Bug on pfsense validation for Squid / Do Not Cache

nublaii

I am using pfsense 2.3.4-RELEASE-p1 and I believe there is a bug in the way the field Local Cache / Do Not Cache is being parsed and validated.

Pfsense's web interface only allows for IP addresses or valid domains on that field, and it checks the contents of that area with this function:

	if ($post['donotcache'] != "") {
		foreach (split("\n", $post['donotcache']) as $host) {
			$host = trim($host);
			if (!is_ipaddr($host) && !is_domain($host)) {
				$input_errors[] = "The host '$host' is not a valid IP or hostname.";
			}
		}
		unset($host);
	}

The problem with this is if you want to avoid caching a whole website, for example cnn.com, you need to enter in this field cnn.com, www.cnn.com, edition.cnn.com, edition.i.cnn.com… etc etc

Or you could just use .cnn.com and that would cover everything.

The bug, I believe, is that applying the is_domain function on that field breaks this usage, because .cnn.com is not a valid domain for is_domain.

The following input errors were detected:
The host '.example.com' is not a valid IP or hostname.

Could we relax that validation or adapt it to allow for this particular usage?

doktornotor

You can try this:

https://github.com/pfsense/FreeBSD-ports/commit/0fd22e0de4296a5bcc63fb83d5a3178a2c4f79ed.patch
https://github.com/pfsense/FreeBSD-ports/pull/402

doktornotor

Fixed in 0.4.4x