Icap whitelist

2026-03-17 10:04:41 +00:00 · 2017-09-08 09:15:33 +03:00 · 2017-09-08 09:15:33 +03:00 · c1e181c673
commit c1e181c673
parent 1d3b6e610d
3 changed files with 34 additions and 0 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@ -537,6 +537,24 @@
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
+            <field>
+                <id>proxy.forward.icap.whiteList</id>
+                <label>Whitelist</label>
+                <type>select_multiple</type>
+                <style>tokenize</style>
+                <help><![CDATA[Whitelist destination domains.<br/>
+        You may use a regular expression, use a comma or press Enter for new item.<br/>
+        <div class="alert alert-info">
+            <b>Examples:</b><br/>
+            <b class="text-primary">mydomain.com</b> -> matches on <b>*.mydomain.com</b><br/>
+            <b class="text-primary">^https?:\/\/([a-zA-Z]+)\.mydomain\.</b> -> matches on <b>http(s)://textONLY.mydomain.*</b><br/>
+            <b class="text-primary">\.gif$</b> -> matches on <b>\*.gif</b> but not on <b class="text-danger">\*.gif\test</b><br/>
+            <b class="text-primary">\[0-9]+\.gif$</b> -> matches on <b>\123.gif</b> but not on <b class="text-danger">\test.gif</b><br/>
+        </div>
+        <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
+                <hint>Regular expressions are allowed.</hint>
+                <allownew>true</allownew>
+            </field>
        </subtab>
        <subtab id="proxy-general-authentication" description="Authentication Settings">
            <field>
--- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@ -399,6 +399,9 @@
                    <default>60</default>
                    <Required>Y</Required>
                </OptionsTTL>
+                <whiteList type="CSVListField">
+                    <Required>N</Required>
+                </whiteList>
            </icap>
            <authentication>
                <method type="AuthenticationServerField">
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf
@ -116,6 +116,19 @@ adaptation_access request_mod deny to_localhost
 {% endif %}
 http_access deny to_localhost

+{% if helpers.exists('OPNsense.proxy.forward.icap.whiteList') %}
+# ACL - Whitelist - User defined (whiteList)
+{%  for element in OPNsense.proxy.forward.icap.whiteList.split(",") %}
+{%      if '^' in element or '\\' in element or '$' in element or '[' in element %}
+acl whiteList_icap url_regex {{element}}
+{%      else %}
+acl whiteList_icap url_regex {{element|replace(".","\.")}}
+{%      endif %}
+{%  endfor %}
+adaptation_access response_mod deny whiteList_icap
+adaptation_access request_mod deny whiteList_icap
+{% endif %}
+
 # Auth plugins
 include /usr/local/etc/squid/auth/*.conf