From f56f7e86a715aac338e41a055692f7db4fa77c52 Mon Sep 17 00:00:00 2001
From: Fabio Miguel Mello <ilusi0n.x@gmail.com>
Date: Mon, 8 Aug 2016 08:22:45 -0300
Subject: [PATCH] URL Filter Only at HTTPS Proxy

---
 .../mvc/app/controllers/OPNsense/Proxy/forms/main.xml    | 8 ++++++++
 src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml     | 4 ++++
 src/opnsense/service/templates/OPNsense/Proxy/squid.conf | 9 ++++++++-
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
index 480b2527f..3b4e407ce 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@@ -231,6 +231,14 @@
                   <a href="/firewall_nat_edit.php?template=transparant_proxy&https=1"> Add a new firewall rule </a>
                   ]]></help>
             </field>
+            <field>
+                <id>proxy.forward.sslurlonly</id>
+                <label>SSL URL Only</label>
+                <type>checkbox</type>
+                <help><![CDATA[
+			Dont filter content, only url
+                  ]]></help>
+            </field>
             <field>
                 <id>proxy.forward.sslbumpport</id>
                 <label>SSL Proxy port</label>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
index b91dff780..de9356fb8 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@@ -188,6 +188,10 @@
                 <default>0</default>
                 <Required>Y</Required>
             </sslbump>
+            <sslurlonly type="BooleanField">
+            	<default>0</default>
+            	<Required>Y</Required>
+            </sslurlonly>
             <sslcertificate type="CertificateField">
                 <Required>N</Required>
                 <Type>ca</Type>
diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
index 5e5c2095d..15b3198ae 100644
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -40,17 +40,24 @@ http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
 # setup ssl re-cert
 sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/ssl_crtd -M {{ OPNsense.proxy.forward.ssl_crtd_storage_max_size|default('4') }}MB
 sslcrtd_children {{ OPNsense.proxy.forward.sslcrtd_children|default('5') }}
+
 # setup ssl bump acl's
 acl bump_step1 at_step SslBump1
 acl bump_step2 at_step SslBump2
 acl bump_step3 at_step SslBump3
 acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"
 
-# configure bump
 ssl_bump peek bump_step1 all
+{% if helpers.exists('OPNsense.proxy.forward.sslurlonly') and OPNsense.proxy.forward.sslurlonly == '1' %}
+ssl_bump splice all
+ssl_bump peek bump_step2 all
+ssl_bump splice bump_step3 all
+
+{% else %}
 ssl_bump splice bump_nobumpsites
 ssl_bump peek bump_step2 bump_nobumpsites
 ssl_bump splice bump_step3 bump_nobumpsites
+{% endif %}
 ssl_bump bump
 
 sslproxy_cert_error deny all