function page_active_directory() { $acl = new squid_acls(); $ad = new external_ad_search(); $DNDUMP = $ad->DNDUMP($_GET["LoadGroupSettings"]); $GroupName = $DNDUMP["samaccountname"][0]; $RULES = $acl->GetRulesFromADGroup($GroupName); if ($GLOBALS["VERBOSE"]) { echo "<span style='color:red;font-size:22px'>{$GroupName}:: " . count($RULES) . " RULES</span><br>\n"; } if (is_array($RULES)) { while (list($key, $ligne) = each($RULES)) { $MAIN_SQUIDRULES[$key] = $ligne; } if ($GLOBALS["VERBOSE"]) { echo "<span style='color:red;font-size:28px'>{$GroupName}:: \$MAIN_SQUIDRULES:" . count($MAIN_SQUIDRULES) . " RULES</span><br>\n"; } } $sock = new sockets(); if ($sock->EnableUfdbGuard() == 1) { $MAIN_WEBRULES[0] = "{default}"; $RULES = $acl->GetWebfilteringRulesFromADGroup($GroupName); if ($GLOBALS["VERBOSE"]) { echo "<span style='color:red;font-size:22px'>{$GroupName}:: " . count($RULES) . " RULES</span><br>\n"; } if (is_array($RULES)) { while (list($key, $ligne) = each($RULES)) { $MAIN_WEBRULES[$key] = $ligne; } if ($GLOBALS["VERBOSE"]) { echo "<span style='color:red;font-size:22px'>{$GroupName}:: \$MAIN_WEBRULES:" . count($MAIN_WEBRULES) . " RULES</span><br>\n"; } } } if (count($MAIN_SQUIDRULES) > 0) { $rules_title = "{rules}"; if (count($MAIN_SQUIDRULES) < 2) { $rules_title = "{rule}"; } while (list($aclid, $aclname) = each($MAIN_SQUIDRULES)) { $jsGRP = "Loadjs('squid.acls-rules.php?Addacl-js=yes&ID={$aclid}');"; $XTRGB[] = "<tr>\n\t\t\t<td style='width:48px'><img src='img/folder-script-database-48.png'></td>\n\t\t\t<td style='font-size:22px'><a href=\"javascript:blur();\" OnClick=\"javascript:{$jsGRP}\"\n\t\t\tstyle='text-decoration:underline'>{$aclname}</a></td>\n\t\t\t</tr>"; } $proxay_acls = "</tr>\n\t\t<tr style='height:70px'>\n\t\t<td valign=middle style='font-size:30px' class=legend>" . count($MAIN_SQUIDRULES) . " {$rules_title} (Proxy):</td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t<td></td>\n\t\t\t\t\t<td><table style='width:100%'>" . @implode("", $XTRGB) . "</table></td>\n\t\t</tr>"; } if (count($MAIN_WEBRULES) > 0) { $XTRGB = array(); while (list($aclid, $aclname) = each($MAIN_WEBRULES)) { $jsGRP = "YahooWin3('1100','dansguardian2.edit.php?ID={$aclid}&t=0','{$aclid} {$aclname}');"; $XTRGB[] = "<tr>\n\t<td style='width:48px'><img src='img/folder-script-database-48.png'></td>\n\t<td style='font-size:22px'><a href=\"javascript:blur();\" OnClick=\"javascript:{$jsGRP}\"\n\tstyle='text-decoration:underline'>{$aclname}</a></td>\n\t</tr>"; } $rules_title = "{rules}"; if (count($MAIN_WEBRULES) < 2) { $rules_title = "{rule}"; } $webfilter_acls = "</tr>\n\t<tr style='height:70px'>\n\t<td valign=middle style='font-size:30px' class=legend>" . count($MAIN_WEBRULES) . " {$rules_title} ({webfiltering}):</td>\n\t</tr>\n\t<tr>\n\t<td></td>\n\t<td><table style='width:100%'>" . @implode("", $XTRGB) . "</table></td>\n\t</tr>"; } $tpl = new templates(); echo $tpl->_ENGINE_parse_body("<center style='width:98%' class=form><table style='width:100%'>{$proxay_acls}{$webfilter_acls}</table></center>"); }
function add_white_single() { $q = new mysql_squid_builder(); $acl = new squid_acls(); $IP = new IP(); $sql = "CREATE TABLE IF NOT EXISTS `privoxy_whitelist` (\n\t\t\t\t`items` VARCHAR(256) NOT NULL PRIMARY KEY\n\t\t\t\t) ENGINE=MYISAM;"; $q->QUERY_SQL($sql, "artica_backup"); $www = $_POST["whitelist-single"]; $www = $acl->dstdomain_parse($www); if ($www == null) { return; } $q->QUERY_SQL("INSERT IGNORE INTO privoxy_whitelist (items) VALUES ('{$www}')", "artica_backup"); if (!$q->ok) { echo $q->mysql_error; return; } }
function popup() { $users = new usersMenus(); $ad = new external_ad_search(); $DNDUMP = $ad->DNDUMP($_GET["DN"]); $tpl = new templates(); if (isset($DNDUMP["description"][0])) { $description = $DNDUMP["description"][0]; } $title = $DNDUMP["samaccountname"][0]; if (isset($DNDUMP["givenname"][0])) { $title = "{$DNDUMP["givenname"][0]} {$DNDUMP["sn"][0]}"; } $MAIN_SQUIDRULES = array(); $MAIN_WEBRULES = array(); for ($i = 0; $i < $DNDUMP["memberof"]["count"]; $i++) { $DN = $DNDUMP["memberof"][$i]; $XGRP = $ad->DNinfos($DN); $GroupName = $XGRP[0]["samaccountname"][0]; if ($users->SQUID_INSTALLED) { $acl = new squid_acls(); $RULES = $acl->GetRulesFromADGroup($GroupName); if ($GLOBALS["VERBOSE"]) { echo "<span style='color:red;font-size:22px'>{$GroupName}:: " . count($RULES) . " RULES</span><br>\n"; } if (is_array($RULES)) { while (list($key, $ligne) = each($RULES)) { $MAIN_SQUIDRULES[$key] = $ligne; } if ($GLOBALS["VERBOSE"]) { echo "<span style='color:red;font-size:22px'>{$GroupName}:: \$MAIN_SQUIDRULES:" . count($MAIN_SQUIDRULES) . " RULES</span><br>\n"; } } $sock = new sockets(); if ($sock->EnableUfdbGuard() == 1) { $MAIN_WEBRULES[0] = "{default}"; $RULES = $acl->GetWebfilteringRulesFromADGroup($GroupName); if ($GLOBALS["VERBOSE"]) { echo "<span style='color:red;font-size:22px'>{$GroupName}:: " . count($RULES) . " RULES</span><br>\n"; } if (is_array($RULES)) { while (list($key, $ligne) = each($RULES)) { $MAIN_WEBRULES[$key] = $ligne; } if ($GLOBALS["VERBOSE"]) { echo "<span style='color:red;font-size:22px'>{$GroupName}:: \$MAIN_WEBRULES:" . count($MAIN_WEBRULES) . " RULES</span><br>\n"; } } } } $jsGRP = "Loadjs('domains.edit.group.php?js=yes&group-id=" . urlencode($DN) . "',true)"; $XTRG[] = "<tr>\n\t\t\t\t\t<td style='width:16px'><img src='img/wingroup.png'></td>\n\t\t\t\t\t<td style='font-size:16px'><a href=\"javascript:blur();\" OnClick=\"javascript:{$jsGRP}\" style='text-decoration:underline'>{$GroupName}</a></td>\n\t\t\t\t</tr>"; } if (count($MAIN_SQUIDRULES) > 0) { $rules_title = "{rules}"; if (count($MAIN_SQUIDRULES) < 2) { $rules_title = "{rule}"; } while (list($aclid, $aclname) = each($MAIN_SQUIDRULES)) { $jsGRP = "Loadjs('squid.acls-rules.php?Addacl-js=yes&ID={$aclid}');"; $XTRGB[] = "<tr>\n\t\t\t<td style='width:16px'><img src='img/scripts-16.png'></td>\n\t\t\t<td style='font-size:16px'><a href=\"javascript:blur();\" OnClick=\"javascript:{$jsGRP}\" \n\t\t\t\tstyle='text-decoration:underline'>{$aclname}</a></td>\n\t\t\t</tr>"; } $proxay_acls = "</tr>\n\t\t<tr style='height:70px'>\n\t\t<td valign=middle style='font-size:26px' class=legend>" . count($MAIN_SQUIDRULES) . " {$rules_title} (Proxy):</td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td></td>\n\t\t<td><table style='width:100%'>" . @implode("", $XTRGB) . "</table></td>\n\t\t</tr>"; } if (count($MAIN_WEBRULES) > 0) { $XTRGB = array(); while (list($aclid, $aclname) = each($MAIN_WEBRULES)) { $jsGRP = "YahooWin3('1100','dansguardian2.edit.php?ID={$aclid}&t=0','{$aclid} {$aclname}');"; $XTRGB[] = "<tr>\n\t\t\t<td style='width:16px'><img src='img/scripts-16.png'></td>\n\t\t\t<td style='font-size:16px'><a href=\"javascript:blur();\" OnClick=\"javascript:{$jsGRP}\"\n\t\t\tstyle='text-decoration:underline'>{$aclname}</a></td>\n\t\t\t</tr>"; } $rules_title = "{rules}"; if (count($MAIN_WEBRULES) < 2) { $rules_title = "{rule}"; } $webfilter_acls = "</tr>\n\t\t<tr style='height:70px'>\n\t\t<td valign=middle style='font-size:26px' class=legend>" . count($MAIN_WEBRULES) . " {$rules_title} ({webfiltering}):</td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td></td>\n\t\t<td><table style='width:100%'>" . @implode("", $XTRGB) . "</table></td>\n\t\t</tr>"; } $picture_link = "img/impersonate-photo.png"; $html = "\n\t\t\t\n\t<div style='width:98%' class=form>\n\t<table style='width:100%'>\n\t<tr>\n\t\t<td style='width:190px;vertical-align:top'>\n\t\t<center style='margin-top:15px'>\n\t\t<img style='border-radius: 50% 50% 50% 50%;\n \t\tbox-shadow: 0 0 5px silver;height: 180px;margin: 0 32px;width: 180px;' src='{$picture_link}'></a>\n <center style='font-size: 24px;line-height: 1.2;word-wrap: break-word;margin-top:30px;margin-bottom:30px'>{$title}</center>\n\n \n </center>\t\n\t</td>\n\t\t<td style='width:80%;vertical-aglin:top'>\n\t\t\t<table style='width:100%'>\n\t\t\t\t\t</tr>\t\t\t\n\t\t\t\t<tr style='height:70px'>\n\t\t\t\t<td valign=middle style='font-size:26px' class=legend><div>{Contact_Information}:</div><i style='font-size:16px'>{$description}</i></td>\n\t\t\t</tr>\n\n\t\t\t\n\t\t\t<tr>\n\t\t\t\t<td valign=middle style='font-size:18px' class=legend>{member}:</td>\n\t\t\t\t<td valign=middle style='font-size:18px'><strong>{$DNDUMP["givenname"][0]} {$DNDUMP["sn"][0]}</strong></td>\n\t\t\t</tr>\t\t\t\n\t\t\t\n\t\t\t<tr>\n\t\t\t\t<td valign=middle style='font-size:18px' class=legend>{name}:</td>\n\t\t\t\t<td valign=middle style='font-size:18px'><strong>{$DNDUMP["name"][0]}</strong></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td valign=middle style='font-size:18px' class=legend>{account}:</td>\n\t\t\t\t<td valign=middle style='font-size:18px'><strong>{$DNDUMP["samaccountname"][0]}</strong></td>\n\t\t\t</tr>\n\t\t\n\t\t\t<tr>\n\t\t\t\t<td valign=middle style='font-size:18px' class=legend>{email}:</td>\n\t\t\t\t<td valign=middle style='font-size:18px'><strong>{$DNDUMP["mail"][0]}</strong></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td valign=middle style='font-size:18px' class=legend>{telephoneNumber}:</td>\n\t\t\t\t<td valign=middle style='font-size:18px'><strong>{$DNDUMP["telephonenumber"][0]}</strong></td>\n\t\t\t</tr>\t\t\t\n\t\t\t<tr>\n\t\t\t\t<td valign=middle style='font-size:18px' class=legend>{mobile}:</td>\n\t\t\t\t<td valign=middle style='font-size:18px'><strong>{$DNDUMP["mobile"][0]}</strong></td>\n\t\t\t</tr>\t\t\t\n\t\t\t\t<tr style='height:70px'>\n\t\t\t\t<td valign=middle style='font-size:26px' class=legend>{$DNDUMP["memberof"]["count"]} {groups}:</td>\n\t\t\t</tr>\t\t\t\n\t\t\t<tr>\n\t\t\t\t<td></td>\n\t\t\t\t<td><table style='width:100%'>" . @implode("", $XTRG) . "</table></td>\n\t\t\t</tr>\n\t\t\t{$proxay_acls}\n\t\t\t{$webfilter_acls}\n\t\t\t</table>\n\t\t</td>\n\t</tr>\n\t</table>\n\t<p> </p>\n\t</div>\n\t\t\t\n\t"; echo $tpl->_ENGINE_parse_body($html); }
function add_nocache_save() { $table = "denycache_websites"; $q = new mysql_squid_builder(); $q1 = new mysql_squid_builder(); $acl = new squid_acls(); $IP = new IP(); $sql = "CREATE TABLE IF NOT EXISTS `deny_cache_domains` (\n\t\t\t\t`items` VARCHAR(256) NOT NULL PRIMARY KEY\n\t\t\t\t) ENGINE=MYISAM;"; $q->QUERY_SQL($sql); $tr = explode("\n", $_POST["nocache"]); $q->QUERY_SQL("TRUNCATE TABLE deny_cache_domains", "artica_backup"); while (list($none, $www) = each($tr)) { $www = trim(strtolower($www)); if ($www == null) { continue; } if (!$IP->isIPAddressOrRange($www)) { if (substr($www, 0, 1) != "^") { $www = $acl->dstdomain_parse($www); } } $q->QUERY_SQL("INSERT IGNORE INTO deny_cache_domains (items) VALUES ('{$www}')", "artica_backup"); if (!$q->ok) { echo $q->mysql_error; return; } } }
function build() { $sock = new sockets(); $unix = new unix(); $ini = new Bs_IniHandler(); $squid = new squidbee(); $IPADDRSSL = array(); $IPADDRSSL2 = array(); $ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters'); $SquidAsMasterPeer = intval($sock->GET_INFO("SquidAsMasterPeer")); $SquidAsMasterPeerPort = intval($sock->GET_INFO("SquidAsMasterPeerPort")); $SquidAsMasterPeerPortSSL = intval($sock->GET_INFO("SquidAsMasterPeerPortSSL")); $SquidAsMasterPeerIPAddr = $sock->GET_INFO("SquidAsMasterPeerIPAddr"); $visible_hostname = $ini->_params["NETWORK"]["visible_hostname"]; if ($visible_hostname == null) { $visible_hostname = $unix->hostname_g(); } $SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr"); $AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid"); if (!is_numeric($AllowAllNetworksInSquid)) { $AllowAllNetworksInSquid = 1; } $ini->loadString($ArticaSquidParameters); $ZipProxyListenIpAdress = $sock->GET_INFO("ZipProxyListenIpAdress"); $zipproxy_port = intval($sock->GET_INFO("zipproxy_port")); if ($zipproxy_port == 0) { $zipproxy_port = 5561; } $zipproxy_MaxSize = intval($sock->GET_INFO("zipproxy_MaxSize")); if ($zipproxy_MaxSize == 0) { $zipproxy_MaxSize = 1048576; } $ZipProxyUnrestricted = intval($sock->GET_INFO("ZipProxyUnrestricted")); $ConvertToGrayscale = intval($sock->GET_INFO("ConvertToGrayscale")); $zipproxy_ProcessHTML = intval($sock->GET_INFO("zipproxy_ProcessHTML")); $zipproxy_ProcessCSS = intval($sock->GET_INFO("zipproxy_ProcessCSS")); $zipproxy_ProcessJS = intval($sock->GET_INFO("zipproxy_ProcessJS")); NETWORK_ALL_INTERFACES(); if ($ZipProxyListenIpAdress != null) { if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$ZipProxyListenIpAdress])) { $f[] = "# {$ZipProxyListenIpAdress} Interface Hardware error"; } } $dns_nameservers = $squid->dns_nameservers(true); $hostname = $unix->hostname_g(); if ($SquidAsMasterPeerIPAddr == "0.0.0.0") { $SquidAsMasterPeerIPAddr = null; } if ($SquidAsMasterPeerIPAddr == null) { $SquidAsMasterPeerIPAddr = "127.0.0.1"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Listen......: {$ZipProxyListenIpAdress}:{$zipproxy_port}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Unrestricted: {$ZipProxyUnrestricted}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Master......: {$SquidAsMasterPeerIPAddr}:{$SquidAsMasterPeerPort}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Convert to g: {$ConvertToGrayscale}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Process JS..: {$zipproxy_ProcessJS}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Process CSS.: {$zipproxy_ProcessCSS}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Process HTML: {$zipproxy_ProcessHTML}\n"; } $f[] = "############################"; $f[] = "# daemon mode-only options #"; $f[] = "############################"; $f[] = ""; $f[] = "## Port to listen for proxy connections"; $f[] = "## default: 8080"; $f[] = "Port = {$zipproxy_port}"; $f[] = ""; $f[] = "## Local address to listen for proxy connections"; $f[] = "## If you have more than one network interface,"; $f[] = "## it's useful for restricting to which interface you want to bind to."; $f[] = "## By default Ziproxy binds to all interfaces."; if ($ZipProxyListenIpAdress != null) { $f[] = "Address = \"{$ZipProxyListenIpAdress}\""; } $f[] = ""; $f[] = "## Accepts conections only from that address."; $f[] = "## WARNING: Remember to restrict the access to Ziproxy"; $f[] = "## if your machine is directly connected to the Internet."; if ($ZipProxyUnrestricted == 0) { $backends = $squid->backends_list(); $f[] = "OnlyFrom = \"" . @implode(" ", $backends) . "\""; } $f[] = ""; $f[] = "## Limits the number of simultaneous active user connections."; $f[] = "## This does not affect the connection queue (see: SOMAXCONN)."; $f[] = "##"; $f[] = "## This also (indirectly) limits the number of processes Ziproxy will run"; $f[] = "## at once. Formula for the worst-case scenario:"; $f[] = "## MaxZiproxyProcesses = 1 + MaxActiveUserConnections"; $f[] = "## OR if PreemptNameRes is enabled (worst-case scenario):"; $f[] = "## MaxZiproxyProcesses = 1 + MaxActiveUserConnections * (1 + PreemptNameResMax)"; $f[] = "##"; $f[] = "## Valid values: 0 (no limit), >0 (max ative connections)."; $f[] = "##"; $f[] = "## default: 0 (no limit -- relies on OS limit instead)"; $f[] = "# MaxActiveUserConnections = 20"; $f[] = "PIDFile = \"/var/run/squid/ziproxy.pid\""; $f[] = "RunAsUser = \"squid\""; $f[] = "RunAsGroup = \"squid\""; $f[] = ""; $f[] = ""; $f[] = ""; $f[] = "##################################"; $f[] = "# TOS marking (daemon mode-only) #"; $f[] = "##################################"; $f[] = ""; $f[] = "## TOS marking"; $f[] = "## Enable this if you want to specify the (IP-level) TOS certain types"; $f[] = "## of traffic from ziproxy -> user."; $f[] = "##"; $f[] = "## This feature is useful if one wants to do application-level QoS."; $f[] = "## Setting TOS does not provide QoS alone. You must be either using"; $f[] = "## a network with routers priorizing traffic according to their TOS,"; $f[] = "## or set your own QoS/traffic-shaper system and treat the packets"; $f[] = "## with certain TOS accordingly."; $f[] = "##"; $f[] = "## Ziproxy is RFC-agnostic regarding TOS bit meanings,"; $f[] = "## though there may be limitations imposed by the host OS."; $f[] = "## See: RFC 791, RFC 1122, RFC 1349, RFC 2474 and RFC 3168."; $f[] = "##"; $f[] = "## If disabled, all other TOS options won't have effect."; $f[] = "## Disabled by default."; $f[] = "# TOSMarking = false"; $f[] = ""; $f[] = "## TOS to set by default"; $f[] = "## This is a decimal value between 0-255."; $f[] = "##"; $f[] = "## If unset, will use the OS default (which usually is 0)."; $f[] = "## If you want to make sure it is set to 0, then set"; $f[] = "## this option accordingly."; $f[] = "##"; $f[] = "## Your OS may put restrictions on which bits you may set"; $f[] = "## (so certain bits will remain unchanged regardless)."; $f[] = "## Your OS may also restrict which bits and/or value ranges"; $f[] = "## you may set if you're not running as root."; $f[] = "## Other (non-unixish) OSes may be unable to set TOS at all."; $f[] = "##"; $f[] = "## Default: unset."; $f[] = "# TOSFlagsDefault = 0"; $f[] = ""; $f[] = "## TOS to set when the traffic is considered \"differentiated\","; $f[] = "## according to TOSMarkAsDiffURL, TOSMarkAsDiffCT or TOSMarkAsDiffSizeBT."; $f[] = "## This is a decimal value between 0-255."; $f[] = "##"; $f[] = "## If unset, there will be no differentiated traffic at all."; $f[] = "##"; $f[] = "## Your OS may put restrictions on which bits you may set"; $f[] = "## (so certain bits will remain unchanged regardless)."; $f[] = "## Your OS may also restrict which bits and/or value ranges"; $f[] = "## you may set if you're not running as root."; $f[] = "## Other (non-unixish) OSes may be unable to set TOS at all."; $f[] = "##"; $f[] = "## Default: unset."; $f[] = "# TOSFlagsDiff = 16"; $f[] = ""; $f[] = "## This is the file containing a list of URLs which should"; $f[] = "## have their traffic \"differentiated\""; $f[] = "## (that is, to have their TOS changed to TOSFlagsDiff)."; $f[] = "##"; $f[] = "## Inside the file, the URLs may also contain pattern-matching asterisks."; $f[] = "## Comments may be present if prefixed by '#' (shell-alike)."; $f[] = "## In order to match a whole site: \"http://www.examplehost.xyz/*\""; $f[] = "##"; $f[] = "## Default: none"; $f[] = "# TOSMarkAsDiffURL = \"/etc/ziproxy/change_tos.list\""; $f[] = ""; $f[] = "## This is the content-type list of data that should"; $f[] = "## have their traffic \"differentiated\""; $f[] = "## (that is, to have their TOS changed to TOSFlagsDiff)."; $f[] = "## This is the content-type as received by the remote HTTP server,"; $f[] = "## if it is changed by Ziproxy later, it will not be taken into account."; $f[] = "##"; $f[] = "## \"\" (empty string) will match empty content-types AND data which have"; $f[] = "## no content-type specified."; $f[] = "##"; $f[] = "## If no subtype is specified, all subtypes will match:"; $f[] = "## \"aaaa\" will match \"aaaa\", \"aaaa/bbbb\", \"aaaa/cccc\" etc"; $f[] = "##"; $f[] = "## See also: TOSMarkAsDiffCTAlsoXST"; $f[] = "## Default: none"; $f[] = "# TOSMarkAsDiffCT = {\"video/flv\", \"video/x-msvideo\", \"audio/*\","; $f[] = "# \"application/x-shockwave-flash\", \"application/x-rpm\","; $f[] = "# \"application/x-msi\", \"application/x-tar\"}"; $f[] = ""; $f[] = "## When using TOSMarkAsDiffCT, this defines whether to also automatically add"; $f[] = "## content-type entries with 'x-' prefix appended to subtypes"; $f[] = "## (aaaa/bbbb also adding aaaa/x-bbbb)."; $f[] = "## Usually it's convenient to do this way, that avoids worrying about"; $f[] = "## having to create duplicated entries, or whether which variant is valid."; $f[] = "##"; $f[] = "## You may want to disable this is you wish to have a precise control"; $f[] = "## of what types of content-type you wish to include."; $f[] = "##"; $f[] = "## See also: TOSMarkAsDiffCT"; $f[] = "## Default: true"; $f[] = "# TOSMarkAsDiffCTAlsoXST = true"; $f[] = ""; $f[] = "## This is the stream size threshold (in bytes) which, if reached,"; $f[] = "## will make such traffic \"differentiated\""; $f[] = "## (that is, to have their TOS changed to TOSFlagsDiff)."; $f[] = "## The stream size is the ziproxy -> user one (which may be"; $f[] = "## bigger or smaller than the original one, sent by the HTTP server)."; $f[] = "##"; $f[] = "## There are two possible behaviors with this parameter:"; $f[] = "## - The total stream size is known beforehand, so the data"; $f[] = "## will be marked as differentiated from the beginning."; $f[] = "## - The total stream size is unknown, so the data will"; $f[] = "## be marked as differentiated once it reaches that"; $f[] = "## size."; $f[] = "##"; $f[] = "## Current limitations (this may change in the future):"; $f[] = "## - The maximum value to be specified here is signed int"; $f[] = "## usually 32bit -> (2^31 - 1)."; $f[] = "## - HTTP range requests are not taken into account so, if their effective"; $f[] = "## streams do not reach this threshold, such data will not be"; $f[] = "## marked as \"differentiated\", even if the HTTP range goes beyond that."; $f[] = "## - Usually the HTTP headers will not be taken into account (only the body"; $f[] = "## size itself), except in cases such as CONNECT method"; $f[] = "## and URLNoProcessing (cases when the data from server is treated like"; $f[] = "## a \"black box\")."; $f[] = "##"; $f[] = "## Default: none"; $f[] = "# TOSMarkAsDiffSizeBT = 4000000"; $f[] = ""; $f[] = ""; $f[] = ""; $f[] = "###################"; $f[] = "# general options #"; $f[] = "###################"; $f[] = ""; $f[] = "# DebugLog = \"/var/log/squid/zipproxy-debug.log\""; $f[] = ""; $f[] = "## Error-like messages logging."; $f[] = "## This relates to error messages, warnings and such messages, including"; $f[] = "## configuration errors and other."; $f[] = "## If undefined, defaults to stderr. In this case the (normally rare) errors"; $f[] = "## occuring after the program successfully started will not be displayed,"; $f[] = "## that to avoid the possibility of flooding the screen with error messages."; $f[] = "## If defined, all error-like messages will be dumped into the specified"; $f[] = "## file. The exception are the errors occurring at the very early stages"; $f[] = "## of Ziproxy initialization."; $f[] = "## WARNING: If you define a error log file and ziproxy initialization fails,"; $f[] = "## ziproxy will fail and no error will be displayed on the console."; $f[] = "##"; $f[] = "## Default: undefined (dumps to stderr)."; $f[] = "ErrorLog = \"/var/log/squid/zipproxy-error.log\""; $f[] = ""; $f[] = "## File to be used as access log."; $f[] = "## If undefined, there will be no access logging at all."; $f[] = "## Log format:"; $f[] = "##\tTIME (unix time as seconds.msecs)"; $f[] = "##\tPROCESS_TIME (ms)"; $f[] = "##\t[USER@]ADDRESS (address with daemon mode only)"; $f[] = "##\tFLAGS"; $f[] = "##\tORIGINAL_SIZE"; $f[] = "##\tSIZE_AFTER_(RE)COMPRESSION"; $f[] = "##\tMETHOD"; $f[] = "##\tURL"; $f[] = "## where FLAGS may be:"; $f[] = "## \tP (a request as proxy)"; $f[] = "##\tT (a request as transparent proxy)"; $f[] = "##\tS (CONNECT method, usually HTTPS data)"; $f[] = "##\tZ (transfer timeoutted - see ConnTimeout)"; $f[] = "##\tB (interrupted transfer - either by user or by remote http host)"; $f[] = "##\tW (content type was supposed to load into memory, but it had no content-size and, in the end, it was bigger than MaxSize. so it was streamed instead)"; $f[] = "##\tN (URL not processed. See: URLNoProcessing config option)"; $f[] = "##\tR (data was replaced)"; $f[] = "##\tQ (TOS was changed). See: URLReplaceData config option)"; $f[] = "##\tK (image too expansive. See: MaxUncompressedImageRatio config option)"; $f[] = "##\tG (stream gunzip too expansive. See: MinUncompressedGzipStreamEval, MaxUncompressedGzipRatio)"; $f[] = "##\t1 (SIGSEGV received)"; $f[] = "##\t2 (SIGFPE received)"; $f[] = "##\t3 (SIGILL received)"; $f[] = "##\t4 (SIGBUS received)"; $f[] = "##\t5 (SIGSYS received)"; $f[] = "##\tX (SIGTERM received - also happens when interrupting the daemon while transferring)"; $f[] = "## Disabled by default."; $f[] = "AccessLog = \"/var/log/squid/access-ziproxy.log\""; $f[] = ""; $f[] = "## When enabled, Ziproxy will intercept signals indicative of"; $f[] = "## software crash, flag the offending request in access log"; $f[] = "## accordingly, then stop the offending process."; $f[] = "## This is useful for debugging purposes and it's not recommended"; $f[] = "## to leave it enabled in normal use due to the risk of garbage"; $f[] = "## being written to access log (due to a more severe crash)."; $f[] = "## Once enabled, the intercepted signals are:"; $f[] = "## SIGSEGV (segmentation fault)"; $f[] = "## SIGFPE (FPU exception)"; $f[] = "## SIGILL (illegal instruction)"; $f[] = "## SIGBUS (bus error, alignment issues)"; $f[] = "## SIGSYS (bad system call)"; $f[] = "## Disabled by default (those signals not intercepted by Ziproxy)"; $f[] = "# InterceptCrashes = false"; $f[] = ""; $f[] = "## Authentication mode to be used for proxy access:"; $f[] = "## 0: none (no authentication required)"; $f[] = "## 1: plain text file"; $f[] = "## 2: SASL (auxprop, see /etc/ziproxy/sasl/ziproxy.conf)"; $f[] = "##"; $f[] = "## Notes:"; $f[] = "## a) SASL support is optional (enabled during compilation time)."; $f[] = "## b) SASL authentication does not require external SASL daemon"; $f[] = "## configuration/invocation, just Ziproxy's SASL configuration."; $f[] = "##"; $f[] = "## Default: 0 (no authentication required)"; $f[] = "## See also: AuthPasswdFile, AuthSASLConfPath"; $f[] = "AuthMode = 0"; $f[] = ""; $f[] = "## Plain text file containing authentication data."; $f[] = "## Should contain user:pass pairs, lines no longer than 128 chars."; $f[] = "## Password is unencrypted."; $f[] = "## Used only when AuthMode=1"; $f[] = "##"; $f[] = "## Default: (undefined)"; $f[] = "## See also: AuthMode"; $f[] = "# AuthPasswdFile = \"/etc/ziproxy/http.passwd\""; $f[] = ""; $f[] = "## Path to Ziproxy's SASL configuration file, where"; $f[] = "## a file named \"ziproxy.conf\" (not related to this one)"; $f[] = "## must be present and properly configured."; $f[] = "## Used only when AuthMode=2"; $f[] = "##"; $f[] = "## Default: (default SASL setting, OS-dependent, may be /etc/sasl2/)"; $f[] = "## See also: AuthMode"; $f[] = "# AuthSASLConfPath = \"/etc/ziproxy/sasl/\""; $f[] = ""; $f[] = "## Forward everything to another proxy server."; $f[] = "## Modifications/compression is still applied."; $f[] = "## Default: none (disabled)"; if ($SquidAsMasterPeerIPAddr != null) { $f[] = "NextProxy=\"{$SquidAsMasterPeerIPAddr}\""; $f[] = "NextPort={$SquidAsMasterPeerPort}"; } $f[] = ""; $f[] = "## Use these DNS name servers to resolve hostnames"; $f[] = "## instead of the ones configured in /etc/resolv.conf"; if (count($dns_nameservers) > 0) { $dnscompiled = trim(@implode(",", $FDNS)); if ($dnscompiled != null) { while (list($num, $dns) = each($dns_nameservers)) { $FDNS[] = "\"{$dns}\""; } $f[] = "Nameservers = { " . @implode(",", $FDNS) . "}"; } } $f[] = ""; $f[] = "## Bind outgoing connections (to remote HTTP server) to the following (local) IPs"; $f[] = "## It applies to the _outgoing_ connections, it has _no_ relation to the listener socket."; $f[] = "## When 2 or more IPs are specified, Ziproxy will rotate to each of those at each"; $f[] = "## outgoing connection. All IPs have the same priority."; $f[] = "## You may use this option for either of the following reasons:"; $f[] = "## 1. - To use only a specific IP when connecting to remote HTTP servers."; $f[] = "## 2. - Use 2 or more IPs for load balancing (a rather primitive one, since it's"; $f[] = "## connection-based and does not take into account the bytes transferred)."; $f[] = "## 3. - You have a huge intranet and certain sites (google.com, for example)"; $f[] = "## are blocking your requests because there are so many coming from the same IP."; $f[] = "## So you may use 2 or more IPs here and make it appear that your requests"; $f[] = "## come from several different machines."; $f[] = "## This option does _not_ spoof packets, it merely uses the host's local IPs."; $f[] = "## Note: While in (x)inetd mode, output may be bind-ed only to one IP."; $f[] = "## Disabled by default (binds to the default IP, the OS decides which one)."; $f[] = "## See also: BindOutgoingExList"; $f[] = "# BindOutgoing = { \"234.22.33.44\", \"4.3.2.1\", \"44.200.34.11\" }"; $f[] = ""; $f[] = "## Specifies a file containing a list of hosts which should not suffer"; $f[] = "## IP rotation as specified by the option \"BindOutgoing\"."; $f[] = "## The reason for this option is that certain services do not like"; $f[] = "## the client IP changing in the same session."; $f[] = "## Certain webmail services fail or return authentication failure in this case."; $f[] = "## Example: www.bol.com.br"; $f[] = "## This option has no effect if BindOutgoing is not used."; $f[] = "## Default: empty, no hosts are exempted."; $f[] = "## See also: BindOutgoingExAddr"; $f[] = "# BindOutgoingExList=\"/etc/ziproxy/bo_exception.list\""; $f[] = ""; $f[] = "## Defines a specific IP to be bound to for hosts specified in BindOutgoingExList."; $f[] = "## As with BindOutgoing, this IP must be a local IP from the server running Ziproxy."; $f[] = "## This IP may be one of those specified in BindOutgoing, but that's _not_"; $f[] = "## a requirement and may be a different IP."; $f[] = "## This option has no effect if BindOutgoingExList is not being used."; $f[] = "## Default: empty, uses the first IP specified in BindOutgoing."; $f[] = "# BindOutgoingExAddr=\"98.7.65.43\""; $f[] = ""; $f[] = "## Allow processing of requests as transparent proxy"; $f[] = "## (will still accept normal proxy requests)"; $f[] = "## In order to use Ziproxy as transparent proxy it's also needed"; $f[] = "## to reroute the connections from x.x.x.x:80 to ziproxy.host:PROXY_PORT"; $f[] = "## Disabled by default."; $f[] = "## See also: RestrictOutPortHTTP"; $f[] = "# TransparentProxy = false"; $f[] = ""; $f[] = "## Whether to process normal proxy requests or not"; $f[] = "## Only makes sense when TransparentProxy is enabled."; $f[] = "## If transparent proxy is enabled, it's usually a good idea to disable"; $f[] = "## conventional proxying since, depending on the layout of your network,"; $f[] = "## it can be abused by ill-meant users to circumvent restrictions"; $f[] = "## presented by another proxy placed between Ziproxy and the users."; $f[] = "## Enabled by default."; $f[] = "ConventionalProxy = true"; $f[] = ""; $f[] = "## Whether to allow the CONNECT method."; $f[] = "## This method is used by HTTPS, but may be used for other"; $f[] = "## types of service (like instant messenging) which allow tunneling through http proxy."; $f[] = "## If you plan on serving only HTTP requests (no HTTPS nor anything else)"; $f[] = "## you may want to disable this, in order to prevent potential"; $f[] = "## abuse of the service."; $f[] = "## Enabled by default."; $f[] = "## See also: RestrictOutPortCONNECT"; $f[] = "AllowMethodCONNECT = true"; $f[] = ""; $f[] = "## If defined, restricts the outgoing connections (except CONNECT methods - used by HTTPS)"; $f[] = "## to the listed destination ports."; $f[] = "## If TransparentProxy is used, for security reasons it's recommended to restrict"; $f[] = "## to the ports (typically port 80) which are being intercepted."; $f[] = "## Default: all ports are allowed."; $f[] = "## See also: RestrictOutPortCONNECT"; $f[] = "# RestrictOutPortHTTP = {80, 8080}"; $f[] = ""; $f[] = "## If defined, restricts the outgoing connections using the CONNECT method (used by HTTPS)"; $f[] = "## to the listed destination ports."; $f[] = "## If AllowMethodCONNECT=false, then no ports are allowed at all regardless this list."; $f[] = "## Default: all ports are allowed."; $f[] = "## See also: AllowMethodCONNECT, RestrictOutPortHTTP"; $f[] = "# RestrictOutPortCONNECT = {443}"; $f[] = ""; $f[] = "## Whether to override the Accept-Encoding more to Ziproxy's liking."; $f[] = "## If disabled, Ziproxy will just forward Accept-Encoding received from the client"; $f[] = "## (thus the data may or not come gzipped, depending on what the HTTP client says)."; $f[] = "##"; $f[] = "## Currently, this option is used to always advertise Gzip capability to"; $f[] = "## the remote HTTP server."; $f[] = "## Enabling this does not neccessarily mean that the data will come compressed"; $f[] = "## from the server. This option just advertises the capability at Ziproxy's side,"; $f[] = "## the remote server must support that capability aswell."; $f[] = "##"; $f[] = "## This has _no_ relation to the Gzip support between Ziproxy and the client, thus"; $f[] = "## you may leave this enabled even if you have clients that do not support Gzip."; $f[] = "## Ziproxy will compress/decompress the data according to the client."; $f[] = "##"; $f[] = "## Enabled by default."; $f[] = "OverrideAcceptEncoding = true"; $f[] = "DecompressIncomingGzipData = true"; $f[] = ""; $f[] = "## Replaces the User-Agent data sent by the client with a custom string,"; $f[] = "## OR defines User-Agent with that string if that entry was not defined."; $f[] = "## If disabled, Ziproxy will just forward the User-Agent sent by the client."; $f[] = "## Normally you will want to leave this option DISABLED (commented)."; $f[] = "##"; $f[] = "## It's useful if you, for some reason, want to identify all the clients as"; $f[] = "## some specific browser/version/OS."; $f[] = "## Certain websites may appear broken if the client uses a different browser than"; $f[] = "## the one specified here."; $f[] = "## Certain webservers may break completely when an unrecognized User-Agent is provided"; $f[] = "## (for example: www.rzeczpospolita.pl)."; $f[] = "##"; $f[] = "## Undefined by default (leave User-Agent as defined by the client)."; $f[] = "# RedefineUserAgent = \"Mozilla/5.0 (compatible; UltraBrowser/8.1; CP/M; console40x24; z80)\""; $f[] = ""; $f[] = "## When Ziproxy receives Gzip data it will try to decompress in order to do"; $f[] = "## further processing (HTMLopt, PreemptDNS etc)."; $f[] = "## This makes Ziproxy vulnerable to 'gzip-bombs' (eg. like 10 GB of zeroes, compressed)"; $f[] = "## which could be used to slow down or even crash the server."; $f[] = "## In order to avoid/minimise such problems, you can limit the max"; $f[] = "## decompression proportion, related to the original file."; $f[] = "## If a Gzipped file exceedes that proportion while decompressing, its"; $f[] = "## decompression is aborted."; $f[] = "## The user will receive an error page instead or (if already transferring)"; $f[] = "## transfer will simply be aborted."; $f[] = "##"; $f[] = "## You may disable this feature defining its value to '0'."; $f[] = "## default: 2000 (that's 2000% == 20 times the compressed size)"; $f[] = "MaxUncompressedGzipRatio = 2000"; $f[] = ""; $f[] = "## When limiting decompression rate with MaxUncompressedGzipRatio"; $f[] = "## _and_ gunzipping while streaming it's not possible to know the"; $f[] = "## file size until the transfer is finished. So Ziproxy verifies this while"; $f[] = "## decompressing."; $f[] = "## The problem by doing this is the possible false positives:"; $f[] = "## certain files compress a lot at their beginning, but then not-so"; $f[] = "## shortly after."; $f[] = "## In order to prevent/minimize such problems, we define the minimum"; $f[] = "## output (the decompressed data) generated before starting to"; $f[] = "## check the decompression rate."; $f[] = "## If defined as '0', it will check the rate immediately."; $f[] = "## A too large value will increase the rate-limit precision, at the cost of less"; $f[] = "## protection."; $f[] = "## Streams with output less that this value won't have decompression"; $f[] = "## rate checking at all."; $f[] = "## This feature is only active if MaxUncompressedGzipRatio is defined."; $f[] = "## This does not affect data wholly loaded to memory (for further processing)."; $f[] = "## default: 10000000 (bytes)"; $f[] = "## Note: The previous default (until version 2.7.9_BETA) was 250000"; $f[] = "## See also: MaxUncompressedGzipRatio"; $f[] = "MinUncompressedGzipStreamEval = 10000000"; $f[] = ""; $f[] = "## This is the maximum compression rate allowable for an incoming"; $f[] = "## (before recompression) image file."; $f[] = "## If an image has a higher compression rate than this, it will not"; $f[] = "## be unpacked and it will be forwarded to the client as is."; $f[] = "## This feature protects against (or mitigates) the problem with"; $f[] = "## \"image bombs\" (gif bombs, etc) done with huge bitmaps with the same"; $f[] = "## pixel color (thus very small once compressed)."; $f[] = "## Since Ziproxy may try to recompress the image, if several of this"; $f[] = "## kind are requested, the server may run out of memory, so this"; $f[] = "## may be used as a DoS attack against Ziproxy."; $f[] = "## This feature will not protect the client, since it will receive"; $f[] = "## the unmodified picture."; $f[] = "## There are rare legitimate cases matching such high compression rate,"; $f[] = "## including poor website design. But in such cases is not really worth"; $f[] = "## recompressing anyway (the processing costs are not worth the savings)."; $f[] = "## Usually \"image bomb\" pictures have a >1000:1 compression ratio."; $f[] = "## Setting this to less than 100 risks not processing legitimate pictures."; $f[] = "## Setting 0 disables this feature."; $f[] = "## Default: 500 (500:1 ratio)"; $f[] = "MaxUncompressedImageRatio = 0"; $f[] = ""; $f[] = "## If specified, ziproxy will send and check Via: header"; $f[] = "## with given string as host identification."; $f[] = "## It is sometimes useful to avoid request loops. Default: not specified"; $f[] = "ViaServer = \"zipproxy-{$hostname}\""; $f[] = ""; $f[] = "## If processing of request exceeds specified time in seconds,"; $f[] = "## or connection is idle beyond that time (stalled) it will abort."; $f[] = "## This avoids processes staying forever (or for a very long time)"; $f[] = "## in case of a stalled connection or software bug."; $f[] = "## This will NOT necessarily abort the streaming of very big files,"; $f[] = "## it will ONLY if the connection stalls or there's a software bug."; $f[] = "## If \"0\", no timeout."; $f[] = "## Default: 90 (seconds)"; $f[] = "ConnTimeout = 90"; $f[] = ""; $f[] = "## Max file size to try to (re)compress, in bytes;"; $f[] = "## If \"0\", means that this limitation won't apply."; $f[] = "## This regards to the file size as received from the remote HTTP server"; $f[] = "## (which may arrive gzipped or not -- it doesn't matter)."; $f[] = "## If a file is bigger than this limit, Ziproxy will simply stream it unmodified,"; $f[] = "## unless the user also requested gzip compression (see below)."; $f[] = "## Attention: If setting a very big size, the request answer latency will"; $f[] = "## increase since Ziproxy needs to fetch the whole file before"; $f[] = "## attempting to (re)compress it."; $f[] = "## A too low value will prevent data bigger that that to de processed"; $f[] = "## (jpg/png/gif recompression, htmlopt, preemptdns..)."; $f[] = "## Note that if:"; $f[] = "## - Only gzipping is to be applied *OR*"; $f[] = "## - Gzipping and other is to be applied, but data is > MaxSize"; $f[] = "## Gzip compression (and only that) will be applied while streaming."; $f[] = "## Default: 1048576 (bytes)"; $f[] = "## (default used to be \"0\" in ziproxy 2.3.0 and earlier)"; $f[] = "MaxSize = {$zipproxy_MaxSize}"; $f[] = "UseContentLength = false"; $f[] = ""; $f[] = "## Whether to try to apply lossless compression with gzip."; $f[] = "## This option concerns traffic between Ziproxy and the client only."; $f[] = "## This optimization is not limited by MaxSize."; $f[] = "##"; $f[] = "## Gzip compression applies only to content-types specified with"; $f[] = "## the parameter LosslessCompressCT."; $f[] = "##"; $f[] = "## See also: LosslessCompressCT"; $f[] = "## Default: true"; $f[] = "Gzip = true"; $f[] = ""; $f[] = "## This parameter specifies what kind of content-type is to be"; $f[] = "## considered lossless compressible (that is, data worth applying gzip)."; $f[] = "##"; $f[] = "## Images, movies etc, normally are NOT compressible such way and those"; $f[] = "## content-types should not be added (such data would turn slightly bigger"; $f[] = "## and CPU would be wasted)."; $f[] = "##"; $f[] = "## See also: LosslessCompressCTAlsoXST, Gzip"; $f[] = "## Default: an internal list of the most common compressible content-types."; $f[] = "LosslessCompressCT = {"; $f[] = "\t\"text/*\", "; $f[] = "\t\"application/asp\", "; $f[] = "\t\"application/awk\", "; $f[] = "\t\"application/cgi\", "; $f[] = "\t\"application/class\", "; $f[] = "\t\"application/css\", "; $f[] = "\t\"application/dvi\", "; $f[] = "\t\"application/executable\", "; $f[] = "\t\"application/font\", "; $f[] = "\t\"application/futuresplash\", "; $f[] = "\t\"application/iso9660-image\", "; $f[] = "\t\"application/java\", "; $f[] = "\t\"application/javascript\", "; $f[] = "\t\"application/json\", "; $f[] = "\t\"application/msexcel\", "; $f[] = "\t\"application/mspowerpoint\", "; $f[] = "\t\"application/msword\", "; $f[] = "\t\"application/pdf\", "; $f[] = "\t\"application/perl\", "; $f[] = "\t\"application/php\", "; $f[] = "\t\"application/postscript\", "; $f[] = "\t\"application/python\", "; $f[] = "\t\"application/rtf\", "; $f[] = "\t\"application/shellscript\", "; $f[] = "\t\"application/shockwave\", "; $f[] = "\t\"application/staroffice\", "; $f[] = "\t\"application/tar\", "; $f[] = "\t\"application/truetype-font\", "; $f[] = "\t\"application/vnd.*\", "; $f[] = "\t\"application/*+xml\", "; $f[] = "\t\"application/xml\", "; $f[] = "\t\"application/xml-dtd\", "; $f[] = "\t\"image/svg+xml\""; $f[] = " }"; $f[] = ""; $f[] = "## When using LosslessCompressCT, this defines whether to also automatically add"; $f[] = "## content-type entries with 'x-' prefix appended to subtypes"; $f[] = "## (aaaa/bbbb also adding aaaa/x-bbbb)."; $f[] = "## Usually it's convenient to do this way, that avoids worrying about"; $f[] = "## having to create duplicated entries, or whether which variant is valid."; $f[] = "##"; $f[] = "## Note: If LosslessCompressCT is undefined (thus the internal defaults"; $f[] = "## are being used) this option has no effect."; $f[] = "##"; $f[] = "## You may want to disable this is you wish to have a precise control"; $f[] = "## of what types of content-type you wish to include."; $f[] = "##"; $f[] = "## See also: LosslessCompressCT"; $f[] = "## Default: true"; $f[] = "LosslessCompressCTAlsoXST = true"; $f[] = ""; $f[] = "## Whether to try to (re)compress incoming data originally in"; $f[] = "## the following formats (true) or not (false)"; $f[] = "## default: true"; $f[] = "ProcessJPG = true"; $f[] = "ProcessPNG = true"; $f[] = "ProcessGIF = true"; $f[] = ""; $f[] = "## Whether to try to optimize HTML, CSS and Javascript, thus reducing their size"; $f[] = "## ProcessHTML: text/html"; $f[] = "## ProcessCSS: text/css"; $f[] = "## ProcessJS: application/[x-]javascript)"; $f[] = "## Although such data may be Gzipped too, optimizing prior to Gzipping normally"; $f[] = "## reduces the data size even further."; $f[] = "## The final size depends much on how unoptimal is the coding of such data;"; $f[] = "## some sites already present HTML pre-optimized so, in such cases, there won't"; $f[] = "## be much gain."; $f[] = "## Note: Due to the higher complexity of such optimization, there's some risk of a page"; $f[] = "## being corrupted."; $f[] = "## ****** THESE OPTIONS ARE EXPERIMENTAL ******"; $f[] = "##"; if ($zipproxy_ProcessHTML == 1) { $zipproxy_ProcessHTML = "true"; } else { $zipproxy_ProcessHTML = "false"; } if ($zipproxy_ProcessCSS == 1) { $zipproxy_ProcessCSS = "true"; } else { $zipproxy_ProcessCSS = "false"; } if ($zipproxy_ProcessJS == 1) { $zipproxy_ProcessJS = "true"; } else { $zipproxy_ProcessJS = "false"; } $f[] = "ProcessHTML = {$zipproxy_ProcessHTML}"; $f[] = "ProcessCSS = {$zipproxy_ProcessCSS}"; $f[] = "ProcessJS = {$zipproxy_ProcessJS}"; $f[] = ""; $f[] = "## Options for fine-tuning text/html optimization."; $f[] = "## Only used when ProcessHTML=true"; $f[] = "## Certain optimizations may be disabled as quick 'fix' when a text data"; $f[] = "## gets currupted after being optimized."; $f[] = "## Note: CSS and JS switches apply _only_ to such data when embedded into HTML data,"; $f[] = "## for JS, CSS-only data, see ProcessJS and ProcessCSS options."; $f[] = "##"; if ($zipproxy_ProcessHTML == 1) { $f[] = "ProcessHTML_CSS = true"; $f[] = "ProcessHTML_JS = true"; $f[] = "ProcessHTML_tags = true"; $f[] = "ProcessHTML_text = true"; $f[] = "ProcessHTML_PRE = true"; $f[] = "ProcessHTML_NoComments = true"; $f[] = "ProcessHTML_TEXTAREA = true"; } $f[] = ""; $f[] = "## If enabled, will discard PNG/GIF/JP2K transparency and de-animate"; $f[] = "## GIF images if necessary for recompression, at the cost of some image"; $f[] = "## distortion."; $f[] = "## Note: Images with useless transparency/alpha data (all pixels"; $f[] = "## being opaque) do not require this option. In such cases Ziproxy"; $f[] = "## will detect that and remove the useless data automatically."; $f[] = "## Disabled by default."; $f[] = "AllowLookChange = true"; $f[] = ""; $f[] = "## If enabled, convert images to grayscale before recompressing."; $f[] = "## This provides extra compression, at the cost of losing color data."; $f[] = "## Note: Not all images sent will be in grayscale, only the ones"; $f[] = "## considered worth recompression that way."; $f[] = "## Disabled by default."; if ($ConvertToGrayscale == 1) { $f[] = "ConvertToGrayscale = true"; } $f[] = "## Preemptive Name Resolution"; $f[] = "## If enabled, tries to resolve hostnames present in the processed HTML files"; $f[] = "## for speeding up things (no delay for name resolution)."; $f[] = "## One extra process + (max)PreemptNameResMax threads will run for each HTML request."; $f[] = "## PreemptNameResMax is the max hostnames it will try to resolve per HTML file."; $f[] = "## PreemptNameResBC \"bogus check\", ignore names whose domains are not .nnnn, .nnn or .nn"; $f[] = "##"; $f[] = "## WARNING: This option makes sense _only_ if you have a caching DNS or"; $f[] = "## a name cache of some sort (like: PDNSD)."; $f[] = "## == THIS OPTION WILL INCREASE BY MANY TIMES THE REQUESTS TO THE DNS =="; $f[] = "##"; $f[] = "# PreemptNameRes = false"; $f[] = "# PreemptNameResMax = 50"; $f[] = "# PreemptNameResBC = true"; $f[] = ""; $f[] = "## Image quality for JPG (JPEG) compression."; $f[] = "## Image quality is specified in integers between 100 (best) and 0 (worst)."; $f[] = "ImageQuality = {30,25,25,20}"; $f[] = ""; $f[] = "## Alpha channel (image transparency data) removal threshold"; $f[] = "## Removes alpha channel from images with a minimum opacity"; $f[] = "## of AlphaRemovalMinAvgOpacity"; $f[] = "## (1000000: completely opaque, 0: completely transparent)."; $f[] = "##"; $f[] = "## This reduces data by removing unnecessary alpha channel from"; $f[] = "## fully-opaque images; and from (subjectively) not-so-relevant transparency"; $f[] = "## information."; $f[] = "## This also allows recompression to JPEG for PNG/JP2k images originally"; $f[] = "## with alpha channel (which is not supported by JPEG image format)."; $f[] = "## Note: Debug log reports the average alpha opacity for each"; $f[] = "## image with alpha channel."; $f[] = "## Default: 1000000 (remove alpha only from fully-opaque images)"; $f[] = "##"; $f[] = "# AlphaRemovalMinAvgOpacity = 1000000"; $f[] = ""; $f[] = "## Workaround for MSIE's pseudo-feature \"Show friendly HTTP error messages.\""; $f[] = "## If User-Agent=MSIE, don't change/compress the body of error messages in any way."; $f[] = "## If compressed it could go down below to 256 or 512 bytes and be replaced with"; $f[] = "## a local error message instead."; $f[] = "## In certain cases the body has crucial data, like HTML redirection or so, and"; $f[] = "## that would be broken if a \"friendly error\" replaces it."; $f[] = "##"; $f[] = "## If you are sure there are no users using MSIE's with \"friendly error messages\""; $f[] = "## enabled, or you don't support/have users with such configuration, you may"; $f[] = "## disable this and have error data compressed for MSIE users."; $f[] = "## This workaround does not affect other clients at all, and error messages"; $f[] = "## will be sent compressed if the client supports it."; $f[] = "##"; $f[] = "## Enabled by default."; $f[] = "# WA_MSIE_FriendlyErrMsgs = true"; $f[] = ""; $f[] = "## This option specifies a file containing a list of URLs that should be tunneled"; $f[] = "## by Ziproxy with no kind of processing whatsoever."; $f[] = "## The list contain fully-formatted URLS (http://xxx/xxx), one URL per line."; $f[] = "## The URLs may also contain pattern-matching asterisks."; $f[] = "## Comments may be present if prefixed by '#' (shell-alike)."; $f[] = "## In order to exempt a whole site from processing: \"http://www.exemptedhost.xyz/*\""; $f[] = "##"; $f[] = "## This option exists when a page is known to stop working under Ziproxy processing"; $f[] = "## and there's no specific workaround/bugfix still available."; $f[] = "## Thus, this is a temporary solution when you depend on the page to work in a"; $f[] = "## production environment."; $f[] = "##"; $f[] = "## ****** REMEMBER TO REPORT BUGS/INCOMPATIBILITIES SO THEY MAY BE FIXED *******"; $f[] = "## *** THIS IS NOT SUPPOSED TO BE A DEFINITIVE SOLUTION TO INCOMPATIBILITIES ***"; $f[] = "##"; $sql = "SELECT pattern,PatternType FROM webfilters_blkwhlts WHERE blockType=4 AND enabled=1"; $q = new mysql_squid_builder(); $acl = array(); $results = $q->QUERY_SQL($sql); while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $www = trim($ligne["pattern"]); if ($www == null) { continue; } if ($ligne["PatternType"] == 2) { $sq = new squid_acls(); $sqgroups = $sq->GetItems($www, "dstdomain"); while (list($indexed, $www) = each($sqgroups)) { $www = $this->BaseNameWebSite($www); if ($www == null) { continue; } if (isset($already[$www])) { continue; } $already[$www] = true; $acl[] = "http://{$www}/*"; $acl[] = "http://www.{$www}/*"; if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Ban processing {$www}\n"; } continue; } continue; } if ($ligne["PatternType"] != 0) { continue; } $www = $this->BaseNameWebSite($www); if ($www == null) { continue; } if (isset($already[$www])) { continue; } $already[$www] = true; $acl[] = "http://{$www}/*"; $acl[] = "http://www.{$www}/*"; if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Ban processing {$www}\n"; } } if (count($acl) > 0) { @file_put_contents("/etc/ziproxy/noprocess.list", @implode("\n", $acl)); $f[] = "URLNoProcessing = \"/etc/ziproxy/noprocess.list\""; } $f[] = ""; $f[] = "## This option specifies a file containing a list of URLs which its"; $f[] = "## data should be intercepted and replaced by another."; $f[] = "## Header data such as cookies is maintained."; $f[] = "## Currently the only replacing data available is an empty image"; $f[] = "## (1x1 transparent pixel GIF)."; $f[] = "##"; $f[] = "## The list contain fully-formatted URLS (http://xxx/xxx), one URL per line."; $f[] = "## The URLs may also contain pattern-matching asterisks."; $f[] = "## Comments may be present if prefixed by '#' (shell-alike)."; $f[] = "## In order to exempt a whole site from processing: \"http://ad.somehost.xyz/*\""; $f[] = "##"; $f[] = "## The way it is, this option may be used as an AD-BLOCKER which is"; $f[] = "## transparent to the remote host (data is downloaded from the remove server"; $f[] = "## and cookies are transported) -- a stealthy ad-blocker, if you like."; $f[] = "##"; $f[] = "## Default: empty (no file specified, inactive)"; $f[] = "## See also: URLReplaceDataCT"; $f[] = "# URLReplaceData = \"/etc/ziproxy/replace.list\""; $f[] = ""; $f[] = "## Same as URLReplaceData, except it will only replace the data"; $f[] = "## from matching URLs if the content-type matches"; $f[] = "## the list in URLReplaceDataCTList (mandatory parameter) aswell."; $f[] = "##"; $f[] = "## URLReplaceDataCT may be useful as a more compatible AD-BLOCKER"; $f[] = "## if only visual files are replaced. Certain websites rely on"; $f[] = "## external javascript from advertisement hosts and break when"; $f[] = "## that data is missing, this is a way to block advertisements"; $f[] = "## in such cases."; $f[] = "##"; $f[] = "## Default: empty (no file specified, inactive)"; $f[] = "## See also: URLReplaceDataCTList, URLReplaceData"; $f[] = "# URLReplaceDataCT = \"/etc/ziproxy/replace_ct.list\""; $f[] = ""; $f[] = "## List of content-types to use with the URLReplaceDataCT option."; $f[] = "## This option is required by URLReplaceDataCT."; $f[] = "## Default: empty (no content-type specified, inactive)"; $f[] = "## See also: URLReplaceDataCTListAlsoXST, URLReplaceDataCT"; $f[] = "# URLReplaceDataCTList = {\"image/jpeg\", \"image/gif\", \"image/png\", \"application/x-shockwave-flash\"}"; $f[] = ""; $f[] = "## When using URLReplaceDataCTList, this defines whether to also automatically add"; $f[] = "## content-type entries with 'x-' prefix appended to subtypes"; $f[] = "## (aaaa/bbbb also adding aaaa/x-bbbb)."; $f[] = "## Usually it's convenient to do this way, that avoids worrying about"; $f[] = "## having to create duplicated entries, or whether which variant is valid."; $f[] = "##"; $f[] = "## You may want to disable this is you wish to have a precise control"; $f[] = "## of what types of content-type you wish to include."; $f[] = "##"; $f[] = "## See also: URLReplaceDataCTList"; $f[] = "## Default: true"; $f[] = "# URLReplaceDataCTListAlsoXST = true"; $f[] = ""; $f[] = "## This option specifies a file containing a list of URLs which"; $f[] = "## should be blocked."; $f[] = "## A \"access denied\" 403 error will be returned when trying to access"; $f[] = "## one of those URLs."; $f[] = "## Default: empty (no file specified, inactive)"; $f[] = "# URLDeny = \"/etc/ziproxy/deny.list\""; $f[] = ""; $f[] = "## Custom HTTP Error Messages"; $f[] = "## Define here the full path to the HTML file which should be"; $f[] = "## sent, instead of the internal default page."; $f[] = "## Note: The internal defaults give more precise error messages."; $f[] = "##"; $tpls = unserialize(base64_decode(zipproxy_templates())); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: " . count($tpls) . " Template(s)\n"; } while (list($code, $template_data) = each($tpls)) { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: Template {$code}\n"; } $template_data = str_replace("%SERV%", $unix->hostname_g(), $template_data); @file_put_contents("/usr/share/squid-langpack/ZIPROXY_{$code}.html", $template_data); $f[] = "CustomError{$code}=\"/usr/share/squid-langpack/ZIPROXY_{$code}.html\""; } $f[] = ""; $f[] = ""; $f[] = ""; $f[] = "##############################################################################"; $f[] = "# JPEG 2000-specific options (require Ziproxy to be compiled with libjasper) #"; $f[] = "##############################################################################"; $f[] = ""; $f[] = "## Whether to try to (re)compress incoming data originally in"; $f[] = "## the JP2 format (true) or not (false)"; $f[] = "## Note: This option is not required to be enabled in order to convert"; $f[] = "## _to_ JP2 format."; $f[] = "## default: false"; $f[] = "# ProcessJP2 = false"; $f[] = ""; $f[] = "## Whether to try to compress a image to JP2K (JPEG 2000)"; $f[] = "## Even when enabled, other formats may sill be tried."; $f[] = "## Web browsers' support vary and an external plugin may be required"; $f[] = "## in order to display JP2K pictures."; $f[] = "## If \"ForceOutputNoJP2 = true\", this option will be overrided"; $f[] = "## and stay disabled."; $f[] = "## default: false"; $f[] = "# ProcessToJP2 = false"; $f[] = ""; $f[] = "## When enabled, this option forces the conversion of all incoming"; $f[] = "## JP2K images to another format (usually JPEG)."; $f[] = "## JP2K images with unsupported internal data will be forwarded unmodified."; $f[] = "## One may use this option to create \"JP2K-compressed tunnels\" between"; $f[] = "## two Ziproxies with narrow bandwidth in between and serve clients"; $f[] = "## which otherwise do not support JP2K while still taking advantage of that"; $f[] = "## format. In such scenario, if the clients and their Ziproxy share a LAN,"; $f[] = "## for best image quality it is recommended to set a very low (highest quality)"; $f[] = "## _local_ output compression."; $f[] = "## This option requires \"ProcessJP2 = true\" in order to work."; $f[] = "## default: false"; $f[] = "# ForceOutputNoJP2 = false"; $f[] = ""; $f[] = "## When enabled, every request as a client will include an extra header \"X-Ziproxy-Flags\""; $f[] = "## announcing it as a Ziproxy with JP2 support enabled."; $f[] = "## This option makes sense when chaining to another Ziproxy."; $f[] = "## Note: when the request is intercepted by another Ziproxy,"; $f[] = "## the extra header won't be sent further."; $f[] = "## See also: JP2OutRequiresExpCap"; $f[] = "## default: false"; $f[] = "# AnnounceJP2Capability = false"; $f[] = ""; $f[] = "## \"JP2 Output Requires Explicit Capability\""; $f[] = "## When enabled (and when JP2 output is enabled) will only compress to JP2 to"; $f[] = "## clients which explicity support for that -- that means Ziproxy with"; $f[] = "## AnnounceJP2Capability = true."; $f[] = "## This option is useful when you want to compress to JP2 only for clients"; $f[] = "## behind a local Ziproxy with ForceOutputNoJP2 = true, but at the same time"; $f[] = "## you have clients connecting directly and those do not support JP2."; $f[] = "## default: false (does not make such discrimination for JP2 output)"; $f[] = "# JP2OutRequiresExpCap = false"; $f[] = ""; $f[] = "## Image quality for JP2 (JPEG 2000) compression."; $f[] = "## Image quality is specified in integers between 100 (best) and 0 (worst)."; $f[] = "## This option is similar to \"ImageQuality\" except it applies to JP2K files, instead."; $f[] = "## JP2K, internally, works differently and has a \"rate\" setting instead of \"quality\"."; $f[] = "## Within Ziproxy's context we want to use a fixed quality, not a fixed bitrate."; $f[] = "## Thus, prior to compression, the image is analysed in order to know which rate"; $f[] = "## (loosely) reflects the quality had this picture be compressed using jpeg."; $f[] = "## This option obsoletes \"JP2Rate\"."; $f[] = "# JP2ImageQuality = {20,15,15,15}"; $f[] = ""; $f[] = "## Color model to be used while compressing images to JP2K."; $f[] = "## Accepted values:"; $f[] = "## 0 - RGB"; $f[] = "## 1 - YUV"; $f[] = "## If different than RGB, it adds extra processing due to conversion."; $f[] = "## By itself doesn't change much the output data size, and the"; $f[] = "## conversion is not 100.0% lossless."; $f[] = "## If you plan using JP2CSampling* or JP2BitRes* options, a non-RGB"; $f[] = "## color model is highly prefereable."; $f[] = "## Default: 0 (YUV)"; $f[] = "## Note: certain jp2-aware software do NOT support a color model"; $f[] = "## other than RGB and will either fail or display a distorted image."; $f[] = "# JP2Colorspace = 1"; $f[] = ""; $f[] = "## Upsampler to be used while resampling each component of a JP2K picture."; $f[] = "## This is used ONLY when decompressing JP2K pictures, it does not affect"; $f[] = "## JP2K compression at all (that uses a downsampler, which is linear-only)."; $f[] = "## Accepted values:"; $f[] = "## 0 - Linear"; $f[] = "## 1 - Lanczos (Lanczos3)"; $f[] = "## For modest scaling such as 2:1, linear is usually better,"; $f[] = "## resulting in a overall clear component."; $f[] = "## Lanczos may be interesting when scaling 4:1 or more, though"; $f[] = "## it tends to sharpen the JP2K artifacts and add harmonic"; $f[] = "## interference to the component."; $f[] = "## Default: 0 (Linear)"; $f[] = "# JP2Upsampler = 0"; $f[] = ""; $f[] = "## This applies to B&W pictures compressed to JP2K."; $f[] = "## Defines the channel resolution for each component:"; $f[] = "## Y (luma) and A (alpha, if present)"; $f[] = "## in number of bit (min: 1, max: 8)"; $f[] = "## Defines for each file size (see JP2ImageQuality)."; $f[] = "## Smallest image is the first components in array."; $f[] = "## Sequence is YAYAYAYA."; $f[] = "##"; $f[] = "## Default: all to eight bits"; $f[] = "#JP2BitResYA = {6,4,"; $f[] = "# 7,5,"; $f[] = "# 8,6,"; $f[] = "# 8,6}"; $f[] = ""; $f[] = "## This applies to color pictures compressed to JP2K"; $f[] = "## using the RGB model (see JP2Colorspace)."; $f[] = "## Defines the channel resolution for each component:"; $f[] = "## R (red), G (green), B (blue) and A (alpha, if present)"; $f[] = "## in number of bit (min: 1, max: 8)"; $f[] = "## Defines for each file size (see JP2ImageQuality)."; $f[] = "## Smallest image is the first components in array."; $f[] = "## Sequence is RGBARGBARGBARGBA."; $f[] = "##"; $f[] = "## Default: all to eight bits"; $f[] = "# JP2BitResRGBA = {6,5,5,4,"; $f[] = "# 7,6,6,5,"; $f[] = "# 6,7,7,6,"; $f[] = "# 8,8,8,6}"; $f[] = ""; $f[] = "## This applies to color pictures compressed to JP2K"; $f[] = "## using the YUV color model (see JP2Colorspace)."; $f[] = "## Defines the channel resolution for each component:"; $f[] = "## Y (luma), U (chroma, Cb), V (chroma, Cr), and A (alpha, if present)"; $f[] = "## in number of bit (min: 1, max: 8)"; $f[] = "## Defines for each file size (see JP2ImageQuality)."; $f[] = "## Smallest image is the first components in array."; $f[] = "## Sequence is YUVAYUVAYUVAYUVA."; $f[] = "##"; $f[] = "## Default: sensible values for best quality/compression"; $f[] = "#JP2BitResYUVA = {6,5,5,4,"; $f[] = "# 7,6,6,5,"; $f[] = "# 8,7,7,6,"; $f[] = "# 8,8,8,6}"; $f[] = ""; $f[] = "## This applies to B&W pictures compressed to JP2K."; $f[] = "## Here you may define the sampling rate for each component,"; $f[] = "## for each picture size."; $f[] = "## The sequence is:"; $f[] = "## Y_xpos, Y_ypos, Y_xstep, Y_ystep, A_xpos, A_ypos, A_xstep, A_ystep, (smallest picture)"; $f[] = "## ... ... ... (medium-sized picture)"; $f[] = "## etc."; $f[] = "## Default: all x/ypos=0 x/ystep=1 (no components suffer subsampling)"; $f[] = "## Note: certain jp2-aware software do NOT support component subsampling and will fail."; $f[] = "#JP2CSamplingYA = {0,0,1,1, 0,0,1,1,"; $f[] = "# 0,0,1,1, 0,0,1,1,"; $f[] = "# 0,0,1,1, 0,0,2,2,"; $f[] = "# 0,0,1,1, 0,0,2,2}"; $f[] = ""; $f[] = "## This applies to color pictures compressed to JP2K"; $f[] = "## using the RGB model (see JP2Colorspace)."; $f[] = "## Here you may define the sampling rate for each component,"; $f[] = "## for each picture size."; $f[] = "## The sequence is:"; $f[] = "## R_xpos, R_ypos, R_xstep, R_ystep, G_xpos, G_ypos, G_xstep, G_ystep, B... A... (smallest picture)"; $f[] = "## ... ... ... (medium-sized picture)"; $f[] = "## etc."; $f[] = "## Default: all x/ypos=0 x/ystep=1 (no components suffer subsampling)"; $f[] = "## Note: certain jp2-aware software do NOT support component subsampling and will fail."; $f[] = "#JP2CSamplingRGBA = {0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,"; $f[] = "# 0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,"; $f[] = "# 0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,"; $f[] = "# 0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1}"; $f[] = ""; $f[] = "## This applies to color pictures compressed to JP2K"; $f[] = "## using the YUV color model (see JP2Colorspace)."; $f[] = "## Here you may define the sampling rate for each component,"; $f[] = "## for each picture size."; $f[] = "## The sequence is:"; $f[] = "## Y_xpos, Y_ypos, Y_xstep, Y_ystep, U_xpos, U_ypos, U_xstep, U_ystep, V... A... (smallest picture)"; $f[] = "## ... ... ... (medium-sized picture)"; $f[] = "## etc."; $f[] = "## Default: sensible values for a good image quality."; $f[] = "## Note: certain jp2-aware software do NOT support component subsampling and will fail."; $f[] = "#JP2CSamplingYUVA = {0,0,1,1, 0,0,1,1, 0,0,1,1, 0,0,1,1,"; $f[] = "# 0,0,1,1, 0,0,1,2, 0,0,2,1, 0,0,1,1,"; $f[] = "# 0,0,1,1, 0,0,2,2, 0,0,2,1, 0,0,2,2,"; $f[] = "# 0,0,1,1, 0,0,2,2, 0,0,2,2, 0,0,2,2}"; $f[] = ""; CheckFilesAndSecurity(); @file_put_contents("/etc/squid3/ziproxy.conf", @implode("\n", $f)); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid3/ziproxy.conf done\n"; } }
function xrun() { $unix = new unix(); $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__); $pid = $unix->get_pid_from_file($pidfile); if ($unix->process_exists($pid, basename(__FILE__))) { echo "Starting......: " . date("H:i:s") . " [META]: Already executed {$pid}\n"; return; } if ($unix->SQUID_ENABLED() == 0) { echo "Starting......: " . date("H:i:s") . " [META]: Squid Not installed or disabled\n"; return; } $myuuid = $unix->GetUniqueID(); echo "Starting......: " . date("H:i:s") . " [META]: My UUID = {$myuuid}\n"; $md5_org = md5_file("/etc/squid3/acls_center_meta.conf"); $q = new mysql(); $results = $q->QUERY_SQL("SELECT gpid FROM metagroups_link WHERE uuid='{$myuuid}'", "metaclient"); $acls = new squid_acls(); $acls->Build_Acls(false, true); if (count($acls->acls_array) == 0) { @file_put_contents("/etc/squid3/acls_center_meta.conf", "\n"); @chown("/etc/squid3/acls_center_meta.conf", "squid"); @chgrp("/etc/squid3/acls_center_meta.conf", "squid"); $md5_new = md5_file("/etc/squid3/acls_center_meta.conf"); if ($md5_new != $md5_org) { $squidbin = $unix->LOCATE_SQUID_BIN(); squid_admin_mysql(1, "Reload proxy service for Meta acls", null, __FILE__, __LINE__); shell_exec("{$squidbin} -f /etc/squid3/squid.conf -k reconfigure"); } return; } $all_acls = @implode("\n", $acls->acls_array); $php = $unix->LOCATE_PHP5_BIN(); $ACLS = array(); while ($ligne = mysql_fetch_assoc($results)) { echo "{$myuuid} is a member of group id {$ligne["gpid"]}\n"; $ACLS = buildacls_fromgroup($ligne["gpid"], $ACLS); } $q = new mysql(); $results = $q->QUERY_SQL("SELECT * FROM meta_webfilters_acls WHERE metauuid='{$myuuid}'", "metaclient"); $aclsGroups = new squid_acls_groups(); $aclsGroups->AsMeta = true; while ($ligne = mysql_fetch_assoc($results)) { $aclname = $ligne["aclname"]; $httpaccess = $ligne["httpaccess"]; $httpaccess_data = $ligne["httpaccess_data"]; $reverse = false; $ID = $ligne["ID"]; $valueToAdd = null; if ($httpaccess == "deny_access_except") { $reverse = true; } echo "Starting......: " . date("H:i:s") . " [META]: aclname[{$ID}]: {$aclname}/{$httpaccess}\n"; if (isset($GLOBALS["ACLRULEXEC"][$ID])) { echo "Starting......: " . date("H:i:s") . " [META]: aclname[{$ID}]: Already executed, skip\n"; continue; } $Groups = $aclsGroups->buildacls_bytype_items($ID, $reverse); if (count($Groups) == 0) { echo "Starting......: " . date("H:i:s") . " [META]: aclname[{$ID}]: no group, skip...\n"; continue; } $GLOBALS["ACLRULEXEC"][$ID] = true; $firstToken = getFirstToken($httpaccess, $httpaccess_data, $ID); $ACLS[] = "{$firstToken} {$valueToAdd}" . @implode(" ", $Groups); } @file_put_contents("/etc/squid3/acls_center_meta.conf", "{$all_acls}\n" . @implode("\n", $ACLS) . "\n"); @chown("/etc/squid3/acls_center_meta.conf", "squid"); @chgrp("/etc/squid3/acls_center_meta.conf", "squid"); if (count($ACLS) == 0) { $md5_new = md5_file("/etc/squid3/acls_center_meta.conf"); if ($md5_new != $md5_org) { $squidbin = $unix->LOCATE_SQUID_BIN(); squid_admin_mysql(1, "Reload proxy service for Meta acls", null, __FILE__, __LINE__); shell_exec("{$squidbin} -f /etc/squid3/squid.conf -k reconfigure"); } return; } if (!$GLOBALS["NOCHECK"]) { if (!isInSquidConf()) { squid_admin_mysql(1, "Reconfigure proxy service for Meta acls", null, __FILE__, __LINE__); system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force --for-meta"); return; } } $md5_new = md5_file("/etc/squid3/acls_center_meta.conf"); if ($md5_new != $md5_org) { $squidbin = $unix->LOCATE_SQUID_BIN(); squid_admin_mysql(1, "Reload proxy service for Meta acls", null, __FILE__, __LINE__); shell_exec("{$squidbin} -f /etc/squid3/squid.conf -k reconfigure"); } }
function biglock(){ $table="deny_websites"; $q=new mysql_squid_builder(); $tpl=new templates(); $acl=new squid_acls(); if(strpos($_POST["biglock"], ",")>0){ $tr=explode(",",$_POST["biglock"]); }else{ $tr[]=$_POST["biglock"]; } $sql="CREATE TABLE IF NOT EXISTS `deny_websites` ( `items` VARCHAR( 255 ) NOT NULL PRIMARY KEY ) ENGINE=MYISAM;"; $q->QUERY_SQL($sql); while (list ($none,$www ) = each ($tr) ){ $www=$acl->dstdomain_parse($www); if($www==null){continue;} $q->QUERY_SQL("INSERT IGNORE INTO deny_websites (items) VALUES ('{$_POST["biglock"]}')"); if(!$q->ok){echo $q->mysql_error;return;} } echo $tpl->javascript_parse_text("{blacklist}\n".@implode("\n", $tr)."\n{success}.",1); $sock=new sockets(); $sock->getFrameWork("squid.php?build-blacklist=yes"); }
function output_acls() { $q = new squidbee(); $acls = new squid_acls_groups(); $squid = new squidbee(); echo "\nexternal_acl_helper_categories\n-----------------\n"; echo $squid->external_acl_helper_categories(); echo "\n-----------------\n"; $sock = new sockets(); $refreshpattern = $squid->refresh_pattern_list(); $SquidBubbleMode = $sock->GET_INFO("SquidBubbleMode"); if (!is_numeric($SquidBubbleMode)) { $SquidBubbleMode = 0; } $acl = new squid_acls_quotas_time(); $squid_acls_quotas_time = $acl->build() . "\n"; $acls = new squid_acls(); $acls->Build_Acls(); $aclgroups = new squid_acls_groups(); if (count($acls->acls_array) > 0) { $ACLS_TO_ADD = @implode("\n", $acls->acls_array); } echo "\nAcls\n-----------------\n" . $ACLS_TO_ADD . "\n-----------------\n\n"; echo "\nQuotas Time\n-----------------\n" . $squid_acls_quotas_time . "\n-----------------\n\n"; echo "\n\n-----------------\n" . $aclgroups->buildacls_order(0) . "\n-----------------\n\n"; echo "######\n"; $tcp_outgoing_address = $aclgroups->buildacls_bytype("tcp_outgoing_address"); echo "\n\ntcp_outgoing_address -----------------\n"; if (count($tcp_outgoing_address) > 0) { echo "Starting......: " . date("H:i:s") . " [ACLS]: Engine tcp_outgoing_address " . count($tcp_outgoing_address) . " rules..\n"; while (list($index, $line) = each($tcp_outgoing_address)) { echo "tcp_outgoing_address {$line}\n"; } } else { echo "Starting......: " . date("H:i:s") . " [ACLS]: ACL Engine tcp_outgoing_address No rules..\n"; } echo "\n-----------------\n\n"; echo "######\n"; $q = new mysql_squid_builder(); if ($SquidBubbleMode == 1) { $sql = "SELECT * FROM webfilters_sqaclsports ORDER BY aclport"; $results = $q->QUERY_SQL($sql); while ($ligne = mysql_fetch_assoc($results)) { echo "\n\n#--------- ACLS {$ligne["portname"]}\n\n"; echo "\n\n" . $aclgroups->buildacls_order($ligne["aclport"]) . "\n\n"; } } $bandwith = new squid_bandwith_builder(); echo "\n-----------------\n\n"; echo $bandwith->compile() . "\n"; $acls_rules = $acls->build_http_access(0); echo "\n\n# Builded acls from engine [" . count($acls_rules) . "] items.\n"; if (count($acls_rules) > 0) { echo "\n\n" . @implode("\n", $acls_rules) . "\n"; } if ($SquidBubbleMode == 1) { $sql = "SELECT * FROM webfilters_sqaclsports ORDER BY aclport"; $results = $q->QUERY_SQL($sql); while ($ligne = mysql_fetch_assoc($results)) { $acls_rules = $acls->build_http_access($ligne["aclport"]); echo "\n\n# Builded acls from engine {$ligne["portname"]} [" . count($acls_rules) . "] items.\n"; if (count($acls_rules) > 0) { echo "\n\n" . @implode("\n", $acls_rules) . "\n"; } } } echo "\n\n-----------------\n" . $refreshpattern . "\n-----------------\n\n"; $acls = new squid_acls_groups(); $acls_deny = $acls->buildacls_bytype("url_rewrite_access_deny"); if (count($acls_deny) > 0) { while (list($index, $line) = each($acls_deny)) { $MyStandPort = "MyStandPort"; echo "url_rewrite_access deny {$line}\n"; } } echo "######\n"; echo "######\n"; echo "######\n"; }
<?php ini_set('error_reporting', E_ALL); include_once dirname(__FILE__) . '/ressources/class.users.menus.inc'; include_once dirname(__FILE__) . '/ressources/class.mysql.inc'; include_once dirname(__FILE__) . '/ressources/class.user.inc'; include_once dirname(__FILE__) . '/ressources/class.ini.inc'; include_once dirname(__FILE__) . "/ressources/class.squid.inc"; include_once dirname(__FILE__) . "/ressources/class.squid.acls.inc"; $GLOBALS["VERBOSE"] = true; $array[] = "^microsoft.com"; $array[] = "update.microsoft.com"; $array[] = "nttdata.com"; $array[] = "kds.keane.com"; $array[] = "mail703.kds.keane.com"; $array[] = "outlookanywhere.keane.com"; $array[] = "toto.titi.tata.com"; $squid = new squid_acls(); print_r($squid->clean_dstdomains($array));
function InSquid($reconfigure_squid = false) { $unix = new unix(); $sock = new sockets(); $ipClass = new IP(); $q = new mysql_squid_builder(); $acls = new squid_acls(); $acls->clean_dstdomains(); build_progress_squidr("{checking} {whitelist}", 30); $sql = "CREATE TABLE IF NOT EXISTS `privoxy_whitelist` (\n\t\t\t\t`items` VARCHAR(256) NOT NULL PRIMARY KEY\n\t\t\t\t) ENGINE=MYISAM;"; $q->QUERY_SQL($sql); $results = $q->QUERY_SQL("SELECT * FROM privoxy_whitelist"); $ACLS = array(); $ACLS["IPS"] = array(); $ACLS["DOMS"] = array(); while ($ligne = mysql_fetch_assoc($results)) { $items = trim(strtolower($ligne["items"])); if ($ipClass->isIPAddressOrRange($items)) { $ACLS["IPS"][$items] = $items; } $ACLS["DOMS"][$items] = $items; } $ipacls = array(); $ACLS["DOMS"]["apple.com"] = "apple.com"; $ACLS["DOMS"]["windowsupdate.com"] = "windowsupdate.com"; $ACLS["DOMS"]["googleapis.com"] = "googleapis.com"; $ACLS["DOMS"]["mozilla.net"] = "mozilla.net"; $ACLS["DOMS"]["teamviewer.com"] = "teamviewer.com"; $ACLS["DOMS"]["microsoft.com"] = "microsoft.com"; $ACLS["DOMS"]["artica.fr"] = "artica.fr"; if (count($ACLS["IPS"]) > 0) { while (list($num, $line) = each($ACLS["IPS"])) { $ipacls[] = $line; } } if (count($ACLS["DOMS"]) > 0) { while (list($num, $line) = each($ACLS["DOMS"])) { $domacls[] = $line; } } if (count($domacls) > 0) { $domacls = $acls->clean_dstdomains($domacls); } $PrivoxyPort = intval($sock->GET_INFO("PrivoxyPort")); $f = explode("\n", @file_get_contents("/etc/squid3/squid.conf")); $privoxyInSquid = false; while (list($num, $line) = each($f)) { if (preg_match("#include.*?privoxy\\.conf#", $line)) { $privoxyInSquid = true; break; } } $InSquid[] = "acl AntiAdsPost method POST"; if (count($domacls) > 0) { @file_put_contents("/etc/squid3/AntiAdsDenyWeb.acl", @implode("\n", $domacls)); $InSquid[] = "acl AntiAdsDenyWeb dstdomain \"/etc/squid3/AntiAdsDenyWeb.acl\""; } if (count($ipacls) > 0) { @file_put_contents("/etc/squid3/AntiAdsDenyIP.acl", @implode("\n", $ipacls)); $InSquid[] = "acl AntiAdsDenyIP dst \"/etc/squid3/AntiAdsDenyIP.acl\""; } $InSquid[] = "cache_peer 127.0.0.1 parent {$PrivoxyPort} 7 no-query no-digest no-netdb-exchange name=AntiAds"; $InSquid[] = "always_direct allow FTP"; if (count($ipacls) > 0) { $InSquid[] = "cache_peer_access AntiAds deny AntiAdsDenyIP"; } if (count($domacls) > 0) { $InSquid[] = "cache_peer_access AntiAds deny AntiAdsDenyWeb"; } $InSquid[] = "cache_peer_access AntiAds deny AntiAdsPost"; $InSquid[] = "cache_peer_access AntiAds allow all"; @file_put_contents("/etc/squid3/privoxy.conf", @implode("\n", $InSquid)); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /etc/squid3/privoxy.conf done\n"; } build_progress_squidr("{reconfiguring}", 50); if ($privoxyInSquid == false) { $php = $unix->LOCATE_PHP5_BIN(); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Reconfiguring Squid-cache\n"; } shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force"); } if ($reconfigure_squid) { build_progress_squidr("{reloading}", 90); $squidbin = $unix->LOCATE_SQUID_BIN(); system("{$squidbin} -f /etc/squid3/squid.conf -k reconfigure"); } build_progress_squidr("{done}", 100); }
function add_nocache_save(){ $table="denycache_websites"; $q=new mysql_squid_builder(); $q1=new mysql_squid_builder(); $acl=new squid_acls(); $IP=new IP(); $tr=explode("\n",$_POST["nocache"]); $q->QUERY_SQL("TRUNCATE TABLE denycache_websites","artica_backup"); while (list ($none,$www ) = each ($tr) ){ $www=$acl->dstdomain_parse($www); if($www==null){continue;} $q->QUERY_SQL("INSERT IGNORE INTO denycache_websites (items) VALUES ('{$www}')","artica_backup"); if(!$q->ok){echo $q->mysql_error;return;} } }
function urlrewriteaccessdeny_squid() { $q = new mysql(); $q2 = new mysql_squid_builder(); $acl = new squid_acls(); $sql = "SELECT * FROM urlrewriteaccessdeny"; $results = $q->QUERY_SQL($sql, "artica_backup"); if (!$q->ok) { echo "Starting......: " . date("H:i:s") . " [ACLS]: {$q->mysql_error}\n"; return; } while ($ligne = mysql_fetch_assoc($results)) { $ligne["items"] = trim($ligne["items"]); if ($ligne["items"] == null) { continue; } $array[] = $ligne["items"]; } $acl = new squid_acls(); $url_rewrite_program = $acl->clean_dstdomains($array); echo "Starting......: " . date("H:i:s") . " [ACLS]: " . count($url_rewrite_program) . " Whitelisted webistes from webfiltering\n"; @file_put_contents("/etc/squid3/url_rewrite_program.deny.db", @implode("\n", $url_rewrite_program) . "\n"); @chown("/etc/squid3/url_rewrite_program.deny.db", "squid"); @chgrp("/etc/squid3/url_rewrite_program.deny.db", "squid"); }