Merge pull request #1125 from fabiomello/master

Filter URL Only at HTTPS Filter
2026-03-15 09:04:39 +00:00 · 2016-08-19 10:34:29 +02:00 · 2016-08-19 10:34:29 +02:00 · 263c2f4a5a
commit 263c2f4a5a
parent 686f6a9226 2c1604b031
3 changed files with 20 additions and 1 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@ -231,6 +231,14 @@
                  <a href="/firewall_nat_edit.php?template=transparent_proxy&https=1"> Add a new firewall rule </a>
                  ]]></help>
            </field>
+            <field>
+                <id>proxy.forward.sslurlonly</id>
+                <label>SSL URL Only</label>
+                <type>checkbox</type>
+                <help><![CDATA[
+			Dont filter content, only url
+                  ]]></help>
+            </field>
            <field>
                <id>proxy.forward.sslbumpport</id>
                <label>SSL Proxy port</label>
--- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@ -189,6 +189,10 @@
                <default>0</default>
                <Required>Y</Required>
            </sslbump>
+            <sslurlonly type="BooleanField">
+            	<default>0</default>
+            	<Required>Y</Required>
+            </sslurlonly>
            <sslcertificate type="CertificateField">
                <Required>N</Required>
                <Type>ca</Type>
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@ -40,17 +40,24 @@ http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
 # setup ssl re-cert
 sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/ssl_crtd -M {{ OPNsense.proxy.forward.ssl_crtd_storage_max_size|default('4') }}MB
 sslcrtd_children {{ OPNsense.proxy.forward.sslcrtd_children|default('5') }}
+
 # setup ssl bump acl's
 acl bump_step1 at_step SslBump1
 acl bump_step2 at_step SslBump2
 acl bump_step3 at_step SslBump3
 acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"

-# configure bump
 ssl_bump peek bump_step1 all
+{% if helpers.exists('OPNsense.proxy.forward.sslurlonly') and OPNsense.proxy.forward.sslurlonly == '1' %}
+ssl_bump splice all
+ssl_bump peek bump_step2 all
+ssl_bump splice bump_step3 all
+
+{% else %}
 ssl_bump splice bump_nobumpsites
 ssl_bump peek bump_step2 bump_nobumpsites
 ssl_bump splice bump_step3 bump_nobumpsites
+{% endif %}
 ssl_bump bump

 sslproxy_cert_error deny all