Segue abaixo:
squid.inc
/* $Id$ */
/*
squid.inc
Copyright (C) 2006-2009 Scott Ullrich
Copyright (C) 2006 Fernando Lemos
Copyright (C) 2008 Martin Fuchs
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1\. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2\. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
require_once('globals.inc');
require_once('config.inc');
require_once('util.inc');
require_once('pfsense-utils.inc');
require_once('pkg-utils.inc');
require_once('service-utils.inc');
if(!function_exists("filter_configure"))
require_once("filter.inc");
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
if ($pf_version > 2.0)
define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m"));
else
define('SQUID_LOCALBASE','/usr/local');
define('SQUID_CONFBASE',SQUID_LOCALBASE . '/etc/squid');
define('SQUID_BASE', '/var/squid/');
define('SQUID_ACLDIR', '/var/squid/acl');
define('SQUID_PASSWD', '/var/etc/squid.passwd');
$valid_acls = array();
function squid_get_real_interface_address($iface) {
global $config;
$iface = convert_friendly_interface_to_real_interface_name($iface);
$line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6"));
list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line);
return array($ip, long2ip(hexdec($netmask)));
}
function squid_chown_recursive($dir, $user, $group) {
chown($dir, $user);
chgrp($dir, $group);
$handle = opendir($dir) ;
while (($item = readdir($handle)) !== false) {
if (($item != ".") && ($item != "..")) {
$path = "$dir/$item";
// Recurse unless it's the cache dir, that is slow and rarely necessary.
if (is_dir($path) && (basename($dir) != "cache"))
squid_chown_recursive($path, $user, $group);
elseif (is_file($path)) {
chown($path, $user);
chgrp($path, $group);
}
}
}
}
/* setup cache */
function squid_dash_z() {
global $config;
$settings = $config['installedpackages']['squidcache']['config'][0];
// If the cache system is null, there is no need to initialize the (irrelevant) cache dir.
if ($settings['harddisk_cache_system'] == "null")
return;
$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
if(!is_dir($cachedir.'/')) {
log_error("Creating Squid cache dir $cachedir");
@mkdir($cachedir, 0755, true);
// Double check permissions here, should be safe to recurse cache dir if it's small here.
mwexec("/usr/sbin/chown -R proxy:proxy $cachedir");
}
if(!is_dir($cachedir.'/00/')) {
log_error("Creating squid cache subdirs in $cachedir");
mwexec(SQUID_LOCALBASE . "/sbin/squid -k shutdown");
sleep(5);
mwexec(SQUID_LOCALBASE . "/sbin/squid -k kill");
// Double check permissions here, should be safe to recurse cache dir if it's small here.
mwexec("/usr/sbin/chown -R proxy:proxy $cachedir");
mwexec(SQUID_LOCALBASE . "/sbin/squid -z");
}
if(file_exists("/var/squid/cache/swap.state")) {
chown("/var/squid/cache/swap.state", "proxy");
chgrp("/var/squid/cache/swap.state", "proxy");
exec("chmod a+rw /var/squid/cache/swap.state");
}
}
function squid_is_valid_acl($acl) {
global $valid_acls;
if(!is_array($valid_acls))
return;
return in_array($acl, $valid_acls);
}
function squid_install_command() {
global $config;
global $g;
/* migrate existing csv config fields */
$settingsauth = $config['installedpackages']['squidauth']['config'][0];
$settingscache = $config['installedpackages']['squidcache']['config'][0];
$settingsnac = $config['installedpackages']['squidnac']['config'][0];
[s] /* Set storage system */
if ($g['platform'] == "nanobsd") {
$config['installedpackages']['squidcache']['config'][0]['harddisk_cache_system'] = 'null';
}
/* migrate auth settings */
$settingsauth['no_auth_hosts'] = base64_encode(implode("\n", explode(",", $settingsauth['no_auth_hosts'])));
$config['installedpackages']['squidauth']['config'][0]['no_auth_hosts'] = $settingsauth['no_auth_hosts'];
}
}
/* migrate cache settings */
if (!empty($settingscache['donotcache'])) {
if(strstr($settingscache['donotcache'], ",")) {
$settingscache['donotcache'] = base64_encode(implode("\n", explode(",", $settingscache['donotcache'])));
$config['installedpackages']['squidcache']['config'][0]['donotcache'] = $settingscache['donotcache'];
}
/* migrate nac settings */
if(! empty($settingsnac['allowed_subnets'])) {
if(strstr($settingsnac['allowed_subnets'], ",")) {
$settingsnac['allowed_subnets'] = base64_encode(implode("\n", explode(",", $settingsnac['allowed_subnets'])));
$config['installedpackages']['squidnac']['config'][0]['allowed_subnets'] = $settingsnac['allowed_subnets'];
}
}
if(! empty($settingsnac['banned_hosts'])) {
if(strstr($settingsnac['banned_hosts'], ",")) {
$settingsnac['banned_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_hosts'])));
}
if(! empty($settingsnac['banned_macs'])) {
if(strstr($settingsnac['banned_macs'], ",")) {
$settingsnac['banned_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_macs'])));
$config['installedpackages']['squidnac']['config'][0]['banned_macs'] = $settingsnac['banned_macs'];
}
}
if(! empty($settingsnac['unrestricted_hosts'])) {
if(strstr($settingsnac['unrestricted_hosts'], ",")) {
$settingsnac['unrestricted_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_hosts'])));
$config['installedpackages']['squidnac']['config'][0]['unrestricted_hosts'] = $settingsnac['unrestricted_hosts'];
}
}
if(! empty($settingsnac['unrestricted_macs'])) {
if(strstr($settingsnac['unrestricted_macs'], ",")) {
$settingsnac['unrestricted_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_macs'])));
$config['installedpackages']['squidnac']['config'][0]['unrestricted_macs'] = $settingsnac['unrestricted_macs'];
}
}
if(! empty($settingsnac['whitelist'])) {
if(strstr($settingsnac['whitelist'], ",")) {
$settingsnac['whitelist'] = base64_encode(implode("\n", explode(",", $settingsnac['whitelist'])));
$config['installedpackages']['squidnac']['config'][0]['whitelist'] = $settingsnac['whitelist'];
}
}
if(! empty($settingsnac['blacklist'])) {
if(strstr($settingsnac['blacklist'], ",")) {
$settingsnac['blacklist'] = base64_encode(implode("\n", explode(",", $settingsnac['blacklist'])));
$config['installedpackages']['squidnac']['config'][0]['blacklist'] = $settingsnac['blacklist'];
}
}
write_config();
/* create cache */
update_status("Creating squid cache pools... One moment please...");
squid_dash_z();
/* make sure pinger is executable */
if(file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger"))
exec("/bin/chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger");
if(file_exists(SQUID_LOCALBASE . "/etc/rc.d/squid"))
exec("/bin/rm " . SQUID_LOCALBASE . "/etc/rc.d/squid");
if(file_exists("/usr/local/pkg/swapstate_check.php"))
exec("/bin/chmod a+x /usr/local/pkg/swapstate_check.php");
foreach (array( SQUID_CONFBASE,
@mkdir($dir, 0755, true);
squid_chown_recursive($dir, 'proxy', 'proxy');
}
Message from syslogd@pfSense at Jul 21 20:31:26 ...
pfSense php-fpm[93869]: /index.php: Successful login for user 'jpsinieghi' from: 12.8.0.15
/* kill any running proxy alarm scripts */
update_status("Checking for running processes... One moment please...");
log_error("Stopping any running proxy monitors");
mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop");
sleep(1);
if (!file_exists(SQUID_CONFBASE . '/mime.conf') && file_exists(SQUID_CONFBASE . '/mime.conf.default'))
copy(SQUID_CONFBASE . '/mime.conf.default', SQUID_CONFBASE . '/mime.conf');
update_status("Checking cache... One moment please...");
squid_dash_z();
if (!is_service_running('squid')) {
update_status("Starting... One moment please...");
log_error("Starting Squid");
mwexec_bg(SQUID_LOCALBASE . "/sbin/squid -D");
} else {
update_status("Reloading Squid for configuration sync... One moment please...");
log_error("Reloading Squid for configuration sync");
mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure");
}
/* restart proxy alarm scripts */
update_status("Reconfiguring filter... One moment please...");
filter_configure();
break;
}
return $rules;
}
function squid_write_rcfile() {
$rc = array();
$SQUID_LOCALBASE = SQUID_LOCALBASE;
$rc['file'] = 'squid.sh';
$rc['start'] = <<<eod<br>if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then
{$SQUID_LOCALBASE}/sbin/squid -D
fi
EOD;
$rc['stop'] = <<<eod<br>{$SQUID_LOCALBASE}/sbin/squid -k shutdown
# Just to be sure...
sleep 5
killall -9 squid 2>/dev/null
killall pinger 2>/dev/null
EOD;
$rc['restart'] = <<<eod<br>if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then
{$SQUID_LOCALBASE}/sbin/squid -D
else
{$SQUID_LOCALBASE}/sbin/squid -k reconfigure
fi
EOD;
conf_mount_rw();
write_rcfile($rc);
write_rcfile(array(
"file" => "sqp_monitor.sh",
"start" => "/usr/local/pkg/sqpmon.sh &",
"stop" => "ps awux | grep \"sqpmon\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill"));
conf_mount_ro();
}
?>
[b]squid.conf[/b]
[code]# Do not edit manually !
http_port 12.10.0.5:3128
http_port 12.8.0.5:3128
http_port 127.0.0.1:3128 transparent
icp_port 0
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/pbi/squid-amd64/etc/squid/errors/English
icon_directory /usr/pbi/squid-amd64/etc/squid/icons
visible_hostname localhost
cache_mgr gustavo@comunidadecn.com
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 60
shutdown_lifetime 3 seconds
httpd_suppress_version_string on
uri_whitespace strip
cache_mem 64 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 1024 16 256
minimum_object_size 0 KB
maximum_object_size 4 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95
# No redirector configured
# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
acl allowed_subnets src 12.10.0.0/23 12.8.0.0/22
cache deny dynamic
http_access allow manager localhost
# Allow external cache managers
acl ext_manager_1 src 127.0.0.1
http_access allow manager ext_manager_1
acl ext_manager_2 src 12.10.0.5
http_access allow manager ext_manager_2
acl ext_manager_3 src 12.8.0.5
http_access allow manager ext_manager_3
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Always allow localhost connections
http_access allow localhost
request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all
# Setup allowed acls
http_access allow allowed_subnets
# Default block all to be sure
http_access deny all
[/code][/s]</eod<br></eod<br></eod<br>
