diff --git a/Makefile b/Makefile index 202ae9389..e61cd3e9b 100644 --- a/Makefile +++ b/Makefile @@ -185,8 +185,6 @@ CORE_DEPENDS?= ca_root_nss \ radvd \ rrdtool \ samplicator \ - squid \ - squid-langpack \ strongswan \ sudo \ syslog-ng \ diff --git a/plist b/plist index e39c0db29..b4c8cff17 100644 --- a/plist +++ b/plist @@ -39,7 +39,6 @@ /usr/local/etc/inc/plugins.inc.d/openvpn/tunnel_endpoint.php /usr/local/etc/inc/plugins.inc.d/openvpn/wizard.inc /usr/local/etc/inc/plugins.inc.d/pf.inc -/usr/local/etc/inc/plugins.inc.d/squid.inc /usr/local/etc/inc/plugins.inc.d/suricata.inc /usr/local/etc/inc/plugins.inc.d/unbound.inc /usr/local/etc/inc/plugins.inc.d/vxlan.inc @@ -207,50 +206,6 @@ /usr/local/opnsense/contrib/tzdata/iso3166.tab /usr/local/opnsense/contrib/tzdata/zone.tab /usr/local/opnsense/data/firmware/upgrade.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_ACCESS_DENIED.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_ACL_TIME_QUOTA_EXCEEDED.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_AGENT_CONFIGURE.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_AGENT_WPAD.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_CACHE_ACCESS_DENIED.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_CACHE_MGR_ACCESS_DENIED.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_CANNOT_FORWARD.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_CONFLICT_HOST.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_CONNECT_FAIL.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_DIR_LISTING.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_DNS_FAIL.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_ESI.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_FORWARDING_DENIED.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_FTP_DISABLED.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_FTP_FAILURE.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_FTP_FORBIDDEN.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_FTP_NOT_FOUND.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_CREATED.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_ERROR.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_MODIFIED.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_FTP_UNAVAILABLE.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_GATEWAY_FAILURE.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_ICAP_FAILURE.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_INVALID_REQ.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_INVALID_RESP.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_INVALID_URL.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_LIFETIME_EXP.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_NO_RELAY.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_ONLY_IF_CACHED_MISS.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_PRECONDITION_FAILED.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_PROTOCOL_UNKNOWN.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_READ_ERROR.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_READ_TIMEOUT.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_SECURE_CONNECT_FAIL.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_SHUTTING_DOWN.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_SOCKET_FAILURE.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_TOO_BIG.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_UNSUP_HTTPVERSION.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_UNSUP_REQ.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_URN_RESOLVE.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_WRITE_ERROR.html -/usr/local/opnsense/data/proxy/template_error_pages/ERR_ZERO_SIZE_OBJECT.html -/usr/local/opnsense/data/proxy/template_error_pages/error-details.txt -/usr/local/opnsense/data/proxy/template_error_pages/errorpage.css /usr/local/opnsense/mvc/app/cache/README /usr/local/opnsense/mvc/app/config/config.php /usr/local/opnsense/mvc/app/config/loader.php @@ -435,15 +390,6 @@ /usr/local/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml /usr/local/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogStaticKey.xml /usr/local/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml -/usr/local/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php -/usr/local/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/SettingsController.php -/usr/local/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/TemplateController.php -/usr/local/opnsense/mvc/app/controllers/OPNsense/Proxy/IndexController.php -/usr/local/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditBlacklist.xml -/usr/local/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACMatch.xml -/usr/local/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACProxy.xml -/usr/local/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACRule.xml -/usr/local/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml /usr/local/opnsense/mvc/app/controllers/OPNsense/Routes/Api/GatewayController.php /usr/local/opnsense/mvc/app/controllers/OPNsense/Routes/Api/RoutesController.php /usr/local/opnsense/mvc/app/controllers/OPNsense/Routes/IndexController.php @@ -506,7 +452,6 @@ /usr/local/opnsense/mvc/app/library/OPNsense/Auth/LocalTOTP.php /usr/local/opnsense/mvc/app/library/OPNsense/Auth/Radius.php /usr/local/opnsense/mvc/app/library/OPNsense/Auth/Services/IPsec.php -/usr/local/opnsense/mvc/app/library/OPNsense/Auth/Services/Squid.php /usr/local/opnsense/mvc/app/library/OPNsense/Auth/Services/System.php /usr/local/opnsense/mvc/app/library/OPNsense/Auth/Services/WebGui.php /usr/local/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php @@ -741,11 +686,6 @@ /usr/local/opnsense/mvc/app/models/OPNsense/OpenVPN/Migrations/M1_0_0.php /usr/local/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php /usr/local/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml -/usr/local/opnsense/mvc/app/models/OPNsense/Proxy/ACL/ACL.xml -/usr/local/opnsense/mvc/app/models/OPNsense/Proxy/Menu/Menu.xml -/usr/local/opnsense/mvc/app/models/OPNsense/Proxy/Migrations/M1_0_0.php -/usr/local/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.php -/usr/local/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml /usr/local/opnsense/mvc/app/models/OPNsense/Routes/Route.php /usr/local/opnsense/mvc/app/models/OPNsense/Routes/Route.xml /usr/local/opnsense/mvc/app/models/OPNsense/Routing/FieldTypes/GatewayField.php @@ -848,7 +788,6 @@ /usr/local/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt /usr/local/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt /usr/local/opnsense/mvc/app/views/OPNsense/OpenVPN/status.volt -/usr/local/opnsense/mvc/app/views/OPNsense/Proxy/index.volt /usr/local/opnsense/mvc/app/views/OPNsense/Routes/index.volt /usr/local/opnsense/mvc/app/views/OPNsense/Routing/configuration.volt /usr/local/opnsense/mvc/app/views/OPNsense/Syslog/index.volt @@ -1089,12 +1028,6 @@ /usr/local/opnsense/scripts/openvpn/ovpn_status.py /usr/local/opnsense/scripts/openvpn/tls_verify.php /usr/local/opnsense/scripts/openvpn/user_pass_verify.php -/usr/local/opnsense/scripts/proxy/deploy_error_pages.py -/usr/local/opnsense/scripts/proxy/download_error_pages.py -/usr/local/opnsense/scripts/proxy/fetchACLs.py -/usr/local/opnsense/scripts/proxy/generate_cert.php -/usr/local/opnsense/scripts/proxy/lib/__init__.py -/usr/local/opnsense/scripts/proxy/setup.sh /usr/local/opnsense/scripts/routes/del_route.py /usr/local/opnsense/scripts/routes/gateway_status.php /usr/local/opnsense/scripts/routes/gateway_watcher.php @@ -1136,7 +1069,6 @@ /usr/local/opnsense/scripts/syslog/lockout_handler /usr/local/opnsense/scripts/syslog/log_archive /usr/local/opnsense/scripts/syslog/logformats/__init__.py -/usr/local/opnsense/scripts/syslog/logformats/squid.py /usr/local/opnsense/scripts/syslog/logformats/syslog.py /usr/local/opnsense/scripts/syslog/queryLog.py /usr/local/opnsense/scripts/system/activity.py @@ -1180,7 +1112,6 @@ /usr/local/opnsense/service/conf/actions.d/actions_netflow.conf /usr/local/opnsense/service/conf/actions.d/actions_openssh.conf /usr/local/opnsense/service/conf/actions.d/actions_openvpn.conf -/usr/local/opnsense/service/conf/actions.d/actions_proxy.conf /usr/local/opnsense/service/conf/actions.d/actions_syslog.conf /usr/local/opnsense/service/conf/actions.d/actions_system.conf /usr/local/opnsense/service/conf/actions.d/actions_template.conf @@ -1259,24 +1190,6 @@ /usr/local/opnsense/service/templates/OPNsense/Netflow/flowd_aggregate.rc.conf.d /usr/local/opnsense/service/templates/OPNsense/Netflow/netflow.conf /usr/local/opnsense/service/templates/OPNsense/Netflow/rc.conf.d -/usr/local/opnsense/service/templates/OPNsense/Proxy/+TARGETS -/usr/local/opnsense/service/templates/OPNsense/Proxy/auth.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/ca.pem.id -/usr/local/opnsense/service/templates/OPNsense/Proxy/cache.active -/usr/local/opnsense/service/templates/OPNsense/Proxy/error_directory_in -/usr/local/opnsense/service/templates/OPNsense/Proxy/externalACLs.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/newsyslog.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/nobumpsites.acl -/usr/local/opnsense/service/templates/OPNsense/Proxy/parentproxy.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/post-auth.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/pre-auth.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/rc.conf.d -/usr/local/opnsense/service/templates/OPNsense/Proxy/snmp.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/squid.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/squid.pam -/usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.local_auth.conf -/usr/local/opnsense/service/templates/OPNsense/Proxy/wpad.dat /usr/local/opnsense/service/templates/OPNsense/Sample/+TARGETS /usr/local/opnsense/service/templates/OPNsense/Sample/example_config.txt /usr/local/opnsense/service/templates/OPNsense/Sample/example_parent.txt @@ -1305,7 +1218,6 @@ /usr/local/opnsense/service/templates/OPNsense/Syslog/local/ppps.conf /usr/local/opnsense/service/templates/OPNsense/Syslog/local/resolver.conf /usr/local/opnsense/service/templates/OPNsense/Syslog/local/routing.conf -/usr/local/opnsense/service/templates/OPNsense/Syslog/local/squid_access.conf /usr/local/opnsense/service/templates/OPNsense/Syslog/local/suricata.conf /usr/local/opnsense/service/templates/OPNsense/Syslog/local/vpn.conf /usr/local/opnsense/service/templates/OPNsense/Syslog/local/wireguard.conf diff --git a/src/etc/inc/plugins.inc.d/squid.inc b/src/etc/inc/plugins.inc.d/squid.inc deleted file mode 100644 index 87948be2b..000000000 --- a/src/etc/inc/plugins.inc.d/squid.inc +++ /dev/null @@ -1,79 +0,0 @@ - gettext('Squid Web Proxy'), - 'configd' => array( - 'restart' => array('proxy restart'), - 'start' => array('proxy start'), - 'stop' => array('proxy stop'), - ), - 'pidfile' => '/var/run/squid/squid.pid', - 'name' => 'squid', - ); - } - - return $services; -} - -function squid_xmlrpc_sync() -{ - $result = array(); - - $result[] = array( - 'description' => gettext('Squid Web Proxy'), - 'section' => 'OPNsense.proxy', - 'id' => 'squid', - 'services' => ["squid"], - ); - - return $result; -} - -/** - * our squid instance by default logs to file, when syslog is selected, we need a target definition to catch traffic. - * which flushes our local traffic to /var/log/squid.log (which would otherwise end up in /var/log/squid/access.log) - */ -function squid_syslog() -{ - $logfacilities = array(); - $logfacilities['squid'] = array( - 'facility' => array('(squid-1)') - ); - return $logfacilities; -} diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_ACCESS_DENIED.html b/src/opnsense/data/proxy/template_error_pages/ERR_ACCESS_DENIED.html deleted file mode 100644 index 063b01a50..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_ACCESS_DENIED.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Access Denied.

-
- -

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_ACL_TIME_QUOTA_EXCEEDED.html b/src/opnsense/data/proxy/template_error_pages/ERR_ACL_TIME_QUOTA_EXCEEDED.html deleted file mode 100644 index b9cc38a12..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_ACL_TIME_QUOTA_EXCEEDED.html +++ /dev/null @@ -1,43 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Time Quota Exceeded.

-
- -

This proxy limits your time online with a quota. Your time budget is now empty but will be refilled when the configured time period starts again.

-

These limits have been established by the Internet Service Provider who operates this cache. Please contact them directly if you feel this is an error.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_AGENT_CONFIGURE.html b/src/opnsense/data/proxy/template_error_pages/ERR_AGENT_CONFIGURE.html deleted file mode 100644 index 8bb900dd4..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_AGENT_CONFIGURE.html +++ /dev/null @@ -1,64 +0,0 @@ - - - - -Web Browser Configuration - - - - - - -
-

ERROR

-

Web Browser Configuration

-
-
- -
-
-

Your Web Browser configuration needs to be corrected to use this network.

-
- -

How to find these settings in your browser:

- -
-For Firefox browsers go to: - -
- -
-For Internet Explorer browsers go to: - -
- -
-For Opera browsers go to: - -
- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_AGENT_WPAD.html b/src/opnsense/data/proxy/template_error_pages/ERR_AGENT_WPAD.html deleted file mode 100644 index a1ea43a2a..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_AGENT_WPAD.html +++ /dev/null @@ -1,64 +0,0 @@ - - - - -Web Browser Configuration - - - - - - -
-

ERROR

-

Web Browser Configuration

-
-
- -
-
-

Your Web Browser configuration needs to be corrected to use this network.

-
- -

How to find these settings in your browser:

- -
-For Firefox browsers go to: - -
- -
-For Internet Explorer browsers go to: - -
- -
-For Opera browsers go to: - -
- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_CACHE_ACCESS_DENIED.html b/src/opnsense/data/proxy/template_error_pages/ERR_CACHE_ACCESS_DENIED.html deleted file mode 100644 index 576d19ca7..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_CACHE_ACCESS_DENIED.html +++ /dev/null @@ -1,43 +0,0 @@ - - - - -ERROR: Cache Access Denied - - - - - - -
-

ERROR

-

Cache Access Denied.

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Cache Access Denied.

-
- -

Sorry, you are not currently allowed to request %U from this cache until you have authenticated yourself.

- -

Please contact the cache administrator if you have difficulties authenticating yourself.

- -
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_CACHE_MGR_ACCESS_DENIED.html b/src/opnsense/data/proxy/template_error_pages/ERR_CACHE_MGR_ACCESS_DENIED.html deleted file mode 100644 index dcd746392..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_CACHE_MGR_ACCESS_DENIED.html +++ /dev/null @@ -1,43 +0,0 @@ - - - - -ERROR: Cache Manager Access Denied - - - - - - -
-

ERROR

-

Cache Manager Access Denied.

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Cache Manager Access Denied.

-
- -

Sorry, you are not currently allowed to request %U from this cache manager until you have authenticated yourself.

- -

Please contact the cache administrator if you have difficulties authenticating yourself or, if you are the administrator, read Squid documentation on cache manager interface and check cache log for more detailed error messages.

- -
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_CANNOT_FORWARD.html b/src/opnsense/data/proxy/template_error_pages/ERR_CANNOT_FORWARD.html deleted file mode 100644 index 620cdc8eb..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_CANNOT_FORWARD.html +++ /dev/null @@ -1,50 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Unable to forward this request at this time.

-
- -

This request could not be forwarded to the origin server or to any parent caches.

- -

Some possible problems are:

- - -

Your cache administrator is %w.

- -
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_CONFLICT_HOST.html b/src/opnsense/data/proxy/template_error_pages/ERR_CONFLICT_HOST.html deleted file mode 100644 index d926dbf1c..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_CONFLICT_HOST.html +++ /dev/null @@ -1,48 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-
URI Host Conflict
-
- -

This means the domain name you are trying to access apparently no longer exists on the machine you are requesting it from.

- -

Some possible problems are:

- - -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_CONNECT_FAIL.html b/src/opnsense/data/proxy/template_error_pages/ERR_CONNECT_FAIL.html deleted file mode 100644 index 3bc06e959..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_CONNECT_FAIL.html +++ /dev/null @@ -1,45 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Connection to %I failed.

-
- -

The system returned: %E

- -

The remote host or network may be down. Please try the request again.

- -

Your cache administrator is %w.

- -
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_DIR_LISTING.html b/src/opnsense/data/proxy/template_error_pages/ERR_DIR_LISTING.html deleted file mode 100644 index 22a56f024..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_DIR_LISTING.html +++ /dev/null @@ -1,46 +0,0 @@ - - - - -Directory: %U - - - - - - -
-

Directory: %U/

-
-
- -
-

Directory Content:

- -
-
%z
-
- - - - - - - -%g - -
Parent Directory (Root Directory)
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_DNS_FAIL.html b/src/opnsense/data/proxy/template_error_pages/ERR_DNS_FAIL.html deleted file mode 100644 index a1e97c224..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_DNS_FAIL.html +++ /dev/null @@ -1,47 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Unable to determine IP address from host name %H

-
- -

The DNS server returned:

-
-
%z
-
- -

This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_ESI.html b/src/opnsense/data/proxy/template_error_pages/ERR_ESI.html deleted file mode 100644 index c847b3a81..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_ESI.html +++ /dev/null @@ -1,47 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

ESI Processing failed.

-
- -

The ESI processor returned:

-
-
%Z
-
- -

This means that the surrogate was not able to process the ESI template. Please report this error to the webmaster.

- -

Your webmaster is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_FORWARDING_DENIED.html b/src/opnsense/data/proxy/template_error_pages/ERR_FORWARDING_DENIED.html deleted file mode 100644 index 1ee086629..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_FORWARDING_DENIED.html +++ /dev/null @@ -1,43 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Forwarding Denied.

-
- -

This cache will not forward your request because it is trying to enforce a sibling relationship. Perhaps the client at %i is a cache which has been misconfigured.

- -

Your cache administrator is %w.

- -
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_DISABLED.html b/src/opnsense/data/proxy/template_error_pages/ERR_FTP_DISABLED.html deleted file mode 100644 index ae1056641..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_DISABLED.html +++ /dev/null @@ -1,43 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

FTP is Disabled

-
- -

This cache does not support FTP.

- -

Your cache administrator is %w.

- -
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_FAILURE.html b/src/opnsense/data/proxy/template_error_pages/ERR_FTP_FAILURE.html deleted file mode 100644 index ba440432a..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_FAILURE.html +++ /dev/null @@ -1,47 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

An FTP protocol error occurred while trying to retrieve the URL: %U

- -

Squid sent the following FTP command:

-
-
%f
-
- -

The server responded with:

-
-
%F
-
%g
-
- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_FORBIDDEN.html b/src/opnsense/data/proxy/template_error_pages/ERR_FTP_FORBIDDEN.html deleted file mode 100644 index 9e14d5781..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_FORBIDDEN.html +++ /dev/null @@ -1,47 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

An FTP authentication failure occurred while trying to retrieve the URL: %U

- -

Squid sent the following FTP command:

-
-
%f
-
- -

The server responded with:

-
-
%F
-
%g
-
- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_NOT_FOUND.html b/src/opnsense/data/proxy/template_error_pages/ERR_FTP_NOT_FOUND.html deleted file mode 100644 index ae526a61e..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_NOT_FOUND.html +++ /dev/null @@ -1,49 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following URL could not be retrieved: %U

- -

Squid sent the following FTP command:

-
-
%f
-
- -

The server responded with:

-
-
%F
-
%g
-
- -

This might be caused by an FTP URL with an absolute path (which does not comply with RFC 1738). If this is the cause, then the file can be found at %B.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_CREATED.html b/src/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_CREATED.html deleted file mode 100644 index e379e827b..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_CREATED.html +++ /dev/null @@ -1,31 +0,0 @@ - - - - -FTP PUT Successful. - - - - - - -
-

Operation successful

-

File created

-
-
- -
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_ERROR.html b/src/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_ERROR.html deleted file mode 100644 index ba24c81d8..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_ERROR.html +++ /dev/null @@ -1,48 +0,0 @@ - - - - -ERROR: FTP upload failed - - - - - - -
-

ERROR

-

FTP PUT upload failed

-
-
- -
-

An FTP protocol error occurred while trying to retrieve the URL: %U

- -

Squid sent the following FTP command:

-
-
%f
-
- -

The server responded with:

-
-
%F
-
- -

This means that the FTP server may not have permission or space to store the file. Check the path, permissions, diskspace and try again.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_MODIFIED.html b/src/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_MODIFIED.html deleted file mode 100644 index 103e5303d..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_PUT_MODIFIED.html +++ /dev/null @@ -1,31 +0,0 @@ - - - - -FTP PUT Successful. - - - - - - -
-

Operation successful

-

File updated

-
-
- -
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_UNAVAILABLE.html b/src/opnsense/data/proxy/template_error_pages/ERR_FTP_UNAVAILABLE.html deleted file mode 100644 index e2be1df13..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_FTP_UNAVAILABLE.html +++ /dev/null @@ -1,48 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The FTP server was too busy to retrieve the URL: %U

- -

Squid sent the following FTP command:

- -
-
%f
-
- -

The server responded with:

-
-
%F
-
%g
-
- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_GATEWAY_FAILURE.html b/src/opnsense/data/proxy/template_error_pages/ERR_GATEWAY_FAILURE.html deleted file mode 100644 index 25db70133..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_GATEWAY_FAILURE.html +++ /dev/null @@ -1,44 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Gateway Proxy Failure

-
- -

A non-recoverable internal failure or configuration problem prevents this request from being completed.

- -

This may be due to limits established by the Internet Service Provider who operates this cache. Please contact them directly for more information.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_ICAP_FAILURE.html b/src/opnsense/data/proxy/template_error_pages/ERR_ICAP_FAILURE.html deleted file mode 100644 index ded668d64..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_ICAP_FAILURE.html +++ /dev/null @@ -1,49 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

ICAP protocol error.

-
- -

The system returned: %E

- -

This means that some aspect of the ICAP communication failed.

- -

Some possible problems are:

- - -
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_INVALID_REQ.html b/src/opnsense/data/proxy/template_error_pages/ERR_INVALID_REQ.html deleted file mode 100644 index 63287aeb4..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_INVALID_REQ.html +++ /dev/null @@ -1,57 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

Invalid Request error was encountered while trying to process the request:

- -
-
%R
-
- -

Some possible problems are:

- - -

Your cache administrator is %w.

-
-
- - - -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_INVALID_RESP.html b/src/opnsense/data/proxy/template_error_pages/ERR_INVALID_RESP.html deleted file mode 100644 index 72a381dfd..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_INVALID_RESP.html +++ /dev/null @@ -1,44 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

Invalid Response error was encountered while trying to process the request:

- -
-
%R
-
- -

The HTTP Response message received from the contacted server could not be understood or was otherwise malformed. Please contact the site operator.

- -

Your cache administrator may be able to provide you with more details about the exact nature of the problem if needed.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_INVALID_URL.html b/src/opnsense/data/proxy/template_error_pages/ERR_INVALID_URL.html deleted file mode 100644 index e13755f45..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_INVALID_URL.html +++ /dev/null @@ -1,50 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Invalid URL

-
- -

Some aspect of the requested URL is incorrect.

- -

Some possible problems are:

- - -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_LIFETIME_EXP.html b/src/opnsense/data/proxy/template_error_pages/ERR_LIFETIME_EXP.html deleted file mode 100644 index 100e75f22..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_LIFETIME_EXP.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Connection Lifetime Expired

-
- -

Squid has terminated the request because it has exceeded the maximum connection lifetime.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_NO_RELAY.html b/src/opnsense/data/proxy/template_error_pages/ERR_NO_RELAY.html deleted file mode 100644 index 7068131b2..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_NO_RELAY.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

No Wais Relay

-
- -

There is no WAIS Relay host defined for this Cache! Yell at the administrator.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_ONLY_IF_CACHED_MISS.html b/src/opnsense/data/proxy/template_error_pages/ERR_ONLY_IF_CACHED_MISS.html deleted file mode 100644 index f91c79e9f..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_ONLY_IF_CACHED_MISS.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Valid document was not found in the cache and only-if-cached directive was specified.

-
- -

You have issued a request with a only-if-cached cache control directive. The document was not found in the cache, or it required revalidation prohibited by the only-if-cached directive.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_PRECONDITION_FAILED.html b/src/opnsense/data/proxy/template_error_pages/ERR_PRECONDITION_FAILED.html deleted file mode 100644 index c34728485..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_PRECONDITION_FAILED.html +++ /dev/null @@ -1,44 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Precondition Failed.

-
- -

This means:

-
-

At least one precondition specified by the HTTP client in the request header has failed.

-
- -
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_PROTOCOL_UNKNOWN.html b/src/opnsense/data/proxy/template_error_pages/ERR_PROTOCOL_UNKNOWN.html deleted file mode 100644 index b61de9c99..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_PROTOCOL_UNKNOWN.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Unsupported Protocol

-
- -

Squid does not support some access protocols. For example, the SSH protocol is currently not supported.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_READ_ERROR.html b/src/opnsense/data/proxy/template_error_pages/ERR_READ_ERROR.html deleted file mode 100644 index b699225a8..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_READ_ERROR.html +++ /dev/null @@ -1,44 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Read Error

-
- -

The system returned: %E

- -

An error condition occurred while reading data from the network. Please retry your request.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_READ_TIMEOUT.html b/src/opnsense/data/proxy/template_error_pages/ERR_READ_TIMEOUT.html deleted file mode 100644 index 2576ffa58..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_READ_TIMEOUT.html +++ /dev/null @@ -1,44 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Read Timeout

-
- -

The system returned: %E

- -

A Timeout occurred while waiting to read data from the network. The network or server may be down or congested. Please retry your request.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_SECURE_CONNECT_FAIL.html b/src/opnsense/data/proxy/template_error_pages/ERR_SECURE_CONNECT_FAIL.html deleted file mode 100644 index 0046c8e1c..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_SECURE_CONNECT_FAIL.html +++ /dev/null @@ -1,50 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Failed to establish a secure connection to %I

-
- -
-

The system returned:

-
-
%E (TLS code: %x)
-

%D

-
-
- -

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_SHUTTING_DOWN.html b/src/opnsense/data/proxy/template_error_pages/ERR_SHUTTING_DOWN.html deleted file mode 100644 index 3a668ea14..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_SHUTTING_DOWN.html +++ /dev/null @@ -1,38 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -

This cache is in the process of shutting down and can not service your request at this time. Please retry your request again soon.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_SOCKET_FAILURE.html b/src/opnsense/data/proxy/template_error_pages/ERR_SOCKET_FAILURE.html deleted file mode 100644 index 025c0f77d..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_SOCKET_FAILURE.html +++ /dev/null @@ -1,44 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Socket Failure

-
- -

The system returned: %E

- -

Squid is unable to create a TCP socket, presumably due to excessive load. Please retry your request.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_TOO_BIG.html b/src/opnsense/data/proxy/template_error_pages/ERR_TOO_BIG.html deleted file mode 100644 index b12de395b..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_TOO_BIG.html +++ /dev/null @@ -1,44 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

The request or reply is too large.

-
- -

If you are making a POST or PUT request, then the item you are trying to upload is too large.

-

If you are making a GET request, then the item you are trying to download is too large.

-

These limits have been established by the Internet Service Provider who operates this cache. Please contact them directly if you feel this is an error.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_UNSUP_HTTPVERSION.html b/src/opnsense/data/proxy/template_error_pages/ERR_UNSUP_HTTPVERSION.html deleted file mode 100644 index 457bc200e..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_UNSUP_HTTPVERSION.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

Unsupported HTTP version

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Unsupported HTTP version

-
- -

This Squid does not accept the HTTP version you are attempting to use.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_UNSUP_REQ.html b/src/opnsense/data/proxy/template_error_pages/ERR_UNSUP_REQ.html deleted file mode 100644 index 589691eca..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_UNSUP_REQ.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Unsupported Request Method and Protocol

-
- -

Squid does not support all request methods for all access protocols.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_URN_RESOLVE.html b/src/opnsense/data/proxy/template_error_pages/ERR_URN_RESOLVE.html deleted file mode 100644 index d260dfe32..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_URN_RESOLVE.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - -ERROR: The requested URN could not be retrieved - - - - - - -
-

ERROR

-

A URL for the requested URN could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URN: %U

- -
-

Cannot Resolve URN

-
- -

Hey, don't expect too much from URNs on %T :)

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_WRITE_ERROR.html b/src/opnsense/data/proxy/template_error_pages/ERR_WRITE_ERROR.html deleted file mode 100644 index b7414f340..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_WRITE_ERROR.html +++ /dev/null @@ -1,44 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Write Error

-
- -

The system returned: %E

- -

An error condition occurred while writing to the network. Please retry your request.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/ERR_ZERO_SIZE_OBJECT.html b/src/opnsense/data/proxy/template_error_pages/ERR_ZERO_SIZE_OBJECT.html deleted file mode 100644 index 0fca1a8ef..000000000 --- a/src/opnsense/data/proxy/template_error_pages/ERR_ZERO_SIZE_OBJECT.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - -ERROR: The requested URL could not be retrieved - - - - - - -
-

ERROR

-

The requested URL could not be retrieved

-
-
- -
-

The following error was encountered while trying to retrieve the URL: %U

- -
-

Zero Sized Reply

-
- -

Squid did not receive any data for this request.

- -

Your cache administrator is %w.

-
-
- -
- - diff --git a/src/opnsense/data/proxy/template_error_pages/error-details.txt b/src/opnsense/data/proxy/template_error_pages/error-details.txt deleted file mode 100644 index 881add990..000000000 --- a/src/opnsense/data/proxy/template_error_pages/error-details.txt +++ /dev/null @@ -1,227 +0,0 @@ -name: SQUID_X509_V_ERR_INFINITE_VALIDATION -detail: "%ssl_error_descr: %ssl_subject" -descr: "Cert validation infinite loop detected" - -name: SQUID_TLS_ERR_ACCEPT -detail: "%ssl_error_descr: %ssl_lib_error" -descr: "Failed to accept a secure connection" - -name: SQUID_TLS_ERR_CONNECT -detail: "%ssl_error_descr: %ssl_lib_error" -descr: "Failed to establish a secure connection" - -name: SQUID_X509_V_ERR_DOMAIN_MISMATCH -detail: "%ssl_error_descr: %ssl_subject" -descr: "Certificate does not match domainname" - -name: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT -detail: "SSL Certificate error: certificate issuer (CA) not known: %ssl_ca_name" -descr: "Unable to get issuer certificate" - -name: X509_V_ERR_UNABLE_TO_GET_CRL -detail: "%ssl_error_descr: %ssl_subject" -descr: "Unable to get certificate CRL" - -name: X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE -detail: "%ssl_error_descr: %ssl_subject" -descr: "Unable to decrypt certificate's signature" - -name: X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE -detail: "%ssl_error_descr: %ssl_subject" -descr: "Unable to decrypt CRL's signature" - -name: X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY -detail: "Unable to decode issuer (CA) public key: %ssl_ca_name" -descr: "Unable to decode issuer public key" - -name: X509_V_ERR_CERT_SIGNATURE_FAILURE -detail: "%ssl_error_descr: %ssl_subject" -descr: "Certificate signature failure" - -name: X509_V_ERR_CRL_SIGNATURE_FAILURE -detail: "%ssl_error_descr: %ssl_subject" -descr: "CRL signature failure" - -name: X509_V_ERR_CERT_NOT_YET_VALID -detail: "SSL Certificate is not valid before: %ssl_notbefore" -descr: "Certificate is not yet valid" - -name: X509_V_ERR_CERT_HAS_EXPIRED -detail: "SSL Certificate expired on: %ssl_notafter" -descr: "Certificate has expired" - -name: X509_V_ERR_CRL_NOT_YET_VALID -detail: "%ssl_error_descr: %ssl_subject" -descr: "CRL is not yet valid" - -name: X509_V_ERR_CRL_HAS_EXPIRED -detail: "%ssl_error_descr: %ssl_subject" -descr: "CRL has expired" - -name: X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD -detail: "SSL Certificate has invalid start date (the 'not before' field): %ssl_subject" -descr: "Format error in certificate's notBefore field" - -name: X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD -detail: "SSL Certificate has invalid expiration date (the 'not after' field): %ssl_subject" -descr: "Format error in certificate's notAfter field" - -name: X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD -detail: "%ssl_error_descr: %ssl_subject" -descr: "Format error in CRL's lastUpdate field" - -name: X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD -detail: "%ssl_error_descr: %ssl_subject" -descr: "Format error in CRL's nextUpdate field" - -name: X509_V_ERR_OUT_OF_MEM -detail: "%ssl_error_descr" -descr: "Out of memory" - -name: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT -detail: "Self-signed SSL Certificate: %ssl_subject" -descr: "Self signed certificate" - -name: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN -detail: "Self-signed SSL Certificate in chain: %ssl_subject" -descr: "Self signed certificate in certificate chain" - -name: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY -detail: "SSL Certificate error: certificate issuer (CA) not known: %ssl_ca_name" -descr: "Unable to get local issuer certificate" - -name: X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE -detail: "%ssl_error_descr: %ssl_subject" -descr: "Unable to verify the first certificate" - -name: X509_V_ERR_CERT_CHAIN_TOO_LONG -detail: "%ssl_error_descr: %ssl_subject" -descr: "Certificate chain too long" - -name: X509_V_ERR_CERT_REVOKED -detail: "%ssl_error_descr: %ssl_subject" -descr: "Certificate revoked" - -name: X509_V_ERR_INVALID_CA -detail: "%ssl_error_descr: %ssl_ca_name" -descr: "Invalid CA certificate" - -name: X509_V_ERR_PATH_LENGTH_EXCEEDED -detail: "%ssl_error_descr: %ssl_subject" -descr: "Path length constraint exceeded" - -name: X509_V_ERR_INVALID_PURPOSE -detail: "%ssl_error_descr: %ssl_subject" -descr: "Unsupported certificate purpose" - -name: X509_V_ERR_CERT_UNTRUSTED -detail: "%ssl_error_descr: %ssl_subject" -descr: "Certificate not trusted" - -name: X509_V_ERR_CERT_REJECTED -detail: "%ssl_error_descr: %ssl_subject" -descr: "Certificate rejected" - -name: X509_V_ERR_SUBJECT_ISSUER_MISMATCH -detail: "%ssl_error_descr: %ssl_ca_name" -descr: "Subject issuer mismatch" - -name: X509_V_ERR_AKID_SKID_MISMATCH -detail: "%ssl_error_descr: %ssl_subject" -descr: "Authority and subject key identifier mismatch" - -name: X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH -detail: "%ssl_error_descr: %ssl_ca_name" -descr: "Authority and issuer serial number mismatch" - -name: X509_V_ERR_KEYUSAGE_NO_CERTSIGN -detail: "%ssl_error_descr: %ssl_subject" -descr: "Key usage does not include certificate signing" - -name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER -detail: "%ssl_error_descr: %ssl_subject" -descr: "unable to get CRL issuer certificate" - -name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION -detail: "%ssl_error_descr: %ssl_subject" -descr: "unhandled critical extension" - -name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN -detail: "%ssl_error_descr: %ssl_subject" -descr: "key usage does not include CRL signing" - -name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION -detail: "%ssl_error_descr: %ssl_subject" -descr: "unhandled critical CRL extension" - -name: X509_V_ERR_INVALID_NON_CA -detail: "%ssl_error_descr: %ssl_subject" -descr: "invalid non-CA certificate (has CA markings)" - -name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED -detail: "%ssl_error_descr: %ssl_subject" -descr: "proxy path length constraint exceeded" - -name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE -detail: "%ssl_error_descr: %ssl_subject" -descr: "key usage does not include digital signature" - -name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED -detail: "%ssl_error_descr: %ssl_subject" -descr: "proxy certificates not allowed, please set the appropriate flag" - -name: X509_V_ERR_INVALID_EXTENSION -detail: "%ssl_error_descr: %ssl_subject" -descr: "invalid or inconsistent certificate extension" - -name: X509_V_ERR_INVALID_POLICY_EXTENSION -detail: "%ssl_error_descr: %ssl_subject" -descr: "invalid or inconsistent certificate policy extension" - -name: X509_V_ERR_NO_EXPLICIT_POLICY -detail: "%ssl_error_descr: %ssl_subject" -descr: "no explicit policy" - -name: X509_V_ERR_DIFFERENT_CRL_SCOPE -detail: "%ssl_error_descr: %ssl_subject" -descr: "Different CRL scope" - -name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE -detail: "%ssl_error_descr: %ssl_subject" -descr: "Unsupported extension feature" - -name: X509_V_ERR_UNNESTED_RESOURCE -detail: "%ssl_error_descr: %ssl_subject" -descr: "RFC 3779 resource not subset of parent's resources" - -name: X509_V_ERR_PERMITTED_VIOLATION -detail: "%ssl_error_descr: %ssl_subject" -descr: "permitted subtree violation" - -name: X509_V_ERR_EXCLUDED_VIOLATION -detail: "%ssl_error_descr: %ssl_subject" -descr: "excluded subtree violation" - -name: X509_V_ERR_SUBTREE_MINMAX -detail: "%ssl_error_descr: %ssl_subject" -descr: "name constraints minimum and maximum not supported" - -name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE -detail: "%ssl_error_descr: %ssl_subject" -descr: "unsupported name constraint type" - -name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX -detail: "%ssl_error_descr: %ssl_subject" -descr: "unsupported or invalid name constraint syntax" - -name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX -detail: "%ssl_error_descr: %ssl_subject" -descr: "unsupported or invalid name syntax" - -name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR -detail: "%ssl_error_descr: %ssl_subject" -descr: "CRL path validation error" - -name: X509_V_ERR_APPLICATION_VERIFICATION -detail: "%ssl_error_descr: %ssl_subject" -descr: "Application verification failure" diff --git a/src/opnsense/data/proxy/template_error_pages/errorpage.css b/src/opnsense/data/proxy/template_error_pages/errorpage.css deleted file mode 100644 index 1efbf0e05..000000000 --- a/src/opnsense/data/proxy/template_error_pages/errorpage.css +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (C) 1996-2021 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - */ - -/* - Stylesheet for Squid Error pages - Adapted from design by Free CSS Templates - http://www.freecsstemplates.org - Released for free under a Creative Commons Attribution 2.5 License -*/ - -/* Page basics */ -* { - font-family: verdana, sans-serif; -} - -html body { - margin: 0; - padding: 0; - background: #efefef; - font-size: 12px; - color: #1e1e1e; -} - -/* Page displayed title area */ -#titles { - margin-left: 15px; - padding: 10px; - padding-left: 130px; - background: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjwhRE9DVFlQRSBzdmcgUFVCTElDICItLy9XM0MvL0RURCBTVkcgMS4xLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL0dyYXBoaWNzL1NWRy8xLjEvRFREL3N2ZzExLmR0ZCI+Cjxzdmcgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgdmlld0JveD0iMCAwIDk1IDk4IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHhtbDpzcGFjZT0icHJlc2VydmUiIHhtbG5zOnNlcmlmPSJodHRwOi8vd3d3LnNlcmlmLmNvbS8iIHN0eWxlPSJmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtzdHJva2UtbGluZWpvaW46cm91bmQ7c3Ryb2tlLW1pdGVybGltaXQ6MS40MTQyMTsiPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHBhdGggZD0iTTk0Ljc0Nyw5LjAxMUw4Ny40NTcsOS4wMTFMODcuNDU3LDcuNDk1TDEwLjc2OCw3LjQ5NUMxMC40NTYsNy40OTUgMTAuMjEsNy41MzkgOS44OTgsNy42MDZMOS44NzYsNy42MDZMOS40OTcsNy43NEw5LjQzLDcuNzYyTDkuMzg2LDcuNzg1TDkuMzE5LDcuODI5TDkuMDI5LDcuOTg1TDguOTYyLDguMDA3TDguOTYyLDguMDNMOC44MjgsOC4wOTdMOC43MTcsOC4xODZMOC42NzIsOC4yM0w4LjYwNSw4LjI3NUw4LjU2MSw4LjI5N0w4LjU2MSw4LjMyTDguNTE2LDguMzY0TDguNDQ5LDguNDA5TDguNDA1LDguNDUzTDguMzYsOC40OThMOC4yNDksOC42MDlMOC4yMjYsOC42NTRMOC4xNTksOC43MjFMOC4xMTUsOC43NDNMOC4xMzcsOC43NDNMOC4wNyw4LjgxTDguMDQ4LDguODMyTDguMDQ4LDguODU1TDguMDAzLDguODk5TDguMDAzLDguOTIyTDcuOTU5LDguOTY2TDcuOTM2LDkuMDExTDAuMjksOS4wMTFMMC4yOSw4LjQ5OEMxLjQyNywzLjYzOCA1LjcwNywwLjAwNCAxMC43NjgsMC4wMDRMOTQuNzQ3LDAuMDA0TDk0Ljc0Nyw5LjAxMVoiIHN0eWxlPSJmaWxsOnJnYigyMjcsMjI4LDIyOSk7ZmlsbC1ydWxlOm5vbnplcm87Ii8+CiAgICA8L2c+CiAgICA8ZyB0cmFuc2Zvcm09Im1hdHJpeCgxLDAsMCwxLDAsLTAuMDA0MTU0NzEpIj4KICAgICAgICA8cGF0aCBkPSJNODcuNDU3LDcuNTE3TDk0Ljc0NywzLjU5M0w5NC43NDcsMTEuMDg0TDg3LjQ3OSwxNC45ODVMODcuNDU3LDE0Ljk4NUw4Ny40NTcsNy41MTdaIiBzdHlsZT0iZmlsbDp1cmwoI19MaW5lYXIxKTtmaWxsLXJ1bGU6bm9uemVybzsiLz4KICAgIDwvZz4KICAgIDxnIHRyYW5zZm9ybT0ibWF0cml4KDEsMCwwLDEsMCwtMC4wMDQxNTQ3MSkiPgogICAgICAgIDxwYXRoIGQ9Ik0yLjAwNiw0LjY2M0w4LjY3Miw4LjIzTDguNjA1LDguMjc1TDguNTYxLDguMjk3TDguNTYxLDguMzJMOC41MTYsOC4zNjRMOC40NDksOC40MDlMOC40MDUsOC40NTNMOC4zNiw4LjQ5OEw4LjI0OSw4LjYwOUw4LjIyNiw4LjY1NEw4LjE1OSw4LjcyMUw4LjExNSw4Ljc0M0w4LjEzNyw4Ljc0M0w4LjA3LDguODFMOC4wNDgsOC44MzJMOC4wNDgsOC44NTVMOC4wMDMsOC44OTlMOC4wMDMsOC45MjJMNy45NTksOC45NjZMNy44OTIsOS4wNzhMNy44Nyw5LjFMNy44MDMsOS4yMTFMNy43NTgsOS4yNzhMNy43NTgsOS4zTDcuNjAyLDkuNTY4TDcuNjAyLDkuNTlMNy41OCw5LjY1N0w3LjU1Nyw5LjcwMkw3LjUzNSw5Ljc0Nkw3LjUzNSw5Ljc2OUw3LjQwMSwxMC4xOTJDNy40MDEsMTAuMTcgNy4yOSwxMC43NzIgNy4yOSwxMS4wNjJMNy4yOSwxNC45ODVMMCwxMS4wODRMMCwxMS4wNjJDMCw4LjY3NiAwLjczNiw2LjQ2OSAyLjAwNiw0LjY2M1oiIHN0eWxlPSJmaWxsOnVybCgjX0xpbmVhcjIpO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHJlY3QgeD0iMTQuNTgiIHk9IjE0Ljk4NSIgd2lkdGg9IjY1LjU4NyIgaGVpZ2h0PSI3LjQ5MSIgc3R5bGU9ImZpbGw6cmdiKDE0NywxNDYsMTQ2KTtmaWxsLXJ1bGU6bm9uemVybzsiLz4KICAgIDwvZz4KICAgIDxnIHRyYW5zZm9ybT0ibWF0cml4KDEsMCwwLDEsMCwtMC4wMDQxNTQ3MSkiPgogICAgICAgIDxwYXRoIGQ9Ik0wLDg4LjM3NUw3LjI5LDg4LjM3NUw3LjI5LDg5Ljg2OUw4My45NzksODkuODY5Qzg0LjI5MSw4OS44NjkgODQuNTM3LDg5Ljg0NyA4NC44MjYsODkuNzU3TDg0Ljg0OSw4OS43NTdMODUuMjUsODkuNjI0TDg1LjI5NSw4OS42MDFMODUuMzM5LDg5LjU3OUw4NS40MjgsODkuNTU3TDg1LjY5Niw4OS40MDFMODUuNzYzLDg5LjM1Nkw4NS43ODUsODkuMzU2TDg1Ljg5Niw4OS4yNjdMODYuMDA4LDg5LjJMODYuMDA4LDg5LjE3OEw4Ni4wNzUsODkuMTMzTDg2LjE0Miw4OS4wODlMODYuMTY0LDg5LjA2Nkw4Ni4yMzEsODkuMDIyTDg2LjI5OCw4OC45NTVMODYuMzIsODguOTMzTDg2LjMyLDg4LjkxTDg2LjM2NSw4OC44ODhMODYuNDc2LDg4Ljc3Nkw4Ni40NzYsODguNzU0TDg2LjUyMSw4OC43MzJMODYuNTY1LDg4LjY2NUw4Ni42MSw4OC42Mkw4Ni42NTQsODguNTU0TDg2LjY3Nyw4OC41MzFMODYuNzIxLDg4LjQ2NEw4Ni43NjYsODguMzk3TDg2Ljc4OCw4OC4zOTdMODYuODEsODguMzc1TDk0LjQzNSw4OC4zNzVMOTQuNDM1LDg4Ljg4OEM5My4yOTgsOTMuNzQ4IDg5LjA0LDk3LjM1OSA4My45NzksOTcuMzU5TDAsOTcuMzU5TDAsODkuOTU4TDAsODkuODY5TDAsODguMzc1WiIgc3R5bGU9ImZpbGw6cmdiKDIyNywyMjgsMjI5KTtmaWxsLXJ1bGU6bm9uemVybzsiLz4KICAgIDwvZz4KICAgIDxnIHRyYW5zZm9ybT0ibWF0cml4KDEsMCwwLDEsMCwtMC4wMDQxNTQ3MSkiPgogICAgICAgIDxwYXRoIGQ9Ik03LjI5LDg5Ljg2OUwwLDkzLjc3TDAsODkuOTU4TDAsODkuODY5TDAsODYuMjhMNy4yNDUsODIuMzc4TDcuMjksODIuMzc4TDcuMjksODkuODY5WiIgc3R5bGU9ImZpbGw6dXJsKCNfTGluZWFyMyk7ZmlsbC1ydWxlOm5vbnplcm87Ii8+CiAgICA8L2c+CiAgICA8ZyB0cmFuc2Zvcm09Im1hdHJpeCgxLDAsMCwxLDAsLTAuMDA0MTU0NzEpIj4KICAgICAgICA8cGF0aCBkPSJNOTIuNzQxLDkyLjdMODYuMDc1LDg5LjEzM0w4Ni4xNDIsODkuMDg5TDg2LjE2NCw4OS4wNjZMODYuMjMxLDg5LjAyMkw4Ni4yOTgsODguOTU1TDg2LjMyLDg4LjkzM0w4Ni4zMiw4OC45MUw4Ni4zNjUsODguODg4TDg2LjQ3Niw4OC43NzZMODYuNDc2LDg4Ljc1NEw4Ni41MjEsODguNzMyTDg2LjU2NSw4OC42NjVMODYuNjEsODguNjJMODYuNjU0LDg4LjU1NEw4Ni42NzcsODguNTMxTDg2LjcyMSw4OC40NjRMODYuNzY2LDg4LjM5N0w4Ni43ODgsODguMzk3TDg2Ljg1NSw4OC4yODZMODYuOTQ0LDg4LjE1Mkw4Ni45ODksODguMDg1TDg3LjEyMyw4Ny43OTZMODcuMTQ1LDg3Ljc3M0w4Ny4xNjcsODcuNzI5TDg3LjE2Nyw4Ny43MDZMODcuMTg5LDg3LjY2Mkw4Ny4xODksODcuNjM5TDg3LjIxMiw4Ny42MTdMODcuMzQ2LDg3LjE5NEM4Ny4zNDYsODcuMTk0IDg3LjQ1Nyw4Ni41OTIgODcuNDU3LDg2LjMwMkw4Ny40NTcsODIuNDAxTDk0Ljc0Nyw4Ni4yOEw5NC43NDcsODYuMzAyQzk0LjcyNSw4OC42ODcgOTMuOTg5LDkwLjg5NCA5Mi43NDEsOTIuN1oiIHN0eWxlPSJmaWxsOnVybCgjX0xpbmVhcjQpO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHJlY3QgeD0iNy4yOSIgeT0iMjkuOTY2IiB3aWR0aD0iMjguMDIzIiBoZWlnaHQ9IjcuNDkxIiBzdHlsZT0iZmlsbDpyZ2IoMTcwLDE3MSwxNzEpO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHBhdGggZD0iTTIxLjE1NiwzNy40NTdMNy4yOSwzMC4wMTFMNy4yOSwyOS45NjZMMjEuNDAyLDI5Ljk2NkwzNS4zMTMsMzcuNDEyTDM1LjMxMywzNy40NTdMMjEuMTU2LDM3LjQ1N1oiIHN0eWxlPSJmaWxsOnVybCgjX0xpbmVhcjUpO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHJlY3QgeD0iNTkuNDEyIiB5PSIyOS45NjYiIHdpZHRoPSIyOC4wNDUiIGhlaWdodD0iNy40OTEiIHN0eWxlPSJmaWxsOnJnYigxNzAsMTcxLDE3MSk7ZmlsbC1ydWxlOm5vbnplcm87Ii8+CiAgICA8L2c+CiAgICA8ZyB0cmFuc2Zvcm09Im1hdHJpeCgxLDAsMCwxLDAsLTAuMDA0MTU0NzEpIj4KICAgICAgICA8cGF0aCBkPSJNNzMuNTY4LDM3LjQ1N0w4Ny40NTcsMzAuMDExTDg3LjQ1NywyOS45NjZMNzMuMzIzLDI5Ljk2Nkw1OS40MTIsMzcuNDEyTDU5LjQxMiwzNy40NTdMNzMuNTY4LDM3LjQ1N1oiIHN0eWxlPSJmaWxsOnVybCgjX0xpbmVhcjYpO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHJlY3QgeD0iNTkuNDEyIiB5PSI1OS45MjkiIHdpZHRoPSIyOC4wNDUiIGhlaWdodD0iNy40OTEiIHN0eWxlPSJmaWxsOnJnYigxNzAsMTcxLDE3MSk7ZmlsbC1ydWxlOm5vbnplcm87Ii8+CiAgICA8L2c+CiAgICA8ZyB0cmFuc2Zvcm09Im1hdHJpeCgxLDAsMCwxLDAsLTAuMDA0MTU0NzEpIj4KICAgICAgICA8cGF0aCBkPSJNNzMuNTY4LDU5LjkyOUw4Ny40NTcsNjcuMzUyTDg3LjQ1Nyw2Ny40MTlMNzMuMzIzLDY3LjQxOUw1OS40MTIsNTkuOTUxTDU5LjQxMiw1OS45MjlMNzMuNTY4LDU5LjkyOVoiIHN0eWxlPSJmaWxsOnVybCgjX0xpbmVhcjcpO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHJlY3QgeD0iNy4yOSIgeT0iNTkuOTI5IiB3aWR0aD0iMjguMDIzIiBoZWlnaHQ9IjcuNDkxIiBzdHlsZT0iZmlsbDpyZ2IoMTcwLDE3MSwxNzEpO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHBhdGggZD0iTTIxLjE1Niw1OS45MjlMNy4yOSw2Ny4zNTJMNy4yOSw2Ny40MTlMMjEuNDAyLDY3LjQxOUwzNS4zMTMsNTkuOTUxTDM1LjMxMyw1OS45MjlMMjEuMTU2LDU5LjkyOVoiIHN0eWxlPSJmaWxsOnVybCgjX0xpbmVhcjgpO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHBhdGggZD0iTTM1LjMxMywzNy40NTdMMCwxOC41NTJMMCwxMS4wNjJMMzUuMzEzLDI5Ljk2NkwzNS4zMTMsMzcuNDU3WiIgc3R5bGU9ImZpbGw6dXJsKCNfTGluZWFyOSk7ZmlsbC1ydWxlOm5vbnplcm87Ii8+CiAgICA8L2c+CiAgICA8ZyB0cmFuc2Zvcm09Im1hdHJpeCgxLDAsMCwxLDAsLTAuMDA0MTU0NzEpIj4KICAgICAgICA8cGF0aCBkPSJNNTkuNDEyLDM3LjQ1N0w5NC43NDcsMTguNTUyTDk0Ljc0NywxMS4wNjJMNTkuNDEyLDI5Ljk2Nkw1OS40MTIsMzcuNDU3WiIgc3R5bGU9ImZpbGw6dXJsKCNfTGluZWFyMTApO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHJlY3QgeD0iMTQuNzE0IiB5PSI3NC45MSIgd2lkdGg9IjY1LjU4NyIgaGVpZ2h0PSI3LjQ2OCIgc3R5bGU9ImZpbGw6cmdiKDE0NywxNDYsMTQ2KTtmaWxsLXJ1bGU6bm9uemVybzsiLz4KICAgIDwvZz4KICAgIDxnIHRyYW5zZm9ybT0ibWF0cml4KDEsMCwwLDEsMCwtMC4wMDQxNTQ3MSkiPgogICAgICAgIDxwYXRoIGQ9Ik01OS40MTIsNTkuOTI5TDk0Ljc0Nyw3OC44MTFMOTQuNzQ3LDg2LjMwMkw1OS40MTIsNjcuNDE5TDU5LjQxMiw1OS45MjlaIiBzdHlsZT0iZmlsbDp1cmwoI19MaW5lYXIxMSk7ZmlsbC1ydWxlOm5vbnplcm87Ii8+CiAgICA8L2c+CiAgICA8ZyB0cmFuc2Zvcm09Im1hdHJpeCgxLDAsMCwxLDAsLTAuMDA0MTU0NzEpIj4KICAgICAgICA8cGF0aCBkPSJNMzUuMzEzLDU5LjkyOUwwLDc4LjgxMUwwLDg2LjMwMkwzNS4zMTMsNjcuNDE5TDM1LjMxMyw1OS45MjlaIiBzdHlsZT0iZmlsbDp1cmwoI19MaW5lYXIxMik7ZmlsbC1ydWxlOm5vbnplcm87Ii8+CiAgICA8L2c+CiAgICA8ZyB0cmFuc2Zvcm09Im1hdHJpeCgxLDAsMCwxLDAsLTAuMDA0MTU0NzEpIj4KICAgICAgICA8cGF0aCBkPSJNOTQuNzQ3LDQ0Ljk0OEw3My40MTIsNDQuOTQ4TDgwLjE0NSw0MS4zMzZMODAuMTQ1LDMzLjg0Nkw1OS40MTIsNDQuOTQ4TDU5LjQxMiw1Mi40MzhMNTkuNDM0LDUyLjQzOEw4MC4xNjcsNjMuNTE4TDgwLjE2Nyw1Ni4wMjdMNzMuNDM0LDUyLjQzOEw5NC43NDcsNTIuNDM4TDk0Ljc0Nyw0NC45NDhaIiBzdHlsZT0iZmlsbDpyZ2IoMjE3LDc5LDApO2ZpbGwtcnVsZTpub256ZXJvOyIvPgogICAgPC9nPgogICAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMSwwLDAsMSwwLC0wLjAwNDE1NDcxKSI+CiAgICAgICAgPHBhdGggZD0iTTE0LjU4LDMzLjg0NkwxNC41OCw0MS4zMzZMMjEuMzM1LDQ0Ljk0OEwwLDQ0Ljk0OEwwLDUyLjQzOEwyMS4zMTIsNTIuNDM4TDE0LjU4LDU2LjAyN0wxNC41OCw2My41MThMMzUuMzEzLDUyLjQzOEwzNS4zMTMsNTIuNDE2TDM1LjMxMyw0NC45NDhMMTQuNTgsMzMuODQ2WiIgc3R5bGU9ImZpbGw6cmdiKDIxNyw3OSwwKTtmaWxsLXJ1bGU6bm9uemVybzsiLz4KICAgIDwvZz4KICAgIDxkZWZzPgogICAgICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iX0xpbmVhcjEiIHgxPSIwIiB5MT0iMCIgeDI9IjEiIHkyPSIwIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxLjY1ODQxLDUuODQwNTYsLTUuODQwNTYsMS42NTg0MSw5MC4yNjM1LDYuMzY5MTIpIj48c3RvcCBvZmZzZXQ9IjAiIHN0eWxlPSJzdG9wLWNvbG9yOnJnYigyMjgsMjI4LDIyOCk7c3RvcC1vcGFjaXR5OjEiLz48c3RvcCBvZmZzZXQ9IjEiIHN0eWxlPSJzdG9wLWNvbG9yOnJnYigxNjIsMTYyLDE2Mik7c3RvcC1vcGFjaXR5OjEiLz48L2xpbmVhckdyYWRpZW50PgogICAgICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iX0xpbmVhcjIiIHgxPSIwIiB5MT0iMCIgeDI9IjEiIHkyPSIwIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgtMi4yOTE1NCw1LjgxOTU4LC01LjgxOTU4LC0yLjI5MTU0LDUuNDc2ODYsNi45MTQ1KSI+PHN0b3Agb2Zmc2V0PSIwIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMjI4LDIyOCwyMjgpO3N0b3Atb3BhY2l0eToxIi8+PHN0b3Agb2Zmc2V0PSIxIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMTYyLDE2MiwxNjIpO3N0b3Atb3BhY2l0eToxIi8+PC9saW5lYXJHcmFkaWVudD4KICAgICAgICA8bGluZWFyR3JhZGllbnQgaWQ9Il9MaW5lYXIzIiB4MT0iMCIgeTE9IjAiIHgyPSIxIiB5Mj0iMCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJtYXRyaXgoLTEuNjU4ODUsLTUuODM5MzEsNS44MzkzMSwtMS42NTg4NSw0LjQ3MzEsOTEuMDAyNykiPjxzdG9wIG9mZnNldD0iMCIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDIyOCwyMjgsMjI4KTtzdG9wLW9wYWNpdHk6MSIvPjxzdG9wIG9mZnNldD0iMSIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDE2MiwxNjIsMTYyKTtzdG9wLW9wYWNpdHk6MSIvPjwvbGluZWFyR3JhZGllbnQ+CiAgICAgICAgPGxpbmVhckdyYWRpZW50IGlkPSJfTGluZWFyNCIgeDE9IjAiIHkxPSIwIiB4Mj0iMSIgeTI9IjAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIiBncmFkaWVudFRyYW5zZm9ybT0ibWF0cml4KDIuMjkxMzEsLTUuODE5MjQsNS44MTkyNCwyLjI5MTMxLDg5LjI1OTQsOTAuNDU3NikiPjxzdG9wIG9mZnNldD0iMCIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDIyOCwyMjgsMjI4KTtzdG9wLW9wYWNpdHk6MSIvPjxzdG9wIG9mZnNldD0iMSIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDE2MiwxNjIsMTYyKTtzdG9wLW9wYWNpdHk6MSIvPjwvbGluZWFyR3JhZGllbnQ+CiAgICAgICAgPGxpbmVhckdyYWRpZW50IGlkPSJfTGluZWFyNSIgeDE9IjAiIHkxPSIwIiB4Mj0iMSIgeTI9IjAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIiBncmFkaWVudFRyYW5zZm9ybT0ibWF0cml4KC00Ni4xODUsLTEyLjAxNjgsMTIuMDE2OCwtNDYuMTg1LDQ0LjM5MzcsMzkuNzE1NikiPjxzdG9wIG9mZnNldD0iMCIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDE3MCwxNzEsMTcxKTtzdG9wLW9wYWNpdHk6MSIvPjxzdG9wIG9mZnNldD0iMC4xIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMTcwLDE3MSwxNzEpO3N0b3Atb3BhY2l0eToxIi8+PHN0b3Agb2Zmc2V0PSIxIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoNzgsNzgsNzgpO3N0b3Atb3BhY2l0eToxIi8+PC9saW5lYXJHcmFkaWVudD4KICAgICAgICA8bGluZWFyR3JhZGllbnQgaWQ9Il9MaW5lYXI2IiB4MT0iMCIgeTE9IjAiIHgyPSIxIiB5Mj0iMCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJtYXRyaXgoNDYuMTg2MSwtMTIuMDE1OSwxMi4wMTU5LDQ2LjE4NjEsNTAuMzQyLDM5LjcxNTIpIj48c3RvcCBvZmZzZXQ9IjAiIHN0eWxlPSJzdG9wLWNvbG9yOnJnYigxNzAsMTcxLDE3MSk7c3RvcC1vcGFjaXR5OjEiLz48c3RvcCBvZmZzZXQ9IjAuMSIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDE3MCwxNzEsMTcxKTtzdG9wLW9wYWNpdHk6MSIvPjxzdG9wIG9mZnNldD0iMSIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDc4LDc4LDc4KTtzdG9wLW9wYWNpdHk6MSIvPjwvbGluZWFyR3JhZGllbnQ+CiAgICAgICAgPGxpbmVhckdyYWRpZW50IGlkPSJfTGluZWFyNyIgeDE9IjAiIHkxPSIwIiB4Mj0iMSIgeTI9IjAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIiBncmFkaWVudFRyYW5zZm9ybT0ibWF0cml4KDQ2LjE4NTQsMTIuMDE1OSwtMTIuMDE1OSw0Ni4xODU0LDUwLjM0MjUsNTcuNjU2OSkiPjxzdG9wIG9mZnNldD0iMCIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDE3MCwxNzEsMTcxKTtzdG9wLW9wYWNpdHk6MSIvPjxzdG9wIG9mZnNldD0iMC4xIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMTcwLDE3MSwxNzEpO3N0b3Atb3BhY2l0eToxIi8+PHN0b3Agb2Zmc2V0PSIxIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoNzgsNzgsNzgpO3N0b3Atb3BhY2l0eToxIi8+PC9saW5lYXJHcmFkaWVudD4KICAgICAgICA8bGluZWFyR3JhZGllbnQgaWQ9Il9MaW5lYXI4IiB4MT0iMCIgeTE9IjAiIHgyPSIxIiB5Mj0iMCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJtYXRyaXgoLTQ2LjE4NDQsMTIuMDE2NiwtMTIuMDE2NiwtNDYuMTg0NCw0NC4zOTM1LDU3LjY1NjQpIj48c3RvcCBvZmZzZXQ9IjAiIHN0eWxlPSJzdG9wLWNvbG9yOnJnYigxNzAsMTcxLDE3MSk7c3RvcC1vcGFjaXR5OjEiLz48c3RvcCBvZmZzZXQ9IjAuMSIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDE3MCwxNzEsMTcxKTtzdG9wLW9wYWNpdHk6MSIvPjxzdG9wIG9mZnNldD0iMSIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDc4LDc4LDc4KTtzdG9wLW9wYWNpdHk6MSIvPjwvbGluZWFyR3JhZGllbnQ+CiAgICAgICAgPGxpbmVhckdyYWRpZW50IGlkPSJfTGluZWFyOSIgeDE9IjAiIHkxPSIwIiB4Mj0iMSIgeTI9IjAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIiBncmFkaWVudFRyYW5zZm9ybT0ibWF0cml4KDM1LjMxNTUsMCwwLDM1LjMxNTUsLTAuMDAwMjgzNDY3LDI0LjI1ODcpIj48c3RvcCBvZmZzZXQ9IjAiIHN0eWxlPSJzdG9wLWNvbG9yOnJnYigyNTQsMjU0LDI1NCk7c3RvcC1vcGFjaXR5OjEiLz48c3RvcCBvZmZzZXQ9IjAuMjMiIHN0eWxlPSJzdG9wLWNvbG9yOnJnYigyNTQsMjU0LDI1NCk7c3RvcC1vcGFjaXR5OjEiLz48c3RvcCBvZmZzZXQ9IjEiIHN0eWxlPSJzdG9wLWNvbG9yOnJnYigxNzYsMTc2LDE3Nik7c3RvcC1vcGFjaXR5OjEiLz48L2xpbmVhckdyYWRpZW50PgogICAgICAgIDxsaW5lYXJHcmFkaWVudCBpZD0iX0xpbmVhcjEwIiB4MT0iMCIgeTE9IjAiIHgyPSIxIiB5Mj0iMCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJtYXRyaXgoLTM1LjMxNTQsNC4zMjQ4OWUtMTUsLTQuMzI0ODllLTE1LC0zNS4zMTU0LDk0LjczNiwyNC4yNTg3KSI+PHN0b3Agb2Zmc2V0PSIwIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMjU0LDI1NCwyNTQpO3N0b3Atb3BhY2l0eToxIi8+PHN0b3Agb2Zmc2V0PSIwLjIzIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMjU0LDI1NCwyNTQpO3N0b3Atb3BhY2l0eToxIi8+PHN0b3Agb2Zmc2V0PSIxIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMTc2LDE3NiwxNzYpO3N0b3Atb3BhY2l0eToxIi8+PC9saW5lYXJHcmFkaWVudD4KICAgICAgICA8bGluZWFyR3JhZGllbnQgaWQ9Il9MaW5lYXIxMSIgeDE9IjAiIHkxPSIwIiB4Mj0iMSIgeTI9IjAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIiBncmFkaWVudFRyYW5zZm9ybT0ibWF0cml4KC0zNS4zMTU0LDQuMzI0ODllLTE1LC00LjMyNDg5ZS0xNSwtMzUuMzE1NCw5NC43MzYsNzMuMTEzMykiPjxzdG9wIG9mZnNldD0iMCIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDI1NCwyNTQsMjU0KTtzdG9wLW9wYWNpdHk6MSIvPjxzdG9wIG9mZnNldD0iMC4yMyIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDI1NCwyNTQsMjU0KTtzdG9wLW9wYWNpdHk6MSIvPjxzdG9wIG9mZnNldD0iMSIgc3R5bGU9InN0b3AtY29sb3I6cmdiKDE3NiwxNzYsMTc2KTtzdG9wLW9wYWNpdHk6MSIvPjwvbGluZWFyR3JhZGllbnQ+CiAgICAgICAgPGxpbmVhckdyYWRpZW50IGlkPSJfTGluZWFyMTIiIHgxPSIwIiB5MT0iMCIgeDI9IjEiIHkyPSIwIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgzNS4zMTU1LDAsMCwzNS4zMTU1LC0wLjAwMDI4MzQ2Nyw3My4xMTMzKSI+PHN0b3Agb2Zmc2V0PSIwIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMjU0LDI1NCwyNTQpO3N0b3Atb3BhY2l0eToxIi8+PHN0b3Agb2Zmc2V0PSIwLjIzIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMjU0LDI1NCwyNTQpO3N0b3Atb3BhY2l0eToxIi8+PHN0b3Agb2Zmc2V0PSIxIiBzdHlsZT0ic3RvcC1jb2xvcjpyZ2IoMTc2LDE3NiwxNzYpO3N0b3Atb3BhY2l0eToxIi8+PC9saW5lYXJHcmFkaWVudD4KICAgIDwvZGVmcz4KPC9zdmc+Cg==') no-repeat left; -} - -/* initial title */ -#titles h1 { - color: #000000; -} -#titles h2 { - color: #000000; -} - -/* special event: FTP success page titles */ -#titles ftpsuccess { - background-color:#00ff00; - width:100%; -} - -/* Page displayed body content area */ -#content { - padding: 10px; - background: #ffffff; -} - -/* General text */ -p { -} - -/* error brief description */ -#error p { -} - -/* some data which may have caused the problem */ -#data { -} - -/* the error message received from the system or other software */ -#sysmsg { -} - -pre { -} - -/* special event: FTP / Gopher directory listing */ -#dirmsg { - font-family: courier, monospace; - color: black; - font-size: 10pt; -} -#dirlisting { - margin-left: 2%; - margin-right: 2%; -} -#dirlisting tr.entry td.icon,td.filename,td.size,td.date { - border-bottom: groove; -} -#dirlisting td.size { - width: 50px; - text-align: right; - padding-right: 5px; -} - -/* horizontal lines */ -hr { - margin: 0; -} - -/* page displayed footer area */ -#footer { - font-size: 9px; - padding-left: 10px; -} diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php deleted file mode 100644 index 3fa2f25a5..000000000 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php +++ /dev/null @@ -1,157 +0,0 @@ -forward->sslcertificate) != $prev_sslbump_cert) || - (!empty((string)$mdlProxy->general->cache->local->enabled) != $prev_cache_active); - } - - private function hookStartErrorHandler($result) - { - if (preg_match('/__ok__$/', $result['response'])) { - $result['response'] = "ok"; - } else { - throw new UserException($result['response'], gettext("proxy load error")); - } - return $result; - } - - public function startAction() - { - return $this->hookStartErrorHandler(parent::startAction()); - } - - public function restartAction() - { - return $this->hookStartErrorHandler(parent::restartAction()); - } - - /** - * reload template only (for example PAC does not need to change squid configuration) - * @return array - */ - public function resetAction() - { - if ($this->request->isPost()) { - // close session for long running action - $this->sessionClose(); - $backend = new Backend(); - return array('status' => $backend->configdRun('proxy reset')); - } else { - return array('error' => 'This API endpoint must be called via POST', - 'status' => 'error'); - } - } - - /** - * reload template only (for example PAC does not need to change squid configuration) - * @return array - */ - public function refreshTemplateAction() - { - if ($this->request->isPost()) { - // close session for long running action - $this->sessionClose(); - $backend = new Backend(); - return array('status' => $backend->configdRun('template reload OPNsense/Proxy')); - } else { - return array('error' => 'This API endpoint must be called via POST', - 'status' => 'error'); - } - } - - /** - * fetch acls (download + install) - * @return array - */ - public function fetchaclsAction() - { - if ($this->request->isPost()) { - // close session for long running action - $this->sessionClose(); - - $backend = new Backend(); - // generate template - $backend->configdRun('template reload OPNsense/Proxy'); - - // fetch files - $response = $backend->configdRun("proxy fetchacls"); - return array("response" => $response,"status" => "ok"); - } else { - return array("response" => array()); - } - } - - /** - * download (only) acls - * @return array - */ - public function downloadaclsAction() - { - if ($this->request->isPost()) { - // close session for long running action - $this->sessionClose(); - - $backend = new Backend(); - // generate template - $backend->configdRun('template reload OPNsense/Proxy'); - - // download files - $response = $backend->configdRun("proxy downloadacls"); - return array("response" => $response,"status" => "ok"); - } else { - return array("response" => array()); - } - } -} diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/SettingsController.php b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/SettingsController.php deleted file mode 100644 index 386c117f4..000000000 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/SettingsController.php +++ /dev/null @@ -1,334 +0,0 @@ - - * Copyright (C) 2017 Fabian Franz - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -namespace OPNsense\Proxy\Api; - -use OPNsense\Base\ApiMutableModelControllerBase; -use OPNsense\Cron\Cron; -use OPNsense\Core\Config; -use OPNsense\Base\UIModelGrid; - -/** - * Class SettingsController - * @package OPNsense\Proxy - */ -class SettingsController extends ApiMutableModelControllerBase -{ - protected static $internalModelName = 'proxy'; - protected static $internalModelClass = '\OPNsense\Proxy\Proxy'; - - /** - * - * search remote blacklists - * @return array - */ - public function searchRemoteBlacklistsAction() - { - $this->sessionClose(); - $mdlProxy = $this->getModel(); - $grid = new UIModelGrid($mdlProxy->forward->acl->remoteACLs->blacklists->blacklist); - return $grid->fetchBindRequest( - $this->request, - array("enabled", "filename", "url", "description"), - "description" - ); - } - - /** - * retrieve remote blacklist settings or return defaults - * @param $uuid item unique id - * @return array - */ - public function getRemoteBlacklistAction($uuid = null) - { - return $this->getBase("blacklist", "forward.acl.remoteACLs.blacklists.blacklist", $uuid); - } - - /** - * update remote blacklist item - * @param string $uuid - * @return array result status - * @throws \Phalcon\Filter\Validation\Exception - */ - public function setRemoteBlacklistAction($uuid) - { - return $this->setBase('blacklist', 'forward.acl.remoteACLs.blacklists.blacklist', $uuid); - } - - /** - * add new blacklist and set with attributes from post - * @return array - */ - public function addRemoteBlacklistAction() - { - return $this->addBase('blacklist', 'forward.acl.remoteACLs.blacklists.blacklist'); - } - - /** - * delete blacklist by uuid - * @param $uuid item unique id - * @return array status - */ - public function delRemoteBlacklistAction($uuid) - { - return $this->delBase('forward.acl.remoteACLs.blacklists.blacklist', $uuid); - } - - /** - * toggle blacklist by uuid (enable/disable) - * @param $uuid item unique id - * @return array status - */ - public function toggleRemoteBlacklistAction($uuid) - { - return $this->toggleBase('forward.acl.remoteACLs.blacklists.blacklist', $uuid); - } - - /** - * create new cron item for remote acl or return already available one - * @return array status action - */ - public function fetchRBCronAction() - { - $result = array("result" => "failed"); - - if ($this->request->isPost()) { - $mdlProxy = $this->getModel(); - if ((string)$mdlProxy->forward->acl->remoteACLs->UpdateCron == "") { - $mdlCron = new Cron(); - // update cron relation (if this doesn't break consistency) - $uuid = $mdlCron->newDailyJob("Proxy", "proxy fetchacls", "fetch proxy acls", "1"); - $mdlProxy->forward->acl->remoteACLs->UpdateCron = $uuid; - - if ($mdlCron->performValidation()->count() == 0) { - $mdlCron->serializeToConfig(); - // save data to config, do not validate because the current in memory model doesn't know about the - // cron item just created. - $mdlProxy->serializeToConfig($validateFullModel = false, $disable_validation = true); - Config::getInstance()->save(); - $result['result'] = "new"; - $result['uuid'] = $uuid; - } else { - $result['result'] = "unable to add cron"; - } - } else { - $result['result'] = "existing"; - $result['uuid'] = (string)$mdlProxy->forward->acl->remoteACLs->UpdateCron; - } - } - - return $result; - } - - /** - * - * search PAC Rule - * @return array - */ - public function searchPACRuleAction() - { - $this->sessionClose(); - return $this->searchBase('pac.rule', array("enabled", "description", "proxies", "matches"), "description"); - } - - /** - * retrieve PAC Rule or return defaults - * @param $uuid item unique id - * @return array - */ - public function getPACRuleAction($uuid = null) - { - $this->sessionClose(); - return array("pac" => $this->getBase('rule', 'pac.rule', $uuid)); - } - - /** - * add new PAC Rule and set with attributes from post - * @return array - */ - public function addPACRuleAction() - { - $this->pac_set_helper(); - return $this->addBase('rule', 'pac.rule'); - } - - /** - * update PAC Rule - * @param string $uuid - * @return array result status - * @throws \Phalcon\Filter\Validation\Exception - */ - public function setPACRuleAction($uuid) - { - $this->pac_set_helper(); - return $this->setBase('rule', 'pac.rule', $uuid); - } - - /** - * toggle PAC Rule by uuid (enable/disable) - * @param $uuid item unique id - * @return array status - */ - public function togglePACRuleAction($uuid) - { - return $this->toggleBase('pac.rule', $uuid); - } - - /** - * delete PAC Rule by uuid - * @param $uuid item unique id - * @return array status - */ - public function delPACRuleAction($uuid) - { - return $this->delBase('pac.rule', $uuid); - } - - /** - * - * search PAC Proxy - * @return array - */ - public function searchPACProxyAction() - { - $this->sessionClose(); - return $this->searchBase('pac.proxy', array("enabled","proxy_type", "name", "url", "description"), "description"); - } - - /** - * retrieve PAC Proxy or return defaults - * @param $uuid item unique id - * @return array - */ - public function getPACProxyAction($uuid = null) - { - $this->sessionClose(); - return array("pac" => $this->getBase('proxy', 'pac.proxy', $uuid)); - } - - /** - * add new PAC Proxy and set with attributes from post - * @return array - */ - public function addPACProxyAction() - { - $this->pac_set_helper(); - return $this->addBase('proxy', 'pac.proxy'); - } - - /** - * update PAC Proxy - * @param string $uuid - * @return array result status - * @throws \Phalcon\Filter\Validation\Exception - */ - public function setPACProxyAction($uuid) - { - $this->pac_set_helper(); - return $this->setBase('proxy', 'pac.proxy', $uuid); - } - - /** - * delete PAC Proxy by uuid - * @param $uuid item unique id - * @return array status - */ - public function delPACProxyAction($uuid) - { - return $this->delBase('pac.proxy', $uuid); - } - - /** - * search PAC Match - * @return array - */ - public function searchPACMatchAction() - { - $this->sessionClose(); - return $this->searchBase('pac.match', array("enabled", "name", "description", "negate", "match_type"), "name"); - } - - /** - * retrieve PAC Match or return defaults - * @param $uuid item unique id - * @return array - */ - public function getPACMatchAction($uuid = null) - { - $this->sessionClose(); - return array("pac" => $this->getBase('match', 'pac.match', $uuid)); - } - - /** - * add new PAC Proxy and set with attributes from post - * @return array - */ - public function addPACMatchAction() - { - $this->pac_set_helper(); - return $this->addBase('match', 'pac.match'); - } - - /** - * update PAC Rule - * @param string $uuid - * @return array result status - * @throws \Phalcon\Filter\Validation\Exception - */ - public function setPACMatchAction($uuid) - { - $this->pac_set_helper(); - return $this->setBase('match', 'pac.match', $uuid); - } - - /** - * delete PAC Match by uuid - * @param $uuid item unique id - * @return array status - */ - public function delPACMatchAction($uuid) - { - return $this->delBase('pac.match', $uuid); - } - - /** - * flatten post data structure - */ - private function pac_set_helper() - { - if ($this->request->isPost() && $this->request->hasPost("pac")) { - $pac_data = $this->request->getPost('pac'); - if (is_array($pac_data)) { - foreach ($pac_data as $key => $value) { - $_POST[$key] = $value; - } - } - } - } -} diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/TemplateController.php b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/TemplateController.php deleted file mode 100644 index d6f5c04d3..000000000 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/TemplateController.php +++ /dev/null @@ -1,102 +0,0 @@ -request->isPost() && $this->request->hasPost("content")) { - $this->sessionClose(); - $mdl = $this->getModel(); - $mdl->error_pages->template = $this->request->getPost("content", "striptags"); - $result = $this->validate(); - if (empty($result['validations'])) { - // save config if validated correctly - $this->save(); - $result = array("result" => "saved"); - } else { - $result["result"] = "failed"; - } - return $result; - } else { - return array("result" => "failed"); - } - } - - /** - * reset error_pages template - */ - public function resetAction() - { - if ($this->request->isPost()) { - $mdl = $this->getModel(); - $mdl->error_pages->template = null; - $this->save(); - return array("result" => "saved"); - } - return array("result" => "failed"); - } - - /** - * retrieve error pages template, overlay provided template zip file on top of OPNsense error pages - * using configd calls - */ - public function getAction() - { - $backend = new Backend(); - $backend->configdRun("template reload OPNsense/Proxy"); - $result = json_decode($backend->configdRun("proxy download_error_pages"), true); - if ($result != null) { - $this->response->setRawHeader("Content-Type: application/octet-stream"); - $this->response->setRawHeader("Content-Disposition: attachment; filename=proxy_template.zip"); - return base64_decode($result['payload']); - } else { - // return empty response on error - return ""; - } - } -} diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/IndexController.php b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/IndexController.php deleted file mode 100644 index 7e9c7a6f1..000000000 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/IndexController.php +++ /dev/null @@ -1,52 +0,0 @@ -view->mainForm = $this->getForm("main"); - $this->view->formDialogEditPACMatch = $this->getForm("dialogEditPACMatch"); - $this->view->formDialogEditPACRule = $this->getForm("dialogEditPACRule"); - $this->view->formDialogEditPACProxy = $this->getForm("dialogEditPACProxy"); - $this->view->formDialogEditBlacklist = $this->getForm("dialogEditBlacklist"); - $this->view->pick('OPNsense/Proxy/index'); - } -} diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditBlacklist.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditBlacklist.xml deleted file mode 100644 index 308084829..000000000 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditBlacklist.xml +++ /dev/null @@ -1,51 +0,0 @@ -
- - blacklist.enabled - - checkbox - Select if job is enabled or not - - - blacklist.filename - - text - Enter a filename for storing the blacklist. - - - blacklist.url - - text - Enter an url to fetch the blacklist from. - - - blacklist.username - - text - (optional) user credentials. - - - blacklist.password - - password - (optional) user credentials. - - - blacklist.filter - - select_multiple - 300 - - - - blacklist.sslNoVerify - - checkbox - Ignore SSL certificate validation (for self-signed certificates) - - - blacklist.description - - text - Enter a description to explain what this blacklist is intended for. - -
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACMatch.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACMatch.xml deleted file mode 100644 index 68ae6fd22..000000000 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACMatch.xml +++ /dev/null @@ -1,92 +0,0 @@ -
- - pac.match.name - - text - Select a name for this match. - - - pac.match.description - - text - Enter a description for this rule. The description should help you to identify this rule. - - - pac.match.negate - - checkbox - Negate this match. For example you can match if a host is not inside a network. - - - pac.match.match_type - - dropdown - Select the type of the match. Depending on the match, you will need different arguments. - - - pac.match.network - - text - Enter the network address to match in CIDR notation for example like 127.0.0.1/8 or ::1/128 - - - pac.match.hostname - - text - Enter a hostname pattern like *.opnsense.org. - - - pac.match.url - - text - Enter a URL pattern like forum.opnsense.org/index*. - - - pac.match.domain_level_from - - text - Enter the minimum amount of dots in the domain name. - - - pac.match.domain_level_to - - text - Enter the maximum amount of dots in the domain name. - - - pac.match.time_from - - text - Enter start hour (minimum 0). - - - pac.match.time_to - - text - Enter the end time (maximum 23, minimum 0 or start time). - - - pac.match.date_from - - dropdown - Enter the first month. - - - pac.match.date_to - - dropdown - Enter the last month (maximum December, minimum January or From Month). - - - pac.match.weekday_from - - dropdown - Enter the first day of the week. - - - pac.match.weekday_to - - dropdown - Enter the last day of the week. - -
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACProxy.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACProxy.xml deleted file mode 100644 index d07bf4406..000000000 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACProxy.xml +++ /dev/null @@ -1,26 +0,0 @@ -
- - pac.proxy.name - - text - Enter a name for this match. - - - pac.proxy.description - - text - Enter a description for this proxy for your reference. - - - pac.proxy.proxy_type - - dropdown - Choose a proxy type. Usually you should use Direct for a direct connection or Proxy for a Proxy. - - - pac.proxy.url - - text - Enter a proxy URL in the form proxy.example.com:3128. - -
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACRule.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACRule.xml deleted file mode 100644 index 3e901766c..000000000 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/dialogEditPACRule.xml +++ /dev/null @@ -1,40 +0,0 @@ -
- - pac.rule.enabled - - checkbox - Please select if this rule should be added to the PAC file. - - - pac.rule.description - - text - Enter a description for this rule. The description should help you to identify this rule. - - - pac.rule.matches - - select_multiple - - Select some matches you want to use in this rule. This matches are joined using the selected separator. - - - pac.rule.join_type - - dropdown - Please select a separator to join the matches. Or means any mach can be true which can be used to configure the same proxy for multiple networks while And means all matches must be true which can be used to assign the proxy in a more detailed way. - - - pac.rule.match_type - - dropdown - Choose If in case any case you want to ensure a match to evaluate as is, else choose unless if you want the negated version. Unless is used if you want to use the proxy for every host but not for some special ones. - - - pac.rule.proxies - - select_multiple - - true - -
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml deleted file mode 100644 index 1db7c2fd7..000000000 --- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml +++ /dev/null @@ -1,634 +0,0 @@ -
- - - - proxy.general.enabled - - checkbox - Enable or disable the proxy service. - - - proxy.general.error_pages - - dropdown - - The proxy error pages can be altered, default layout uses OPNsense content, when Squid is selected - the content for the selected language will be used (standard squid layout), Custom offers the possibility - to upload your own theme content. - - - - proxy.general.icpPort - - text - The port number where Squid sends and receives ICP queries to and from neighbor caches. Leave blank to disable (default). The standard UDP port for ICP is 3130. - true - - - proxy.general.logging.enable.accessLog - - checkbox - Enable access logging. - true - - - proxy.general.logging.target - - dropdown - Send log data to the selected target. When syslog is selected, facility local 4 will be used to send messages of info level for these logs. - true - - - proxy.general.logging.enable.storeLog - - checkbox - Enable store logging. - true - - - proxy.general.logging.ignoreLogACL - - select_multiple - - Type subnets/addresses you want to ignore for the access.log. - true - true - - - proxy.general.alternateDNSservers - - select_multiple - - Type IPs of alternative DNS servers you like to use. - true - true - - - proxy.general.useViaHeader - - checkbox - If set (default), Squid will include a Via header in requests and replies as required by RFC2616. - true - - - proxy.general.forwardedForHandling - - dropdown - Select what to do with X-Forwarded-For header. If set to: "on", Squid will append your client's IP address in the HTTP requests it forwards. By default it looks like X-Forwarded-For: 192.1.2.3; If set to: "off", it will appear as X-Forwarded-For: unknown; "transparent", Squid will not alter the X-Forwarded-For header in any way; If set to: "delete", Squid will delete the entire X-Forwarded-For header; If set to: "truncate", Squid will remove all existing X-Forwarded-For entries, and place the client IP as the sole entry. - true - - - proxy.general.VisibleHostname - - text - This is the hostname to be displayed in proxy server error messages. - true - - - proxy.general.VisibleEmail - - text - This is the email address displayed in error messages to the users. - true - - - proxy.general.suppressVersion - - checkbox - Suppress Squid version string info in HTTP headers and HTML error pages. - true - - - proxy.general.connecttimeout - - text - This can help you when having connection issues with IPv6 enabled servers. Set a value in seconds - true - - - proxy.general.uriWhitespaceHandling - - dropdown - Select what to do with URI that contain whitespaces. The current Squid implementation of encode and chop violates RFC2616 by not using a 301 redirect after altering the URL. - true - - - proxy.general.enablePinger - - checkbox - Toggles the Squid pinger service. This service is used in the selection of the best parent proxy. - true - - - - - proxy.general.cache.local.cache_mem - - text - Enter the cache memory size to use or zero to disable completely. - - - proxy.general.cache.local.enabled - - checkbox - Enable or disable the local cache. Only UFS directory cache type is supported. Do not enable on embedded systems with SD or CF cards as this will wear down your drive. - - - proxy.general.cache.local.size - - text - Enter the storage size for the local cache (default is 100). - true - - - proxy.general.cache.local.directory - - text - Enter the directory location for the local cache (default is /var/squid/cache). - true - - - proxy.general.cache.local.l1 - - text - Enter the number of first-level subdirectories for the local cache (default is 16). - true - - - proxy.general.cache.local.l2 - - text - Enter the number of second-level subdirectories for the local cache (default is 256). - true - - - proxy.general.cache.local.maximum_object_size - - text - Set the maximum object size (default 4MB when left empty). - true - - - proxy.general.cache.local.maximum_object_size_in_memory - - text - Set the maximum object size in memory (default 512KB when left empty). - true - - - proxy.general.cache.local.memory_cache_mode - - dropdown - - Controls which objects to keep in the memory cache (cache_mem) - always: Keep most recently fetched objects in memory (default) - disk: Only disk cache hits are kept in memory, which means an object must first be cached on disk and then hit a second time before cached in memory. - network: Only objects fetched from network is kept in memory - - true - - - proxy.general.cache.local.cache_linux_packages - - checkbox - Enable or disable the caching of packages for linux distributions. This makes sense if you have multiple servers in your network and do not host your own package mirror. This will reduce internet traffic usage but increase disk access. - - - proxy.general.cache.local.cache_windows_updates - - checkbox - Enable or disable the caching of Windows updates. This makes sense if you don't have a WSUS server. If you can setup a WSUS server, this solution should be preferred. - - - - - proxy.general.traffic.enabled - - checkbox - Enable or disable traffic management. - - - proxy.general.traffic.maxDownloadSize - - text - Enter the maximum size for downloads in kilobytes (leave empty to disable). - - - proxy.general.traffic.maxUploadSize - - text - Enter the maximum size for uploads in kilobytes (leave empty to disable). - - - proxy.general.traffic.OverallBandwidthTrotteling - - text - Enter the allowed overall bandwidth in kilobits per second (leave empty to disable). - - - proxy.general.traffic.perHostTrotteling - - text - Enter the allowed per host bandwidth in kilobits per second (leave empty to disable). - - - - - proxy.general.parentproxy.enabled - - checkbox - Enable parent proxy feature. - - - proxy.general.parentproxy.host - - text - Parent proxy IP address or hostname. - - - proxy.general.parentproxy.port - - text - Parent proxy port. - - - proxy.general.parentproxy.enableauth - - checkbox - Enable authentication against the parent proxy. - - - proxy.general.parentproxy.user - - text - Set a username if parent proxy requires authentication. - - - proxy.general.parentproxy.password - - password - Set a password if parent proxy requires authentication. - - - proxy.general.parentproxy.localdomains - - select_multiple - - true - List of domains not to be sent via parent proxy. - - - proxy.general.parentproxy.localips - - select_multiple - - true - List of IP addresses not to be sent via parent proxy. - - - - - - - proxy.forward.interfaces - - select_multiple - Select interface(s) the proxy will bind to. - - - proxy.forward.port - - text - The port the proxy service will listen to. - - - proxy.forward.transparentMode - - checkbox - Add a new firewall rule ]]> - - - proxy.forward.sslbump - - checkbox - Add a new firewall rule ]]> - - - proxy.forward.sslurlonly - - checkbox - Do not decode and/or filter SSL content, only log requested domains and IP addresses. Some old servers may not provide SNI, so their addresses will not be indicated. - - - proxy.forward.sslbumpport - - text - The port the ssl proxy service will listen to. - - - proxy.forward.sslcertificate - - dropdown - CA Manager.]]> - - - proxy.forward.sslnobumpsites - - select_multiple - - true - Create a list of sites which may not be inspected, for example bank sites. Prefix the domain with a . to accept all subdomains (e.g. .google.com). - - - proxy.forward.ssl_crtd_storage_max_size - - text - Enter the maximum size (in MB) to use for SSL certificates. - true - - - proxy.forward.sslcrtd_children - - text - Enter the number of ssl certificate workers to use (sslcrtd_children). - true - - - proxy.forward.addACLforInterfaceSubnets - - checkbox - When enabled the subnets of the selected interfaces will be added to the allow access list. - true - - - - - proxy.forward.ftpInterfaces - - select_multiple - Select interface(s) the ftp proxy will bind to. - - - proxy.forward.ftpPort - - text - The port the proxy service will listen to. - - - proxy.forward.ftpTransparentMode - - checkbox - Enable transparent ftp proxy mode to forward all requests for destination port 21 to the proxy server without any additional configuration. - - - - - proxy.forward.acl.allowedSubnets - - select_multiple - - Type subnets you want to allow access to the proxy server. - true - - - proxy.forward.acl.unrestricted - - select_multiple - - Type IP addresses you want to allow access to the proxy server. - true - - - proxy.forward.acl.bannedHosts - - select_multiple - - Type IP addresses you want to deny access to the proxy server. - true - - - proxy.forward.acl.whiteList - - select_multiple - - Whitelist destination domains. You may use a regular expression, use a comma or press Enter for new item. Examples: "mydomain.com" matches on "*.mydomain.com"; "^https?:\/\/([a-zA-Z]+)\.mydomain\." matches on "http(s)://textONLY.mydomain.*"; "\.gif$" matches on "\*.gif" but not on "\*.gif\test"; "\[0-9]+\.gif$" matches on "\123.gif" but not on "\test.gif" - true - - - proxy.forward.acl.blackList - - select_multiple - - Blacklist destination domains. You may use a regular expression, use a comma or press Enter for new item. Examples: "mydomain.com" matches on "*.mydomain.com"; "^https?:\/\/([a-zA-Z]+)\.mydomain\." matches on "http(s)://textONLY.mydomain.*"; "\.gif$" matches on "*.gif" but not on "\*.gif\test"; "\[0-9]+\.gif$" matches on "\123.gif" but not on "\test.gif" - true - - - proxy.forward.acl.browser - - select_multiple - - Block user-agents. You may use a regular expression, use a comma or press Enter for new item. Examples: "^(.)+Macintosh(.)+Firefox/37\.0" matches on "Macintosh version of Firefox revision 37.0"; "^Mozilla" matches on "all Mozilla based browsers" - true - true - - - proxy.forward.acl.mimeType - - select_multiple - - Block specific MIME type reply. You may use a regular expression, use a comma or press Enter for new item. Examples: "video/flv" matches on "Flash Video"; "application/x-javascript" matches on "javascripts" - true - true - - - proxy.forward.acl.googleapps - - text - true - - - - proxy.forward.acl.youtube - - dropdown - true - - - - proxy.forward.acl.safePorts - - select_multiple - - Allowed destination TCP ports, you may use ranges (ex. 222-226) and add comments with colon (ex. 22:ssh). - true - true - - - proxy.forward.acl.sslPorts - - select_multiple - - Allowed destination SSL ports, you may use ranges (ex. 222-226) and add comments with colon (ex. 22:ssh). - true - true - - - - - proxy.forward.icap.enable - - checkbox - - If this checkbox is checked, you can use an ICAP server to filter or replace content. - true - false - - - proxy.forward.icap.RequestURL - - text - - Enter the url where the REQMOD requests should be sent to. - true - false - - - proxy.forward.icap.ResponseURL - - text - - Enter the url where the RESPMOD requests should be sent to. - true - false - - - proxy.forward.icap.OptionsTTL - - text - - Default ttl - true - true - - - proxy.forward.icap.SendClientIP - - checkbox - - If you enable this option, the client IP address will be sent to the ICAP server. This can be useful if you want to filter traffic based on IP addresses. - true - true - - - proxy.forward.icap.SendUsername - - checkbox - - If you enable this option, the username of the client will be sent to the ICAP server. This can be useful if you want to filter traffic based on usernames. Authentication is required to use usernames. - true - true - - - proxy.forward.icap.EncodeUsername - - checkbox - - Use this option if your usernames need to be encoded. - true - true - - - proxy.forward.icap.UsernameHeader - - text - - The header which should be used to send the username to the ICAP server. - true - true - - - proxy.forward.icap.EnablePreview - - checkbox - - If you use previews, only a part of the data is sent to the ICAP server. Setting this option can improve the performance. - true - true - - - proxy.forward.icap.PreviewSize - - text - - Enter the size of the preview which is sent to the ICAP server. - true - true - - - proxy.forward.icap.exclude - - select_multiple - - Exclusion list destination domains.You may use a regular expression, use a comma or press Enter for new item. Examples: "mydomain.com" matches on "*.mydomain.com"; "https://([a-zA-Z]+)\.mydomain\." matches on "http(s)://textONLY.mydomain.*"; "\.gif$" matches on "\*.gif" but not on "\*.gif\test"; "\[0-9]+\.gif$" matches on "\123.gif" but not on "\test.gif" - true - - - - - proxy.forward.authentication.method - - select_multiple - Select Authentication method - - - proxy.forward.authentication.authEnforceGroup - - select_multiple - - NOTE: please be aware that users (or vouchers) which aren't administered locally will be denied when using this option.]]> - - - - proxy.forward.authentication.realm - - text - The prompt will be displayed in the authentication request window. - - - proxy.forward.authentication.credentialsttl - - text - This specifies for how long (in hours) the proxy server assumes an externally validated username and password combination is valid (Time To Live). When the TTL expires, the user will be prompted for credentials again. - - - proxy.forward.authentication.children - - text - The total number of authenticator processes to spawn. - - - - - proxy.forward.snmp_enable - - checkbox - Enable or disable the squid SNMP Agent. - - - proxy.forward.snmp_port - - text - The port number where Squid listens for SNMP requests. To enable SNMP support set this to a suitable port number. Port number 3401 is often used for the Squid SNMP agent. - - - proxy.forward.snmp_password - - text - The password for access to SNMP agent - - - - - proxy-general-settings -
diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/Services/Squid.php b/src/opnsense/mvc/app/library/OPNsense/Auth/Services/Squid.php deleted file mode 100644 index 1c5f0b44d..000000000 --- a/src/opnsense/mvc/app/library/OPNsense/Auth/Services/Squid.php +++ /dev/null @@ -1,105 +0,0 @@ -object(); - - if (!empty((string)$configObj->OPNsense->proxy->forward->authentication->method)) { - $result = explode(',', (string)$configObj->OPNsense->proxy->forward->authentication->method); - } else { - $result[] = 'Local Database'; - } - return $result; - } - - /** - * {@inheritdoc} - */ - public function setUserName($username) - { - $this->username = $username; - } - - /** - * {@inheritdoc} - */ - public function getUserName() - { - return $this->username; - } - - /** - * {@inheritdoc} - */ - public function checkConstraints() - { - $configObj = Config::getInstance()->object(); - if (!empty((string)$configObj->OPNsense->proxy->forward->authentication->authEnforceGroup)) { - $groups = explode(',', (string)$configObj->OPNsense->proxy->forward->authentication->authEnforceGroup); - $acl = new ACL(); - foreach ($groups as $local_group) { - if ($acl->inGroup($this->getUserName(), $local_group, false)) { - return true; - } - } - return false; - } else { - return true; - } - } -} diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/ACL/ACL.xml b/src/opnsense/mvc/app/models/OPNsense/Proxy/ACL/ACL.xml deleted file mode 100644 index 220b30a9a..000000000 --- a/src/opnsense/mvc/app/models/OPNsense/Proxy/ACL/ACL.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - Services: Proxy - - ui/proxy/* - api/proxy/* - ui/diagnostics/log/squid/* - api/diagnostics/log/squid/* - - - diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/Proxy/Menu/Menu.xml deleted file mode 100644 index 71280faf7..000000000 --- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Menu/Menu.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Migrations/M1_0_0.php b/src/opnsense/mvc/app/models/OPNsense/Proxy/Migrations/M1_0_0.php deleted file mode 100644 index bbf52d2f2..000000000 --- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Migrations/M1_0_0.php +++ /dev/null @@ -1,37 +0,0 @@ -getFlatNodes() as $key => $node) { - if ($validateFullModel || $node->isFieldChanged()) { - // if match_type has changed we need to make some fields required - if ($node->getInternalXMLTagName() == "match_type") { - $match = $node->getParentNode(); - $match_type = (string)$match->match_type; - switch ($match_type) { - case 'url_matches': - if (strlen((string)$match->url) == 0) { - $result->appendMessage(new \Phalcon\Messages\Message( - gettext('URL must be set.'), - 'pac.match.url' - )); - } - break; - case 'hostname_matches': - case 'dns_domain_is': - case 'is_resolvable': - if (strlen((string)$match->hostname) == 0) { - $result->appendMessage(new \Phalcon\Messages\Message( - gettext('Hostname must be set.'), - 'pac.match.hostname' - )); - } - break; - case 'destination_in_net': - case 'my_ip_in_net': - if (strlen((string)$match->network) == 0) { - $result->appendMessage(new \Phalcon\Messages\Message( - gettext('Network must be set.'), - 'pac.match.network' - )); - } - case 'plain_hostname': - case 'dns_domain_levels': - case 'weekday_range': - case 'date_range': - case 'time_range': - break; // no special validation - } - } - } - } - return $result; - } -} diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml deleted file mode 100644 index d7d2ed578..000000000 --- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml +++ /dev/null @@ -1,686 +0,0 @@ - - //OPNsense/proxy - 1.0.6 - Squid web proxy settings - - - - 0 - Y - - - Squid - - OPNsense - Custom - - - - 1 - 65535 - ICP port needs to be an integer value between 1 and 65535 - - - - - 1 - Y - - - 1 - Y - - - - /^([\/0-9a-fA-F.:,])*/u - - - File - - File (Extended) - File (Json) - Syslog - Syslog (Json) - - - - - /^([\/0-9a-fA-F.:,])*/u - - - Default - - Append client's IP (on) - Set forward header to unknown (off) - Do not alter forward header (transparent) - Remove forward header (delete) - Replace all with client's IP (truncate) - - - - Default - - Strip whitespaces - Deny request - Allow whitespaces - Encode whitespaces (RFC1738) - Chop URI at first whitespace - - - - 1 - Y - - - - - 1 - 120 - - - Please enter a valid email address. - - - /^([0-9a-zA-Z\.,_\-:]){0,1024}$/u - Please enter a valid servername, ip address or leave this option blank. - - - - - 0 - Y - - - /var/squid/cache - Y - - - 256 - 0 - Specify a positive memory cache size. (number of MB's) - Y - - - 1 - 99999 - Specify a maximum object size. (number of MB's) - - - 1 - 99999 - Specify a maximum object size in memory. (number of KB's) - - - Default - - Keep all most recent files (always) - Keep most recent HIT files(disk) - Keep only files fetched from network (network) - - - - 100 - 1 - Specify a positive cache size. (number of MB's) - Y - - - 16 - 1 - Specify a positive number of first-level subdirectories. - Y - - - 256 - 1 - Specify a positive number of second-level subdirectories. - Y - - - 0 - Y - - - 0 - Y - - - - - - 0 - Y - - - 1 - Specify the maximum download size (kB). - - - 1 - Specify the maximum upload size (kB). - - - 1 - Specify the overall bandwidth for downloads in kilobits per second. - - - Both throttling parameters should either be filled or empty - AllOrNoneConstraint - - perHostTrotteling - - - - - - 1 - Specify the per host bandwidth for downloads in kilobits per second. - - - OverallBandwidthTrotteling.check001 - - - - - - - 0 - Y - - - - - A host must be set. - DependConstraint - - enabled - - - - - - 0 - Y - - - username - Y - /^([0-9a-zA-Z\._\-%@]){1,128}$/u - Username can be up to 128 signs long. Alphanumeric characters and also dot, dash, percent sign (for URL escapes), at sign and underscore allowed. - - - password - Y - /^([0-9a-zA-Z\._\-%]){1,128}$/u - Password can be up to 128 signs long. Alphanumeric characters and also dot, dash, percent sign (for URL escapes) and underscore allowed. - - - - - A port must be set. - DependConstraint - - enabled - - - - - - - - - - - Y - S - - /^(?!0).*$/ - /^((?!dhcp).)*$/ - - - - 3128 - 1 - 65535 - Proxy port needs to be an integer value between 1 and 65535 - Y - - - 3129 - 1 - 65535 - SSL Proxy port needs to be an integer value between 1 and 65535 - Y - - - 0 - Y - - - When enabling "Log SNI information only", SSL inspection must also be enabled - DependConstraint - - sslurlonly - - - - - - 0 - Y - - - sslbump.check001 - - - - - ca - Please select a valid certificate from the list - - - /^([a-zA-Z0-9\.:\[\]\s\-]*?,)*([a-zA-Z0-9\.:\[\]\s\-]*)$/ - Please enter ip addresses or domain names here - - - Y - 4 - 1 - 65535 - max size needs to be an integer value between 1 and 65535 - - - Y - 5 - 1 - 32 - the number of sslrtd children needs to be an integer value between 1 and 32 - - - 0 - Y - - - 1 - 65535 - SNMP port needs to be an integer value between 1 and 65535 - Y - 3401 - - - public - Y - - - Y - - /^(?!0).*$/ - /^((?!dhcp).)*$/ - - - - 2121 - 1 - 65535 - FTP Proxy port needs to be an integer value between 1 and 65535 - Y - - - 0 - Y - - - 1 - Y - - - 0 - Y - - - - /^([\/0-9a-fA-F.:,])*/u - - - /^([\/0-9a-fA-F.:,])*/u - - - /^([\/0-9a-fA-F.:,])*/u - - - - - - - /^([a-zA-Z0-9]){0,}\.([a-zA-Z0-9].){0,}/ - Please enter a valid domain name here - - - - Strict - Moderate - - - - /^([ \-0-9a-zA-Z:,])*/u - - - /^([ \-0-9a-zA-Z:,])*/u - - - - - - 1 - Y - - - Y - /^[a-zA-Z0-9]{1,245}\.?[a-zA-z0-9]{1,10}$/ - The filename may only contain letters, digits and one dot (not required). - - - Filename should be unique - UniqueConstraint - - - - - Y - - - /^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u - - - /^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u - - - filename - /usr/local/etc/squid/acl/%s.index - Y - Y - - - 0 - Y - - - Y - /^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u - - - - - - - OPNsense.Cron.Cron - jobs.job - description - - /Proxy/ - - - - Related cron not found - - - - - - 0 - Y - - - - - Y - 1 - - - 0 - Y - - - 0 - Y - - - Y - X-Username - /^([a-zA-Z-]+)$/ - - - 1 - Y - - - 1024 - Y - - - 60 - Y - - - - - - Y - - - Y - - - /^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){0,255}$/u - - - 1 - Credentials TTL needs to be an integer value above 0 - - - 1 - Number of children needs to be an integer value above 0 - - - - - - - Y - The proxy name must be set. - - - Proxy name should be unique - UniqueConstraint - - - - - Y - - Proxy - Direct Connection (no Proxy) - HTTP Proxy - HTTPS Proxy - SOCKS - SOCKS Version 4 - SOCKS Version 5 - - - - This does not look like a valid proxy or direct connection. - - - /^([\t\n\v\f\r 0-9a-zA-Z\-.,_\x{00A0}-\x{FFFF}]){1,255}$/u - - - - - Y - The match name must be set. - - - Match name should be unique - UniqueConstraint - - - - - /^([\t\n\v\f\r 0-9a-zA-Z\-.,_\x{00A0}-\x{FFFF}]){1,255}$/u - - - 0 - Y - - - Y - - URL Matches - Hostname Matches - DNS Domain Is - IP Is In Network - My IP Is In Network - Plain Hostname (No Dots Inside) - Is Resolvable - DNS Domain Levels (Count Of Dots) - Weekday Range - Date Range - Time Range - - - - - /^[^"]*$/ - - - - 0 - Minimum domain level must be bigger than 0. - - - 0 - A hostname cannot have a negative count of levels. - - - 0 - The first hour of the day is 0. - - - 0 - 23 - The last hour of the day is 23! - - - Y - - January - February - March - April - May - June - July - August - September - October - November - December - - - - Y - - January - February - March - April - May - June - July - August - September - October - November - December - - - - Y - - Monday - Tuesday - Wednesday - Thursday - Friday - Saturday - Sunday - - - - Y - - Monday - Tuesday - Wednesday - Thursday - Friday - Saturday - Sunday - - - - - - 1 - Y - - - /^([\t\n\v\f\r 0-9a-zA-Z\-.,_\x{00A0}-\x{FFFF}]){1,255}$/u - - - - - OPNsense.Proxy.Proxy - pac.match - name - - - Y - Y - - - Y - - And - Or - - - - Y - - If - Unless - - - - Y - - - OPNsense.Proxy.Proxy - pac.proxy - name - - - Y - Y - - - - - - - - diff --git a/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt b/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt deleted file mode 100644 index bda232e0d..000000000 --- a/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt +++ /dev/null @@ -1,602 +0,0 @@ -{# - # Copyright (c) 2014-2015 Deciso B.V. - # All rights reserved. - # - # Redistribution and use in source and binary forms, with or without modification, - # are permitted provided that the following conditions are met: - # - # 1. Redistributions of source code must retain the above copyright notice, - # this list of conditions and the following disclaimer. - # - # 2. Redistributions in binary form must reproduce the above copyright notice, - # this list of conditions and the following disclaimer in the documentation - # and/or other materials provided with the distribution. - # - # THIS SOFTWARE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, - # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - # AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - # AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - # POSSIBILITY OF SUCH DAMAGE. - #} - - - - - -
- {{ partial("layout_partials/base_tabs_content",['formData':mainForm]) }} -
- - - - - - - - - - - - - - - - - -
{{ lang._('Name') }}{{ lang._('Description') }}{{ lang._('Match Type') }}{{ lang._('Action') }}
- - -
-
-
- - - - - - - - - - - - - - - - -
{{ lang._('Enabled') }}{{ lang._('Description') }}{{ lang._('Actions') }}
- - -
-
-
- - - - - - - - - - - - - - - - - - -
{{ lang._('Name') }}{{ lang._('Type') }}{{ lang._('URL') }}{{ lang._('Description') }}{{ lang._('Actions') }}
- - -
-
- -
- - - - - - - - - - - - - - - - - -
- {{ lang._('full help') }} -
- - {{ lang._('Remote Blacklist') }} -
- 		- -
- - - - - - - - - - - - - - - - - - - -
{{ lang._('Enabled') }}{{ lang._('Filename') }}{{ lang._('URL') }}{{ lang._('Description') }}{{ lang._('Edit | Delete') }}
- -
-
-
- - - - -
-
-
-
- - - - - - - - - - - - - -
{{ lang._('Action')}}
- - - {{ lang._('Reset all generated content (cached files and certificates included) and restart the proxy.') }} -
-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - -
{{ lang._('Action')}}
- -
- -
- - - -
-
- -
- {{ lang._('Download and upload custom error pages, if no (new) files are provided our defaults are used.')}} -
- -
-
-
-
- -{{ partial("layout_partials/base_dialog",['fields':formDialogEditBlacklist,'id':'DialogEditBlacklist','label':lang._('Edit blacklist')])}} -{{ partial("layout_partials/base_dialog",['fields':formDialogEditPACProxy,'id':'DialogEditPACProxy','label':lang._('Edit Proxy')])}} -{{ partial("layout_partials/base_dialog",['fields':formDialogEditPACMatch,'id':'DialogEditPACMatch','label':lang._('Edit Match')])}} -{{ partial("layout_partials/base_dialog",['fields':formDialogEditPACRule,'id':'DialogEditPACRule','label':lang._('Edit Rule')])}} diff --git a/src/opnsense/scripts/proxy/deploy_error_pages.py b/src/opnsense/scripts/proxy/deploy_error_pages.py deleted file mode 100755 index f6e63c8aa..000000000 --- a/src/opnsense/scripts/proxy/deploy_error_pages.py +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/local/bin/python3 - -""" - Copyright (c) 2020 Ad Schellevis - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -""" -import ujson -import os -import re -from lib import ProxyTemplates -target_directory = "/usr/local/etc/squid/errors/local" - -if __name__ == '__main__': - proxy_templates = ProxyTemplates() - - # install error_pages into target_directory - if not os.path.isdir(target_directory): - os.mkdir(target_directory) - for filename, data in proxy_templates.templates(proxy_templates.overlay_enabled()): - match = proxy_templates.css_section(data) - if match: - inline_css = list() - for dep_filename in proxy_templates.css_dependencies(filename, proxy_templates.overlay_enabled()): - css_content = proxy_templates.get_file(dep_filename, proxy_templates.overlay_enabled()) - if css_content: - inline_css.append(b'' % css_content) - data = b"%s%s%s" % (data[0:match.start()], b"\n".join(inline_css), data[match.end():]) - with open("%s/%s" % (target_directory, os.path.splitext(filename)[0]), "wb") as target_fh: - target_fh.write(data) - print(ujson.dumps({ - 'overlay_status': proxy_templates.get_overlay_status() - })) diff --git a/src/opnsense/scripts/proxy/download_error_pages.py b/src/opnsense/scripts/proxy/download_error_pages.py deleted file mode 100755 index 4c786a8dd..000000000 --- a/src/opnsense/scripts/proxy/download_error_pages.py +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/local/bin/python3 - -""" - Copyright (c) 2020 Ad Schellevis - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -""" -import base64 -import ujson -import os -import re -import zipfile -from io import BytesIO -from lib import ProxyTemplates - -if __name__ == '__main__': - root_dir = "/proxy_template" - proxy_templates = ProxyTemplates() - output_data = BytesIO() - processed = list() - with zipfile.ZipFile(output_data, mode='w', compression=zipfile.ZIP_DEFLATED) as zf: - for filename, data in proxy_templates.templates(True): - zf.writestr("%s/%s" % (root_dir, filename), data) - for dep_filename in proxy_templates.css_dependencies(filename, True): - if dep_filename not in processed: - zf.writestr("%s/%s" % (root_dir, dep_filename), proxy_templates.get_file(dep_filename, True)) - processed.append(dep_filename) - - response = dict() - response['payload'] = base64.b64encode(output_data.getvalue()).decode() - response['size'] = len(response['payload']) - print(ujson.dumps(response)) diff --git a/src/opnsense/scripts/proxy/fetchACLs.py b/src/opnsense/scripts/proxy/fetchACLs.py deleted file mode 100755 index af5923997..000000000 --- a/src/opnsense/scripts/proxy/fetchACLs.py +++ /dev/null @@ -1,381 +0,0 @@ -#!/usr/local/bin/python3 - -""" - Copyright (c) 2016-2019 Ad Schellevis - Copyright (c) 2015 Jos Schellevis - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -""" - -import tempfile -import os -import sys -import json -import glob -import os.path -import tarfile -import gzip -import zipfile -import syslog -import urllib3 -from configparser import ConfigParser -from urllib.request import urlopen -from urllib.error import URLError -from urllib.error import HTTPError -import requests -urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) - -acl_config_fn = '/usr/local/etc/squid/externalACLs.conf' -acl_target_dir = '/usr/local/etc/squid/acl' -acl_max_timeout = 30 - - -class Downloader(object): - """ Download helper - """ - - def __init__(self, url,username, password, timeout, ssl_no_verify=False): - """ init new - :param url: source url - :param timeout: timeout in seconds - """ - self._url = url.strip() - self._timeout = timeout - self._source_handle = None - self._username = username - self._password = password - self._ssl_no_verify = ssl_no_verify - - def fetch(self): - """ fetch (raw) source data into tempfile using self._source_handle - """ - self._source_handle = None - if self._url.lower().startswith('http://') or self._url.lower().startswith('https://'): - # HTTP(S) download - req_opts = dict() - req_opts['url'] = self._url - req_opts['stream'] = True - req_opts['timeout'] = self._timeout - if self._ssl_no_verify: - req_opts['verify'] = False - if self._username is not None: - req_opts['auth'] = (self._username, self._password) - req = requests.get(**req_opts) - if req.status_code == 200: - req.raw.decode_content = True - self._source_handle = tempfile.NamedTemporaryFile('wb+', 10240) - while True: - data = req.raw.read(10240) - if not data: - break - else: - self._source_handle.write(data) - self._source_handle.seek(0) - else: - syslog.syslog(syslog.LOG_ERR, 'proxy acl: error downloading %s (http code: %s)' % (self._url, - req.status_code)) - elif self._url.lower().startswith('ftp://'): - # FTP download - try: - f = urlopen(self._url, timeout=self._timeout) - self._source_handle = tempfile.NamedTemporaryFile('wb+', 10240) - while True: - data = f.read(10240) - if not data: - break - else: - self._source_handle.write(data) - self._source_handle.seek(0) - f.close() - except (URLError, HTTPError, IOError) as e: - syslog.syslog(syslog.LOG_ERR, 'proxy acl: error downloading %s' % self._url) - else: - syslog.syslog(syslog.LOG_ERR, 'proxy acl: unsupported protocol for %s' % self._url) - - def get_files(self): - """ process downloaded data, handle compression - :return: iterator filename, file handle - """ - if self._source_handle is not None: - # handle compressed data - if (len(self._url) > 8 and self._url[-7:] == '.tar.gz') \ - or (len(self._url) > 4 and self._url[-4:] == '.tgz'): - # source is in tar.gz format, extract all into a single string - try: - tf = tarfile.open(fileobj=self._source_handle) - for tf_file in tf.getmembers(): - if tf_file.isfile(): - yield tf_file.name, tf.extractfile(tf_file) - except IOError as e: - syslog.syslog(syslog.LOG_ERR, 'proxy acl: error downloading %s (%s)' % (self._url, e)) - elif len(self._url) > 4 and self._url[-3:] == '.gz': - # source is in .gz format unpack - try: - gf = gzip.GzipFile(mode='r', fileobj=self._source_handle) - yield os.path.basename(self._url), gf - except IOError as e: - syslog.syslog(syslog.LOG_ERR, 'proxy acl: error downloading %s (%s)' % (self._url, e)) - elif len(self._url) > 5 and self._url[-4:] == '.zip': - # source is in .zip format, extract all into a single string - with zipfile.ZipFile(self._source_handle, - mode='r', - compression=zipfile.ZIP_DEFLATED) as zf: - for item in zf.infolist(): - if item.file_size > 0: - yield item.filename, zf.open(item) - else: - yield os.path.basename(self._url), self._source_handle - - def download(self): - """ download / unpack ACL - :return: iterator filename, type, content - """ - self.fetch() - for filename, filehandle in self.get_files(): - basefilename = os.path.basename(filename).lower() - file_ext = filename.split('.')[-1].lower() - while True: - line = filehandle.readline().decode(encoding='utf-8', errors='ignore') - if not line: - break - yield filename, basefilename, file_ext, line - - -class DomainSorter(object): - """ Helper class for building sorted squid domain acl list. - Use as file type object, close flushes the actual (sorted) data to disc - """ - - def __init__(self, filename=None): - """ new sorted output file, uses an acl record in reverse order as sort key - :param filename: target filename - :param mode: file open mode - """ - self._num_targets = 20 - self._separator = '|' - self._buckets = dict() - self._sort_map = dict() - # setup target - self._target_filename = filename - # setup temp files - self.generate_targets() - - def generate_targets(self): - """ generate ordered targets - """ - sets = 255 - for i in range(sets): - target = chr(i + 1) - setid = int(i / (sets / self._num_targets)) - if setid not in self._buckets: - self._buckets[setid] = tempfile.NamedTemporaryFile('wb+', 10240) - self._sort_map[target] = self._buckets[setid] - - def write(self, data): - """ save content, send reverse sorted to buffers - :param data: line to write - """ - line = data.strip().lower() - if len(line) > 0: - # Calculate sort key, which is the reversed url with dots (.) replaced by spaces. - # We need to replace dots (.) here to avoid having a wrong sorting order when dashes - # or similar characters are used inside the url. - # (The process writing out the domains checks for domain overlaps) - sort_key = line[::-1].replace('.', ' ') - self.add(sort_key, line) - - def add(self, key, value): - """ spool data to temp - :param key: key to use - :param value: value to store - """ - target = key[0] - if target in self._sort_map: - for part in (key, self._separator, value, '\n'): - self._sort_map[target].write(part.encode('utf-8')) - else: - # not supposed to happen, every key should have a calculated target pool - pass - - def reader(self): - """ read reverse - """ - for target in sorted(self._buckets): - self._buckets[target].seek(0) - set_content = dict() - while True: - line = self._buckets[target].readline().decode() - if not line: - break - else: - set_content[line.split('|')[0]] = '|'.join(line.split('|')[1:]) - for itemkey in sorted(set_content, reverse=True): - yield set_content[itemkey] - - @staticmethod - def is_domain(tag): - """ check if tag is probably a domain name - :param tag: tag to inspect - :return: boolean - """ - has_chars = False - for tag_item in tag: - if not tag_item.isdigit() and tag_item not in ('.', ',', '|', '/', '\n'): - has_chars = True - elif tag_item in (':', '|', '/'): - return False - if has_chars: - return True - else: - return False - - def close(self): - """ close and dump content - """ - if self._target_filename is not None: - # flush to file on close - with open(self._target_filename, 'wb', buffering=10240) as f_out: - prev_line = None - for line in self.reader(): - line = line.lstrip('.') - if prev_line == line: - # duplicate, skip - continue - if self.is_domain(line): - # prefix domain, if this domain is different then the previous one - if prev_line is None or '.%s' % line not in prev_line: - f_out.write(b'.') - f_out.write(line.encode()) - prev_line = line - - -def filename_in_ignorelist(bfilename, filename_ext): - """ ignore certain files from processing. - :param bfilename: basefilename to inspect - :param filename_ext: extension of the filename - """ - if filename_ext in ['pdf', 'txt', 'doc']: - return True - elif bfilename in ('readme', 'license', 'usage', 'categories'): - return True - return False - - -def main(): - # parse OPNsense external ACLs config - if os.path.exists(acl_config_fn): - # create acl directory (if new) - if not os.path.exists(acl_target_dir): - os.mkdir(acl_target_dir) - else: - # remove index files - for filename in glob.glob('%s/*.index' % acl_target_dir): - os.remove(filename) - # read config and download per section - cnf = ConfigParser() - cnf.read(acl_config_fn) - for section in cnf.sections(): - target_filename = acl_target_dir + '/' + section - if cnf.has_option(section, 'url'): - # collect filters to apply - acl_filters = list() - if cnf.has_option(section, 'filter'): - for acl_filter in cnf.get(section, 'filter').strip().split(','): - if len(acl_filter.strip()) > 0: - acl_filters.append(acl_filter) - - # define target(s) - targets = {'domain': {'filename': target_filename, 'handle': None, 'class': DomainSorter}} - - # only generate files if enabled, otherwise dump empty files - if cnf.has_option(section, 'enabled') and cnf.get(section, 'enabled') == '1': - download_url = cnf.get(section, 'url') - if cnf.has_option(section, 'username'): - download_username = cnf.get(section, 'username') - download_password = cnf.get(section, 'password') - else: - download_username = None - download_password = None - if cnf.has_option(section, 'sslNoVerify') and cnf.get(section, 'sslNoVerify') == '1': - sslNoVerify = True - else: - sslNoVerify = False - acl = Downloader(download_url, download_username, download_password, acl_max_timeout, sslNoVerify) - all_filenames = list() - for filename, basefilename, file_ext, line in acl.download(): - if filename_in_ignorelist(basefilename, file_ext): - # ignore documents, licenses and readme's - continue - - # detect output type - if '/' in line or '|' in line: - filetype = 'url' - elif line.startswith('#'): - filetype = 'comment' - else: - filetype = 'domain' - - if filename not in all_filenames: - all_filenames.append(filename) - - if len(acl_filters) > 0: - acl_found = False - for acl_filter in acl_filters: - if acl_filter in filename: - acl_found = True - break - if not acl_found: - # skip this acl entry - continue - - if filetype in targets and targets[filetype]['handle'] is None: - targets[filetype]['handle'] = targets[filetype]['class'](targets[filetype]['filename']) - if filetype in targets: - targets[filetype]['handle'].write(line) - targets[filetype]['handle'].write('\n') - # save index to disc - with open('%s.index' % target_filename, 'w', buffering=10240) as idx_out: - index_data = dict() - for filename in all_filenames: - if len(filename.split('/')) > 2: - index_key = '/'.join(filename.split('/')[1:-1]) - if index_key not in index_data: - index_data[index_key] = index_key - idx_out.write(json.dumps(index_data)) - - # cleanup - for filetype in targets: - if targets[filetype]['handle'] is not None: - targets[filetype]['handle'].close() - elif cnf.has_option(section, 'enabled') and cnf.get(section, 'enabled') != '1': - if os.path.isfile(targets[filetype]['filename']): - # disabled, remove previous data - os.remove(targets[filetype]['filename']) - elif not os.path.isfile(targets[filetype]['filename']): - # no data fetched and no file available, create new empty file - with open(targets[filetype]['filename'], 'w') as target_out: - target_out.write("") - - -# execute downloader -main() diff --git a/src/opnsense/scripts/proxy/generate_cert.php b/src/opnsense/scripts/proxy/generate_cert.php deleted file mode 100755 index b2df4aabf..000000000 --- a/src/opnsense/scripts/proxy/generate_cert.php +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/local/bin/php - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -""" -import ujson -import os -import base64 -import binascii -import re -import zipfile -import glob -from io import BytesIO - -class ProxyTemplates: - error_config = "/usr/local/etc/squid/error_directory.in" - - def __init__(self): - self._all_src_files = dict() - self._all_ovl_files = dict() - self._overlay_status = None - self._install_overlay = False - self._overlay_data = None - self._load_config() - self.load() - - def _load_config(self): - """ initialize configuration - """ - if os.path.isfile(self.error_config): - error_cfg = ujson.loads(open(self.error_config, 'rb').read()) - self._install_overlay = 'install' not in error_cfg or error_cfg['install'] != 'opnsense' - self._overlay_data = error_cfg['content'] if 'content' in error_cfg else None - - def load(self): - """ load (custom) error pages in memory - """ - self._overlay_status = None - self._all_src_files = dict() - self._all_ovl_files = dict() - # base (OPNsense) template - for filename in glob.glob("/usr/local/opnsense/data/proxy/template_error_pages/*"): - bfilename = os.path.basename(filename) - with open(filename, "rb") as f_in: - self._all_src_files[bfilename] = f_in.read() - - # when a (valid) overlay is provided, read it's contents - if self._overlay_data and self._install_overlay: - try: - input_data = BytesIO(base64.b64decode(self._overlay_data)) - root_dir = "" - with zipfile.ZipFile(input_data, mode='r', compression=zipfile.ZIP_DEFLATED) as zf_in: - for zf_info in zf_in.infolist(): - if not root_dir and zf_info.filename.endswith('/'): - root_dir = zf_info.filename - else: - self._all_ovl_files[zf_info.filename.replace(root_dir, "")] = zf_in.read(zf_info.filename) - except binascii.Error: - self._overlay_status = 'Not a base64 encoded file' - except zipfile.BadZipFile: - self._overlay_status = 'Illegal zip file' - except IOError: - self._overlay_status = 'Error reading file' - - def templates(self, overlay=False): - """ return template html files - :param overlay: consider custom theme files when applicable - :rtype: [string, bytes] - """ - for filename in self._all_src_files: - if filename.endswith('.html'): - if overlay and filename in self._all_ovl_files: - yield filename, self._all_ovl_files[filename] - else: - yield filename, self._all_src_files[filename] - - def get_file(self, filename, overlay=False): - """ return file content - :param filename: source filename - :param overlay: consider custom theme files when applicable - :return: string - """ - if filename in self._all_src_files: - if overlay and filename in self._all_ovl_files: - return self._all_ovl_files[filename] - else: - return self._all_src_files[filename] - - @staticmethod - def css_section(data): - """ extract css definition block from provided data - :param data: html data - :return: MatchObject - """ - return re.search(b'()', data, re.DOTALL) - - def css_dependencies(self, filename, overlay=False): - """ extract css dependencies from provided filename - :param filename: source filename - :param overlay: consider custom theme files when applicable - :rtype: list - """ - data = self.get_file(filename, overlay) - if filename.endswith('.html') and data: - match = self.css_section(data) - if match: - for href in re.findall(b"(href[\s]*=[\s]*[\"|'])(.*?)([\"|'])" ,match.group(0)): - yield href[1].decode() - - def overlay_enabled(self): - """ when deploying files, should we consider an overlay - :return: bool - """ - return self._install_overlay - - def get_overlay_status(self): - """ return validity of the installed overlay - :return: string - """ - return self._overlay_status diff --git a/src/opnsense/scripts/proxy/setup.sh b/src/opnsense/scripts/proxy/setup.sh deleted file mode 100755 index 795ebdd0d..000000000 --- a/src/opnsense/scripts/proxy/setup.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -SQUID_DIRS="/var/log/squid /var/run/squid /var/squid /var/squid/cache /var/squid/ssl /var/squid/logs /usr/local/etc/squid/errors/local" - -for SQUID_DIR in ${SQUID_DIRS}; do - mkdir -p ${SQUID_DIR} - chown -R squid:squid ${SQUID_DIR} - chmod -R 750 ${SQUID_DIR} -done -/usr/sbin/pw groupmod proxy -m squid -/usr/local/sbin/squid -z -N > /dev/null 2>&1 - -# remove ssl certificate store in case the user changed the CA -if [ -f /usr/local/etc/squid/ca.pem.id ]; then - current_cert=`cat /usr/local/etc/squid/ca.pem.id` - if [ -d /var/squid/ssl_crtd ]; then - if [ -f /var/squid/ssl_crtd.id ]; then - running_cert=`cat /var/squid/ssl_crtd.id` - else - running_cert="" - fi - if [ "$current_cert" != "$running_cert" ]; then - rm -rf /var/squid/ssl_crtd - fi - fi -fi - -# create ssl certificate store, in case sslbump is enabled we need this -if [ ! -d /var/squid/ssl_crtd ]; then - /usr/local/libexec/squid/security_file_certgen -c -s /var/squid/ssl_crtd -M 10 > /dev/null 2>&1 - chown -R squid:squid /var/squid/ssl_crtd - chmod -R 750 /var/squid/ssl_crtd - if [ -f /usr/local/etc/squid/ca.pem.id ]; then - cat /usr/local/etc/squid/ca.pem.id > /var/squid/ssl_crtd.id - fi -fi - -# generate SSL bump certificate -/usr/local/opnsense/scripts/proxy/generate_cert.php > /dev/null 2>&1 - -# install theme files -/usr/local/opnsense/scripts/proxy/deploy_error_pages.py > /dev/null 2>&1 diff --git a/src/opnsense/scripts/syslog/logformats/squid.py b/src/opnsense/scripts/syslog/logformats/squid.py deleted file mode 100755 index e5dca0c66..000000000 --- a/src/opnsense/scripts/syslog/logformats/squid.py +++ /dev/null @@ -1,107 +0,0 @@ -""" - Copyright (c) 2020 Ad Schellevis - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -""" -import re -import datetime -from . import NewBaseLogFormat -squid_ext_timeformat = r'.*(\[\d{1,2}/[A-Za-z]{3}/\d{4}:\d{1,2}:\d{1,2}:\d{1,2} \+\d{4}\]).*' -squid_timeformat = r'^(\d{4}/\d{1,2}/\d{1,2} \d{1,2}:\d{1,2}:\d{1,2}).*' - - -class SquidLogFormat(NewBaseLogFormat): - def __init__(self, filename): - super().__init__(filename) - self._priority = 100 - - def match(self, line): - return self._filename.find('squid') > -1 and re.match(squid_timeformat, line) is not None - - @property - def timestamp(self): - tmp = re.match(squid_timeformat, self._line) - grp = tmp.group(1) - return datetime.datetime.strptime(grp, "%Y/%m/%d %H:%M:%S").isoformat() - - @property - def process_name(self): - return "squid" - - @property - def line(self): - return self._line[19:].strip() - - -class SquidExtLogFormat(NewBaseLogFormat): - def __init__(self, filename): - super().__init__(filename) - self._priority = 120 - - def match(self, line): - return self._filename.find('squid') > -1 and re.match(squid_ext_timeformat, line) is not None - - @property - def timestamp(self): - tmp = re.match(squid_ext_timeformat, self._line) - grp = tmp.group(1) - return datetime.datetime.strptime(grp[1:].split()[0], "%d/%b/%Y:%H:%M:%S").isoformat() - - @property - def process_name(self): - return "squid" - - @property - def line(self): - tmp = re.match(squid_ext_timeformat, self._line) - grp = tmp.group(1) - return self._line.replace(grp, '') - - -class SquidJsonLogFormat(NewBaseLogFormat): - def __init__(self, filename): - super().__init__(filename) - self._priority = 140 - local_now = datetime.datetime.now() - utc_now = datetime.datetime.utcnow() - self._localtimezone = datetime.timezone(local_now - utc_now) - - def match(self, line): - return self._filename.find('squid') > -1 and line.find('"@timestamp"') > -1 - - @property - def timestamp(self, line): - tmp = line[line.find('"@timestamp"')+13:].split(',')[0].strip().strip('"') - try: - return datetime.datetime.strptime(tmp, "%Y-%m-%dT%H:%M:%S%z")\ - .astimezone(self._localtimezone).isoformat().split('.')[0].split('+')[0] - except ValueError: - return None - - @property - def process_name(self): - return "squid" - - @property - def line(self): - return self._line diff --git a/src/opnsense/service/conf/actions.d/actions_proxy.conf b/src/opnsense/service/conf/actions.d/actions_proxy.conf deleted file mode 100644 index 6082fc81d..000000000 --- a/src/opnsense/service/conf/actions.d/actions_proxy.conf +++ /dev/null @@ -1,82 +0,0 @@ -[start] -command: - /usr/local/sbin/pluginctl -c webproxy start; - /usr/local/etc/rc.d/squid start 2>&1 && echo "__ok__"; exit 0 -parameters: -type:script_output -message:starting proxy - -[stop] -command: - /usr/local/etc/rc.d/squid stop; - /usr/bin/killall squid; - /usr/local/sbin/pluginctl -c webproxy stop; - exit 0 -parameters: -type:script -message:stopping proxy - -[restart] -command: - /usr/local/sbin/pluginctl -c webproxy restart; - /usr/local/etc/rc.d/squid restart 2>&1 && echo "__ok__"; exit 0 -parameters: -type:script_output -message:restarting proxy -description:Restart Web Proxy service - -[reset] -command: - /usr/bin/killall -9 squid; - rm /var/run/squid/squid.pid; - rm -rf /var/squid/*; - /usr/local/sbin/pluginctl -c webproxy start; - /usr/local/etc/rc.d/squid start -parameters: -type:script -message:reset and restart proxy - -[reload] -command: - /usr/local/sbin/pluginctl -c webproxy reload; - /usr/local/opnsense/scripts/proxy/deploy_error_pages.py; - /usr/local/etc/rc.d/squid reload -parameters: -type:script -message:reload proxy - -[status] -command:/usr/local/etc/rc.d/squid status;exit 0 -parameters: -type:script_output -message:request proxy status - -[fetchacls] -command: - /usr/local/bin/flock -n -E 0 -o /tmp/fetchACLs.lock /usr/local/opnsense/scripts/proxy/fetchACLs.py && ( - /usr/local/sbin/pluginctl -c webproxy reload; - /usr/local/etc/rc.d/squid reload - ) -parameters: -type:script -message:download and reload proxy ACLs from remote locations -description:Download and reload external proxy ACLs - -[downloadacls] -command:/usr/local/bin/flock -n -E 0 -o /tmp/fetchACLs.lock /usr/local/opnsense/scripts/proxy/fetchACLs.py -parameters: -type:script -message:download proxy ACLs from remote locations -description:Download external proxy ACLs - -[deploy_error_pages] -command:/usr/local/opnsense/scripts/proxy/deploy_error_pages.py -parameters: -type:script_output -message:deploy error pages - -[download_error_pages] -command:/usr/local/opnsense/scripts/proxy/download_error_pages.py -parameters: -type:script_output -message:download error pages diff --git a/src/opnsense/service/templates/OPNsense/Proxy/+TARGETS b/src/opnsense/service/templates/OPNsense/Proxy/+TARGETS deleted file mode 100644 index 113237f50..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/+TARGETS +++ /dev/null @@ -1,15 +0,0 @@ -auth.conf:/usr/local/etc/squid/auth/dummy.conf -ca.pem.id:/usr/local/etc/squid/ca.pem.id -cache.active:/var/squid/cache/active -error_directory_in:/usr/local/etc/squid/error_directory.in -externalACLs.conf:/usr/local/etc/squid/externalACLs.conf -newsyslog.conf:/etc/newsyslog.conf.d/squid -nobumpsites.acl:/usr/local/etc/squid/nobumpsites.acl -parentproxy.conf:/usr/local/etc/squid/pre-auth/parentproxy.conf -post-auth.conf:/usr/local/etc/squid/post-auth/dummy.conf -pre-auth.conf:/usr/local/etc/squid/pre-auth/dummy.conf -rc.conf.d:/etc/rc.conf.d/squid/squid -snmp.conf:/usr/local/etc/squid/pre-auth/40-snmp.conf -squid.conf:/usr/local/etc/squid/squid.conf -squid.pam:/etc/pam.d/squid -wpad.dat:/usr/local/www/wpad.dat diff --git a/src/opnsense/service/templates/OPNsense/Proxy/auth.conf b/src/opnsense/service/templates/OPNsense/Proxy/auth.conf deleted file mode 100644 index d0ef53e5e..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/auth.conf +++ /dev/null @@ -1,3 +0,0 @@ -# AUTOGENERATED FILE. DO NOT EDIT. -# DO NOT REMOVE THIS FILE! -# This directory is for auth config files diff --git a/src/opnsense/service/templates/OPNsense/Proxy/ca.pem.id b/src/opnsense/service/templates/OPNsense/Proxy/ca.pem.id deleted file mode 100644 index e907aec5e..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/ca.pem.id +++ /dev/null @@ -1,3 +0,0 @@ -{% if helpers.exists('OPNsense.proxy.forward.sslcertificate') %} -{{ OPNsense.proxy.forward.sslcertificate }} -{% endif %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/cache.active b/src/opnsense/service/templates/OPNsense/Proxy/cache.active deleted file mode 100644 index e8eac9df1..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/cache.active +++ /dev/null @@ -1,5 +0,0 @@ -{% if helpers.exists('OPNsense.proxy.general.cache.local') %} -{% if OPNsense.proxy.general.cache.local.enabled == '1' %} -yes -{% endif %} -{% endif %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/error_directory_in b/src/opnsense/service/templates/OPNsense/Proxy/error_directory_in deleted file mode 100644 index f9d52ca00..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/error_directory_in +++ /dev/null @@ -1,7 +0,0 @@ -{# - base64 encoded zip archive containing template overrides -#} -{ - "install": "{{ OPNsense.proxy.general.error_pages|default('opnsense') }}", - "content": "{% if not helpers.empty('OPNsense.proxy.error_pages.template') %}{{ OPNsense.proxy.error_pages.template }}{% endif %}" -} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/externalACLs.conf b/src/opnsense/service/templates/OPNsense/Proxy/externalACLs.conf deleted file mode 100644 index 5db85f532..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/externalACLs.conf +++ /dev/null @@ -1,16 +0,0 @@ -# -# Automatic generated configuration for fetching remote ACLs. -# Do not edit this file manually. -{% if helpers.exists('OPNsense.proxy.forward.acl.remoteACLs.blacklists') %} -{% for blacklist in helpers.toList('OPNsense.proxy.forward.acl.remoteACLs.blacklists.blacklist') %} -[{{blacklist.filename}}] -url:{{blacklist.url}} -enabled:{{blacklist.enabled}} -filter:{{blacklist.filter|default('')}} -{% if blacklist.username|default('') != '' %} -username={{blacklist.username}} -password={{blacklist.password|default('')}} -{% endif %} -sslNoVerify={{blacklist.sslNoVerify|default('0')}} -{% endfor %} -{% endif %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/newsyslog.conf b/src/opnsense/service/templates/OPNsense/Proxy/newsyslog.conf deleted file mode 100644 index db392ab30..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/newsyslog.conf +++ /dev/null @@ -1,6 +0,0 @@ -# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] -{% if helpers.exists('OPNsense.proxy.general.enabled') and OPNsense.proxy.general.enabled|default("0") == "1" %} -/var/log/squid/access.log squid:squid 644 14 * @T00 ZB /var/run/squid/squid.pid 30 -/var/log/squid/cache.log squid:squid 644 2 * @T00 ZB /var/run/squid/squid.pid 30 -/var/log/squid/store.log squid:squid 644 2 * @T00 ZB /var/run/squid/squid.pid 30 -{% endif %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/nobumpsites.acl b/src/opnsense/service/templates/OPNsense/Proxy/nobumpsites.acl deleted file mode 100644 index 0bf00cd38..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/nobumpsites.acl +++ /dev/null @@ -1,5 +0,0 @@ -{% if helpers.exists('OPNsense.proxy.forward.sslnobumpsites') and OPNsense.proxy.forward.sslnobumpsites != '' %} -{% for line in OPNsense.proxy.forward.sslnobumpsites.split(',') %} -{{ line }} -{% endfor %} -{% endif %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/parentproxy.conf b/src/opnsense/service/templates/OPNsense/Proxy/parentproxy.conf deleted file mode 100644 index 1dafefa75..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/parentproxy.conf +++ /dev/null @@ -1,24 +0,0 @@ -{% if helpers.exists('OPNsense.proxy.general.parentproxy.enabled') and OPNsense.proxy.general.parentproxy.enabled == '1' %} -cache_peer {{ OPNsense.proxy.general.parentproxy.host }} parent {{ OPNsense.proxy.general.parentproxy.port }} 0 no-query default {% if helpers.exists('OPNsense.proxy.general.parentproxy.enableauth') and OPNsense.proxy.general.parentproxy.enableauth == '1' %} login={{ OPNsense.proxy.general.parentproxy.user }}:{{ OPNsense.proxy.general.parentproxy.password }}{% endif %} - -{% if helpers.exists('OPNsense.proxy.general.parentproxy.localdomains') and OPNsense.proxy.general.parentproxy.localdomains != '' %} -acl ExcludePPDomains dstdomain {{ OPNsense.proxy.general.parentproxy.localdomains.replace(',', ' ') }} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.parentproxy.localips') and OPNsense.proxy.general.parentproxy.localips != '' %} -acl ExcludePPIPs dst {{ OPNsense.proxy.general.parentproxy.localips.replace(',', ' ') }} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.parentproxy.localdomains') and OPNsense.proxy.general.parentproxy.localdomains != '' %} -cache_peer_access {{ OPNsense.proxy.general.parentproxy.host }} deny ExcludePPDomains -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.parentproxy.localips') and OPNsense.proxy.general.parentproxy.localips != '' %} -cache_peer_access {{ OPNsense.proxy.general.parentproxy.host }} deny ExcludePPIPs -{% endif %} -cache_peer_access {{ OPNsense.proxy.general.parentproxy.host }} allow all -{% if helpers.exists('OPNsense.proxy.general.parentproxy.localdomains') and OPNsense.proxy.general.parentproxy.localdomains != '' %} -never_direct deny ExcludePPDomains -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.parentproxy.localips') and OPNsense.proxy.general.parentproxy.localips != '' %} -never_direct deny ExcludePPIPs -{% endif %} -never_direct allow all -{% endif %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/post-auth.conf b/src/opnsense/service/templates/OPNsense/Proxy/post-auth.conf deleted file mode 100644 index 5b91051e9..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/post-auth.conf +++ /dev/null @@ -1,3 +0,0 @@ -# AUTOGENERATED FILE. DO NOT EDIT. -# DO NOT REMOVE THIS FILE! -# This directory is for post-auth config files diff --git a/src/opnsense/service/templates/OPNsense/Proxy/pre-auth.conf b/src/opnsense/service/templates/OPNsense/Proxy/pre-auth.conf deleted file mode 100644 index 6a0794e4f..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/pre-auth.conf +++ /dev/null @@ -1,3 +0,0 @@ -# AUTOGENERATED FILE. DO NOT EDIT. -# DO NOT REMOVE THIS FILE! -# This directory is for pre-auth config files diff --git a/src/opnsense/service/templates/OPNsense/Proxy/rc.conf.d b/src/opnsense/service/templates/OPNsense/Proxy/rc.conf.d deleted file mode 100644 index 2a1dc037f..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/rc.conf.d +++ /dev/null @@ -1,6 +0,0 @@ -{% if helpers.exists('OPNsense.proxy.general.enabled') and OPNsense.proxy.general.enabled|default("0") == "1" %} -squid_setup="/usr/local/opnsense/scripts/proxy/setup.sh" -squid_enable="YES" -{% else %} -squid_enable="NO" -{% endif %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/snmp.conf b/src/opnsense/service/templates/OPNsense/Proxy/snmp.conf deleted file mode 100644 index 610e23ca3..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/snmp.conf +++ /dev/null @@ -1,5 +0,0 @@ -{% if helpers.exists('OPNsense.proxy.forward.snmp_enable') and OPNsense.proxy.forward.snmp_enable == '1' %} -snmp_port {{ OPNsense.proxy.forward.snmp_port }} -acl snmppublic snmp_community {{ OPNsense.proxy.forward.snmp_password }} -snmp_access allow snmppublic -{% endif %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf deleted file mode 100644 index b9e1f8787..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf +++ /dev/null @@ -1,248 +0,0 @@ - -{% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %} - -# ALLOW UNRESTRICTED -# ACL list (Allow) unrestricted -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod allow unrestricted -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod allow unrestricted -{% endif %} -{% endif %} -http_access allow unrestricted -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %} - -# ACL list (Allow) whitelist -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod allow whiteList -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod allow whiteList -{% endif %} -{% endif %} -http_access allow whiteList -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %} - -# -# ACL list (Deny) blacklist -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny blackList -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny blackList -{% endif %} -{% endif %} -http_access deny blackList -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.acl.remoteACLs.blacklists') %} -{% for blacklist in helpers.toList('OPNsense.proxy.forward.acl.remoteACLs.blacklists.blacklist') if blacklist.enabled=='1' %} -# ACL list (Deny) remoteblacklist_{{blacklist.filename}} -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny remoteblacklist_{{blacklist.filename}} -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny remoteblacklist_{{blacklist.filename}} -{% endif %} -{% endif %} -http_access deny remoteblacklist_{{blacklist.filename}} -{% endfor %} -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.acl.browser') %} - -# ACL list (Deny) blockuseragent -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny blockuseragents -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny blockuseragents -{% endif %} -{% endif %} -http_access deny blockuseragents -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %} - -# ACL list (Deny) blockmimetypes -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} -{% endif %} - -{% endif %} -http_reply_access deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} - -http_access deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} - -{% endif %} - -# Google Suite Filter -{% if not helpers.empty('OPNsense.proxy.forward.acl.googleapps') %} -request_header_add X-GoogApps-Allowed-Domains {{OPNsense.proxy.forward.acl.googleapps}} -{% endif %} - -# YouTube Filter -{% if helpers.exists('OPNsense.proxy.forward.acl.youtube') and OPNsense.proxy.forward.acl.youtube|default('') != '' %} -request_header_add YouTube-Restrict {{OPNsense.proxy.forward.acl.youtube}} -{% endif %} - -# Deny requests to certain unsafe ports -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} -{% endif %} -{% endif %} - -http_access deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} - -# Deny CONNECT to other than secure SSL ports -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} -{% endif %} -{% endif %} - -http_access deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %} -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny bannedHosts -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny bannedHosts -{% endif %} -{% endif %} -http_access deny bannedHosts -{% endif %} - -# Only allow cachemgr access from localhost -http_access allow localhost manager -http_access deny manager - -# We strongly recommend the following be uncommented to protect innocent -# web applications running on the proxy server who think the only -# one who can access services on "localhost" is a local user -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny to_localhost -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny to_localhost -{% endif %} -{% endif %} -http_access deny to_localhost - -{% if helpers.exists('OPNsense.proxy.forward.icap.exclude') %} -# ACL - Whitelist - User defined (whiteList) -{% for element in OPNsense.proxy.forward.icap.exclude.split(",") %} -{% if '^' in element or '\\' in element or '$' in element or '[' in element %} -acl exclude_icap url_regex {{element|encode_idna}} -{% else %} -acl exclude_icap url_regex {{element|encode_idna|replace(".","\.")}} -{% endif %} -{% endfor %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny exclude_icap -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny exclude_icap -{% endif %} -{% endif %} - -# Auth plugins -include /usr/local/etc/squid/auth/*.conf - -# -# Access Permission configuration: -# -# Deny request from unauthorized clients -{% if helpers.exists('OPNsense.proxy.forward.authentication.method') and OPNsense.proxy.forward.authentication.method != '' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod allow local_auth -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod allow local_auth -{% endif %} -{% endif %} -http_access allow local_auth -{% endif %} - -# -# ACL - localnet - default these include ranges from selected interfaces (Allow local subnets) -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod allow localnet -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod allow localnet -{% endif %} -{% endif %} -http_access allow localnet - -# ACL - localhost -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod allow localhost -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod allow localhost -{% endif %} -{% endif %} -http_access allow localhost -{% if helpers.exists('OPNsense.proxy.forward.acl.allowedSubnets') %} - -# ACL list (Allow) subnets -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod allow subnets -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod allow subnets -{% endif %} -{% endif %} -http_access allow subnets -{% endif %} - -# Deny all other access to this proxy -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -adaptation_access response_mod deny all -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -adaptation_access request_mod deny all -{% endif %} -{% endif %} -http_access deny all diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf deleted file mode 100644 index 4b334cd3f..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf +++ /dev/null @@ -1,487 +0,0 @@ -# -# Automatic generated configuration for Squid. -# Do not edit this file manually. -# - -{# wrap listener configuration for reuse #} -{% macro listener_config(network, port='3129', tags='', protocol='') -%} -{% if protocol == 'ssl' %} -{% set listener_type = 'https_port' %} -{% else %} -{% set listener_type = 'http_port' %} -{% endif %} -{% set sslparams = '' %} -{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %} -{% set sslparams = 'ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on' %} -{% endif %} -{{listener_type}} {{network}}:{{port}} {{tags}} {{sslparams}} -{%- endmacro %} - -{% if helpers.exists('OPNsense.proxy.forward.transparentMode') and OPNsense.proxy.forward.transparentMode == '1' %} -# Setup transparent mode listeners on loopback interfaces -{{ listener_config('127.0.0.1', OPNsense.proxy.forward.port, 'intercept') }} -{{ listener_config('[::1]', OPNsense.proxy.forward.port, 'intercept') }} -{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %} -{{ listener_config('127.0.0.1', OPNsense.proxy.forward.sslbumpport, 'intercept', 'ssl') }} -{{ listener_config('[::1]', OPNsense.proxy.forward.sslbumpport, 'intercept', 'ssl') }} -{% endif %} -{% endif %} - -# Setup regular listeners configuration -{% if helpers.exists('OPNsense.proxy.forward.interfaces') %} -{% for interface in OPNsense.proxy.forward.interfaces.split(",") %} -{% for intf_key,intf_item in interfaces.items() %} -{% if intf_key == interface and intf_item.ipaddr and intf_item.ipaddr != 'dhcp' %} -{{ listener_config(intf_item.ipaddr, OPNsense.proxy.forward.port) }} -{% endif %} -{% if intf_key == interface and intf_item.ipaddrv6 and intf_item.ipaddrv6.find(':') > -1 %} -{{ listener_config('['+intf_item.ipaddrv6+']', OPNsense.proxy.forward.port) }} -{% endif %} -{% endfor %} -{# virtual ip's #} -{% if helpers.exists('virtualip') %} -{% for intf_item in helpers.toList('virtualip.vip') %} -{% if intf_item.interface == interface and intf_item.mode in ['carp', 'ipalias'] %} -{% if intf_item.subnet.find(':') > -1 %} -{{ listener_config('['+intf_item.subnet+']', OPNsense.proxy.forward.port) }} -{% else %} -{{ listener_config(intf_item.subnet, OPNsense.proxy.forward.port) }} -{% endif %} -{% endif %} -{% endfor %} -{% endif %} -{% endfor %} -{% endif %} - -{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %} -# setup ssl re-cert -sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/squid/ssl_crtd -M {{ OPNsense.proxy.forward.ssl_crtd_storage_max_size|default('4') }}MB -sslcrtd_children {{ OPNsense.proxy.forward.sslcrtd_children|default('5') }} - -tls_outgoing_options options=NO_TLSv1 cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS - -# setup ssl bump acl's -acl bump_step1 at_step SslBump1 -acl bump_step2 at_step SslBump2 -acl bump_step3 at_step SslBump3 -acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl" - -# configure bump -{% if helpers.exists('OPNsense.proxy.forward.sslurlonly') and OPNsense.proxy.forward.sslurlonly == '1' %} -ssl_bump peek bump_step1 all -ssl_bump splice all -ssl_bump peek bump_step2 all -ssl_bump splice bump_step3 all -ssl_bump bump - -{% else %} -ssl_bump peek bump_step1 all -ssl_bump peek bump_step2 bump_nobumpsites -ssl_bump splice bump_step3 bump_nobumpsites -ssl_bump stare bump_step2 -ssl_bump bump bump_step3 -{% endif %} - -sslproxy_cert_error deny all -{% endif %} - -acl ftp proto FTP -http_access allow ftp - -{% if helpers.exists('OPNsense.proxy.forward.ftpTransparentMode') and OPNsense.proxy.forward.ftpTransparentMode == '1' %} -# transparent mode, listen on localhost -ftp_port 127.0.0.1:{{ OPNsense.proxy.forward.ftpPort }} intercept -ftp_port [::1]:{{ OPNsense.proxy.forward.ftpPort }} intercept -{% endif %} - -# Setup ftp proxy -{% if helpers.exists('OPNsense.proxy.forward.ftpInterfaces') %} -{% for interface in OPNsense.proxy.forward.ftpInterfaces.split(",") %} -{% for intf_key,intf_item in interfaces.items() %} -{% if intf_key == interface and intf_item.ipaddr and intf_item.ipaddr != 'dhcp' %} -ftp_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP -{% endif %} -{% endfor %} -{# virtual ip's #} -{% if helpers.exists('virtualip') %} -{% for intf_key,intf_item in virtualip.items() %} -{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %} -ftp_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP -{% endif %} -{% endfor %} -{% endif %} -{% endfor %} -{% endif %} - -# Rules allowing access from your local networks. -# Generated list of (internal) IP networks from where browsing -# should be allowed. (Allow interface subnets). -{% if helpers.exists('OPNsense.proxy.forward.interfaces') %} -{% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %} -{% if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %} -{% for interface in OPNsense.proxy.forward.interfaces.split(",") %} -{% for intf_key,intf_item in interfaces.items() %} -{% if intf_key == interface and intf_item.ipaddr and intf_item.ipaddr != 'dhcp' %} -acl localnet src {{ helpers.getIPNetwork(intf_item.ipaddr+'/'+intf_item.subnet)[0].format() }}/{{intf_item.subnet}} # Possible internal network (interfaces v4) -{% endif %} -{% if intf_key == interface and intf_item.ipaddrv6 and intf_item.ipaddrv6.find(':') > -1 %} -acl localnet src {{helpers.getIPNetwork(intf_item.ipaddrv6+'/'+intf_item.subnetv6)[0].format()}}/{{intf_item.subnetv6}} # Possible internal network (interfaces v6) -{% endif %} -{% endfor %} -{% if helpers.exists('virtualip.vip') %} -{% for intf_item in helpers.toList('virtualip.vip') %} -{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %} -acl localnet src {{intf_item.subnet}}/{{intf_item.subnet_bits}} # Possible internal network (aliases) -{% endif %} -{% endfor %} -{% endif %} -{% endfor %} -{% endif %} -{% endif %} -{% endif %} -# Default allow for local-link and private networks -acl localnet src fc00::/7 # RFC 4193 local private network range -acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines - -# ACL - Allow localhost for PURGE cache if enabled -{% if helpers.exists('OPNsense.proxy.general.cache.local') and OPNsense.proxy.general.cache.local.enabled == '1' %} -acl PURGE method PURGE -http_access allow localhost PURGE -http_access deny PURGE -{% endif %} - -# ACL lists -{% if helpers.exists('OPNsense.proxy.forward.acl.allowedSubnets') %} - -# ACL - Allow Subnets - User defined (subnets) -{% for network in OPNsense.proxy.forward.acl.allowedSubnets.split(",") %} -acl subnets src {{network}} -{% endfor %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %} - -# ACL - Unrestricted IPs - User defined (unrestricted) -{% for ip in OPNsense.proxy.forward.acl.unrestricted.split(",") %} -acl unrestricted src {{ip}} -{% endfor %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %} - -# ACL - Banned Hosts - User defined (bannedHosts) -{% for ip in OPNsense.proxy.forward.acl.bannedHosts.split(",") %} -acl bannedHosts src {{ip}} -{% endfor %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %} -# ACL - Whitelist - User defined (whiteList) -{% for element in OPNsense.proxy.forward.acl.whiteList.split(",") %} -{% if '^' in element or '\\' in element or '$' in element or '[' in element %} -acl whiteList url_regex {{element|encode_idna}} -{% else %} -acl whiteList url_regex {{element|encode_idna|replace(".","\.")}} -{% endif %} -{% endfor %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %} - -# ACL - Blacklist - User defined (blackList) -{% for element in OPNsense.proxy.forward.acl.blackList.split(",") %} -{% if '^' in element or '\\' in element or '$' in element or '[' in element %} -acl blackList url_regex {{element|encode_idna}} -{% else %} -acl blackList url_regex {{element|encode_idna|replace(".","\.")}} -{% endif %} -{% endfor %} -{% endif %} - -# ACL - Remote fetched Blacklist (remoteblacklist) -{% if helpers.exists('OPNsense.proxy.forward.acl.remoteACLs.blacklists') %} -{% for blacklist in helpers.toList('OPNsense.proxy.forward.acl.remoteACLs.blacklists.blacklist') %} -{% if blacklist.enabled=='1' %} -acl remoteblacklist_{{blacklist.filename}} dstdomain "/usr/local/etc/squid/acl/{{blacklist.filename}}" -{% endif %} -{% endfor %} -{% endif %} - -# ACL - Block browser/user-agent - User defined (browser) -{% if helpers.exists('OPNsense.proxy.forward.acl.browser') %} -{% for element in OPNsense.proxy.forward.acl.browser.split(",") %} -acl blockuseragents browser {{element}} -{% endfor %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %} - -# ACL - Block MIME types - User defined (mimetype) -{% for element in OPNsense.proxy.forward.acl.mimeType.split(",") %} -acl blockmimetypes rep_mime_type {{element}} -acl blockmimetypes_requests req_mime_type {{element}} -{% endfor %} -{% endif %} - -# ACL - SSL ports, default are configured in config.xml -# Configured SSL ports (if defaults are not listed, then they have been removed from the configuration!): -{% if helpers.exists('OPNsense.proxy.forward.acl.sslPorts') %} -{% for element in OPNsense.proxy.forward.acl.sslPorts.split(",") %} -acl SSL_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}} -{% endfor %} -{% endif %} - -# Default Safe ports are now defined in config.xml -# Configured Safe ports (if defaults are not listed, then they have been removed from the configuration!): -{% if helpers.exists('OPNsense.proxy.forward.acl.safePorts') %} -# ACL - Safe_ports -{% for element in OPNsense.proxy.forward.acl.safePorts.split(",") %} -acl Safe_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}} -{% endfor %} -{% endif %} -acl CONNECT method CONNECT - -# ICAP SETTINGS -{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} -# enable icap -icap_enable on -{% if helpers.exists('OPNsense.proxy.forward.icap.OptionsTTL') %} -icap_default_options_ttl {{OPNsense.proxy.forward.icap.OptionsTTL}} -{% endif %} - -# send user information to the icap server -{% if helpers.exists('OPNsense.proxy.forward.icap.SendClientIP') and OPNsense.proxy.forward.icap.SendClientIP == '1' %} -adaptation_send_client_ip on -{% else %} -adaptation_send_client_ip off -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.SendUsername') and OPNsense.proxy.forward.icap.SendUsername == '1' %} -adaptation_send_username on -{% else %} -adaptation_send_username off -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.EncodeUsername') and OPNsense.proxy.forward.icap.EncodeUsername == '1' %} -icap_client_username_encode on -{% else %} -icap_client_username_encode off -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.UsernameHeader') and OPNsense.proxy.forward.icap.UsernameHeader != '' %} -icap_client_username_header {{OPNsense.proxy.forward.icap.UsernameHeader}} -{% endif %} - -# preview -{% if helpers.exists('OPNsense.proxy.forward.icap.EnablePreview') and OPNsense.proxy.forward.icap.EnablePreview == '1' %} -icap_preview_enable on -{% else %} -icap_preview_enable off -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.PreviewSize') %} -icap_preview_size {{OPNsense.proxy.forward.icap.PreviewSize}} -{% endif %} - -# add the servers -{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} -icap_service response_mod respmod_precache {{OPNsense.proxy.forward.icap.ResponseURL}} -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} -icap_service request_mod reqmod_precache {{OPNsense.proxy.forward.icap.RequestURL}} -{% endif %} - -{% else %} -# disable icap -icap_enable off -{% endif %} - -# Pre-auth plugins -include /usr/local/etc/squid/pre-auth/*.conf - -# Authentication Settings -{% if helpers.exists('OPNsense.proxy.forward.authentication.method') and OPNsense.proxy.forward.authentication.method != '' %} -{% include ['OPNsense/Proxy/squid.user.alt_auth.conf', 'OPNsense/Proxy/squid.user.local_auth.conf'] %} -{% endif %} - -{% include "OPNsense/Proxy/squid.acl.conf" ignore missing with context %} - -# Post-auth plugins -include /usr/local/etc/squid/post-auth/*.conf - -# Caching settings -{% if helpers.exists('OPNsense.proxy.general.cache.local') %} -{% if OPNsense.proxy.general.cache.local.cache_mem|default('256')|int == 0 and OPNsense.proxy.general.cache.local.enabled == '0' %} -cache deny all -cache_mem 0 -{% else %} -cache_mem {{ OPNsense.proxy.general.cache.local.cache_mem|default('256') }} MB -{% if OPNsense.proxy.general.cache.local.maximum_object_size|default('') != '' %} -maximum_object_size {{OPNsense.proxy.general.cache.local.maximum_object_size}} MB -{% if OPNsense.proxy.general.cache.local.maximum_object_size|int > 4 %} -cache_replacement_policy heap LFUDA -{% endif %} -{% endif %} -{% if OPNsense.proxy.general.cache.local.maximum_object_size_in_memory|default('') != '' %} -maximum_object_size_in_memory {{OPNsense.proxy.general.cache.local.maximum_object_size_in_memory}} KB -{% endif %} -{% if OPNsense.proxy.general.cache.local.memory_cache_mode|default('always') != 'always' %} -memory_cache_mode {{OPNsense.proxy.general.cache.local.memory_cache_mode}} -{% endif %} -{% if OPNsense.proxy.general.cache.local.enabled == '1' %} -cache_dir ufs {{OPNsense.proxy.general.cache.local.directory}} {{OPNsense.proxy.general.cache.local.size}} {{OPNsense.proxy.general.cache.local.l1}} {{OPNsense.proxy.general.cache.local.l2}} -{% endif %} -{% endif %} -{% endif %} - -# Leave coredumps in the first cache dir -coredump_dir /var/squid/cache - -# -# Add any of your own refresh_pattern entries above these. -# - -{% if helpers.exists('OPNsense.proxy.general.cache.local.cache_linux_packages') and OPNsense.proxy.general.cache.local.cache_linux_packages == '1' %} -# Linux package cache: -refresh_pattern pkg\.tar\.zst$ 0 20% 4320 refresh-ims -refresh_pattern d?rpm$ 0 20% 4320 refresh-ims -refresh_pattern deb$ 0 20% 4320 refresh-ims -refresh_pattern udeb$ 0 20% 4320 refresh-ims -refresh_pattern Packages\.bz2$ 0 20% 4320 refresh-ims -refresh_pattern Sources\.bz2$ 0 20% 4320 refresh-ims -refresh_pattern Release\.gpg$ 0 20% 4320 refresh-ims -refresh_pattern Release$ 0 20% 4320 refresh-ims -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.cache.local.cache_windows_updates') and OPNsense.proxy.general.cache.local.cache_windows_updates == '1' %} -# http://wiki.squid-cache.org/SquidFaq/WindowsUpdate -refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|esd) 4320 80% 129600 reload-into-ims -refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|esd) 4320 80% 129600 reload-into-ims -refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|esd) 4320 80% 129600 reload-into-ims -{% endif %} - -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 -refresh_pattern . 0 20% 4320 - -# Squid Options -{% if helpers.empty('OPNsense.proxy.general.enablePinger') %} -pinger_enable off -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.logging.enable.accessLog') %} -{% if OPNsense.proxy.general.logging.enable.accessLog == '0' %} -# Disable access logging -access_log none -{% else %} -{% if OPNsense.proxy.general.logging.ignoreLogACL|default('') != '' %} -# ignore source hosts from access.log -acl accesslog_ignore src {{ OPNsense.proxy.general.logging.ignoreLogACL.replace(',', ' ') }} -{% endif %} -{% if OPNsense.proxy.general.logging.target|default('') == 'syslog' %} -access_log syslog:local4.info {% if not helpers.empty('OPNsense.proxy.general.logging.ignoreLogACL') %}!accesslog_ignore {% endif %} -{% elif OPNsense.proxy.general.logging.target|default('') == 'file_extendend' %} -logformat opnsense %>a %[ui %>eui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %h" "%{User-Agent}>h" %Ss:%Sh -access_log stdio:/var/log/squid/access.log opnsense {% if not helpers.empty('OPNsense.proxy.general.logging.ignoreLogACL') %}!accesslog_ignore {% endif %} -{% elif OPNsense.proxy.general.logging.target|default('') in ('file_json', 'syslog_json') %} -logformat opnsense {% raw %} {"@timestamp":"%{%Y-%m-%dT%H:%M:%S%z}tg","ecs":{"version":"1.0.0"},"event":{"id":"%{X-Request-Event-Id}>ha","dataset":"squid.access","duration":"%tr"},"http":{"version":"%rv","request":{"method":"%rm","referrer":"%{Referer}>h"},"response":{"bytes": %Hs}}},"host":{"hostname":"%>A"},"service":{"name":"proxy","type":"squid"},"source":{"ip":"%>a"},"url":{"original":"%ru"},"user":{"name":"%un"},"user_agent":{"original":"%{User-Agent}>h"},"labels":{"request_status":"%Ss","hierarchy_status":"%Sh"},"message":"%rm %ru HTTP/%rv"} {% endraw %} - -{% if OPNsense.proxy.general.logging.target == 'file_json'%} -access_log stdio:/var/log/squid/access.log opnsense {% if not helpers.empty('OPNsense.proxy.general.logging.ignoreLogACL') %}!accesslog_ignore {% endif %} -{% else %} -access_log syslog:local4.info opnsense {% if not helpers.empty('OPNsense.proxy.general.logging.ignoreLogACL') %}!accesslog_ignore {% endif %} -{% endif %} -{% else %} -access_log stdio:/var/log/squid/access.log squid {% if not helpers.empty('OPNsense.proxy.general.logging.ignoreLogACL') %}!accesslog_ignore {% endif %} -{% endif %} -{% endif %} -{% endif %} - -{% if helpers.exists('OPNsense.proxy.general.logging.enable.storeLog') %} -{% if OPNsense.proxy.general.logging.enable.storeLog == '0' %} -# Disable cache store log -cache_store_log none -{% else %} -cache_store_log stdio:/var/log/squid/store.log -{% endif %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.alternateDNSservers' ) %} -{% for dns in OPNsense.proxy.general.alternateDNSservers.split(",") %} -dns_nameservers {{dns}} -{% endfor %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.useViaHeader') %} -{% if OPNsense.proxy.general.useViaHeader == '0' %} -# Disable via Header -via off -{% endif %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.suppressVersion') %} -{% if OPNsense.proxy.general.suppressVersion == '1' %} -# Suppress http version string (default=off) -httpd_suppress_version_string on -{% endif %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.icpPort') %} -{% if OPNsense.proxy.general.icpPort != '' %} -icp_port {{OPNsense.proxy.general.icpPort}} -{% endif %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.uriWhitespaceHandling') %} -# URI handling with Whitespaces (default=strip) -uri_whitespace {{OPNsense.proxy.general.uriWhitespaceHandling}} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.forwardedForHandling') %} -# X-Forwarded header handling (default=on) -forwarded_for {{OPNsense.proxy.general.forwardedForHandling}} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.traffic.enabled') and OPNsense.proxy.general.traffic.enabled == '1' %} -{% if helpers.exists('OPNsense.proxy.general.traffic.maxDownloadSize') %} -# Define max download size -reply_body_max_size {{OPNsense.proxy.general.traffic.maxDownloadSize}} KB -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.traffic.maxUploadSize') %} -# Define max upload size -request_body_max_size {{OPNsense.proxy.general.traffic.maxUploadSize}} KB -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %} -delay_pools 1 -delay_class 1 3 -delay_access 1 allow all -{% if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') %} -# Define PerHost and Overall Bandwidth Trotteling -delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}} -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}} -{% else %} -# Define PerHost Trotteling -delay_parameters -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}} -{% endif %} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') and not helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %} -# Define Overall Bandwidth Trotteling -delay_pools 1 -delay_class 1 1 -delay_access 1 allow all -delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}} -{% endif %} -{% endif %} -# Disable squid logfile rotate to use system defaults -logfile_rotate 0 -{% if helpers.exists('OPNsense.proxy.general.VisibleHostname') %} -# Define visible hostname -visible_hostname {{OPNsense.proxy.general.VisibleHostname}} -{% endif %} -{% if helpers.exists('OPNsense.proxy.general.VisibleEmail') %} -# Define visible email -cache_mgr {{OPNsense.proxy.general.VisibleEmail}} -{% endif %} -{% if not helpers.empty('OPNsense.proxy.general.connecttimeout') %} -# Set connection timeout -connect_timeout {{OPNsense.proxy.general.connecttimeout}} seconds -{% endif %} - -# Set error directory language -{% set lang = namespace(dirs = [], done = false) %} -{% if not helpers.empty('OPNsense.proxy.general.error_pages') %} -{% do lang.dirs.append('/usr/local/etc/squid/errors/local') %} -{% elif helpers.exists('system.language') and system.language != "" %} -{% set langdir = system.language|lower|replace('_', '-') %} -{% do lang.dirs.append('/usr/local/share/squid-langpack/' + langdir) %} -{% do lang.dirs.append('/usr/local/share/squid-langpack/' + langdir[:2]) %} -{% endif %} -{% do lang.dirs.append('/usr/local/share/squid-langpack/en') %} -{% for langdir in lang.dirs %} -{% if not lang.done and helpers.file_exists(langdir) %} -{% set lang.done = true %} -error_directory {{ langdir }} -{% endif %} -{% endfor %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.pam b/src/opnsense/service/templates/OPNsense/Proxy/squid.pam deleted file mode 100644 index eee0a9056..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/squid.pam +++ /dev/null @@ -1,5 +0,0 @@ -# auth -auth sufficient pam_opnsense.so - -# account -account sufficient pam_opnsense.so diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.user.local_auth.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.user.local_auth.conf deleted file mode 100644 index 7cd8e8c5a..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/squid.user.local_auth.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Configure Local User Authentication helper -auth_param basic program /usr/local/libexec/squid/basic_pam_auth -o -{% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %} -auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}} -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %} -auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.authentication.children') %} -auth_param basic children {{OPNsense.proxy.forward.authentication.children}} -{% endif %} -# ACL - Local Authorized Users - local_auth -acl local_auth proxy_auth REQUIRED diff --git a/src/opnsense/service/templates/OPNsense/Proxy/wpad.dat b/src/opnsense/service/templates/OPNsense/Proxy/wpad.dat deleted file mode 100644 index cd4aeaabc..000000000 --- a/src/opnsense/service/templates/OPNsense/Proxy/wpad.dat +++ /dev/null @@ -1,104 +0,0 @@ -/* - PAC file created via OPNsense - To use this file you have to enter its URL into your browsers network settings. -*/ -function FindProxyForURL(url, host) { -{% if helpers.exists('OPNsense.proxy.pac.rule') %} -{# define only if needed as because of performance issues #} -{% set data = {'dl' : '', 'dstip' : '', 'is_resolvable' : '' } %} -{% set dstip = '' %} -{% set is_resolvable = '' %} -{% for match in helpers.toList('OPNsense.proxy.pac.match') %} -{% if match.match_type == 'dns_domain_levels' %} -{% do data.update({ 'dl': 'var dl = dnsDomainLevels(host);'}) %} -{% endif %} -{% if match.match_type == 'dns_domain_levels' or match.match_type == 'destination_in_net' %} -{% do data.update({ 'dstip': 'var dstip = dnsResolve(host);'}) %} -{% endif %} -{% if match.match_type == 'is_resolvable' %} -{% do data.update({ 'is_resolvable': 'var is_resolvable = isResolvable(host);'}) %} -{% endif %} -{% endfor %} -{{ data.values()|join("\n") }} - -{% if helpers.exists('OPNsense.proxy.pac.rule') %} -{% for rule in helpers.toList('OPNsense.proxy.pac.rule') %} -{% if not rule.enabled == '1' %} -{% continue %} -{% endif %} -{% set expression = [] %} -{# Join type is used to join the checks of the if statement #} -{% set join_type = ' && ' %} -{% if rule.join_type == 'or' %} -{% set join_type = ' || ' %} -{% endif %} -{% for match_uuid in rule.matches.split(',') %} -{% set match = helpers.getUUID(match_uuid) %} -{# be sure it has not been deleted yet #} -{% if match != None %} -{% set match_script = '(' %} -{% if match.negate == '1' %} -{% set match_script = match_script + '!' %} -{% endif %} -{% if match.match_type == 'url_matches' %} -{% set match_script = match_script + 'shExpMatch(url, "' + match.url + '")' %} -{% endif %} -{% if match.match_type == 'hostname_matches' %} -{% set match_script = match_script + 'shExpMatch(host, "' + match.hostname + '")' %} -{% endif %} -{% if match.match_type == 'dns_domain_is' %} -{% set match_script = match_script + 'dnsDomainIs(host, "' + match.hostname + '")' %} -{% endif %} -{% if match.match_type == 'destination_in_net' %} -{% set tmp_net = helpers.getIPNetwork(match.network) %} -{% set match_script = match_script + 'isInNet(dstip, "' + tmp_net.network.__str__() + '", "' + tmp_net.netmask.__str__() + '")' %} -{% endif %} -{% if match.match_type == 'my_ip_in_net' %} -{% set tmp_net = helpers.getIPNetwork(match.network) %} -{% set match_script = match_script + 'isInNet(myIpAddress(), "' + tmp_net.network.__str__() + '", "' + tmp_net.netmask.__str__() + '")' %} -{% endif %} -{% if match.match_type == 'plain_hostname' %} -{% set match_script = match_script + 'isPlainHostName(host)' %} -{% endif %} -{% if match.match_type == 'is_resolvable' %} -{% set match_script = match_script + 'is_resolvable' %} -{% endif %} -{% if match.match_type == 'dns_domain_levels' %} -{% set match_script = match_script + '(' + match.domain_level_from + ' <= dl) && (' + match.domain_level_to + ' >= dl)' %} -{% endif %} -{% if match.match_type == 'weekday_range' %} -{% set match_script = match_script + 'weekdayRange("' + match.weekday_from + '", "' + match.weekday_to + '")' %} -{% endif %} -{% if match.match_type == 'date_range' %} -{% set match_script = match_script + 'dateRange("' + match.date_from + '", "' + match.date_to + '")' %} -{% endif %} -{% if match.match_type == 'time_range' %} -{% set match_script = match_script + 'timeRange(' + match.time_from + ', ' + match.time_to + ')' %} -{% endif %} -{% set match_script = match_script + ')' %} -{% do expression.append(match_script) %} -{% endif %} -{% endfor %} -if ({% if rule.match_type == 'unless' %}!{% endif %}({{ expression|join(join_type) }})) { -{% set proxylist = [] %} -{% for proxy_uuid in rule.proxies.split(',') %} -{% set proxy = helpers.getUUID(proxy_uuid) %} -{% if proxy != None %} -{% if proxy.proxy_type == 'DIRECT' %} -{% do proxylist.append("DIRECT") %} -{% else %} -{% do proxylist.append(proxy.proxy_type + ' ' + proxy.url) %} -{% endif %} -{% endif %} -{% endfor %} -return "{{ proxylist|join(';') }}"; -} -{% endfor %} -{% else %} -/* no rules active or defined*/ -{% endif %} - -{% endif %} - // If no rule exists - use a direct connection - return "DIRECT"; -} diff --git a/src/opnsense/service/templates/OPNsense/Syslog/local/squid_access.conf b/src/opnsense/service/templates/OPNsense/Syslog/local/squid_access.conf deleted file mode 100644 index 0f742e2a1..000000000 --- a/src/opnsense/service/templates/OPNsense/Syslog/local/squid_access.conf +++ /dev/null @@ -1,6 +0,0 @@ -################################################################### -# Local syslog-ng configuration filter definition [squid_access]. -################################################################### -filter f_local_squid_access { - program("(squid-1)"); -};