Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Returned to Packages *** PLEASE TEST ***

    Scheduled Pinned Locked Moved pfSense Packages
    226 Posts 46 Posters 159.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hadi57
      last edited by

      hi again

      where is the file squid.conf, and in what line i should insert the forwarded_for off???

      thank you

      1 Reply Last reply Reply Quote 0
      • T
        trendchiller
        last edited by

        have a look in /usr/local/etc/squid/squid.conf

        then add the line somewhere near the beginning of the acls in the file…

        1 Reply Last reply Reply Quote 0
        • X
          xabbu
          last edited by

          Hello,

          if someone interested here are my version of

          squid.inc

          
          /* $Id: squid.inc,v 1.24-xabbu 2007/02/19 20:04:46 xabbu Exp $ */
          /*
          	squid.inc
          	Copyright (C) 2006 Scott Ullrich
          	Copyright (C) 2006 Fernando Lemos
          	All rights reserved.
          
          	Redistribution and use in source and binary forms, with or without
          	modification, are permitted provided that the following conditions are met:
          
          	1\. Redistributions of source code must retain the above copyright notice,
          	   this list of conditions and the following disclaimer.
          
          	2\. Redistributions in binary form must reproduce the above copyright
          	   notice, this list of conditions and the following disclaimer in the
          	   documentation and/or other materials provided with the distribution.
          
          	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
          	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
          	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
          	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
          	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
          	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
          	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
          	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
          	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
          	POSSIBILITY OF SUCH DAMAGE.
          */
          
          require_once('globals.inc');
          require_once('config.inc');
          require_once('util.inc');
          require_once('pfsense-utils.inc');
          require_once('pkg-utils.inc');
          require_once('filter.inc');
          require_once('service-utils.inc');
          
          define('SQUID_CONFBASE', '/usr/local/etc/squid');
          define('SQUID_ACLDIR', '/var/squid/acl');
          define('SQUID_PASSWD', '/var/etc/squid.passwd');
          
          $valid_acls = array();
          
          function squid_get_real_interface_address($iface) {
          	global $config;
          
          	$iface = convert_friendly_interface_to_real_interface_name($iface);
          	$line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6"));
          	list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line);
          
          	return array($ip, long2ip(hexdec($netmask)));
          }
          
          function squid_chown_recursive($dir, $user, $group) {
          	chown($dir, $user);
          	chgrp($dir, $group);
          	$handle = opendir($dir) ;
          	while (($item = readdir($handle)) !== false) {
          		if (($item != ".") && ($item != "..")) {
          			$path = "$dir/$item";
          			if (is_dir($path))
          				squid_chown_recursive($path, $user, $group);
          			else {
          				chown($path, $user);
          				chgrp($path, $group);
          			}
          		}
          	}
          }
          
          /* setup cache */
          function squid_dash_z() {
          	global $config;
          	$settings = $config['installedpackages']['squidcache']['config'][0];
          	$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
          
          	if(!is_dir($cachedir.'/')) {
          		log_error("Creating Squid cache dir $cachedir");
          		make_dirs($cachedir);
          		squid_chown_recursive($cachedir, 'proxy', 'proxy');
          	}
          
          	if(!is_dir($cachedir.'/00/')) {
          		log_error("Creating squid cache subdirs in $cachedir");
          		mwexec("/usr/local/sbin/squid -k shutdown");
          		sleep(5);
          		mwexec("/usr/local/sbin/squid -k kill");
          		mwexec("/usr/local/sbin/squid -z");
          	}
          
          }
          
          function squid_is_valid_acl($acl) {
          	global $valid_acls;
          	if(!is_array($valid_acls))
          		return;
          	return in_array($acl, $valid_acls);
          }
          
          function squid_install_command() {
          	global $config;
          	/* migrate existing csv config fields */
          	$settingsauth = $config['installedpackages']['squidauth']['config'][0];
          	$settingscache = $config['installedpackages']['squidcache']['config'][0];
          	$settingsnac = $config['installedpackages']['squidnac']['config'][0];
          
          	/* migrate auth settings */
          	if (!empty($settingsauth['no_auth_hosts'])) {
          		if(strstr($settingsauth['no_auth_hosts'], ",")) {
          			$settingsauth['no_auth_hosts'] = base64_encode(implode("\n", explode(",", $settingsauth['no_auth_hosts'])));
          			$config['installedpackages']['squidauth']['config'][0]['no_auth_hosts'] = $settingsauth['no_auth_hosts'];
          		}
          	}
          
          	/* migrate cache settings */
          	if (!empty($settingscache['donotcache'])) {
          		if(strstr($settingscache['donotcache'], ",")) {
          			$settingscache['donotcache'] = base64_encode(implode("\n", explode(",", $settingscache['donotcache'])));
          			$config['installedpackages']['squidcache']['config'][0]['donotcache'] = $settingscache['donotcache'];
          		}
          	}
          
          	/* migrate nac settings */
          	if(! empty($settingsnac['allowed_subnets'])) {
          		if(strstr($settingsnac['allowed_subnets'], ",")) {
          			$settingsnac['allowed_subnets'] = base64_encode(implode("\n", explode(",", $settingsnac['allowed_subnets'])));
          			$config['installedpackages']['squidnac']['config'][0]['allowed_subnets'] = $settingsnac['allowed_subnets'];
          		}
          	}
          	if(! empty($settingsnac['banned_hosts'])) {
          		if(strstr($settingsnac['banned_hosts'], ",")) {
          			$settingsnac['banned_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_hosts'])));
          			$config['installedpackages']['squidnac']['config'][0]['banned_hosts'] = $settingsnac['banned_hosts'];
          		}
          	}
          	if(! empty($settingsnac['banned_macs'])) {
          		if(strstr($settingsnac['banned_macs'], ",")) {
          			$settingsnac['banned_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_macs'])));
          			$config['installedpackages']['squidnac']['config'][0]['banned_macs'] = $settingsnac['banned_macs'];
          		}
          	}
          	if(! empty($settingsnac['unrestricted_hosts'])) {
          		if(strstr($settingsnac['unrestricted_hosts'], ",")) {
          			$settingsnac['unrestricted_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_hosts'])));
          			$config['installedpackages']['squidnac']['config'][0]['unrestricted_hosts'] = $settingsnac['unrestricted_hosts'];
          		}
          	}
          	if(! empty($settingsnac['unrestricted_macs'])) {
          		if(strstr($settingsnac['unrestricted_macs'], ",")) {
          			$settingsnac['unrestricted_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_macs'])));
          			$config['installedpackages']['squidnac']['config'][0]['unrestricted_macs'] = $settingsnac['unrestricted_macs'];
          		}
          	}
          	if(! empty($settingsnac['whitelist'])) {
          		if(strstr($settingsnac['whitelist'], ",")) {
          			$settingsnac['whitelist'] = base64_encode(implode("\n", explode(",", $settingsnac['whitelist'])));
          			$config['installedpackages']['squidnac']['config'][0]['whitelist'] = $settingsnac['whitelist'];
          		}
          	}
          	if(! empty($settingsnac['blacklist'])) {
          		if(strstr($settingsnac['blacklist'], ",")) {
          			$settingsnac['blacklist'] = base64_encode(implode("\n", explode(",", $settingsnac['blacklist'])));
          			$config['installedpackages']['squidnac']['config'][0]['blacklist'] = $settingsnac['blacklist'];
          		}
          	}
          	write_config();
          
          	/* create cache */
          	squid_dash_z();
          	/* make sure pinger is executable */
          	exec("/bin/chmod a+x /usr/local/libexec/squid/pinger");
          	exec("/bin/rm /usr/local/etc/rc.d/squid");
          	$rc = array();
          	$rc['file'] = 'squid.sh';
          	$rc['start'] = <<<eod<br>if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then
          	/usr/local/sbin/squid -D
          fi
          
          EOD;
          	$rc['stop'] = <<<eod<br>/usr/local/sbin/squid -k shutdown
          # Just to be sure...
          sleep 5
          killall -9 squid 2>/dev/null
          killall pinger 2>/dev/null
          
          EOD;
          	$rc['restart'] = <<<eod<br>if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then
          		/usr/local/sbin/squid -D
          	else
          		/usr/local/sbin/squid -k reconfigure
          	fi
          
          EOD;
          	write_rcfile($rc);
          
          	foreach (array(	SQUID_CONFBASE,
          			SQUID_ACLDIR,
          	) as $dir) {
          			make_dirs($dir);
          			squid_chown_recursive($dir, 'proxy', 'proxy');
          	}
          
          	/* kill any running proxy alarm scripts */
          	log_error("Stopping any running proxy monitors");
          	mwexec("ps awux | grep \"proxy_monitor\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill");
          	sleep(1);
          
          	if (!file_exists(SQUID_CONFBASE . '/mime.conf') && file_exists(SQUID_CONFBASE . '/mime.conf.default'))
          		copy(SQUID_CONFBASE . '/mime.conf.default', SQUID_CONFBASE . '/mime.conf');
          
          	squid_dash_z();
          
          	if (!is_service_running('squid')) {
          		log_error("Starting Squid");
          		mwexec_bg("/usr/local/sbin/squid -D");
          	} else {
          		log_error("Reloading Squid for configuration sync");
          		mwexec("/usr/local/sbin/squid -k reconfigure");
          	}
          
          	/* restart proxy alarm scripts */
          	log_error("Starting a proxy monitor script");
          	mwexec_bg("/usr/local/etc/rc.d/proxy_monitor.sh");
          
          	filter_configure();
          }
          
          function squid_deinstall_command() {
          	global $config;
          	$settings = $config['installedpackages']['squidcache']['config'][0];
          	$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
          	$logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/log');
          
          	mwexec('rm -rf $cachedir');
          	mwexec('rm -rf $logdir');
          	mwexec('rm -f /usr/local/etc/rc.d/proxy_monitor.sh');
          	mwexec("ps awux | grep \"proxy_monitor\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill");
          	mwexec("ps awux | grep \"squid\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill");
          	mwexec("ps awux | grep \"dnsserver\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill");
          	mwexec("ps awux | grep \"unlinkd\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill");
          	filter_configure();
          }
          
          function squid_before_form_general($pkg) {
          	$values = get_dir(SQUID_CONFBASE . '/errors/');
          	// Get rid of '..' and '.'
          	array_shift($values);
          	array_shift($values);
          	$name = array();
          	foreach ($values as $value)
          		$names[] = implode(" ", explode("_", $value));
          
          	$i = 0;
          	foreach ($pkg['fields']['field'] as $field) {
          		if ($field['fieldname'] == 'error_language')
          			break;
          		$i++;
          	}
          	$field = &$pkg['fields']['field'][$i];
          
          	for ($i = 0; $i < count($values) - 1; $i++)
          		$field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]);
          }
          
          function squid_validate_general($post, $input_errors) {
          	global $config;
          	$icp_port = trim($post['icp_port']);
          	if (!empty($icp_port) && !is_port($icp_port))
          		$input_errors[] = 'You must enter a valid port number in the \'ICP port\' field';
          
          	if (substr($post['log_dir'], -1, 1) == '/')
          		$input_errors[] = 'You may not end log location with an / mark';
          
          	if ($post['log_dir']{0} != '/')
          		$input_errors[] = 'You must start log location with a / mark';
          	if (strlen($post['log_dir']) <= 3)
          		$input_errors[] = "That is not a valid log location dir";
          
          	$webgui_port = $config['system']['webgui']['port'];
          	if(($config['system']['webgui']['port'] == "") && ($config['system']['webgui']['protocol'] == "http")) {
          		$webgui_port = 80;
          	}
          
          	if (($post['transparent_proxy'] != 'on') && ($port == $webgui_port)) {
          		$input_errors[] = "You can not run squid on the same port as the webgui";
          	}
          }
          
          function squid_validate_upstream($post, $input_errors) {
          	if ($post['proxy_forwarding'] == 'on') {
          		$addr = trim($post['proxy_addr']);
          		if (empty($addr))
          			$input_errors[] = 'The field \'Hostname\' is required';
          		else {
          			if (!is_ipaddr($addr) && !is_domain($addr))
          				$input_errors[] = 'You must enter a valid IP address or host name in the \'Proxy hostname\' field';
          		}
          
          		foreach (array('proxy_port' => 'TCP port', 'icp_port' => 'ICP port') as $field => $name) {
          			$port = trim($post[$field]);
          			if (empty($port))
          				$input_errors[] = "The field '$name' is required";
          			else {
          					if (!is_port($port))
          					$input_errors[] = "The field '$name' must contain a valid port number, between 0 and 65535";
          			}
          		}
          	}
          }
          
          function squid_validate_cache($post, $input_errors) {
          	$num_fields = array(	'harddisk_cache_size' => 'Hard disk cache size',
          				'memory_cache_size' => 'Memory cache size',
          				'maximum_object_size' => 'Maximum object size',
          	);
          	foreach ($num_fields as $field => $name) {
          		$value = trim($post[$field]);
          		if (!is_numeric($value) || ($value < 0))
          			$input_errors[] = "You must enter a valid value for '$field'";
          	}
          
          	$value = trim($post['minimum_object_size']);
          	if (!is_numeric($value) || ($value < 0))
          		$input_errors[] = 'You must enter a valid value for \'Minimum object size\'';
          
          	if ($post['donotcache'] != "") {
          		foreach (split("\n", $post['donotcache']) as $host) {
          			$host = trim($host);
          			if (!is_ipaddr($host) && !is_domain($host))
          				$input_errors[] = "The host '$host' is not a valid IP or host name";
          		}
          	}
          
          	squid_dash_z();
          
          }
          
          function squid_validate_nac($post, $input_errors) {
          	$allowed_subnets = explode("\n", $post['allowed_subnets']);
          	foreach ($allowed_subnets as $subnet) {
          		$subnet = trim($subnet);
          		if (!empty($subnet) && !is_subnet($subnet))
          			$input_errors[] = "The subnet '$subnet' is not a valid CIDR range";
          	}
          
          	foreach (array(	'unrestricted_hosts', 'banned_hosts') as $hosts) {
          		foreach (explode("\n", $post[$hosts]) as $host) {
          			$host = trim($host);
          			if (!empty($host) && !is_ipaddr($host))
          				$input_errors[] = "The host '$host' is not a valid IP address";
          		}
          	}
          
          	foreach (array('unrestricted_macs', 'banned_macs') as $macs) {
          		foreach (explode("\n", $post[$macs]) as $mac) {
          			$mac = trim($mac);
          			if (!empty($mac) && !is_macaddr($mac))
          				$input_errors[] = "The mac '$mac' is not a valid MAC address";
          		}
          	}
          
          	foreach (explode(",", $post['timelist']) as $time) {
          		$time = trim($time);
          		if (!empty($time) && !squid_is_timerange($time))
          			$input_errors[] = "The time range '$time' is not a valid time range";
          	}
          }
          
          function squid_validate_traffic($post, $input_errors) {
          	$num_fields = array(	'max_download_size' => 'Maximum download size',
          				'max_upload_size' => 'Maximum upload size',
          				'perhost_throttling' => 'Per-host bandwidth throttling',
          				'overall_throttling' => 'Overall bandwidth throttling',
          	);
          	foreach ($num_fields as $field => $name) {
          		$value = trim($post[$field]);
          		if (!is_numeric($value) || ($value < 0))
          			$input_errors[] = "The field '$name' must contain a positive number";
          	}
          }
          
          function squid_validate_auth($post, $input_errors) {
          	$num_fields = array(	array('auth_processes', 'Authentication processes', 1),
          				array('auth_ttl', 'Authentication TTL', 0),
          	);
          	foreach ($num_fields as $field) {
          		$value = trim($post[$field[0]]);
          		if (!empty($value) && (!is_numeric($value) || ($value < $field[2])))
          			$input_errors[] = "The field '{$field[1]}' must contain a valid number greater than {$field[2]}";
          	}
          
          	$auth_method = $post['auth_method'];
          	if (($auth_method != 'none') && ($auth_method != 'local')) {
          		$server = trim($post['auth_server']);
          		if (empty($server))
          			$input_errors[] = 'The field \'Authentication server\' is required';
          		else if (!is_ipaddr($server) && !is_domain($server))
          			$input_errors[] = 'The field \'Authentication server\' must contain a valid IP address or domain name';
          
          		$port = trim($post['auth_server_port']);
          		if (!empty($port) && !is_port($port))
          			$input_errors[] = 'The field \'Authentication server port\' must contain a valid port number';
          
          		switch ($auth_method) {
          			case 'ldap':
          				$user = trim($post['ldap_user']);
          				if (empty($user))
          					$input_errors[] = 'The field \'LDAP server user DN\' is required';
          				else if (!$user)
          					$input_errors[] = 'The field \'LDAP server user DN\' must be a valid domain name';
          				break;
          			case 'radius':
          				$secret = trim($post['radius_secret']);
          				if (empty($secret))
          					$input_errors[] = 'The field \'RADIUS secret\' is required';
          				break;
          			case 'msnt':
          				foreach (explode(",", trim($post['msnt_secondary'])) as $server) {
          					if (!empty($server) && !is_ipaddr($server) && !is_domain($server))
          						$input_errors[] = "The host '$server' is not a valid IP address or domain name";
          				}
          				break;
          		}
          
          		$no_auth = explode("\n", $post['no_auth_hosts']);
          		foreach ($no_auth as $host) {
          			$host = trim($host);
          			if (!empty($host) && !is_subnet($host))
          				$input_errors[] = "The host '$host' is not a valid CIDR range";
          		}
          	}
          }
          
          function squid_resync_general() {
          	global $g, $config, $valid_acls;
          
          	$settings = $config['installedpackages']['squid']['config'][0];
          	$conf = "# This file is automatically generated by pfSense\n";
          	$conf = "# Do not edit manually!\n";
          
          	$port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128);
          	$ifaces = ($settings['active_interface'] ? $settings['active_interface'] : 'lan');
          	$real_ifaces = array();
          	foreach (explode(",", $ifaces) as $i => $iface) {
          		$real_ifaces[] = squid_get_real_interface_address($iface);
          		if($real_ifaces[$i][0]) {
          			$conf .= "http_port {$real_ifaces[$i][0]}:$port\n";
          		}
          	}
          	if (($settings['transparent_proxy'] == 'on')) {
          		$conf .= "http_port 127.0.0.1:80 transparent\n";
          	}
          	$icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0);
          
          	$pidfile = "{$g['varrun_path']}/squid.pid";
          	$language = ($settings['error_language'] ? $settings['error_language'] : 'English');
          	$errordir = SQUID_CONFBASE . '/errors/' . $language;
          	$hostname = ($settings['visible_hostname'] ? $settings['visible_hostname'] : 'localhost');
          	$email = ($settings['admin_email'] ? $settings['admin_email'] : 'admin@localhost');
          
          	$logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/log');
          
          	$logdir_cache = $logdir . '/cache.log';
          	$logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null');
                  $forwarded_for = ($settings['forwarded_for'] == 'on' ? 'off' : 'on');
          
          	$conf .= <<<eod<br>icp_port $icp_port
          
          pid_filename $pidfile
          cache_effective_user proxy
          cache_effective_group proxy
          error_directory $errordir
          visible_hostname $hostname
          cache_mgr $email
          forwarded_for $forwarded_for
          
          access_log $logdir_access
          cache_log $logdir_cache
          cache_store_log none
          shutdown_lifetime 3 seconds
          
          EOD;
          
          	if ($settings['allow_interface'] == 'on') {
          		$src = '';
          		foreach ($real_ifaces as $iface) {
          			list($ip, $mask) = $iface;
          			$ip = long2ip(ip2long($ip) & ip2long($mask));
          			$src .= " $ip/$mask";
          		}
          		$conf .= "# Allow local network(s) on interface(s)\n";
          		$conf .= "acl localnet src $src\n";
          		$valid_acls[] = 'localnet';
          	}
          
          	return $conf;
          }
          
          function squid_resync_cache() {
          	global $config;
          
          	$settings = $config['installedpackages']['squidcache']['config'][0];
          
          	$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
          	$disk_cache_size = ($settings['harddisk_cache_size'] ? $settings['harddisk_cache_size'] : 100);
          	$level1 = ($settings['level1_subdirs'] ? $settings['level1_subdirs'] : 16);
          	$memory_cache_size = ($settings['memory_cache_size'] ? $settings['memory_cache_size'] : 8);
          	$max_objsize = ($settings['maximum_object_size'] ? $settings['maximum_object_size'] : 10);
          	$min_objsize = ($settings['minimum_object_size'] ? $settings['minimum_object_size'] : 0);
          	$cache_policy = ($settings['cache_replacement_policy'] ? $settings['cache_replacement_policy'] : 'heap LFUDA');
          	$memory_policy = ($settings['memory_replacement_policy'] ? $settings['memory_replacement_policy'] : 'heap GDSF');
          	$offline_mode = ($settings['enable_offline'] == 'on' ? 'on' : 'off');
          
          	$conf = <<<eod<br>cache_dir diskd $cachedir $disk_cache_size $level1 256
          cache_mem $memory_cache_size MB
          maximum_object_size $max_objsize KB
          minimum_object_size $min_objsize KB
          cache_replacement_policy $cache_policy
          memory_replacement_policy $memory_policy
          offline_mode $offline_mode
          
          EOD;
          
          	$donotcache = base64_decode($settings['donotcache']);
          	if (!empty($donotcache)) {
          		file_put_contents(SQUID_ACLDIR . '/donotcache.acl', $donotcache);
          		$conf .= 'acl donotcache dstdomain "' . SQUID_ACLDIR . "/donotcache.acl\"\n";
          		$conf .= 'no_cache deny donotcache';
          	}
          
          	return $conf;
          }
          
          function squid_resync_upstream() {
          	global $config;
          	$settings = $config['installedpackages']['squidupstream']['config'][0];
          
          	$conf = '';
          	if ($settings['proxy_forwarding'] == 'on') {
          		$conf .= "cache_peer {$settings['proxy_addr']} parent {$settings['proxy_port']} {$settings['icp_port']} ";
          
          		if (!empty($settings['username']))
          			$conf .= " login={$settings['username']}";
          		if (!empty($settings['password']))
          			$conf .= ":{$settings['password']}";
          	}
          
          	return $conf;
          }
          
          function squid_resync_redirector() {
          	global $config;
          
          	$httpav_enabled = ($config['installedpackages']['clamav']['config'][0]['scan_http'] == 'on');
          	if ($httpav_enabled) {
          		$conf = "redirect_program /usr/local/bin/squirm\n";
          	} else {
          		$conf = "# No redirector configured\n";
          	}
          	return $conf;
          }
          
          function squid_resync_nac() {
          	global $config, $valid_acls;
          
          	$settings = $config['installedpackages']['squidnac']['config'][0];
          	$webgui_port = $config['system']['webgui']['port'];
          
          	$conf = << <eod<br># Setup some default acls
          acl all src 0.0.0.0/0
          acl localhost src 127.0.0.1
          acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 $webgui_port 1025-65535
          acl sslports port 443 563 $webgui_port
          acl manager proto cache_object
          acl purge method PURGE
          acl connect method CONNECT
          acl dynamic urlpath_regex cgi-bin \?
          
          EOD;
          
          	$allowed_subnets = explode("\n", base64_decode($settings['allowed_subnets']));
          	$allowed = "";
          	foreach ($allowed_subnets as $subnet) {
          		if(!empty($subnet)) {
          			$subnet = trim($subnet);
          			$allowed .= "$subnet ";
          		}
          	}
          	if (!empty($allowed)) {
          		$conf .= "acl allowed_subnets src $allowed\n";
          		$valid_acls[] = 'allowed_subnets';
          	}
          
          	$options = array(	'unrestricted_hosts' => 'src',
          				'banned_hosts' => 'src',
          				'whitelist' => 'dstdom_regex -i',
          				'blacklist' => 'dstdom_regex -i',
          	);
          	foreach ($options as $option => $directive) {
          		$contents = base64_decode($settings[$option]);
          		if (!empty($contents)) {
          			file_put_contents(SQUID_ACLDIR . "/$option.acl", $contents);
          			$conf .= "acl $option $directive \"" . SQUID_ACLDIR . "/$option.acl\"\n";
          			$valid_acls[] = $option;
          		}
          	}
          
          	$conf .= <<<eod<br>cache deny dynamic
          http_access allow manager localhost
          http_access deny manager
          http_access allow purge localhost
          http_access deny purge
          http_access deny !safeports
          http_access deny CONNECT !sslports
          
          # Always allow localhost connections
          http_access allow localhost
          
          EOD;
          
          	return $conf;
          }
          
          function squid_resync_traffic() {
          	global $config, $valid_acls;
          	if(!is_array($valid_acls))
          		return;
          	$settings = $config['installedpackages']['squidtraffic']['config'][0];
          	$conf = '';
          
          	$up_limit = ($settings['max_upload_size'] ? $settings['max_upload_size'] : 0);
          	$down_limit = ($settings['max_download_size'] ? $settings['max_download_suze'] : 0);
          	$conf .= "request_body_max_size $up_limit KB\n";
          	$conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " allow all\n";
          
          	// Only apply throttling past 10MB
          	// XXX: Should this really be hardcoded?
          	$threshold = 10 * 1024 * 1024;
          	$overall = $settings['overall_throttling'];
          	if (!isset($overall) || ($overall == 0))
          		$overall = -1;
          	else
          		$overall *= 1024;
          	$perhost = $settings['perhost_throttling'];
          	if (!isset($perhost) || ($perhost == 0))
          		$perhost = -1;
          	else
          		$perhost *= 1024;
          	$conf .= <<<eod<br>delay_pools 1
          delay_class 1 2
          delay_parameters 1 $overall/$overall $perhost/$perhost
          delay_initial_bucket_level 100
          
          EOD;
          
          	if(! empty($settings['unrestricted_hosts'])) {
          		foreach (array('unrestricted_hosts') as $item) {
          			if (in_array($item, $valid_acls))
          				$conf .= "# Do not throttle unrestricted hosts\n";
          				$conf .= "delay_access 1 deny $item\n";
          		}
          	}
          
          	if ($settings['throttle_specific'] == 'on') {
          		$exts = array();
          		$binaries = 'bin,cab,sea,ar,arj,tar,tgz,gz,tbz,bz2,zip,exe,com';
          		$cdimages = 'iso,bin,mds,nrg,gho,bwt,b5t,pqi';
          		$multimedia = 'aiff?,asf,avi,divx,mov,mp3,mp4,mpe?g,qt,ra?m';
          		foreach (array(	'throttle_binaries' => $binaries,
          				'throttle_cdimages' => $cdimages,
          				'throttle_multimedia' => $multimedia) as $field => $set) {
          			if ($settings[$field] == 'on')
          				$exts = array_merge($exts, explode(",", $set));
          		}
          
          		foreach (explode(",", $settings['throttle_others']) as $ext) {
          			if (!empty($ext)) $exts[] = $ext;
          		}
          
          		$contents = '';
          		foreach ($exts as $ext)
          			$contents .= "\.$ext\$\n";
          		file_put_contents(SQUID_ACLDIR . '/throttle_exts.acl', $contents);
          
          		$conf .= "# Throttle extensions matched in the url\n";
          		$conf .= "acl throttle_exts urlpath_regex -i \"" . SQUID_ACLDIR . "/throttle_exts.acl\"\n";
          		$conf .= "delay_access 1 allow throttle_exts\n";
          		$conf .= "delay_access 1 deny all\n";
          	}
          	else
          		$conf .= "delay_access 1 allow all\n";
          
          	return $conf;
          }
          
          function squid_resync_auth() {
          	global $config, $valid_acls;
          
          	$settings = $config['installedpackages']['squidauth']['config'][0];
          	$settingsnac = $config['installedpackages']['squidnac']['config'][0];
          	$settingsconfig = $config['installedpackages']['squid']['config'][0];
          	$conf = '';
          
          	// Deny the banned guys before allowing the good guys
          	if(! empty($settingsnac['banned_hosts'])) {
          		if (squid_is_valid_acl('banned_hosts')) {
          			$conf .= "# These hosts are banned\n";
          			$conf .= "http_access deny banned_hosts\n";
          		}
          	}
          	if(! empty($settingsnac['banned_macs'])) {
          		if (squid_is_valid_acl('banned_macs')) {
          			$conf .= "# These macs are banned\n";
          			$conf .= "http_access deny banned_macs\n";
          		}
          	}
          
          	// Unrestricted hosts take precendence over blacklist
          	if(! empty($settingsnac['unrestricted_hosts'])) {
          		if (squid_is_valid_acl('unrestricted_hosts')) {
          			$conf .= "# These hosts do not have any restrictions\n";
          			$conf .= "http_access allow unrestricted_hosts\n";
          		}
          	}
          	if(! empty($settingsnac['unrestricted_macs'])) {
          		if (squid_is_valid_acl('unrestricted_macs')) {
          			$conf .= "# These hosts do not have any restrictions\n";
          			$conf .= "http_access allow unrestricted_macs\n";
          		}
          	}
          
          	// Whitelist and blacklist also take precendence over other allow rules
          	if(! empty($settingsnac['whitelist'])) {
          		if (squid_is_valid_acl('whitelist')) {
          			$conf .= "# Always allow access to whitelist domains\n";
          			$conf .= "http_access allow whitelist\n";
          		}
          	}
          	if(! empty($settingsnac['blacklist'])) {
          		if (squid_is_valid_acl('blacklist')) {
          			$conf .= "# Block access to blacklist domains\n";
          			$conf .= "http_access deny blacklist\n";
          		}
          	}
          
          	$transparent_proxy = ($settingsconfig['transparent_proxy'] == 'on');
          	$auth_method = (($settings['auth_method'] && !$transparent_proxy) ? $settings['auth_method'] : 'none');
          	// Allow the remaining ACLs if no authentication is set
          	if ($auth_method == 'none') {
          		if ($settingsconfig['allow_interface'] == 'on') {
          			$conf .= "# Allow local network(s) on interface(s)\n";
          			$allowed = array('localnet', 'allowed_subnets');
          			$allowed = array_filter($allowed, 'squid_is_valid_acl');
          			foreach ($allowed as $acl)
          				$conf .= "http_access allow $acl\n";
          		}
          	}
          	else {
          		$noauth = implode(' ', explode("\n", base64_decode($settings['no_auth_hosts'])));
          		if (!empty($noauth)) {
          			$conf .= "acl noauth src $noauth\n";
          			$valid_acls[] = 'noauth';
          		}
          
          		// Set up the external authentication programs
          		$auth_ttl = ($settings['auth_ttl'] ? $settings['auth_ttl'] : 60);
          		$processes = ($settings['auth_processes'] ? $settings['auth_processes'] : 5);
          		$prompt = ($settings['auth_prompt'] ? $settings['auth_prompt'] : 'Please enter your credentials to access the proxy');
          		switch ($auth_method) {
          			case 'local':
          				$conf .= 'auth_param basic program /usr/local/libexec/squid/ncsa_auth ' . SQUID_PASSWD . "\n";
          				break;
          			case 'ldap':
          				$port = (isset($settings['auth_port']) ? ":{$settings['auth_port']}" : '');
          				$password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : '');
          				$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"(&(objectClass=person)(cn=%s))\" -u cn -P {$settings['auth_server']}$port\n";
          				break;
          			case 'radius':
          				$port = (isset($settings['auth_port']) ? "-p {$settings['auth_server_port']}" : '');
          				$conf .= "auth_param basic program /usr/local/libexec/squid/squid_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n";
          				break;
          			case 'msnt':
          				$conf .= "auth_param basic program /usr/local/libexec/squid/msnt_auth\n";
          				break;
          		}
          		$conf .= <<<eod<br>auth_param basic children $processes
          auth_param basic realm $prompt
          auth_param basic credentialsttl $auth_ttl minutes
          acl password proxy_auth REQUIRED
          
          EOD;
          
          		// Onto the ACLs
          		$password = array('localnet', 'allowed_subnets');
          		$passwordless = array('unrestricted_hosts');
          		if ($settings['unrestricted_auth'] == 'on') {
          			// Even the unrestricted hosts should authenticate
          			$password = array_merge($password, $passwordless);
          			$passwordless = array();
          		}
          		$passwordless[] = 'noauth';
          		$password = array_filter($password, 'squid_is_valid_acl');
          		$passwordless = array_filter($passwordless, 'squid_is_valid_acl');
          
          		// Allow the ACLs that don't need to authenticate
          		foreach ($passwordless as $acl)
          			$conf .= "http_access allow $acl\n";
          
          		// Allow the other ACLs as long as they authenticate
          		foreach ($password as $acl)
          			$conf .= "http_access allow password $acl\n";
          	}
          
          	$conf .= "# Default block all to be sure\n";
          	$conf .= "http_access deny all\n";
          
          	return $conf;
          }
          
          function squid_resync_users() {
          	global $config;
          
          	$users = $config['installedpackages']['squidusers']['config'];
          	$contents = '';
          	if (is_array($users)) {
          		foreach ($users as $user)
          			$contents .= $user['username'] . ':' . crypt($user['password'], base64_encode($user['password'])) . "\n";
          	}
          	file_put_contents(SQUID_PASSWD, $contents);
          	chown(SQUID_PASSWD, 'proxy');
          	chmod(SQUID_PASSWD, 0600);
          }
          
          function squid_resync() {
          	global $config;
          	$conf = squid_resync_general() . "\n";
          	$conf .= squid_resync_cache() . "\n";
          	$conf .= squid_resync_redirector() . "\n";
          	$conf .= squid_resync_upstream() . "\n";
          	$conf .= squid_resync_nac() . "\n";
          	$conf .= squid_resync_traffic() . "\n";
          	$conf .= squid_resync_auth();
          	squid_resync_users();
          
          	/* make sure pinger is executable */
          	exec("chmod a+x /usr/local/libexec/squid/pinger");
          
          	file_put_contents(SQUID_CONFBASE . '/squid.conf', $conf);
          
          	$log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'].'/';
          
          	if(!is_dir($log_dir)) {
          		log_error("Creating squid log dir $log_dir");
          		make_dirs($log_dir);
          		squid_chown_recursive($log_dir, 'proxy', 'proxy');
          	}
          
          	squid_dash_z();
          
          	if (!is_service_running('squid')) {
          		log_error("Starting Squid");
          		mwexec_bg("/usr/local/sbin/squid -D");
          	} else {
          		log_error("Reloading Squid for configuration sync");
          		mwexec("/usr/local/sbin/squid -k reconfigure");
          	}
          
          	filter_configure();
          }
          
          function squid_print_javascript_auth() {
          	global $config;
          	$transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on');
          
          	// No authentication for transparent proxy
          	if ($transparent_proxy) {
          		$javascript = << <eod<br>EOD;
          	}
          	else {
          		$javascript = << <eod<br>EOD;
          	}
          
          	print($javascript);
          }
          
          function squid_print_javascript_auth2() {
          	print("\n");
          }
          
          function squid_generate_rules($type) {
          	global $config;
          
          	$squid_conf = $config['installedpackages']['squid']['config'][0];
          	if (!is_service_running('squid')) {
          		log_error("SQUID is installed but not started.  Not installing redirect rules.");
          		return;
          	}
          
          	if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) {
          		return;
          	}
          
          	$ifaces = explode(",", $squid_conf['active_interface']);
          	$ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces);
          	$port = ($squid_conf['proxy_port'] ? $squid_conf['proxy_port'] : 3128);
          
          	switch($type) {
          	case 'nat':
          		foreach ($ifaces as $iface)
          			$rules .= "# Setup Squid proxy redirect\n";
          			$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
          			$rules .= "\n";
          		break;
          	case 'filter':
          		foreach ($ifaces as $iface)
          			$rules .= "# Setup squid pass rules for proxy\n";
          			$rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
          			$rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";
          			$rules .= "\n";
          		break;
          	default:
          		break;
          	}
          
          	return $rules;
          }
          ?></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br> 
          

          and

          squid.xml

          
           <packagegui><name>squid</name>
          	<version>2.6.5_1-p15</version>
          	<include_file>/usr/local/pkg/squid.inc</include_file>
          
          	 <additional_files_needed>http://www.pfsense.org/packages/config/squid/squid.inc</additional_files_needed> 
          	 <additional_files_needed>http://www.pfsense.org/packages/config/squid/squid_cache.xml</additional_files_needed> 
          	 <additional_files_needed>http://www.pfsense.org/packages/config/squid/squid_nac.xml</additional_files_needed> 
          	 <additional_files_needed>http://www.pfsense.org/packages/config/squid/squid_ng.xml</additional_files_needed> 
          	 <additional_files_needed>http://www.pfsense.org/packages/config/squid/squid_traffic.xml</additional_files_needed> 
          	 <additional_files_needed>http://www.pfsense.org/packages/config/squid/squid_upstream.xml</additional_files_needed> 
          	 <additional_files_needed>http://www.pfsense.org/packages/config/squid/squid_auth.xml</additional_files_needed> 
          	 <additional_files_needed>http://www.pfsense.org/packages/config/squid/squid_users.xml</additional_files_needed> 
          	 <additional_files_needed>http://www.pfsense.org/packages/config/squid/proxy_monitor.sh
          	    <prefix>/usr/local/etc/rc.d/</prefix>
          	    <chmod>0755</chmod></additional_files_needed> 
          
          <menu>
          		<name>Proxy server</name>
          		<tooltiptext>Modify the proxy server's settings</tooltiptext>
          		Services
          		<url>/pkg_edit.php?xml=squid.xml&id=0</url>
          	</menu>
          
          	 <service><name>squid</name>
          		<description>Proxy server Service</description>
          		<rcfile>squid.sh</rcfile>
          		<executable>squid</executable></service> 
          
          	<title>Proxy server: General settings</title>
          	 <tabs><tab><text>General settings</text>
          			<url>/pkg_edit.php?xml=squid.xml&id=0</url>
          			 <active></active></tab> 
          		 <tab><text>Upstream proxy</text>
          			<url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url></tab> 
          		 <tab><text>Cache management</text>
          			<url>/pkg_edit.php?xml=squid_cache.xml&id=0</url></tab> 
          		 <tab><text>Access control</text>
          			<url>/pkg_edit.php?xml=squid_nac.xml&id=0</url></tab> 
          		 <tab><text>Traffic management</text>
          			<url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url></tab> 
          		 <tab><text>Auth settings</text>
          			<url>/pkg_edit.php?xml=squid_auth.xml&id=0</url></tab> 
          		 <tab><text>Local users</text>
          			<url>/pkg.php?xml=squid_users.xml</url></tab></tabs> 
          	 <fields><field><fieldname>active_interface</fieldname>
          			<fielddescr>Proxy interface</fielddescr>
          			<description>The interface(s) the proxy server will bind to.</description>
          			<default_value>lan</default_value>
          			 <required><type>interfaces_selection</type></required></field> 
          		 <field><fieldname>allow_interface</fieldname>
          			<fielddescr>Allow users on interface</fielddescr>
          			<description>If this field is checked, the users connected to the interface selected in the 'Proxy interface' field will be allowed to use the proxy, i.e., there will be no need to add the interface's subnet to the list of allowed subnets. This is just a shortcut.</description>
          			<default_value>on</default_value>
          			 <required><type>checkbox</type></required></field> 
          		 <field><fieldname>transparent_proxy</fieldname>
          			<fielddescr>Transparent proxy</fielddescr>
          			<description>If transparent mode is enabled, all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary.</description>
          			 <required><type>checkbox</type></required></field> 
          		 <field><fieldname>log_enabled</fieldname>
          			<fielddescr>Enabled logging</fielddescr>
          			<description>This will enable the access log. Don't switch this on if you don't have much disk space left.</description>
          			<enablefields>log_query_terms,log_user_agents</enablefields>
          			<type>checkbox</type></field> 
          		 <field><fieldname>log_dir</fieldname>
          			<fielddescr>Log store directory</fielddescr>
          			<description>The directory where the log will be stored (note: do not end with a / mark)</description>
          			 <required><type>input</type>
          			<size>60</size>
          			<default_value>/var/squid/log</default_value></required></field> 
          		 <field><fieldname>proxy_port</fieldname>
          			<fielddescr>Proxy port</fielddescr>
          			<description>This is the port the proxy server will listen on.</description>
          			 <required><type>input</type>
          			<size>5</size>
          			<default_value>3128</default_value></required></field> 
          		 <field><fieldname>icp_port</fieldname>
          			<fielddescr>ICP port</fielddescr>
          			<description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. Leave this blank if you don't want the proxy server to communicate with neighbor caches through ICP.</description>
          			<type>input</type>
          			<size>5</size></field> 
          		 <field><fieldname>visible_hostname</fieldname>
          			<fielddescr>Visible hostname</fielddescr>
          			<description>This is the URL to be displayed in proxy server error messages.</description>
          			<default_value>localhost</default_value>
          			<type>input</type>
          			<size>60</size></field> 
          		 <field><fieldname>admin_email</fieldname>
          			<fielddescr>Administrator email</fielddescr>
          			<description>This is the email address displayed in error messages to the users.</description>
          			<default_value>admin@localhost</default_value>
          			<type>input</type>
          			<size>60</size></field> 
          		 <field><fielddescr>Language</fielddescr>
          			<fieldname>error_language</fieldname>
          			<description>Select the language in which the proxy server will display error messages to users.</description>
          			<default_value>English</default_value>
          			<type>select</type></field> 
          		 <field><fielddescr>Hide originating client address</fielddescr>
          			<fieldname>forwarded_for</fieldname>
          			<description>Enable this option and the proxy server will hide your internal IP from the internet. If not set, Squid will include your system's IP address or name in the HTTP requests it forwards. By default it looks like this: X-Forwarded-For: X.X.X.X. If you enable this, it will appear as X-Forwarded-For: unknown</description>
          			 <required><type>checkbox</type></required></field></fields> 
          	 <custom_add_php_command>squid_resync();</custom_add_php_command> 
          	 <custom_php_command_before_form>squid_before_form_general(&$pkg);</custom_php_command_before_form> 
          	 <custom_php_validation_command>squid_validate_general($_POST, &$input_errors);</custom_php_validation_command> 
          	 <custom_php_resync_config_command>squid_resync();
          		exec("/bin/rm -f /usr/local/etc/rc.d/squid");</custom_php_resync_config_command> 
          	 <custom_php_install_command>update_status("Checking Squid cache... One moment please...");
          		update_output_window("This operation may take quite some time, please be patient.  Do not press stop or attempt to navigate away from this page during this process.");
          		squid_install_command();
          		squid_resync();
          		exec("/bin/rm -f /usr/local/etc/rc.d/squid");</custom_php_install_command> 
          	 <custom_php_deinstall_command>squid_deinstall_command();
          		exec("/bin/rm -f /usr/local/etc/rc.d/squid*");</custom_php_deinstall_command></packagegui> 
          
          

          Many Thanks to trendchiller!  8)

          Greetins,

          xabbu

          1 Reply Last reply Reply Quote 0
          • D
            dvserg
            last edited by

            What version squidGuard worked with current squid version?

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Since squidGuard hasn't been in development for a number of years, the latest version in the FreeBSD ports tree should be perfectly adequate.  I've used it before (not on pfSense) with the squid26 port.

              1 Reply Last reply Reply Quote 0
              • D
                dvserg
                last edited by

                I have pfSense 1.0.1 and latest official squid package (squid-2.6.5) from this topic

                When i test self sG package gui with this on local pkg_config.xml  (xmlrpc):
                     ```
                <depends_on_package_base_url>http://ftp13.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/All</depends_on_package_base_url>
                <depends_on_package>squidGuard-1.2.0_1.tbz</depends_on_package>

                
                this download previous version squid-2.5.14_2.tbz and install them  ???
                In **pkg_info** i looking both versions of **sqiud**
                What i must do for use squidGuard whith installed newest version squid (not download previous version)?
                
                ps: i only make webGUI for squidGuard for existing hidden in pkg_config.xml _squidGuard package_

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • X
                  xstas
                  last edited by

                  Error in /usr/local/pkg/squid.inc, line #639

                  'max_download_suze' must be changed on 'max_download_size'

                  1 Reply Last reply Reply Quote 0
                  • S
                    sullrich
                    last edited by

                    Fixed, thanks!

                    1 Reply Last reply Reply Quote 0
                    • D
                      dvserg
                      last edited by

                      Question-request
                      Possible add to squid package log-rotation?
                      For instance in the manner of list (element-select)
                      -never
                      -daily
                      -weekly
                      -monthly

                      SquidGuardDoc EN  RU Tutorial
                      Localization ru_PFSense

                      1 Reply Last reply Reply Quote 0
                      • S
                        sullrich
                        last edited by

                        @dvserg:

                        Question-request
                        Possible add to squid package log-rotation?
                        For instance in the manner of list (element-select)
                        -never
                        -daily
                        -weekly
                        -monthly

                        Patches accepted.

                        1 Reply Last reply Reply Quote 0
                        • A
                          abubin
                          last edited by

                          just installed squid and find it to be quite nice. The interface is completely different from what I expected. Not as powerful as I would like it to be. Probably cause I am used to webmin.

                          Anyway, some of the features I needed are not in the gui. Can I port over my own squid.conf and apply it there? I understand I won't be able to edit the squid.conf later using the gui. I am okay with that as I can edit the file manually. Will that work?

                          1 Reply Last reply Reply Quote 0
                          • D
                            dvserg
                            last edited by

                            Yes You can edit squid.conf manually But don't run gui after - conf will rewrited

                            SquidGuardDoc EN  RU Tutorial
                            Localization ru_PFSense

                            1 Reply Last reply Reply Quote 0
                            • J
                              Justinw
                              last edited by

                              If you want to write your own conf files, just edit the squid.sh file in /usr/local/etc/rc.d/squid.sh 
                              Add the startup flag to point to the squid.conf that you write yourself.
                              The webgui won't work for changes anymore, but you won't get your conf file rewritten every time the box restarts either.
                              Also, webmin runs on a pfsense machine
                              pkg_add -r webmin
                              run setup.pl instead .sh
                              Boom, you have webmin.

                              1 Reply Last reply Reply Quote 0
                              • H
                                hoba
                                last edited by

                                @Justinw:

                                Boom, you have webmin.

                                What exactly do you mean goes Boom?  ;D

                                1 Reply Last reply Reply Quote 0
                                • J
                                  Justinw
                                  last edited by

                                  Boom probably is a good word for it, I wouldn't use webmin to change anything, but you can if you want…hehe

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    dminkler
                                    last edited by

                                    I'm having trouble with setting up mac filtering, I was wondering if that option was included in the "return" of squid?

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dvserg
                                      last edited by

                                      On transparent mode squid blocked access to 127.0.0.1 (from php to self system), but access trought LAN ip worked. It's bug or no?

                                      SquidGuardDoc EN  RU Tutorial
                                      Localization ru_PFSense

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.