Ejemplo n.º 1
0
function start($nopid = false)
{
    $sock = new sockets();
    $unix = new unix();
    $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
    if (!$nopid) {
        $pid = $unix->get_pid_from_file($pidfile);
        if ($unix->process_exists($pid, basename(__FILE__))) {
            $time = $unix->PROCCESS_TIME_MIN($pid);
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Already Artica task running PID {$pid} since {$time}mn\n";
            }
            return;
        }
    }
    $pid = ntopng_pid();
    if ($unix->process_exists($pid)) {
        $time = $unix->PROCCESS_TIME_MIN($pid);
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Already running since {$time}Mn...\n";
        }
        return;
    }
    $Enablentopng = $sock->GET_INFO("Enablentopng");
    if (!is_numeric($Enablentopng)) {
        $Enablentopng = 0;
    }
    $SquidPerformance = intval($sock->GET_INFO("SquidPerformance"));
    if ($SquidPerformance > 2) {
        $Enablentopng = 0;
    }
    if ($Enablentopng == 0) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Disabled ( see Enablentopng )...\n";
        }
        return;
    }
    $masterbin = $unix->find_program("ntopng");
    if (!is_file($masterbin)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Not installed...\n";
        }
        return;
    }
    $redis_pid = redis_pid();
    if (!$unix->process_exists($redis_pid)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting redis-server\n";
        }
    }
    $redis_pid = redis_pid();
    if (!$unix->process_exists($redis_pid)) {
        $php = $unix->LOCATE_PHP5_BIN();
        system("{$php} /usr/share/artica-postfix/exec.redis-server.php --start");
    }
    $redis_pid = redis_pid();
    if (!$unix->process_exists($redis_pid)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} failed, unable to start redis-server\n";
        }
        return;
    }
    CheckFilesAndSecurity();
    $version = ntopng_version();
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting service v{$version}\n";
    }
    $net = new networkscanner();
    while (list($num, $maks) = each($net->networklist)) {
        if (trim($maks) == null) {
            continue;
        }
        if (isset($net->Networks_disabled[$maks])) {
            continue;
        }
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Analyze {$maks}\n";
        }
        $hash[$maks] = $maks;
    }
    while (list($a, $b) = each($hash)) {
        $MASKZ[] = $a;
    }
    $arrayConf = unserialize(base64_decode($sock->GET_INFO("ntopng")));
    if (!is_numeric($arrayConf["HTTP_PORT"])) {
        $arrayConf["HTTP_PORT"] = 3000;
    }
    $f[] = $masterbin;
    $f[] = "--daemon";
    $f[] = "--dns-mode 1";
    $f[] = "--http-port {$arrayConf["HTTP_PORT"]}";
    $f[] = "--local-networks \"" . @implode(",", $MASKZ) . "\"";
    $f[] = "--user root";
    $f[] = "--data-dir /home/ntopng";
    $f[] = "--pid /var/run/ntopng/ntopng.pid";
    $f[] = "--dump-flows";
    $f[] = all_interfaces();
    if (intval($arrayConf["ENABLE_LOGIN"]) == 0) {
        $f[] = "--disable-login";
    }
    $cmd = @implode(" ", $f);
    shell_exec($cmd);
    $c = 1;
    for ($i = 0; $i < 10; $i++) {
        sleep(1);
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting service waiting {$c}/10\n";
        }
        $pid = ntopng_pid();
        if ($unix->process_exists($pid)) {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Success PID {$pid}\n";
            }
            break;
        }
        $c++;
    }
    $pid = ntopng_pid();
    if (!$unix->process_exists($pid)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Failed\n";
        }
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$cmd}\n";
        }
    }
}
Ejemplo n.º 2
0
function ApplyConfig()
{
    $unix = new unix();
    $squid = new squidbee();
    writelogs("->BuildBlockedSites", __FUNCTION__, __FILE__, __LINE__);
    $squid->BuildBlockedSites();
    acl_clients_ftp();
    acl_whitelisted_browsers();
    acl_allowed_browsers();
    $SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
    if (!is_file($SQUID_CONFIG_PATH)) {
        writelogs("Unable to stat squid configuration file \"{$SQUID_CONFIG_PATH}\"", __FUNCTION__, __FILE__, __LINE__);
        return;
    }
    echo "Starting......: Squid building main configuration done\n";
    $squid = new squidbee();
    $conf = $squid->BuildSquidConf();
    @file_put_contents("/etc/artica-postfix/settings/Daemons/GlobalSquidConf", $conf);
    @file_put_contents($SQUID_CONFIG_PATH, $conf);
    if ($squid->EnableKerbAuth) {
        shell_exec($unix->LOCATE_PHP5_BIN() . " " . dirname(__FILE__) . "/exec.kerbauth.php --build");
    }
    squidclamav();
    wrapzap();
    certificate_generate();
    SQUID_TEMPLATES();
    CheckFilesAndSecurity();
}
Ejemplo n.º 3
0
function build()
{
    $sock = new sockets();
    $unix = new unix();
    $ini = new Bs_IniHandler();
    $squid = new squidbee();
    $IPADDRSSL = array();
    $IPADDRSSL2 = array();
    $ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters');
    $SquidAsMasterPeer = intval($sock->GET_INFO("SquidAsMasterPeer"));
    $SquidAsMasterPeerPort = intval($sock->GET_INFO("SquidAsMasterPeerPort"));
    $SquidAsMasterPeerPortSSL = intval($sock->GET_INFO("SquidAsMasterPeerPortSSL"));
    $SquidAsMasterPeerIPAddr = $sock->GET_INFO("SquidAsMasterPeerIPAddr");
    $visible_hostname = $ini->_params["NETWORK"]["visible_hostname"];
    if ($visible_hostname == null) {
        $visible_hostname = $unix->hostname_g();
    }
    $SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr");
    $AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid");
    if (!is_numeric($AllowAllNetworksInSquid)) {
        $AllowAllNetworksInSquid = 1;
    }
    $ini->loadString($ArticaSquidParameters);
    $ZipProxyListenIpAdress = $sock->GET_INFO("ZipProxyListenIpAdress");
    $zipproxy_port = intval($sock->GET_INFO("zipproxy_port"));
    if ($zipproxy_port == 0) {
        $zipproxy_port = 5561;
    }
    $zipproxy_MaxSize = intval($sock->GET_INFO("zipproxy_MaxSize"));
    if ($zipproxy_MaxSize == 0) {
        $zipproxy_MaxSize = 1048576;
    }
    $ZipProxyUnrestricted = intval($sock->GET_INFO("ZipProxyUnrestricted"));
    $ConvertToGrayscale = intval($sock->GET_INFO("ConvertToGrayscale"));
    $zipproxy_ProcessHTML = intval($sock->GET_INFO("zipproxy_ProcessHTML"));
    $zipproxy_ProcessCSS = intval($sock->GET_INFO("zipproxy_ProcessCSS"));
    $zipproxy_ProcessJS = intval($sock->GET_INFO("zipproxy_ProcessJS"));
    NETWORK_ALL_INTERFACES();
    if ($ZipProxyListenIpAdress != null) {
        if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$ZipProxyListenIpAdress])) {
            $f[] = "# {$ZipProxyListenIpAdress} Interface Hardware error";
        }
    }
    $dns_nameservers = $squid->dns_nameservers(true);
    $hostname = $unix->hostname_g();
    if ($SquidAsMasterPeerIPAddr == "0.0.0.0") {
        $SquidAsMasterPeerIPAddr = null;
    }
    if ($SquidAsMasterPeerIPAddr == null) {
        $SquidAsMasterPeerIPAddr = "127.0.0.1";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: Listen......: {$ZipProxyListenIpAdress}:{$zipproxy_port}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: Unrestricted: {$ZipProxyUnrestricted}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: Master......: {$SquidAsMasterPeerIPAddr}:{$SquidAsMasterPeerPort}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: Convert to g: {$ConvertToGrayscale}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: Process JS..: {$zipproxy_ProcessJS}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: Process CSS.: {$zipproxy_ProcessCSS}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: Process HTML: {$zipproxy_ProcessHTML}\n";
    }
    $f[] = "############################";
    $f[] = "# daemon mode-only options #";
    $f[] = "############################";
    $f[] = "";
    $f[] = "## Port to listen for proxy connections";
    $f[] = "## default: 8080";
    $f[] = "Port = {$zipproxy_port}";
    $f[] = "";
    $f[] = "## Local address to listen for proxy connections";
    $f[] = "## If you have more than one network interface,";
    $f[] = "## it's useful for restricting to which interface you want to bind to.";
    $f[] = "## By default Ziproxy binds to all interfaces.";
    if ($ZipProxyListenIpAdress != null) {
        $f[] = "Address = \"{$ZipProxyListenIpAdress}\"";
    }
    $f[] = "";
    $f[] = "## Accepts conections only from that address.";
    $f[] = "## WARNING: Remember to restrict the access to Ziproxy";
    $f[] = "## if your machine is directly connected to the Internet.";
    if ($ZipProxyUnrestricted == 0) {
        $backends = $squid->backends_list();
        $f[] = "OnlyFrom = \"" . @implode(" ", $backends) . "\"";
    }
    $f[] = "";
    $f[] = "## Limits the number of simultaneous active user connections.";
    $f[] = "## This does not affect the connection queue (see: SOMAXCONN).";
    $f[] = "##";
    $f[] = "## This also (indirectly) limits the number of processes Ziproxy will run";
    $f[] = "## at once. Formula for the worst-case scenario:";
    $f[] = "## MaxZiproxyProcesses = 1 + MaxActiveUserConnections";
    $f[] = "## OR if PreemptNameRes is enabled (worst-case scenario):";
    $f[] = "## MaxZiproxyProcesses = 1 + MaxActiveUserConnections * (1 + PreemptNameResMax)";
    $f[] = "##";
    $f[] = "## Valid values: 0 (no limit), >0 (max ative connections).";
    $f[] = "##";
    $f[] = "## default: 0 (no limit -- relies on OS limit instead)";
    $f[] = "# MaxActiveUserConnections = 20";
    $f[] = "PIDFile = \"/var/run/squid/ziproxy.pid\"";
    $f[] = "RunAsUser = \"squid\"";
    $f[] = "RunAsGroup = \"squid\"";
    $f[] = "";
    $f[] = "";
    $f[] = "";
    $f[] = "##################################";
    $f[] = "# TOS marking (daemon mode-only) #";
    $f[] = "##################################";
    $f[] = "";
    $f[] = "## TOS marking";
    $f[] = "## Enable this if you want to specify the (IP-level) TOS certain types";
    $f[] = "## of traffic from ziproxy -> user.";
    $f[] = "##";
    $f[] = "## This feature is useful if one wants to do application-level QoS.";
    $f[] = "## Setting TOS does not provide QoS alone. You must be either using";
    $f[] = "## a network with routers priorizing traffic according to their TOS,";
    $f[] = "## or set your own QoS/traffic-shaper system  and treat the packets";
    $f[] = "## with certain TOS accordingly.";
    $f[] = "##";
    $f[] = "## Ziproxy is RFC-agnostic regarding TOS bit meanings,";
    $f[] = "## though there may be limitations imposed by the host OS.";
    $f[] = "## See: RFC 791, RFC 1122, RFC 1349, RFC 2474 and RFC 3168.";
    $f[] = "##";
    $f[] = "## If disabled, all other TOS options won't have effect.";
    $f[] = "## Disabled by default.";
    $f[] = "# TOSMarking = false";
    $f[] = "";
    $f[] = "## TOS to set by default";
    $f[] = "## This is a decimal value between 0-255.";
    $f[] = "##";
    $f[] = "## If unset, will use the OS default (which usually is 0).";
    $f[] = "## If you want to make sure it is set to 0, then set";
    $f[] = "## this option accordingly.";
    $f[] = "##";
    $f[] = "## Your OS may put restrictions on which bits you may set";
    $f[] = "## (so certain bits will remain unchanged regardless).";
    $f[] = "## Your OS may also restrict which bits and/or value ranges";
    $f[] = "## you may set if you're not running as root.";
    $f[] = "## Other (non-unixish) OSes may be unable to set TOS at all.";
    $f[] = "##";
    $f[] = "## Default: unset.";
    $f[] = "# TOSFlagsDefault = 0";
    $f[] = "";
    $f[] = "## TOS to set when the traffic is considered \"differentiated\",";
    $f[] = "## according to TOSMarkAsDiffURL, TOSMarkAsDiffCT or TOSMarkAsDiffSizeBT.";
    $f[] = "## This is a decimal value between 0-255.";
    $f[] = "##";
    $f[] = "## If unset, there will be no differentiated traffic at all.";
    $f[] = "##";
    $f[] = "## Your OS may put restrictions on which bits you may set";
    $f[] = "## (so certain bits will remain unchanged regardless).";
    $f[] = "## Your OS may also restrict which bits and/or value ranges";
    $f[] = "## you may set if you're not running as root.";
    $f[] = "## Other (non-unixish) OSes may be unable to set TOS at all.";
    $f[] = "##";
    $f[] = "## Default: unset.";
    $f[] = "# TOSFlagsDiff = 16";
    $f[] = "";
    $f[] = "## This is the file containing a list of URLs which should";
    $f[] = "## have their traffic \"differentiated\"";
    $f[] = "## (that is, to have their TOS changed to TOSFlagsDiff).";
    $f[] = "##";
    $f[] = "## Inside the file, the URLs may also contain pattern-matching asterisks.";
    $f[] = "## Comments may be present if prefixed by '#' (shell-alike).";
    $f[] = "## In order to match a whole site: \"http://www.examplehost.xyz/*\"";
    $f[] = "##";
    $f[] = "## Default: none";
    $f[] = "# TOSMarkAsDiffURL = \"/etc/ziproxy/change_tos.list\"";
    $f[] = "";
    $f[] = "## This is the content-type list of data that should";
    $f[] = "## have their traffic \"differentiated\"";
    $f[] = "## (that is, to have their TOS changed to TOSFlagsDiff).";
    $f[] = "## This is the content-type as received by the remote HTTP server,";
    $f[] = "## if it is changed by Ziproxy later, it will not be taken into account.";
    $f[] = "##";
    $f[] = "## \"\" (empty string) will match empty content-types AND data which have";
    $f[] = "## no content-type specified.";
    $f[] = "##";
    $f[] = "## If no subtype is specified, all subtypes will match:";
    $f[] = "## \"aaaa\" will match \"aaaa\", \"aaaa/bbbb\", \"aaaa/cccc\" etc";
    $f[] = "##";
    $f[] = "## See also: TOSMarkAsDiffCTAlsoXST";
    $f[] = "## Default: none";
    $f[] = "# TOSMarkAsDiffCT = {\"video/flv\", \"video/x-msvideo\", \"audio/*\",";
    $f[] = "#                    \"application/x-shockwave-flash\", \"application/x-rpm\",";
    $f[] = "#                    \"application/x-msi\", \"application/x-tar\"}";
    $f[] = "";
    $f[] = "## When using TOSMarkAsDiffCT, this defines whether to also automatically add";
    $f[] = "## content-type entries with 'x-' prefix appended to subtypes";
    $f[] = "## (aaaa/bbbb also adding aaaa/x-bbbb).";
    $f[] = "## Usually it's convenient to do this way, that avoids worrying about";
    $f[] = "## having to create duplicated entries, or whether which variant is valid.";
    $f[] = "##";
    $f[] = "## You may want to disable this is you wish to have a precise control";
    $f[] = "## of what types of content-type you wish to include.";
    $f[] = "##";
    $f[] = "## See also: TOSMarkAsDiffCT";
    $f[] = "## Default: true";
    $f[] = "# TOSMarkAsDiffCTAlsoXST = true";
    $f[] = "";
    $f[] = "## This is the stream size threshold (in bytes) which, if reached,";
    $f[] = "## will make such traffic \"differentiated\"";
    $f[] = "## (that is, to have their TOS changed to TOSFlagsDiff).";
    $f[] = "## The stream size is the ziproxy -> user one (which may be";
    $f[] = "## bigger or smaller than the original one, sent by the HTTP server).";
    $f[] = "##";
    $f[] = "## There are two possible behaviors with this parameter:";
    $f[] = "## - The total stream size is known beforehand, so the data";
    $f[] = "##   will be marked as differentiated from the beginning.";
    $f[] = "## - The total stream size is unknown, so the data will";
    $f[] = "##   be marked as differentiated once it reaches that";
    $f[] = "##   size.";
    $f[] = "##";
    $f[] = "## Current limitations (this may change in the future):";
    $f[] = "## - The maximum value to be specified here is signed int";
    $f[] = "##   usually 32bit -> (2^31 - 1).";
    $f[] = "## - HTTP range requests are not taken into account so, if their effective";
    $f[] = "##   streams do not reach this threshold, such data will not be";
    $f[] = "##   marked as \"differentiated\", even if the HTTP range goes beyond that.";
    $f[] = "## - Usually the HTTP headers will not be taken into account (only the body";
    $f[] = "##   size itself), except in cases such as CONNECT method";
    $f[] = "##   and URLNoProcessing (cases when the data from server is treated like";
    $f[] = "##   a \"black box\").";
    $f[] = "##";
    $f[] = "## Default: none";
    $f[] = "# TOSMarkAsDiffSizeBT = 4000000";
    $f[] = "";
    $f[] = "";
    $f[] = "";
    $f[] = "###################";
    $f[] = "# general options #";
    $f[] = "###################";
    $f[] = "";
    $f[] = "# DebugLog = \"/var/log/squid/zipproxy-debug.log\"";
    $f[] = "";
    $f[] = "## Error-like messages logging.";
    $f[] = "## This relates to error messages, warnings and such messages, including";
    $f[] = "## configuration errors and other.";
    $f[] = "## If undefined, defaults to stderr. In this case the (normally rare) errors";
    $f[] = "## occuring after the program successfully started will not be displayed,";
    $f[] = "## that to avoid the possibility of flooding the screen with error messages.";
    $f[] = "## If defined, all error-like messages will be dumped into the specified";
    $f[] = "## file. The exception are the errors occurring at the very early stages";
    $f[] = "## of Ziproxy initialization.";
    $f[] = "## WARNING: If you define a error log file and ziproxy initialization fails,";
    $f[] = "##          ziproxy will fail and no error will be displayed on the console.";
    $f[] = "##";
    $f[] = "## Default: undefined (dumps to stderr).";
    $f[] = "ErrorLog = \"/var/log/squid/zipproxy-error.log\"";
    $f[] = "";
    $f[] = "## File to be used as access log.";
    $f[] = "## If undefined, there will be no access logging at all.";
    $f[] = "## Log format:";
    $f[] = "##\tTIME (unix time as seconds.msecs)";
    $f[] = "##\tPROCESS_TIME (ms)";
    $f[] = "##\t[USER@]ADDRESS (address with daemon mode only)";
    $f[] = "##\tFLAGS";
    $f[] = "##\tORIGINAL_SIZE";
    $f[] = "##\tSIZE_AFTER_(RE)COMPRESSION";
    $f[] = "##\tMETHOD";
    $f[] = "##\tURL";
    $f[] = "## where FLAGS may be:";
    $f[] = "## \tP (a request as proxy)";
    $f[] = "##\tT (a request as transparent proxy)";
    $f[] = "##\tS (CONNECT method, usually HTTPS data)";
    $f[] = "##\tZ (transfer timeoutted - see ConnTimeout)";
    $f[] = "##\tB (interrupted transfer - either by user or by remote http host)";
    $f[] = "##\tW (content type was supposed to load into memory, but it had no content-size and, in the end, it was bigger than MaxSize. so it was streamed instead)";
    $f[] = "##\tN (URL not processed. See: URLNoProcessing config option)";
    $f[] = "##\tR (data was replaced)";
    $f[] = "##\tQ (TOS was changed). See: URLReplaceData config option)";
    $f[] = "##\tK (image too expansive. See: MaxUncompressedImageRatio config option)";
    $f[] = "##\tG (stream gunzip too expansive. See: MinUncompressedGzipStreamEval, MaxUncompressedGzipRatio)";
    $f[] = "##\t1 (SIGSEGV received)";
    $f[] = "##\t2 (SIGFPE received)";
    $f[] = "##\t3 (SIGILL received)";
    $f[] = "##\t4 (SIGBUS received)";
    $f[] = "##\t5 (SIGSYS received)";
    $f[] = "##\tX (SIGTERM received - also happens when interrupting the daemon while transferring)";
    $f[] = "## Disabled by default.";
    $f[] = "AccessLog = \"/var/log/squid/access-ziproxy.log\"";
    $f[] = "";
    $f[] = "## When enabled, Ziproxy will intercept signals indicative of";
    $f[] = "## software crash, flag the offending request in access log";
    $f[] = "## accordingly, then stop the offending process.";
    $f[] = "## This is useful for debugging purposes and it's not recommended";
    $f[] = "## to leave it enabled in normal use due to the risk of garbage";
    $f[] = "## being written to access log (due to a more severe crash).";
    $f[] = "## Once enabled, the intercepted signals are:";
    $f[] = "## SIGSEGV (segmentation fault)";
    $f[] = "## SIGFPE (FPU exception)";
    $f[] = "## SIGILL (illegal instruction)";
    $f[] = "## SIGBUS (bus error, alignment issues)";
    $f[] = "## SIGSYS (bad system call)";
    $f[] = "## Disabled by default (those signals not intercepted by Ziproxy)";
    $f[] = "# InterceptCrashes = false";
    $f[] = "";
    $f[] = "## Authentication mode to be used for proxy access:";
    $f[] = "## 0: none (no authentication required)";
    $f[] = "## 1: plain text file";
    $f[] = "## 2: SASL (auxprop, see /etc/ziproxy/sasl/ziproxy.conf)";
    $f[] = "##";
    $f[] = "## Notes:";
    $f[] = "## a) SASL support is optional (enabled during compilation time).";
    $f[] = "## b) SASL authentication does not require external SASL daemon";
    $f[] = "##    configuration/invocation, just Ziproxy's SASL configuration.";
    $f[] = "##";
    $f[] = "## Default: 0 (no authentication required)";
    $f[] = "## See also: AuthPasswdFile, AuthSASLConfPath";
    $f[] = "AuthMode = 0";
    $f[] = "";
    $f[] = "## Plain text file containing authentication data.";
    $f[] = "## Should contain user:pass pairs, lines no longer than 128 chars.";
    $f[] = "## Password is unencrypted.";
    $f[] = "## Used only when AuthMode=1";
    $f[] = "##";
    $f[] = "## Default: (undefined)";
    $f[] = "## See also: AuthMode";
    $f[] = "# AuthPasswdFile = \"/etc/ziproxy/http.passwd\"";
    $f[] = "";
    $f[] = "## Path to Ziproxy's SASL configuration file, where";
    $f[] = "## a file named \"ziproxy.conf\" (not related to this one)";
    $f[] = "## must be present and properly configured.";
    $f[] = "## Used only when AuthMode=2";
    $f[] = "##";
    $f[] = "## Default: (default SASL setting, OS-dependent, may be /etc/sasl2/)";
    $f[] = "## See also: AuthMode";
    $f[] = "# AuthSASLConfPath = \"/etc/ziproxy/sasl/\"";
    $f[] = "";
    $f[] = "## Forward everything to another proxy server.";
    $f[] = "## Modifications/compression is still applied.";
    $f[] = "## Default: none (disabled)";
    if ($SquidAsMasterPeerIPAddr != null) {
        $f[] = "NextProxy=\"{$SquidAsMasterPeerIPAddr}\"";
        $f[] = "NextPort={$SquidAsMasterPeerPort}";
    }
    $f[] = "";
    $f[] = "## Use these DNS name servers to resolve hostnames";
    $f[] = "## instead of the ones configured in /etc/resolv.conf";
    if (count($dns_nameservers) > 0) {
        $dnscompiled = trim(@implode(",", $FDNS));
        if ($dnscompiled != null) {
            while (list($num, $dns) = each($dns_nameservers)) {
                $FDNS[] = "\"{$dns}\"";
            }
            $f[] = "Nameservers = { " . @implode(",", $FDNS) . "}";
        }
    }
    $f[] = "";
    $f[] = "## Bind outgoing connections (to remote HTTP server) to the following (local) IPs";
    $f[] = "## It applies to the _outgoing_ connections, it has _no_ relation to the listener socket.";
    $f[] = "## When 2 or more IPs are specified, Ziproxy will rotate to each of those at each";
    $f[] = "## outgoing connection. All IPs have the same priority.";
    $f[] = "## You may use this option for either of the following reasons:";
    $f[] = "## 1. - To use only a specific IP when connecting to remote HTTP servers.";
    $f[] = "## 2. - Use 2 or more IPs for load balancing (a rather primitive one, since it's";
    $f[] = "##      connection-based and does not take into account the bytes transferred).";
    $f[] = "## 3. - You have a huge intranet and certain sites (google.com, for example)";
    $f[] = "##      are blocking your requests because there are so many coming from the same IP.";
    $f[] = "##      So you may use 2 or more IPs here and make it appear that your requests";
    $f[] = "##      come from several different machines.";
    $f[] = "## This option does _not_ spoof packets, it merely uses the host's local IPs.";
    $f[] = "## Note: While in (x)inetd mode, output may be bind-ed only to one IP.";
    $f[] = "## Disabled by default (binds to the default IP, the OS decides which one).";
    $f[] = "## See also: BindOutgoingExList";
    $f[] = "# BindOutgoing = { \"234.22.33.44\", \"4.3.2.1\", \"44.200.34.11\" }";
    $f[] = "";
    $f[] = "## Specifies a file containing a list of hosts which should not suffer";
    $f[] = "## IP rotation as specified by the option \"BindOutgoing\".";
    $f[] = "## The reason for this option is that certain services do not like";
    $f[] = "## the client IP changing in the same session.";
    $f[] = "## Certain webmail services fail or return authentication failure in this case.";
    $f[] = "## Example: www.bol.com.br";
    $f[] = "## This option has no effect if BindOutgoing is not used.";
    $f[] = "## Default: empty, no hosts are exempted.";
    $f[] = "## See also: BindOutgoingExAddr";
    $f[] = "# BindOutgoingExList=\"/etc/ziproxy/bo_exception.list\"";
    $f[] = "";
    $f[] = "## Defines a specific IP to be bound to for hosts specified in BindOutgoingExList.";
    $f[] = "## As with BindOutgoing, this IP must be a local IP from the server running Ziproxy.";
    $f[] = "## This IP may be one of those specified in BindOutgoing, but that's _not_";
    $f[] = "## a requirement and may be a different IP.";
    $f[] = "## This option has no effect if BindOutgoingExList is not being used.";
    $f[] = "## Default: empty, uses the first IP specified in BindOutgoing.";
    $f[] = "# BindOutgoingExAddr=\"98.7.65.43\"";
    $f[] = "";
    $f[] = "## Allow processing of requests as transparent proxy";
    $f[] = "## (will still accept normal proxy requests)";
    $f[] = "## In order to use Ziproxy as transparent proxy it's also needed";
    $f[] = "## to reroute the connections from x.x.x.x:80 to ziproxy.host:PROXY_PORT";
    $f[] = "## Disabled by default.";
    $f[] = "## See also: RestrictOutPortHTTP";
    $f[] = "# TransparentProxy = false";
    $f[] = "";
    $f[] = "## Whether to process normal proxy requests or not";
    $f[] = "## Only makes sense when TransparentProxy is enabled.";
    $f[] = "## If transparent proxy is enabled, it's usually a good idea to disable";
    $f[] = "## conventional proxying since, depending on the layout of your network,";
    $f[] = "## it can be abused by ill-meant users to circumvent restrictions";
    $f[] = "## presented by another proxy placed between Ziproxy and the users.";
    $f[] = "## Enabled by default.";
    $f[] = "ConventionalProxy = true";
    $f[] = "";
    $f[] = "## Whether to allow the CONNECT method.";
    $f[] = "## This method is used by HTTPS, but may be used for other";
    $f[] = "## types of service (like instant messenging) which allow tunneling through http proxy.";
    $f[] = "## If you plan on serving only HTTP requests (no HTTPS nor anything else)";
    $f[] = "## you may want to disable this, in order to prevent potential";
    $f[] = "## abuse of the service.";
    $f[] = "## Enabled by default.";
    $f[] = "## See also: RestrictOutPortCONNECT";
    $f[] = "AllowMethodCONNECT = true";
    $f[] = "";
    $f[] = "## If defined, restricts the outgoing connections (except CONNECT methods - used by HTTPS)";
    $f[] = "## to the listed destination ports.";
    $f[] = "## If TransparentProxy is used, for security reasons it's recommended to restrict";
    $f[] = "## to the ports (typically port 80) which are being intercepted.";
    $f[] = "## Default: all ports are allowed.";
    $f[] = "## See also: RestrictOutPortCONNECT";
    $f[] = "# RestrictOutPortHTTP = {80, 8080}";
    $f[] = "";
    $f[] = "## If defined, restricts the outgoing connections using the CONNECT method (used by HTTPS)";
    $f[] = "## to the listed destination ports.";
    $f[] = "## If AllowMethodCONNECT=false, then no ports are allowed at all regardless this list.";
    $f[] = "## Default: all ports are allowed.";
    $f[] = "## See also: AllowMethodCONNECT, RestrictOutPortHTTP";
    $f[] = "# RestrictOutPortCONNECT = {443}";
    $f[] = "";
    $f[] = "## Whether to override the Accept-Encoding more to Ziproxy's liking.";
    $f[] = "## If disabled, Ziproxy will just forward Accept-Encoding received from the client";
    $f[] = "## (thus the data may or not come gzipped, depending on what the HTTP client says).";
    $f[] = "##";
    $f[] = "## Currently, this option is used to always advertise Gzip capability to";
    $f[] = "## the remote HTTP server.";
    $f[] = "## Enabling this does not neccessarily mean that the data will come compressed";
    $f[] = "## from the server. This option just advertises the capability at Ziproxy's side,";
    $f[] = "## the remote server must support that capability aswell.";
    $f[] = "##";
    $f[] = "## This has _no_ relation to the Gzip support between Ziproxy and the client, thus";
    $f[] = "## you may leave this enabled even if you have clients that do not support Gzip.";
    $f[] = "## Ziproxy will compress/decompress the data according to the client.";
    $f[] = "##";
    $f[] = "## Enabled by default.";
    $f[] = "OverrideAcceptEncoding = true";
    $f[] = "DecompressIncomingGzipData = true";
    $f[] = "";
    $f[] = "## Replaces the User-Agent data sent by the client with a custom string,";
    $f[] = "## OR defines User-Agent with that string if that entry was not defined.";
    $f[] = "## If disabled, Ziproxy will just forward the User-Agent sent by the client.";
    $f[] = "## Normally you will want to leave this option DISABLED (commented).";
    $f[] = "##";
    $f[] = "## It's useful if you, for some reason, want to identify all the clients as";
    $f[] = "## some specific browser/version/OS.";
    $f[] = "## Certain websites may appear broken if the client uses a different browser than";
    $f[] = "## the one specified here.";
    $f[] = "## Certain webservers may break completely when an unrecognized User-Agent is provided";
    $f[] = "## (for example: www.rzeczpospolita.pl).";
    $f[] = "##";
    $f[] = "## Undefined by default (leave User-Agent as defined by the client).";
    $f[] = "# RedefineUserAgent = \"Mozilla/5.0 (compatible; UltraBrowser/8.1; CP/M; console40x24; z80)\"";
    $f[] = "";
    $f[] = "## When Ziproxy receives Gzip data it will try to decompress in order to do";
    $f[] = "## further processing (HTMLopt, PreemptDNS etc).";
    $f[] = "## This makes Ziproxy vulnerable to 'gzip-bombs' (eg. like 10 GB of zeroes, compressed)";
    $f[] = "## which could be used to slow down or even crash the server.";
    $f[] = "## In order to avoid/minimise such problems, you can limit the max";
    $f[] = "## decompression proportion, related to the original file.";
    $f[] = "## If a Gzipped file exceedes that proportion while decompressing, its";
    $f[] = "## decompression is aborted.";
    $f[] = "## The user will receive an error page instead or (if already transferring)";
    $f[] = "## transfer will simply be aborted.";
    $f[] = "##";
    $f[] = "## You may disable this feature defining its value to '0'.";
    $f[] = "## default: 2000 (that's 2000% == 20 times the compressed size)";
    $f[] = "MaxUncompressedGzipRatio = 2000";
    $f[] = "";
    $f[] = "## When limiting decompression rate with MaxUncompressedGzipRatio";
    $f[] = "## _and_ gunzipping while streaming it's not possible to know the";
    $f[] = "## file size until the transfer is finished. So Ziproxy verifies this while";
    $f[] = "## decompressing.";
    $f[] = "## The problem by doing this is the possible false positives:";
    $f[] = "## certain files compress a lot at their beginning, but then not-so";
    $f[] = "## shortly after.";
    $f[] = "## In order to prevent/minimize such problems, we define the minimum";
    $f[] = "## output (the decompressed data) generated before starting to";
    $f[] = "## check the decompression rate.";
    $f[] = "## If defined as '0', it will check the rate immediately.";
    $f[] = "## A too large value will increase the rate-limit precision, at the cost of less";
    $f[] = "## protection.";
    $f[] = "## Streams with output less that this value won't have decompression";
    $f[] = "## rate checking at all.";
    $f[] = "## This feature is only active if MaxUncompressedGzipRatio is defined.";
    $f[] = "## This does not affect data wholly loaded to memory (for further processing).";
    $f[] = "## default: 10000000 (bytes)";
    $f[] = "## Note: The previous default (until version 2.7.9_BETA) was 250000";
    $f[] = "## See also: MaxUncompressedGzipRatio";
    $f[] = "MinUncompressedGzipStreamEval = 10000000";
    $f[] = "";
    $f[] = "## This is the maximum compression rate allowable for an incoming";
    $f[] = "## (before recompression) image file.";
    $f[] = "## If an image has a higher compression rate than this, it will not";
    $f[] = "## be unpacked and it will be forwarded to the client as is.";
    $f[] = "## This feature protects against (or mitigates) the problem with";
    $f[] = "## \"image bombs\" (gif bombs, etc) done with huge bitmaps with the same";
    $f[] = "## pixel color (thus very small once compressed).";
    $f[] = "## Since Ziproxy may try to recompress the image, if several of this";
    $f[] = "## kind are requested, the server may run out of memory, so this";
    $f[] = "## may be used as a DoS attack against Ziproxy.";
    $f[] = "## This feature will not protect the client, since it will receive";
    $f[] = "## the unmodified picture.";
    $f[] = "## There are rare legitimate cases matching such high compression rate,";
    $f[] = "## including poor website design. But in such cases is not really worth";
    $f[] = "## recompressing anyway (the processing costs are not worth the savings).";
    $f[] = "## Usually \"image bomb\" pictures have a >1000:1 compression ratio.";
    $f[] = "## Setting this to less than 100 risks not processing legitimate pictures.";
    $f[] = "## Setting 0 disables this feature.";
    $f[] = "## Default: 500 (500:1 ratio)";
    $f[] = "MaxUncompressedImageRatio = 0";
    $f[] = "";
    $f[] = "## If specified, ziproxy will send and check Via: header";
    $f[] = "## with given string as host identification.";
    $f[] = "## It is sometimes useful to avoid request loops. Default: not specified";
    $f[] = "ViaServer = \"zipproxy-{$hostname}\"";
    $f[] = "";
    $f[] = "## If processing of request exceeds specified time in seconds,";
    $f[] = "## or connection is idle beyond that time (stalled) it will abort.";
    $f[] = "## This avoids processes staying forever (or for a very long time)";
    $f[] = "## in case of a stalled connection or software bug.";
    $f[] = "## This will NOT necessarily abort the streaming of very big files,";
    $f[] = "## it will ONLY if the connection stalls or there's a software bug.";
    $f[] = "## If \"0\", no timeout.";
    $f[] = "## Default: 90 (seconds)";
    $f[] = "ConnTimeout = 90";
    $f[] = "";
    $f[] = "## Max file size to try to (re)compress, in bytes;";
    $f[] = "## If \"0\", means that this limitation won't apply.";
    $f[] = "## This regards to the file size as received from the remote HTTP server";
    $f[] = "## (which may arrive gzipped or not -- it doesn't matter).";
    $f[] = "## If a file is bigger than this limit, Ziproxy will simply stream it unmodified,";
    $f[] = "## unless the user also requested gzip compression (see below).";
    $f[] = "## Attention: If setting a very big size, the request answer latency will";
    $f[] = "##   increase since Ziproxy needs to fetch the whole file before";
    $f[] = "##   attempting to (re)compress it.";
    $f[] = "##   A too low value will prevent data bigger that that to de processed";
    $f[] = "##   (jpg/png/gif recompression, htmlopt, preemptdns..).";
    $f[] = "## Note that if:";
    $f[] = "##   - Only gzipping is to be applied *OR*";
    $f[] = "##   - Gzipping and other is to be applied, but data is > MaxSize";
    $f[] = "##   Gzip compression (and only that) will be applied while streaming.";
    $f[] = "## Default: 1048576 (bytes)";
    $f[] = "##   (default used to be \"0\" in ziproxy 2.3.0 and earlier)";
    $f[] = "MaxSize = {$zipproxy_MaxSize}";
    $f[] = "UseContentLength = false";
    $f[] = "";
    $f[] = "## Whether to try to apply lossless compression with gzip.";
    $f[] = "## This option concerns traffic between Ziproxy and the client only.";
    $f[] = "## This optimization is not limited by MaxSize.";
    $f[] = "##";
    $f[] = "## Gzip compression applies only to content-types specified with";
    $f[] = "## the parameter LosslessCompressCT.";
    $f[] = "##";
    $f[] = "## See also: LosslessCompressCT";
    $f[] = "## Default: true";
    $f[] = "Gzip = true";
    $f[] = "";
    $f[] = "## This parameter specifies what kind of content-type is to be";
    $f[] = "## considered lossless compressible (that is, data worth applying gzip).";
    $f[] = "##";
    $f[] = "## Images, movies etc, normally are NOT compressible such way and those";
    $f[] = "## content-types should not be added (such data would turn slightly bigger";
    $f[] = "## and CPU would be wasted).";
    $f[] = "##";
    $f[] = "## See also: LosslessCompressCTAlsoXST, Gzip";
    $f[] = "## Default: an internal list of the most common compressible content-types.";
    $f[] = "LosslessCompressCT = {";
    $f[] = "\t\"text/*\", ";
    $f[] = "\t\"application/asp\", ";
    $f[] = "\t\"application/awk\", ";
    $f[] = "\t\"application/cgi\", ";
    $f[] = "\t\"application/class\", ";
    $f[] = "\t\"application/css\", ";
    $f[] = "\t\"application/dvi\", ";
    $f[] = "\t\"application/executable\", ";
    $f[] = "\t\"application/font\", ";
    $f[] = "\t\"application/futuresplash\", ";
    $f[] = "\t\"application/iso9660-image\", ";
    $f[] = "\t\"application/java\", ";
    $f[] = "\t\"application/javascript\", ";
    $f[] = "\t\"application/json\", ";
    $f[] = "\t\"application/msexcel\", ";
    $f[] = "\t\"application/mspowerpoint\", ";
    $f[] = "\t\"application/msword\", ";
    $f[] = "\t\"application/pdf\", ";
    $f[] = "\t\"application/perl\", ";
    $f[] = "\t\"application/php\", ";
    $f[] = "\t\"application/postscript\", ";
    $f[] = "\t\"application/python\", ";
    $f[] = "\t\"application/rtf\", ";
    $f[] = "\t\"application/shellscript\", ";
    $f[] = "\t\"application/shockwave\", ";
    $f[] = "\t\"application/staroffice\", ";
    $f[] = "\t\"application/tar\", ";
    $f[] = "\t\"application/truetype-font\", ";
    $f[] = "\t\"application/vnd.*\", ";
    $f[] = "\t\"application/*+xml\", ";
    $f[] = "\t\"application/xml\", ";
    $f[] = "\t\"application/xml-dtd\", ";
    $f[] = "\t\"image/svg+xml\"";
    $f[] = " }";
    $f[] = "";
    $f[] = "## When using LosslessCompressCT, this defines whether to also automatically add";
    $f[] = "## content-type entries with 'x-' prefix appended to subtypes";
    $f[] = "## (aaaa/bbbb also adding aaaa/x-bbbb).";
    $f[] = "## Usually it's convenient to do this way, that avoids worrying about";
    $f[] = "## having to create duplicated entries, or whether which variant is valid.";
    $f[] = "##";
    $f[] = "## Note: If LosslessCompressCT is undefined (thus the internal defaults";
    $f[] = "## are being used) this option has no effect.";
    $f[] = "##";
    $f[] = "## You may want to disable this is you wish to have a precise control";
    $f[] = "## of what types of content-type you wish to include.";
    $f[] = "##";
    $f[] = "## See also: LosslessCompressCT";
    $f[] = "## Default: true";
    $f[] = "LosslessCompressCTAlsoXST = true";
    $f[] = "";
    $f[] = "## Whether to try to (re)compress incoming data originally in";
    $f[] = "## the following formats (true) or not (false)";
    $f[] = "## default: true";
    $f[] = "ProcessJPG = true";
    $f[] = "ProcessPNG = true";
    $f[] = "ProcessGIF = true";
    $f[] = "";
    $f[] = "## Whether to try to optimize HTML, CSS and Javascript, thus reducing their size";
    $f[] = "## ProcessHTML: text/html";
    $f[] = "## ProcessCSS:  text/css";
    $f[] = "## ProcessJS:   application/[x-]javascript)";
    $f[] = "## Although such data may be Gzipped too, optimizing prior to Gzipping normally";
    $f[] = "## reduces the data size even further.";
    $f[] = "## The final size depends much on how unoptimal is the coding of such data;";
    $f[] = "## some sites already present HTML pre-optimized so, in such cases, there won't";
    $f[] = "## be much gain.";
    $f[] = "## Note: Due to the higher complexity of such optimization, there's some risk of a page";
    $f[] = "## being corrupted.";
    $f[] = "## ****** THESE OPTIONS ARE EXPERIMENTAL ******";
    $f[] = "##";
    if ($zipproxy_ProcessHTML == 1) {
        $zipproxy_ProcessHTML = "true";
    } else {
        $zipproxy_ProcessHTML = "false";
    }
    if ($zipproxy_ProcessCSS == 1) {
        $zipproxy_ProcessCSS = "true";
    } else {
        $zipproxy_ProcessCSS = "false";
    }
    if ($zipproxy_ProcessJS == 1) {
        $zipproxy_ProcessJS = "true";
    } else {
        $zipproxy_ProcessJS = "false";
    }
    $f[] = "ProcessHTML = {$zipproxy_ProcessHTML}";
    $f[] = "ProcessCSS = {$zipproxy_ProcessCSS}";
    $f[] = "ProcessJS = {$zipproxy_ProcessJS}";
    $f[] = "";
    $f[] = "## Options for fine-tuning text/html optimization.";
    $f[] = "## Only used when ProcessHTML=true";
    $f[] = "## Certain optimizations may be disabled as quick 'fix' when a text data";
    $f[] = "## gets currupted after being optimized.";
    $f[] = "## Note: CSS and JS switches apply _only_ to such data when embedded into HTML data,";
    $f[] = "##       for JS, CSS-only data, see ProcessJS and ProcessCSS options.";
    $f[] = "##";
    if ($zipproxy_ProcessHTML == 1) {
        $f[] = "ProcessHTML_CSS = true";
        $f[] = "ProcessHTML_JS = true";
        $f[] = "ProcessHTML_tags = true";
        $f[] = "ProcessHTML_text = true";
        $f[] = "ProcessHTML_PRE = true";
        $f[] = "ProcessHTML_NoComments = true";
        $f[] = "ProcessHTML_TEXTAREA = true";
    }
    $f[] = "";
    $f[] = "## If enabled, will discard PNG/GIF/JP2K transparency and de-animate";
    $f[] = "## GIF images if necessary for recompression, at the cost of some image";
    $f[] = "## distortion.";
    $f[] = "## Note: Images with useless transparency/alpha data (all pixels";
    $f[] = "##       being opaque) do not require this option. In such cases Ziproxy";
    $f[] = "##       will detect that and remove the useless data automatically.";
    $f[] = "## Disabled by default.";
    $f[] = "AllowLookChange = true";
    $f[] = "";
    $f[] = "## If enabled, convert images to grayscale before recompressing.";
    $f[] = "## This provides extra compression, at the cost of losing color data.";
    $f[] = "## Note: Not all images sent will be in grayscale, only the ones";
    $f[] = "##       considered worth recompression that way.";
    $f[] = "## Disabled by default.";
    if ($ConvertToGrayscale == 1) {
        $f[] = "ConvertToGrayscale = true";
    }
    $f[] = "## Preemptive Name Resolution";
    $f[] = "## If enabled, tries to resolve hostnames present in the processed HTML files";
    $f[] = "## for speeding up things (no delay for name resolution).";
    $f[] = "## One extra process + (max)PreemptNameResMax threads will run for each HTML request.";
    $f[] = "## PreemptNameResMax is the max hostnames it will try to resolve per HTML file.";
    $f[] = "## PreemptNameResBC \"bogus check\", ignore names whose domains are not .nnnn, .nnn or .nn";
    $f[] = "##";
    $f[] = "## WARNING: This option makes sense _only_ if you have a caching DNS or";
    $f[] = "## a name cache of some sort (like: PDNSD).";
    $f[] = "## == THIS OPTION WILL INCREASE BY MANY TIMES THE REQUESTS TO THE DNS ==";
    $f[] = "##";
    $f[] = "# PreemptNameRes = false";
    $f[] = "# PreemptNameResMax = 50";
    $f[] = "# PreemptNameResBC = true";
    $f[] = "";
    $f[] = "## Image quality for JPG (JPEG) compression.";
    $f[] = "## Image quality is specified in integers between 100 (best) and 0 (worst).";
    $f[] = "ImageQuality = {30,25,25,20}";
    $f[] = "";
    $f[] = "## Alpha channel (image transparency data) removal threshold";
    $f[] = "## Removes alpha channel from images with a minimum opacity";
    $f[] = "## of AlphaRemovalMinAvgOpacity";
    $f[] = "## (1000000: completely opaque, 0: completely transparent).";
    $f[] = "##";
    $f[] = "## This reduces data by removing unnecessary alpha channel from";
    $f[] = "## fully-opaque images; and from (subjectively) not-so-relevant transparency";
    $f[] = "## information.";
    $f[] = "## This also allows recompression to JPEG for PNG/JP2k images originally";
    $f[] = "## with alpha channel (which is not supported by JPEG image format).";
    $f[] = "## Note: Debug log reports the average alpha opacity for each";
    $f[] = "##       image with alpha channel.";
    $f[] = "## Default: 1000000 (remove alpha only from fully-opaque images)";
    $f[] = "##";
    $f[] = "# AlphaRemovalMinAvgOpacity = 1000000";
    $f[] = "";
    $f[] = "## Workaround for MSIE's pseudo-feature \"Show friendly HTTP error messages.\"";
    $f[] = "## If User-Agent=MSIE, don't change/compress the body of error messages in any way.";
    $f[] = "## If compressed it could go down below to 256 or 512 bytes and be replaced with";
    $f[] = "## a local error message instead.";
    $f[] = "## In certain cases the body has crucial data, like HTML redirection or so, and";
    $f[] = "## that would be broken if a \"friendly error\" replaces it.";
    $f[] = "##";
    $f[] = "## If you are sure there are no users using MSIE's with \"friendly error messages\"";
    $f[] = "## enabled, or you don't support/have users with such configuration, you may";
    $f[] = "## disable this and have error data compressed for MSIE users.";
    $f[] = "## This workaround does not affect other clients at all, and error messages";
    $f[] = "## will be sent compressed if the client supports it.";
    $f[] = "##";
    $f[] = "## Enabled by default.";
    $f[] = "# WA_MSIE_FriendlyErrMsgs = true";
    $f[] = "";
    $f[] = "## This option specifies a file containing a list of URLs that should be tunneled";
    $f[] = "## by Ziproxy with no kind of processing whatsoever.";
    $f[] = "## The list contain fully-formatted URLS (http://xxx/xxx), one URL per line.";
    $f[] = "## The URLs may also contain pattern-matching asterisks.";
    $f[] = "## Comments may be present if prefixed by '#' (shell-alike).";
    $f[] = "## In order to exempt a whole site from processing: \"http://www.exemptedhost.xyz/*\"";
    $f[] = "##";
    $f[] = "## This option exists when a page is known to stop working under Ziproxy processing";
    $f[] = "## and there's no specific workaround/bugfix still available.";
    $f[] = "## Thus, this is a temporary solution when you depend on the page to work in a";
    $f[] = "## production environment.";
    $f[] = "##";
    $f[] = "## ****** REMEMBER TO REPORT BUGS/INCOMPATIBILITIES SO THEY MAY BE FIXED *******";
    $f[] = "## *** THIS IS NOT SUPPOSED TO BE A DEFINITIVE SOLUTION TO INCOMPATIBILITIES ***";
    $f[] = "##";
    $sql = "SELECT pattern,PatternType FROM webfilters_blkwhlts WHERE blockType=4 AND enabled=1";
    $q = new mysql_squid_builder();
    $acl = array();
    $results = $q->QUERY_SQL($sql);
    while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
        $www = trim($ligne["pattern"]);
        if ($www == null) {
            continue;
        }
        if ($ligne["PatternType"] == 2) {
            $sq = new squid_acls();
            $sqgroups = $sq->GetItems($www, "dstdomain");
            while (list($indexed, $www) = each($sqgroups)) {
                $www = $this->BaseNameWebSite($www);
                if ($www == null) {
                    continue;
                }
                if (isset($already[$www])) {
                    continue;
                }
                $already[$www] = true;
                $acl[] = "http://{$www}/*";
                $acl[] = "http://www.{$www}/*";
                if ($GLOBALS["OUTPUT"]) {
                    echo "Configuring...: " . date("H:i:s") . " [INIT]: Ban processing {$www}\n";
                }
                continue;
            }
            continue;
        }
        if ($ligne["PatternType"] != 0) {
            continue;
        }
        $www = $this->BaseNameWebSite($www);
        if ($www == null) {
            continue;
        }
        if (isset($already[$www])) {
            continue;
        }
        $already[$www] = true;
        $acl[] = "http://{$www}/*";
        $acl[] = "http://www.{$www}/*";
        if ($GLOBALS["OUTPUT"]) {
            echo "Configuring...: " . date("H:i:s") . " [INIT]: Ban processing {$www}\n";
        }
    }
    if (count($acl) > 0) {
        @file_put_contents("/etc/ziproxy/noprocess.list", @implode("\n", $acl));
        $f[] = "URLNoProcessing = \"/etc/ziproxy/noprocess.list\"";
    }
    $f[] = "";
    $f[] = "## This option specifies a file containing a list of URLs which its";
    $f[] = "## data should be intercepted and replaced by another.";
    $f[] = "## Header data such as cookies is maintained.";
    $f[] = "## Currently the only replacing data available is an empty image";
    $f[] = "## (1x1 transparent pixel GIF).";
    $f[] = "##";
    $f[] = "## The list contain fully-formatted URLS (http://xxx/xxx), one URL per line.";
    $f[] = "## The URLs may also contain pattern-matching asterisks.";
    $f[] = "## Comments may be present if prefixed by '#' (shell-alike).";
    $f[] = "## In order to exempt a whole site from processing: \"http://ad.somehost.xyz/*\"";
    $f[] = "##";
    $f[] = "## The way it is, this option may be used as an AD-BLOCKER which is";
    $f[] = "## transparent to the remote host (data is downloaded from the remove server";
    $f[] = "## and cookies are transported) -- a stealthy ad-blocker, if you like.";
    $f[] = "##";
    $f[] = "## Default: empty (no file specified, inactive)";
    $f[] = "## See also: URLReplaceDataCT";
    $f[] = "# URLReplaceData = \"/etc/ziproxy/replace.list\"";
    $f[] = "";
    $f[] = "## Same as URLReplaceData, except it will only replace the data";
    $f[] = "## from matching URLs if the content-type matches";
    $f[] = "## the list in URLReplaceDataCTList (mandatory parameter) aswell.";
    $f[] = "##";
    $f[] = "## URLReplaceDataCT may be useful as a more compatible AD-BLOCKER";
    $f[] = "## if only visual files are replaced. Certain websites rely on";
    $f[] = "## external javascript from advertisement hosts and break when";
    $f[] = "## that data is missing, this is a way to block advertisements";
    $f[] = "## in such cases.";
    $f[] = "##";
    $f[] = "## Default: empty (no file specified, inactive)";
    $f[] = "## See also: URLReplaceDataCTList, URLReplaceData";
    $f[] = "# URLReplaceDataCT = \"/etc/ziproxy/replace_ct.list\"";
    $f[] = "";
    $f[] = "## List of content-types to use with the URLReplaceDataCT option.";
    $f[] = "## This option is required by URLReplaceDataCT.";
    $f[] = "## Default: empty (no content-type specified, inactive)";
    $f[] = "## See also: URLReplaceDataCTListAlsoXST, URLReplaceDataCT";
    $f[] = "# URLReplaceDataCTList = {\"image/jpeg\", \"image/gif\", \"image/png\", \"application/x-shockwave-flash\"}";
    $f[] = "";
    $f[] = "## When using URLReplaceDataCTList, this defines whether to also automatically add";
    $f[] = "## content-type entries with 'x-' prefix appended to subtypes";
    $f[] = "## (aaaa/bbbb also adding aaaa/x-bbbb).";
    $f[] = "## Usually it's convenient to do this way, that avoids worrying about";
    $f[] = "## having to create duplicated entries, or whether which variant is valid.";
    $f[] = "##";
    $f[] = "## You may want to disable this is you wish to have a precise control";
    $f[] = "## of what types of content-type you wish to include.";
    $f[] = "##";
    $f[] = "## See also: URLReplaceDataCTList";
    $f[] = "## Default: true";
    $f[] = "# URLReplaceDataCTListAlsoXST = true";
    $f[] = "";
    $f[] = "## This option specifies a file containing a list of URLs which";
    $f[] = "## should be blocked.";
    $f[] = "## A \"access denied\" 403 error will be returned when trying to access";
    $f[] = "## one of those URLs.";
    $f[] = "## Default: empty (no file specified, inactive)";
    $f[] = "# URLDeny = \"/etc/ziproxy/deny.list\"";
    $f[] = "";
    $f[] = "## Custom HTTP Error Messages";
    $f[] = "## Define here the full path to the HTML file which should be";
    $f[] = "## sent, instead of the internal default page.";
    $f[] = "## Note: The internal defaults give more precise error messages.";
    $f[] = "##";
    $tpls = unserialize(base64_decode(zipproxy_templates()));
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: " . count($tpls) . " Template(s)\n";
    }
    while (list($code, $template_data) = each($tpls)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Configuring...: " . date("H:i:s") . " [INIT]: Template {$code}\n";
        }
        $template_data = str_replace("%SERV%", $unix->hostname_g(), $template_data);
        @file_put_contents("/usr/share/squid-langpack/ZIPROXY_{$code}.html", $template_data);
        $f[] = "CustomError{$code}=\"/usr/share/squid-langpack/ZIPROXY_{$code}.html\"";
    }
    $f[] = "";
    $f[] = "";
    $f[] = "";
    $f[] = "##############################################################################";
    $f[] = "# JPEG 2000-specific options (require Ziproxy to be compiled with libjasper) #";
    $f[] = "##############################################################################";
    $f[] = "";
    $f[] = "## Whether to try to (re)compress incoming data originally in";
    $f[] = "## the JP2 format (true) or not (false)";
    $f[] = "## Note: This option is not required to be enabled in order to convert";
    $f[] = "## _to_ JP2 format.";
    $f[] = "## default: false";
    $f[] = "# ProcessJP2 = false";
    $f[] = "";
    $f[] = "## Whether to try to compress a image to JP2K (JPEG 2000)";
    $f[] = "## Even when enabled, other formats may sill be tried.";
    $f[] = "## Web browsers' support vary and an external plugin may be required";
    $f[] = "## in order to display JP2K pictures.";
    $f[] = "## If \"ForceOutputNoJP2 = true\", this option will be overrided";
    $f[] = "## and stay disabled.";
    $f[] = "## default: false";
    $f[] = "# ProcessToJP2 = false";
    $f[] = "";
    $f[] = "## When enabled, this option forces the conversion of all incoming";
    $f[] = "## JP2K images to another format (usually JPEG).";
    $f[] = "## JP2K images with unsupported internal data will be forwarded unmodified.";
    $f[] = "## One may use this option to create \"JP2K-compressed tunnels\" between";
    $f[] = "## two Ziproxies with narrow bandwidth in between and serve clients";
    $f[] = "## which otherwise do not support JP2K while still taking advantage of that";
    $f[] = "## format. In such scenario, if the clients and their Ziproxy share a LAN,";
    $f[] = "## for best image quality it is recommended to set a very low (highest quality)";
    $f[] = "## _local_ output compression.";
    $f[] = "## This option requires \"ProcessJP2 = true\" in order to work.";
    $f[] = "## default: false";
    $f[] = "# ForceOutputNoJP2 = false";
    $f[] = "";
    $f[] = "## When enabled, every request as a client will include an extra header \"X-Ziproxy-Flags\"";
    $f[] = "## announcing it as a Ziproxy with JP2 support enabled.";
    $f[] = "## This option makes sense when chaining to another Ziproxy.";
    $f[] = "## Note: when the request is intercepted by another Ziproxy,";
    $f[] = "##       the extra header won't be sent further.";
    $f[] = "## See also: JP2OutRequiresExpCap";
    $f[] = "## default: false";
    $f[] = "# AnnounceJP2Capability = false";
    $f[] = "";
    $f[] = "## \"JP2 Output Requires Explicit Capability\"";
    $f[] = "## When enabled (and when JP2 output is enabled) will only compress to JP2 to";
    $f[] = "## clients which explicity support for that -- that means Ziproxy with";
    $f[] = "## AnnounceJP2Capability = true.";
    $f[] = "## This option is useful when you want to compress to JP2 only for clients";
    $f[] = "## behind a local Ziproxy with ForceOutputNoJP2 = true, but at the same time";
    $f[] = "## you have clients connecting directly and those do not support JP2.";
    $f[] = "## default: false (does not make such discrimination for JP2 output)";
    $f[] = "# JP2OutRequiresExpCap = false";
    $f[] = "";
    $f[] = "## Image quality for JP2 (JPEG 2000) compression.";
    $f[] = "## Image quality is specified in integers between 100 (best) and 0 (worst).";
    $f[] = "## This option is similar to \"ImageQuality\" except it applies to JP2K files, instead.";
    $f[] = "## JP2K, internally, works differently and has a \"rate\" setting instead of \"quality\".";
    $f[] = "## Within Ziproxy's context we want to use a fixed quality, not a fixed bitrate.";
    $f[] = "## Thus, prior to compression, the image is analysed in order to know which rate";
    $f[] = "## (loosely) reflects the quality had this picture be compressed using jpeg.";
    $f[] = "## This option obsoletes \"JP2Rate\".";
    $f[] = "# JP2ImageQuality = {20,15,15,15}";
    $f[] = "";
    $f[] = "## Color model to be used while compressing images to JP2K.";
    $f[] = "## Accepted values:";
    $f[] = "##   0 - RGB";
    $f[] = "##   1 - YUV";
    $f[] = "## If different than RGB, it adds extra processing due to conversion.";
    $f[] = "## By itself doesn't change much the output data size, and the";
    $f[] = "## conversion is not 100.0% lossless.";
    $f[] = "## If you plan using JP2CSampling* or JP2BitRes* options, a non-RGB";
    $f[] = "## color model is highly prefereable.";
    $f[] = "## Default: 0 (YUV)";
    $f[] = "## Note: certain jp2-aware software do NOT support a color model";
    $f[] = "##       other than RGB and will either fail or display a distorted image.";
    $f[] = "# JP2Colorspace = 1";
    $f[] = "";
    $f[] = "## Upsampler to be used while resampling each component of a JP2K picture.";
    $f[] = "## This is used ONLY when decompressing JP2K pictures, it does not affect";
    $f[] = "## JP2K compression at all (that uses a downsampler, which is linear-only).";
    $f[] = "## Accepted values:";
    $f[] = "##   0 - Linear";
    $f[] = "##   1 - Lanczos (Lanczos3)";
    $f[] = "## For modest scaling such as 2:1, linear is usually better,";
    $f[] = "## resulting in a overall clear component.";
    $f[] = "## Lanczos may be interesting when scaling 4:1 or more, though";
    $f[] = "## it tends to sharpen the JP2K artifacts and add harmonic";
    $f[] = "## interference to the component.";
    $f[] = "## Default: 0 (Linear)";
    $f[] = "# JP2Upsampler = 0";
    $f[] = "";
    $f[] = "## This applies to B&W pictures compressed to JP2K.";
    $f[] = "## Defines the channel resolution for each component:";
    $f[] = "## Y (luma) and A (alpha, if present)";
    $f[] = "## in number of bit (min: 1, max: 8)";
    $f[] = "## Defines for each file size (see JP2ImageQuality).";
    $f[] = "## Smallest image is the first components in array.";
    $f[] = "## Sequence is YAYAYAYA.";
    $f[] = "##";
    $f[] = "## Default: all to eight bits";
    $f[] = "#JP2BitResYA = {6,4,";
    $f[] = "#               7,5,";
    $f[] = "#               8,6,";
    $f[] = "#               8,6}";
    $f[] = "";
    $f[] = "## This applies to color pictures compressed to JP2K";
    $f[] = "## using the RGB model (see JP2Colorspace).";
    $f[] = "## Defines the channel resolution for each component:";
    $f[] = "## R (red), G (green), B (blue) and A (alpha, if present)";
    $f[] = "## in number of bit (min: 1, max: 8)";
    $f[] = "## Defines for each file size (see JP2ImageQuality).";
    $f[] = "## Smallest image is the first components in array.";
    $f[] = "## Sequence is RGBARGBARGBARGBA.";
    $f[] = "##";
    $f[] = "## Default: all to eight bits";
    $f[] = "# JP2BitResRGBA = {6,5,5,4,";
    $f[] = "#                  7,6,6,5,";
    $f[] = "#                  6,7,7,6,";
    $f[] = "#                  8,8,8,6}";
    $f[] = "";
    $f[] = "## This applies to color pictures compressed to JP2K";
    $f[] = "## using the YUV color model (see JP2Colorspace).";
    $f[] = "## Defines the channel resolution for each component:";
    $f[] = "## Y (luma), U (chroma, Cb), V (chroma, Cr), and A (alpha, if present)";
    $f[] = "## in number of bit (min: 1, max: 8)";
    $f[] = "## Defines for each file size (see JP2ImageQuality).";
    $f[] = "## Smallest image is the first components in array.";
    $f[] = "## Sequence is YUVAYUVAYUVAYUVA.";
    $f[] = "##";
    $f[] = "## Default: sensible values for best quality/compression";
    $f[] = "#JP2BitResYUVA = {6,5,5,4,";
    $f[] = "#                 7,6,6,5,";
    $f[] = "#                 8,7,7,6,";
    $f[] = "#                 8,8,8,6}";
    $f[] = "";
    $f[] = "## This applies to B&W pictures compressed to JP2K.";
    $f[] = "## Here you may define the sampling rate for each component,";
    $f[] = "## for each picture size.";
    $f[] = "## The sequence is:";
    $f[] = "## Y_xpos, Y_ypos, Y_xstep, Y_ystep,  A_xpos, A_ypos, A_xstep, A_ystep, (smallest picture)";
    $f[] = "## ... ... ... (medium-sized picture)";
    $f[] = "## etc.";
    $f[] = "## Default: all x/ypos=0 x/ystep=1 (no components suffer subsampling)";
    $f[] = "## Note: certain jp2-aware software do NOT support component subsampling and will fail.";
    $f[] = "#JP2CSamplingYA = {0,0,1,1, 0,0,1,1,";
    $f[] = "#                  0,0,1,1, 0,0,1,1,";
    $f[] = "#                  0,0,1,1, 0,0,2,2,";
    $f[] = "#                  0,0,1,1, 0,0,2,2}";
    $f[] = "";
    $f[] = "## This applies to color pictures compressed to JP2K";
    $f[] = "## using the RGB model (see JP2Colorspace).";
    $f[] = "## Here you may define the sampling rate for each component,";
    $f[] = "## for each picture size.";
    $f[] = "## The sequence is:";
    $f[] = "## R_xpos, R_ypos, R_xstep, R_ystep,  G_xpos, G_ypos, G_xstep, G_ystep,  B...  A... (smallest picture)";
    $f[] = "## ... ... ... (medium-sized picture)";
    $f[] = "## etc.";
    $f[] = "## Default: all x/ypos=0 x/ystep=1 (no components suffer subsampling)";
    $f[] = "## Note: certain jp2-aware software do NOT support component subsampling and will fail.";
    $f[] = "#JP2CSamplingRGBA = {0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,";
    $f[] = "#                    0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,";
    $f[] = "#                    0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,";
    $f[] = "#                    0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1}";
    $f[] = "";
    $f[] = "## This applies to color pictures compressed to JP2K";
    $f[] = "## using the YUV color model (see JP2Colorspace).";
    $f[] = "## Here you may define the sampling rate for each component,";
    $f[] = "## for each picture size.";
    $f[] = "## The sequence is:";
    $f[] = "## Y_xpos, Y_ypos, Y_xstep, Y_ystep,  U_xpos, U_ypos, U_xstep, U_ystep,  V...  A... (smallest picture)";
    $f[] = "## ... ... ... (medium-sized picture)";
    $f[] = "## etc.";
    $f[] = "## Default: sensible values for a good image quality.";
    $f[] = "## Note: certain jp2-aware software do NOT support component subsampling and will fail.";
    $f[] = "#JP2CSamplingYUVA = {0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,";
    $f[] = "#                    0,0,1,1, 0,0,1,2, 0,0,2,1, 0,0,1,1,";
    $f[] = "#                    0,0,1,1, 0,0,2,2, 0,0,2,1, 0,0,2,2,";
    $f[] = "#                    0,0,1,1, 0,0,2,2, 0,0,2,2, 0,0,2,2}";
    $f[] = "";
    CheckFilesAndSecurity();
    @file_put_contents("/etc/squid3/ziproxy.conf", @implode("\n", $f));
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid3/ziproxy.conf done\n";
    }
}
Ejemplo n.º 4
0
function build()
{
    $sock = new sockets();
    $emailprefix = null;
    $unix = new unix();
    $ini = new Bs_IniHandler();
    $IPADDRSSL = array();
    $IPADDRSSL2 = array();
    $users = new usersMenus();
    $uuid = $unix->GetUniqueID();
    if ($uuid == null) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} no UUID !!, return\n";
        }
        return;
    }
    $ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters');
    $visible_hostname = $ini->_params["NETWORK"]["visible_hostname"];
    if ($visible_hostname == null) {
        $visible_hostname = $unix->hostname_g();
    }
    $SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr");
    $AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid");
    if (!is_numeric($AllowAllNetworksInSquid)) {
        $AllowAllNetworksInSquid = 1;
    }
    $ini->loadString($ArticaSquidParameters);
    NETWORK_ALL_INTERFACES();
    $LISTEN_PORT = intval($ini->_params["NETWORK"]["LISTEN_PORT"]);
    $ICP_PORT = intval(trim($ini->_params["NETWORK"]["ICP_PORT"]));
    $certificate_center = $ini->_params["NETWORK"]["certificate_center"];
    $SSL_BUMP = intval($ini->_params["NETWORK"]["SSL_BUMP"]);
    $ssl = false;
    if ($ICP_PORT == 0) {
        $ICP_PORT = 3130;
    }
    if ($LISTEN_PORT == 0) {
        $LISTEN_PORT = 3128;
    }
    $squid = new squidbee();
    $q = new mysql_squid_builder();
    $LogsWarninStop = intval($sock->GET_INFO("LogsWarninStop"));
    $chown = $unix->find_program("chown");
    $python = $unix->find_program("python");
    $StreamCachePort = intval($sock->GET_INFO("StreamCachePort"));
    $StreamCacheSize = intval($sock->GET_INFO("StreamCacheSize"));
    $StreamCacheSSLPort = intval($sock->GET_INFO("StreamCacheSSLPort"));
    $StreamCacheICPPort = intval($sock->GET_INFO("StreamCacheICPPort"));
    $StreamCacheLocalPort = intval($sock->GET_INFO("StreamCacheLocalPort"));
    $StreamCacheUrlRewiteNumber = intval($sock->GET_INFO("StreamCacheUrlRewiteNumber"));
    if ($StreamCacheSize == 0) {
        $StreamCacheSize = 1500;
    }
    if ($StreamCachePort == 0) {
        $StreamCachePort = 5559;
    }
    if ($StreamCacheLocalPort == 0) {
        $StreamCacheLocalPort = 5563;
    }
    if ($StreamCacheSSLPort == 0) {
        $StreamCacheSSLPort = 5560;
    }
    if ($StreamCacheICPPort == 0) {
        $StreamCacheICPPort = 5562;
    }
    if ($StreamCacheUrlRewiteNumber == 0) {
        $StreamCacheUrlRewiteNumber = 15;
    }
    $StreamCacheBindProxy = $squid->VerifStreamProxyBindIP();
    $StreamCacheOutProxy = $sock->GET_INFO("StreamCacheOutProxy");
    if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$StreamCacheOutProxy])) {
        $StreamCacheOutProxy = null;
    }
    $f[] = "";
    $f[] = "# ************** REDIRECTOR ********************";
    $f[] = "url_rewrite_program {$python} /usr/share/videocache/videocache.py";
    $f[] = "url_rewrite_children {$StreamCacheUrlRewiteNumber}";
    $f[] = "url_rewrite_concurrency {$StreamCacheUrlRewiteNumber}";
    $f[] = "";
    $f[] = "# ***********************************************";
    $f[] = "";
    $f[] = "acl vc_deny_myport myport {$StreamCacheLocalPort}";
    $f[] = "";
    $f[] = "acl vc_deny_url url_regex -i \\.blip\\.tv\\/(.*)filename \\.hardsextube\\.com\\/videothumbs \\.xtube\\.com\\/(.*)(Thumb|videowall) www\\.youtube\\.com\\/";
    $f[] = "acl vc_deny_url url_regex -i \\.(youtube|googlevideo)\\.com\\/.*\\/manifest";
    $f[] = "acl vc_deny_url url_regex -i \\.(youtube|googlevideo)\\.com\\/videoplayback?.*playerretry=[0-9]";
    $f[] = "acl vc_deny_dom dstdomain .manifest.youtube.com .manifest.googlevideo.com";
    $f[] = "acl vc_deny_dom dstdomain .redirector.googlevideo.com .redirector.youtube.com";
    $f[] = "";
    $f[] = "acl vc_url url_regex -i \\/youku\\/[0-9A-Z]+\\/[0-9A-Z\\-]+\\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)";
    $f[] = "acl vc_url url_regex -i \\/(.*)key=[a-z0-9]+(.*)\\.flv";
    $f[] = "acl vc_url url_regex -i \\-xh\\.clients\\.cdn[0-9a-zA-Z]?[0-9a-zA-Z]?[0-9a-zA-Z]?\\.com\\/data\\/(.*)\\.flv";
    $f[] = "acl vc_url url_regex -i \\.(youtube|youtube-nocookie|googlevideo)\\.com\\/feeds\\/api\\/videos\\/[0-9a-zA-Z_-]{11}\\/";
    $f[] = "acl vc_url url_regex -i \\.(youtube|youtube-nocookie|googlevideo)\\.com\\/(videoplayback|get_video|watch_popup|user_watch|stream_204|get_ad_tags|get_video_info|player_204|ptracking|set_awesome)\\?";
    $f[] = "acl vc_url url_regex -i \\.(youtube|youtube-nocookie|googlevideo)\\.com\\/(v|e|embed)\\/[0-9a-zA-Z_-]{11}";
    $f[] = "acl vc_url url_regex -i \\.youtube\\.com\\/s\\? \\.youtube\\.com\\/api\\/stats\\/(atr|delayplay|playback|watchtime)\\?";
    $f[] = "acl vc_url url_regex -i \\.(youtube|youtube-nocookie|googlevideo)\\.com\\/videoplayback\\/id\\/[0-9a-zA-Z_-]+\\/";
    $f[] = "acl vc_url url_regex -i \\.android\\.clients\\.google\\.com\\/market\\/GetBinary\\/";
    $f[] = "acl vc_url url_regex -i cs(.*)\\.vk\\.me\\/(.*)/([a-zA-Z0-9.]+)\\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)";
    $f[] = "acl vc_url url_regex -i video(.*)\\.rutube\\.ru\\/(.*)/([a-zA-Z0-9.]+)\\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)Seg[0-9]+-Frag[0-9]+";
    $f[] = "";
    $f[] = "acl vc_dom_r dstdom_regex -i msn\\..*\\.(com|net)";
    $f[] = "acl vc_dom_r dstdom_regex -i msnbc\\..*\\.(com|net)";
    $f[] = "acl vc_dom_r dstdom_regex -i video\\..*\\.fbcdn\\.net";
    $f[] = "acl vc_dom_r dstdom_regex -i myspacecdn\\..*\\.footprint\\.net";
    $f[] = "";
    $f[] = "acl vc_dom dstdomain .stream.aol.com .5min.com .msn.com .blip.tv .dmcdn.net .break.com .vimeo.com .vimeocdn.com video.thestaticvube.com";
    $f[] = "acl vc_dom dstdomain .dailymotion.com .c.wrzuta.pl .v.imwx.com .mccont.com .myspacecdn.com video-http.media-imdb.com fcache.veoh.com";
    $f[] = "acl vc_dom dstdomain .hardsextube.com .public.extremetube.phncdn.com .redtubefiles.com .video.pornhub.phncdn.com .videos.videobash.com";
    $f[] = "acl vc_dom dstdomain .public.keezmovies.com .public.keezmovies.phncdn.com .slutload-media.com .public.spankwire.com .xtube.com";
    $f[] = "acl vc_dom dstdomain .public.youporn.phncdn.com .xvideos.com .tube8.com .public.spankwire.phncdn.com .pornhub.com";
    $f[] = "";
    $f[] = "";
    $f[] = "acl vc_deny_url url_regex -i crossdomain.xml";
    $f[] = "acl vc_method method GET";
    $f[] = "acl vc_header req_header X-Requested-With -i videocache";
    $f[] = "url_rewrite_access deny vc_deny_myport";
    $f[] = "url_rewrite_access deny !vc_method";
    $f[] = "url_rewrite_access deny vc_header";
    $f[] = "url_rewrite_access deny vc_deny_dom";
    $f[] = "url_rewrite_access deny vc_deny_url";
    $f[] = "url_rewrite_access allow vc_dom";
    $f[] = "url_rewrite_access allow vc_url";
    $f[] = "url_rewrite_access allow vc_dom_r";
    CheckFilesAndSecurity();
    $f = array();
    $f[] = "[main]";
    $StreamCacheBindHTTP = VerifHTTPIP();
    $FreeWebListenPort = $sock->GET_INFO("FreeWebListenPort");
    $FreeWebListenSSLPort = $sock->GET_INFO("FreeWebListenSSLPort");
    if (!is_numeric($FreeWebListenSSLPort)) {
        $FreeWebListenSSLPort = 443;
    }
    if (!is_numeric($FreeWebListenPort)) {
        $FreeWebListenPort = 80;
    }
    if ($FreeWebListenPort != 80) {
        $StreamCacheBindHTTP = "{$StreamCacheBindHTTP}:{$FreeWebListenPort}";
    }
    $SquidMgrListenPort = intval($sock->GET_INFO("SquidMgrListenPort"));
    $SquidDebugPortInterface = intval($sock->GET_INFO("SquidDebugPortInterface"));
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Apache IP...............: {$StreamCacheBindHTTP}:{$FreeWebListenPort}\n";
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Proxy Port..............: {$SquidMgrListenPort}\n";
    }
    if (!$users->CORP_LICENSE) {
        $emailprefix = "trial_";
    }
    $f[] = "client_email = {$emailprefix}{$uuid}@articatech.com";
    $f[] = "scheduler_pidfile = /var/run/squid/videocache.pid";
    $f[] = "cache_host = {$StreamCacheBindHTTP}";
    $f[] = "source_ip = 127.0.0.1";
    $f[] = "videocache_user = squid";
    $f[] = "";
    $f[] = "# # # Proxy specifications # # #";
    $f[] = "squid_access_log=/var/log/squid/access.log";
    $f[] = "enable_access_log_monitoring = 1";
    $f[] = "squid_access_log_format_combined = 0";
    $f[] = "";
    $f[] = "base_dir = /home/squid/videocache/";
    $f[] = "logdir = /var/log/squid/";
    $f[] = "pidfile = pidfile.txt";
    $f[] = "this_proxy=127.0.0.1:{$SquidMgrListenPort}";
    $f[] = "cache_swap_low = 90";
    $f[] = "cache_swap_high = 93";
    $f[] = "disk_cleanup_strategy = 1";
    $f[] = "enable_videocache = 1";
    $f[] = "offline_mode = 0";
    $f[] = "base_dir_selection = 2";
    $f[] = "# # # MySQL setup # # #";
    $f[] = "db_hostname = /var/run/mysqld/squid-db.sock";
    $f[] = "db_username = root";
    $f[] = "db_password ="******"db_database = videocache";
    $f[] = "max_cache_processes = 4";
    $f[] = "max_cache_speed = 0";
    $f[] = "";
    $f[] = "# # # Remote Proxy # # #";
    $f[] = "proxy =127.0.0.1:{$SquidMgrListenPort}";
    $f[] = "max_video_size = 0";
    $f[] = "min_video_size = 0";
    $f[] = "force_video_size = 1";
    $f[] = "logformat = %tl %p %s %i %w %c %v %m %d";
    $f[] = "scheduler_logformat = %tl %p %s %i %w %c %v %m %d";
    $f[] = "cleaner_logformat = %tl %p %s %w %c %v %m %d";
    $f[] = "db_query_logformat = %tl %m";
    $f[] = "timeformat = %d/%b/%Y:%H:%M:%S";
    $f[] = "enable_videocache_log = 1";
    $f[] = "enable_scheduler_log = 1";
    $f[] = "enable_cleaner_log = 1";
    $f[] = "enable_trace_log = 1";
    $f[] = "enable_db_query_log = 0";
    $f[] = "logfile = videocache.log";
    $f[] = "scheduler_logfile = videocache-scheduler.log";
    $f[] = "cleaner_logfile = videocache-cleaner.log";
    $f[] = "tracefile = videocache-trace.log";
    $f[] = "db_query_logfile = videocache-database.log";
    $f[] = "max_logfile_size = 90";
    $f[] = "max_scheduler_logfile_size = 90";
    $f[] = "max_cleaner_logfile_size = 5";
    $f[] = "max_tracefile_size = 5";
    $f[] = "max_db_query_logfile_size = 5";
    $f[] = "#------------------------------------------------------------------------------";
    $f[] = "#                         Website Specific Options                            |";
    $f[] = "#------------------------------------------------------------------------------";
    $f[] = "";
    $f[] = "# This option enables the caching of Android apps across various devices.";
    $f[] = "# This option's value can be either 0 or 1.";
    $f[] = "enable_android_cache = 1";
    $f[] = "";
    $f[] = "# These options set minimum and maximum size (in KB) for android apps. An app with";
    $f[] = "# size smaller than min_android_app_size or larger than max_android_app_size will";
    $f[] = "# not be cached. Set to zero (0) to disable.";
    $f[] = "# Default:";
    $f[] = "# min_android_app_size = 1024";
    $f[] = "# max_android_app_size = 0";
    $f[] = "min_android_app_size = 1024";
    $f[] = "max_android_app_size = 0";
    $f[] = "";
    $f[] = "# This option enables the caching of youtube videos.";
    $f[] = "# This option's value can be either 0 or 1.";
    $f[] = "#----------------------------------------------------------------------------";
    $f[] = "# | IMPORTANT : Each supported website have an option to enable or disable  |";
    $f[] = "# | caching of its videos in the form enable_website_cache. You can opt to  |";
    $f[] = "# | cache the websites you want by disabling the caching for other websites |";
    $f[] = "#----------------------------------------------------------------------------";
    $f[] = "# Default : 1";
    $f[] = "enable_youtube_cache = 1";
    $f[] = "";
    $f[] = "# This options determines if Videocache will cache different YouTube video";
    $f[] = "# formats separately. Please select an appropriate algorithm from the listed below.";
    $f[] = "# Available strategies:";
    $f[] = "#   1 : (disabled) Don't check for YouTube video formats. Cache one of the formats";
    $f[] = "#       and serve it for requests for all kinds of formats.";
    $f[] = "#   2 : (strict) Strictly check for YouTube formats and cache all formats separately.";
    $f[] = "#       Consumes maximum bandwidth.";
    $f[] = "#   3 : (approximate) Check YouTube formats but with approximation. For example,";
    $f[] = "#       if a client asked for a video in 480p format and we already have 360p";
    $f[] = "#       format of the same video in cache, then serve 360p format and vice-versa.";
    $f[] = "# Default : 3";
    $f[] = "enable_youtube_format_support = 3";
    $f[] = "";
    $f[] = "# This option enables the caching of HTML5 videos from YouTube.";
    $f[] = "# This option's value can be 0 or 1.";
    $f[] = "# Default : 1";
    $f[] = "enable_youtube_html5_videos = 1";
    $f[] = "";
    $f[] = "# This option enables the caching of 3D videos from YouTube.";
    $f[] = "# This option's value can either be 0 or 1.";
    $f[] = "# Default : 1";
    $f[] = "enable_youtube_3d_videos = 1";
    $f[] = "";
    $f[] = "# This option enables the caching of several video segments used by YouTube";
    $f[] = "# to serve a single video. This option works only when enable_store_log_monitoring";
    $f[] = "# option is enabled. This option's value can either be 0 or 1.";
    $f[] = "# Default : 1";
    $f[] = "enable_youtube_partial_caching = 1";
    $f[] = "";
    $f[] = "# This option enforces the maximum video quality from Youtube. If a user browses";
    $f[] = "# a video in higher quality format, Videocache will still cache and serve the video";
    $f[] = "# in the format specified below or a lower quality format depending on the availability.";
    $f[] = "# Valid values : 480p, 720p, 1080p, 2304p (Please don't append p)";
    $f[] = "# Default : 720";
    $f[] = "max_youtube_video_quality = 720";
    $f[] = "";
    $f[] = "# This option will help in enhancing the performance of Videocache.";
    $f[] = "# If min_youtube_views is set to 1000, then Videocache will cache a video only";
    $f[] = "# if it has received at least 1000 views on Youtube. Otherwise, video will not";
    $f[] = "# be cached. Set this to 0 to disable this option.";
    $f[] = "# Default : 100";
    $f[] = "min_youtube_views = 100";
    $f[] = "";
    $f[] = "# www.aol.com";
    $f[] = "enable_aol_cache = 1";
    $f[] = "";
    $f[] = "# www.bing.com";
    $f[] = "enable_bing_cache = 1";
    $f[] = "";
    $f[] = "# www.blip.tv";
    $f[] = "enable_bliptv_cache = 1";
    $f[] = "";
    $f[] = "# www.break.com";
    $f[] = "enable_breakcom_cache = 1";
    $f[] = "";
    $f[] = "# www.dailymotion.com";
    $f[] = "enable_dailymotion_cache = 1";
    $f[] = "";
    $f[] = "# www.facebook.com";
    $f[] = "enable_facebook_cache = 1";
    $f[] = "";
    $f[] = "# www.imdb.com";
    $f[] = "enable_imdb_cache = 1";
    $f[] = "";
    $f[] = "# www.metacafe.com";
    $f[] = "enable_metacafe_cache = 1";
    $f[] = "";
    $f[] = "# www.myspace.com";
    $f[] = "enable_myspace_cache = 1";
    $f[] = "";
    $f[] = "# www.veoh.com";
    $f[] = "enable_veoh_cache = 1";
    $f[] = "";
    $f[] = "# www.videobash.com";
    $f[] = "enable_videobash_cache = 1";
    $f[] = "";
    $f[] = "# www.vimeo.com";
    $f[] = "enable_vimeo_cache = 1";
    $f[] = "";
    $f[] = "# www.vube.com";
    $f[] = "enable_vube_cache = 1";
    $f[] = "";
    $f[] = "# www.weather.com";
    $f[] = "enable_weather_cache = 1";
    $f[] = "";
    $f[] = "# www.wrzuta.pl";
    $f[] = "enable_wrzuta_cache = 1";
    $f[] = "";
    $f[] = "# www.youku.com";
    $f[] = "enable_youku_cache = 1";
    $f[] = "";
    $f[] = "# Pr0n sites";
    $f[] = "# www.extremetube.com";
    $f[] = "enable_extremetube_cache = 1";
    $f[] = "";
    $f[] = "# www.hardsextube.com";
    $f[] = "enable_hardsextube_cache = 1";
    $f[] = "";
    $f[] = "# www.keezmovies.com";
    $f[] = "enable_keezmovies_cache = 1";
    $f[] = "";
    $f[] = "# www.pornhub.com";
    $f[] = "enable_pornhub_cache = 1";
    $f[] = "";
    $f[] = "# www.redute.com";
    $f[] = "enable_redtube_cache = 1";
    $f[] = "";
    $f[] = "# www.slutload.com";
    $f[] = "enable_slutload_cache = 1";
    $f[] = "";
    $f[] = "# www.spankwire.com";
    $f[] = "enable_spankwire_cache = 1";
    $f[] = "";
    $f[] = "# www.tube8.com";
    $f[] = "enable_tube8_cache = 1";
    $f[] = "";
    $f[] = "# www.xhamster.com";
    $f[] = "enable_xhamster_cache = 1";
    $f[] = "";
    $f[] = "# www.xtube.com";
    $f[] = "enable_xtube_cache = 1";
    $f[] = "";
    $f[] = "# www.xvideos.com";
    $f[] = "enable_xvideos_cache = 1";
    $f[] = "";
    $f[] = "# www.youporn.com";
    $f[] = "enable_youporn_cache = 1";
    $f[] = "";
    $f[] = "";
    $f[] = "#------------------------------------------------------------------------------";
    $f[] = "#                      Apache Configuration Options                           |";
    $f[] = "#------------------------------------------------------------------------------";
    $f[] = "";
    $f[] = "# Use this option if you don't want Videocache to generate Apache specific";
    $f[] = "# configuration on your system. This can be used when you are using other";
    $f[] = "# web server than Apache. Like lighttpd etc.";
    $f[] = "# Default : 0";
    $f[] = "skip_apache_conf = 0";
    $f[] = "";
    $f[] = "# This option specifies the absolute path to your Apache's conf.d or extra";
    $f[] = "# directory. Videocache will generate and save Videocache spcecific ";
    $f[] = "# configuration for Apache in this directory.";
    $f[] = "# Example : /etc/httpd/conf.d/ or /etc/apache2/conf.d/ or /etc/httpd/extra/";
    $f[] = "# Default : NOT SET";
    $httpdconf = $unix->LOCATE_APACHE_CONF_PATH();
    $python = $unix->find_program("python");
    $DAEMON_PATH = $unix->getmodpathfromconf($httpdconf);
    $sock->SET_INFO("EnableFreeWeb", 1);
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Apache..................: {$DAEMON_PATH}\n";
    }
    $f[] = "apache_conf_dir = {$DAEMON_PATH}";
    $f[] = "";
    $f[] = "# This option can be used to hide cache directories from your clients. Your";
    $f[] = "# clients will not be able to browse the contents cache directories via HTTP";
    $f[] = "# if this option is enabled. Browsing videos will not be affected.";
    $f[] = "# Default : 1";
    $f[] = "hide_cache_dirs = 1";
    $f[] = "";
    @file_put_contents("/etc/videocache.conf", @implode("\n", $f));
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/videocache.conf done\n";
    }
    shell_exec("{$python} /usr/share/videocache/vc-update >/dev/null 2>&1");
    $f[] = array();
    $StreamCacheCache = $sock->GET_INFO("StreamCacheCache");
    $StreamCacheMainCache = $sock->GET_INFO("StreamCacheMainCache");
    if ($StreamCacheCache == null) {
        $StreamCacheCache = "/home/squid/videocache";
    }
    if ($StreamCacheMainCache == null) {
        $StreamCacheMainCache = "/home/squid/streamcache";
    }
    $f[] = "##############################################################################";
    $f[] = "#                                                                            #";
    $f[] = "# file : {$DAEMON_PATH}/videocache.conf                                        #";
    $f[] = "#                                                                            #";
    $f[] = "# Videocache is a squid url rewriter to cache videos from various websites.  #";
    $f[] = "# Check http://cachevideos.com/ for more details.                            #";
    $f[] = "#                                                                            #";
    $f[] = "# ----------------------------- Note This ---------------------------------- #";
    $f[] = "# Don't change this file under any circumstances.                            #";
    $f[] = "# Use /etc/videocache.conf to configure Videocache.                          #";
    $f[] = "#                                                                            #";
    $f[] = "##############################################################################";
    $f[] = "";
    $f[] = "";
    $f[] = "Alias /crossdomain.xml /home/squid/videocache/youtube_crossdomain.xml";
    $f[] = "Alias /videocache {$StreamCacheCache}/";
    $f[] = "<Directory {$StreamCacheCache}/>";
    $f[] = "  Options -Indexes";
    $f[] = "  Order Allow,Deny";
    $f[] = "  Allow from all";
    $f[] = "  <IfModule mod_headers.c>";
    $f[] = "    Header add Videocache \"2.0.0\"";
    $f[] = "    Header add X-Cache \"HIT from 192.168.1.210\"";
    $f[] = "  </IfModule>";
    $f[] = "  <IfModule mod_mime.c>";
    $f[] = "    AddType video/webm .webm";
    $f[] = "    AddType application/vnd.android.package-archive .android";
    $f[] = "  </IfModule>";
    $f[] = "</Directory>";
    $f[] = "";
    if (!is_file("{$DAEMON_PATH}/videocache.conf")) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$DAEMON_PATH}/videocache.conf done\n";
        }
        @file_put_contents("{$DAEMON_PATH}/videocache.conf", @implode("\n", $f));
    }
    $f = array();
    $LOCATE_APACHE_CONF_PATH = $unix->LOCATE_APACHE_CONF_PATH();
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Apache config: {$LOCATE_APACHE_CONF_PATH}\n";
    }
    $APACHECONF = FALSE;
    $exp = explode("\n", @file_get_contents($LOCATE_APACHE_CONF_PATH));
    while (list($index, $line) = each($exp)) {
        if (!preg_match("#Include.*?videocache\\.conf#", $line)) {
            continue;
        }
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Apache {$line} Done\n";
        }
        $APACHECONF = true;
    }
    $php = $unix->LOCATE_PHP5_BIN();
    if (!$APACHECONF) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Reconfigure Apache\n";
        }
        shell_exec("{$php} /usr/share/artica-postfix/exec.freeweb.php --httpd");
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Configuration done..\n";
    }
}
Ejemplo n.º 5
0
function ApplyConfig($smooth = false)
{
    if (function_exists("WriteToSyslogMail")) {
        WriteToSyslogMail("Invoke ApplyConfig function", basename(__FILE__));
    }
    $unix = new unix();
    $ulimit = $unix->find_program("ulimit");
    if (is_file($ulimit)) {
        shell_exec("{$ulimit} -HSd unlimited");
    } else {
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid ulimit no such binary...\n";
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply kernel settings\n";
    build_progress("{reconfigure} Kernel values", 46);
    kernel_values();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply Checks security limits\n";
    build_progress("{reconfigure} Security limits", 47);
    security_limit();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances...\n";
    build_progress("{reconfigure} checks remote appliances", 48);
    remote_appliance_restore_tables();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances done...\n";
    $nohup = $unix->find_program("nohup");
    $php5 = $unix->LOCATE_PHP5_BIN();
    $squidbin = $unix->find_program("squid");
    $SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid loading libraires...\n";
    $sock = new sockets();
    $squid = new squidbee();
    if (!is_file($squidbin)) {
        $squidbin = $unix->find_program("squid3");
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid binary: `{$squidbin}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Conf..: `{$SQUID_CONFIG_PATH}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid php...: `{$php5}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid nohup.: `{$nohup}`\n";
    $DenySquidWriteConf = $sock->GET_INFO("DenySquidWriteConf");
    if (!is_numeric($DenySquidWriteConf)) {
        $DenySquidWriteConf = 0;
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `DenySquidWriteConf` = {$DenySquidWriteConf}\n";
    @copy("/etc/artica-postfix/settings/Daemons/SquidNudityScanParams", "/etc/squid3/SquidNudityScanParams");
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `NudeBooster`\n";
    build_progress("{reconfigure} Nude booster", 49);
    NudeBooster();
    if (!is_dir("/usr/share/squid-langpack")) {
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Templates from MySQL\n";
        $unix->THREAD_COMMAND_SET("{$php5} " . __FILE__ . " --tpl-save");
    }
    $EnableRemoteStatisticsAppliance = 0;
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build blocked Websites list...\n";
    build_progress("{reconfigure} Whitelisted browsers", 50);
    acl_whitelisted_browsers();
    build_progress("{reconfigure} allowed browsers", 51);
    acl_allowed_browsers();
    echo "Starting......: " . date("H:i:s") . " Checking wrapzap\n";
    build_progress("{reconfigure} wrapzap", 52);
    wrapzap();
    build_progress("{reconfigure} Mime.conf", 53);
    mime_conf();
    build_progress("{reconfigure} Blocked websites", 54);
    $squid->BuildBlockedSites();
    build_progress("{reconfigure} FTP clients ACLs", 55);
    acl_clients_ftp();
    build_progress("{reconfigure} Dynamic rules caches", 56);
    echo "Starting......: " . date("H:i:s") . " [SYS]: Dynamic rules caches...\n";
    dyn_caches();
    build_progress("{reconfigure} Webfiltering whitelisted", 57);
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build url_rewrite_access deny...\n";
    urlrewriteaccessdeny();
    echo "Starting......: " . date("H:i:s") . " [SYS]:Squid building main configuration done\n";
    if ($GLOBALS["NOAPPLY"]) {
        $DenySquidWriteConf = 0;
    }
    if ($DenySquidWriteConf == 0) {
        @mkdir("/tmp", 0755, true);
        $squid->CURRENT_PROGRESS = 79;
        $squid->MAX_PROGRESS = 79;
        $conf = $squid->BuildSquidConf();
        $conf = str_replace("\n\n", "\n", $conf);
        build_progress("{writing_configuration}", 79);
        @file_put_contents("/tmp/squid.conf", $conf);
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity of the configuration file with /tmp/squid.conf...\n";
        $GLOBALS["SQUID_PATTERN_ERROR"] = array();
        CheckConfig("/tmp/squid.conf");
        if (count($GLOBALS["SQUID_PATTERN_ERROR"]) > 0) {
            echo "Starting......: " . date("H:i:s") . " [SYS]: Some errors are detected and cleaned\n";
            squid_admin_mysql(1, "Some errors has been detected in settings", "Please check theses values:\n" . @implode("\n", $GLOBALS["SQUID_PATTERN_ERROR"]));
            $conf = @file_get_contents("/tmp/squid.conf");
        }
        exec("{$squidbin} -f /tmp/squid.conf -k parse 2>&1", $results);
        while (list($index, $ligne) = each($results)) {
            if (strpos($ligne, "| WARNING:") > 0) {
                continue;
            }
            if (preg_match("#ERROR: Failed#", $ligne)) {
                build_progress("{operation_failed} !!!", 110);
                echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n";
                echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>";
                $sock->TOP_NOTIFY("{$ligne}", "error");
                return;
            }
            if (preg_match("#Segmentation fault#", $ligne)) {
                build_progress("{operation_failed} Segmentation fault !!!", 110);
                echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n";
                echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>";
                $sock->TOP_NOTIFY("{$ligne}", "error");
                return;
            }
            if (preg_match("#(unrecognized|FATAL|Bungled)#", $ligne)) {
                build_progress("{operation_failed} Bungled !!!", 110);
                echo "Starting......: " . date("H:i:s") . " [SYS]: Squid `{$ligne}`, aborting configuration, keep the old one...\n";
                echo "<div style='font-size:16px;font-weight:bold;color:#E71010'>{$ligne}</div>";
                if (preg_match("#line ([0-9]+):#", $ligne, $ri)) {
                    $Buggedline = $ri[1];
                    $tt = explode("\n", @file_get_contents("/tmp/squid.conf"));
                    echo "<HR>";
                    for ($i = $Buggedline - 2; $i < $Buggedline + 2; $i++) {
                        $lineNumber = $i + 1;
                        $colorbugged = "black";
                        if (trim($tt[$i]) == null) {
                            continue;
                        }
                        if ($lineNumber == $Buggedline) {
                            $colorbugged = "#E71010";
                        }
                        echo "<div style='font-size:12px;font-weight:bold;color:{$colorbugged}'>[line:{$lineNumber}]: {$tt[$i]}</div>";
                    }
                }
                echo "<HR>";
                $sock->TOP_NOTIFY("{$ligne}", "error");
                return;
            }
            if (preg_match("#strtokFile:\\s+(.+?)\\s+not found#", $ligne, $re)) {
                $filename = trim($re[1]);
                echo "Starting......: " . date("H:i:s") . " [SYS]: Squid missing {$filename}, create an empty one\n";
                @mkdir(dirname($filename), 0755, true);
                @file_put_contents($filename, "");
                @chown($filename, "squid");
                @chgrp($filename, "squid");
                continue;
            }
            if (preg_match("#Processing:\\s+#", $ligne)) {
                continue;
            }
            if (preg_match("#Warning: empty ACL#", $ligne)) {
                continue;
            }
            if (preg_match("#searching predictable#", $ligne)) {
                continue;
            }
            if (preg_match("#is a subnetwork of#", $ligne)) {
                continue;
            }
            if (preg_match("#You should probably#", $ligne)) {
                continue;
            }
            if (preg_match("#Startup:\\s+#", $ligne)) {
                continue;
            }
            echo "Starting......: " . date("H:i:s") . " [SYS]: {$ligne}\n";
        }
        @file_put_contents("/etc/artica-postfix/settings/Daemons/GlobalSquidConf", $conf);
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity OK...\n";
        if ($GLOBALS["NOAPPLY"]) {
            echo "Starting......: " . date("H:i:s") . " [SYS]: WARNING \"NOAPPLY\" Artica is denied to apply settings...\n";
            return true;
        }
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Writing configuration file \"{$SQUID_CONFIG_PATH}\" " . strlen($conf) . " bytes...\n";
        @file_put_contents($SQUID_CONFIG_PATH, $conf);
        @mkdir("/etc/squid3", 0755, true);
        if ($SQUID_CONFIG_PATH != "/etc/squid3/squid.conf") {
            @file_put_contents("/etc/squid3/squid.conf", $conf);
        }
        $sock->TOP_NOTIFY("{squid_parameters_was_saved}", "info");
        $cmd = $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --templates --noreload";
        $unix->THREAD_COMMAND_SET($cmd);
    }
    build_progress("{checking}: squidclamav", 79);
    if (!$smooth) {
        squidclamav();
    }
    build_progress("{checking}: wrapzap", 79);
    if (!$smooth) {
        wrapzap();
    }
    build_progress("{checking}: Cerificates", 79);
    if (!$smooth) {
        certificate_generate();
    }
    $cmd = $nohup . " " . $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --cache-infos --force >/dev/null 2>&1 &";
    if ($GLOBALS["VERBOSE"]) {
        echo "{$cmd}\n";
    }
    shell_exec($cmd);
    shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.syslog-engine.php --rsylogd >/dev/null 2>&1 &");
    shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.squid.watchdog.php --init >/dev/null 2>&1 &");
    if (!$smooth) {
        build_progress("{checking}: Check Files And Security", 79);
        CheckFilesAndSecurity();
    }
    return true;
}
Ejemplo n.º 6
0
function start($nopid = false)
{
    $unix = new unix();
    $sock = new sockets();
    $unix = new unix();
    $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
    if (!$nopid) {
        $pid = $unix->get_pid_from_file($pidfile);
        if ($unix->process_exists($pid, basename(__FILE__))) {
            $time = $unix->PROCCESS_TIME_MIN($pid);
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Already Artica task running PID {$pid} since {$time}mn\n";
            }
            return;
        }
    }
    $pid = redis_pid();
    if ($unix->process_exists($pid)) {
        $time = $unix->PROCCESS_TIME_MIN($pid);
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Already running since {$time}Mn...\n";
        }
        return;
    }
    $Enablentopng = $sock->GET_INFO("Enablentopng");
    if (!is_numeric($Enablentopng)) {
        $Enablentopng = 0;
    }
    $SquidPerformance = intval($sock->GET_INFO("SquidPerformance"));
    if ($SquidPerformance > 2) {
        $Enablentopng = 0;
    }
    if ($Enablentopng == 0) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Disabled ( see Enablentopng )...\n";
        }
        return;
    }
    $masterbin = $unix->find_program("redis-server");
    $masterbin = $unix->find_program("redis-server");
    if (!is_file($masterbin)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} installing redis-server\n";
        }
        $unix->DEBIAN_INSTALL_PACKAGE("redis-server");
        $masterbin = $unix->find_program("redis-server");
    }
    if (!is_file($masterbin)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Not installed...\n";
        }
        return;
    }
    CheckFilesAndSecurity();
    $version = redis_version();
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting service v{$version}\n";
    }
    $cmd = "{$masterbin} /etc/redis/redis.conf";
    shell_exec($cmd);
    $c = 1;
    for ($i = 0; $i < 10; $i++) {
        sleep(1);
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting service waiting {$c}/10\n";
        }
        $pid = redis_pid();
        if ($unix->process_exists($pid)) {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Success PID {$pid}\n";
            }
            break;
        }
        $c++;
    }
    $pid = redis_pid();
    if (!$unix->process_exists($pid)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Failed\n";
        }
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$cmd}\n";
        }
    }
}
Ejemplo n.º 7
0
function start($nopid = false)
{
    $unix = new unix();
    $sock = new sockets();
    $unix = new unix();
    $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
    if (!$nopid) {
        $pid = $unix->get_pid_from_file($pidfile);
        if ($unix->process_exists($pid, basename(__FILE__))) {
            $time = $unix->PROCCESS_TIME_MIN($pid);
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Already Artica task running PID {$pid} since {$time}mn\n";
            }
            return;
        }
    }
    $pid = squid_27_pid();
    if ($unix->process_exists($pid)) {
        $time = $unix->PROCCESS_TIME_MIN($pid);
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Already running since {$time}Mn...\n";
        }
        return;
    }
    $EnableTransparent27 = intval($sock->GET_INFO("EnableTransparent27"));
    if ($EnableTransparent27 == 0) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Disabled ( see EnableTransparent27 )...\n";
        }
        return;
    }
    $masterbin = $unix->find_program("squid27");
    if (!is_file($masterbin)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Not installed...\n";
        }
        return;
    }
    CheckFilesAndSecurity();
    $squid_27_version = squid_27_version();
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting service v{$squid_27_version}\n";
    }
    $cmd = "{$masterbin} -f /etc/squid27/squid.conf -sD";
    shell_exec($cmd);
    $c = 1;
    for ($i = 0; $i < 10; $i++) {
        sleep(1);
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Starting service waiting {$c}/10\n";
        }
        $pid = squid_27_pid();
        if ($unix->process_exists($pid)) {
            if ($GLOBALS["OUTPUT"]) {
                echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Success PID {$pid}\n";
            }
            break;
        }
        $c++;
    }
    $pid = squid_27_pid();
    if (!$unix->process_exists($pid)) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Failed\n";
        }
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} {$cmd}\n";
        }
    }
}
Ejemplo n.º 8
0
function ApplyConfig($smooth = false)
{
    if (function_exists("WriteToSyslogMail")) {
        WriteToSyslogMail("Invoke ApplyConfig function", basename(__FILE__));
    }
    $unix = new unix();
    $ulimit = $unix->find_program("ulimit");
    if (is_file($ulimit)) {
        shell_exec("{$ulimit} -HSd unlimited");
    } else {
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid ulimit no such binary...\n";
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply kernel settings\n";
    build_progress("{reconfigure} Kernel values", 46);
    kernel_values();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid apply Checks security limits\n";
    build_progress("{reconfigure} Security limits", 47);
    security_limit();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances...\n";
    build_progress("{reconfigure} checks remote appliances", 48);
    remote_appliance_restore_tables();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Remote appliances done...\n";
    $nohup = $unix->find_program("nohup");
    $php5 = $unix->LOCATE_PHP5_BIN();
    $squidbin = $unix->find_program("squid");
    $SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid loading libraires...\n";
    $sock = new sockets();
    $squid = new squidbee();
    if (!is_file($squidbin)) {
        $squidbin = $unix->find_program("squid3");
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid binary: `{$squidbin}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Conf..: `{$SQUID_CONFIG_PATH}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid php...: `{$php5}`\n";
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid nohup.: `{$nohup}`\n";
    $DenySquidWriteConf = $sock->GET_INFO("DenySquidWriteConf");
    if (!is_numeric($DenySquidWriteConf)) {
        $DenySquidWriteConf = 0;
    }
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `DenySquidWriteConf` = {$DenySquidWriteConf}\n";
    @copy("/etc/artica-postfix/settings/Daemons/SquidNudityScanParams", "/etc/squid3/SquidNudityScanParams");
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking `NudeBooster`\n";
    build_progress("{reconfigure} Nude booster", 49);
    NudeBooster();
    if (!is_dir("/usr/share/squid-langpack")) {
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Checking Templates from MySQL\n";
        $unix->THREAD_COMMAND_SET("{$php5} " . __FILE__ . " --tpl-save");
    }
    $EnableRemoteStatisticsAppliance = 0;
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build blocked Websites list...\n";
    if (!is_dir("/etc/squid3/artica-meta")) {
        @mkdir("/etc/squid3/artica-meta", 0755, true);
    }
    if (!is_file("/etc/squid3/artica-meta/whitelist-net.db")) {
        @touch("/etc/squid3/artica-meta/whitelist-net.db");
    }
    if (!is_file("/etc/squid3/artica-meta/whitelist-domains.db")) {
        @touch("/etc/squid3/artica-meta/whitelist-domains.db");
    }
    build_progress("{reconfigure} Whitelisted browsers", 50);
    acl_whitelisted_browsers();
    build_progress("{reconfigure} allowed browsers", 51);
    acl_allowed_browsers();
    echo "Starting......: " . date("H:i:s") . " Checking wrapzap\n";
    build_progress("{reconfigure} wrapzap", 52);
    wrapzap();
    build_progress("{reconfigure} Mime.conf", 53);
    mime_conf();
    build_progress("{reconfigure} Blocked websites", 54);
    $squid->BuildBlockedSites();
    build_progress("{reconfigure} FTP clients ACLs", 55);
    acl_clients_ftp();
    build_progress("{checking_wccp_mode}", 55);
    system("{$php5} /usr/share/artica-postfix/exec.squid.wccp.php --squid");
    build_progress("{reconfigure} Dynamic rules caches", 56);
    echo "Starting......: " . date("H:i:s") . " [SYS]: Dynamic rules caches...\n";
    dyn_caches();
    build_progress("{reconfigure} Webfiltering whitelisted", 57);
    echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Build url_rewrite_access deny...\n";
    urlrewriteaccessdeny();
    echo "Starting......: " . date("H:i:s") . " [SYS]:Squid building main configuration done\n";
    build_progress("{reconfigure} Check files and security", 58);
    CheckFilesAndSecurity();
    $tar = $unix->find_program("tar");
    if ($GLOBALS["NOAPPLY"]) {
        $DenySquidWriteConf = 0;
    }
    if ($DenySquidWriteConf == 0) {
        @mkdir("/tmp", 0755, true);
        $squid->CURRENT_PROGRESS = 79;
        $squid->MAX_PROGRESS = 79;
        $conf = $squid->BuildSquidConf();
        $conf = str_replace("\n\n", "\n", $conf);
        build_progress("{writing_configuration}", 79);
        @file_put_contents("/tmp/squid.conf", $conf);
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity of the configuration file with /tmp/squid.conf...\n";
        $GLOBALS["SQUID_PATTERN_ERROR"] = array();
        $squid_checks = new squid_checks("/tmp/squid.conf");
        if (!$squid_checks->squid_parse()) {
            build_progress("{checking}: {failed}", 110);
            return;
        }
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Check validity OK...\n";
        if ($GLOBALS["NOAPPLY"]) {
            echo "Starting......: " . date("H:i:s") . " [SYS]: WARNING \"NOAPPLY\" Artica is denied to apply settings...\n";
            return true;
        }
        echo "Starting......: " . date("H:i:s") . " [SYS]: Squid Writing configuration file \"{$SQUID_CONFIG_PATH}\" " . strlen($conf) . " bytes...\n";
        @file_put_contents($SQUID_CONFIG_PATH, $conf);
        @mkdir("/etc/squid3", 0755, true);
        if ($SQUID_CONFIG_PATH != "/etc/squid3/squid.conf") {
            @file_put_contents("/etc/squid3/squid.conf", $conf);
        }
        $sock->TOP_NOTIFY("{squid_parameters_was_saved}", "info");
        $cmd = $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --templates --noreload";
        $unix->THREAD_COMMAND_SET($cmd);
    }
    build_progress("{checking}: squidclamav", 79);
    if (!$smooth) {
        squidclamav();
    }
    build_progress("{checking}: wrapzap", 79);
    if (!$smooth) {
        wrapzap();
    }
    build_progress("{checking}: Cerificates", 79);
    if (!$smooth) {
        certificate_generate();
    }
    $cmd = $nohup . " " . $unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --cache-infos --force >/dev/null 2>&1 &";
    if ($GLOBALS["VERBOSE"]) {
        echo "{$cmd}\n";
    }
    shell_exec($cmd);
    shell_exec("{$nohup} {$php5} /usr/share/artica-postfix/exec.syslog-engine.php --rsylogd >/dev/null 2>&1 &");
    if (!$smooth) {
        build_progress("{checking}: Check Files And Security", 79);
        CheckFilesAndSecurity();
    }
    if (is_file("/root/squid-good.tgz")) {
        @unlink("/root/squid-good.tgz");
    }
    chdir("/etc/squid3");
    shell_exec("cd /etc/squid3");
    shell_exec("tar -czf /root/squid-good.tgz *");
    chdir("/root");
    shell_exec("cd /root");
    return true;
}