 ### DO NOT REMOVE THIS LINE -never_direct allow !localhost -always_direct allow !ContentFilter -cache_peer 127.0.0.1 parent 8081 0 no-query no-digest no-netdb-exchange login=*: default -### ACF-SQUID-GAT-0007 ### DO NOT REMOVE THIS LINE - -### ACF-SQUID-TAG-0009 ### DO NOT REMOVE THIS LINE -http_access allow manager localhost -http_access deny manager -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports -http_access allow AnonIPAddrs -http_access allow AnonDomain -http_access allow AnonBrowsers -http_access allow userlist -http_access deny all -### ACF-SQUID-GAT-0009 ### DO NOT REMOVE THIS LINE - -http_reply_access allow all -icp_access allow all - -no_cache deny QUERY - @@ -1,8 +1,6 @@ # Prefix and controller are already known at this point # Cat Group Tab Action Applications 10Web_Proxy Status status -Applications 10Web_Proxy Basic basic -Applications 10Web_Proxy Authentication authentication -Applications 10Web_Proxy Auth_Digest digest -Applications 10Web_Proxy Special_Access saccess +Applications 10Web_Proxy Config config +Applications 10Web_Proxy Digest_Authentication digest Applications 10Web_Proxy Expert expert diff --git a/squid.roles b/squid.roles index 61843c9..fb09dbd 100644 --- a/squid.roles +++ b/squid.roles @@ -1,2 +1,2 @@ READ=squid:status -UPDATE=squid:basic,squid:dep,squid:authentication,squid:expert,squid:digest,squid:saccess,squid:startstop +UPDATE=squid:expert,squid:digest,squid:enabledigestlist,squid:startstop,squid:config |