function apache_config()
{
$sock = new sockets();
$unix = new unix();
$EnablePHPFPM = 0;
$APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT();
$APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP();
if (preg_match("#APACHE_RUN_GROUP#", $APACHE_SRC_GROUP)) {
$APACHE_SRC_GROUP = "www-data";
}
$LogFilePath = "/var/log/artica-wifidog/access.log";
$directories[] = "/var/run/apache2";
$directories[] = "/var/run/artica-apache";
$directories[] = "/var/log/artica-wifidog";
$directories[] = "/home/artica/hotspot/sessions";
$directories[] = "/home/artica/hotspot/caches";
while (list($index, $maindir) = each($directories)) {
@mkdir($maindir, 0755, true);
@chown($maindir, $APACHE_SRC_ACCOUNT);
@chgrp($maindir, $APACHE_SRC_GROUP);
}
$ErrorLog = dirname($LogFilePath) . "/error.log";
if (!is_file($LogFilePath)) {
@touch($LogFilePath);
}
@chown($LogFilePath, $APACHE_SRC_ACCOUNT);
@chgrp($LogFilePath, $APACHE_SRC_GROUP);
if (!is_file($ErrorLog)) {
@touch($ErrorLog);
}
@chown($ErrorLog, $APACHE_SRC_ACCOUNT);
@chgrp($ErrorLog, $APACHE_SRC_GROUP);
$APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH();
$HotSpotMaxClients = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotMaxClients"));
$HotSpotStartServers = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotStartServers"));
$HotSpotForceDDOSDisable = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotForceDDOSDisable"));
if ($HotSpotMaxClients == 0) {
$HotSpotMaxClients = 20;
}
if ($HotSpotStartServers == 0) {
$HotSpotStartServers = 5;
}
$EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot");
$SquidHotSpotPort = $sock->GET_INFO("SquidHotSpotPort");
$ArticaHotSpotPort = $sock->GET_INFO("ArticaHotSpotPort");
$ArticaSSLHotSpotPort = $sock->GET_INFO("ArticaSSLHotSpotPort");
$ArticaSplashHotSpotPort = $sock->GET_INFO("ArticaSplashHotSpotPort");
$ArticaSplashHotSpotPortSSL = $sock->GET_INFO("ArticaSplashHotSpotPortSSL");
if (!is_numeric($ArticaHotSpotPort)) {
$ArticaHotSpotPort = 0;
}
if (!is_numeric($ArticaSplashHotSpotPort)) {
$ArticaSplashHotSpotPort = 16080;
}
if (!is_numeric($ArticaSplashHotSpotPortSSL)) {
$ArticaSplashHotSpotPortSSL = 16443;
}
$ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface");
$HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName"));
$HotSpotErrorRedirect = $sock->GET_INFO("HotSpotErrorRedirect");
if ($HotSpotErrorRedirect == null) {
$HotSpotErrorRedirect = "http://www.msftncsi.com";
}
$Params = unserialize($sock->GET_INFO("HotSpotEvasive"));
$ApacheEvasiveInstalled = intval($sock->GET_INFO("ApacheEvasiveInstalled"));
if (!is_numeric($Params["DOSEnable"])) {
$Params["DOSEnable"] = 1;
}
if (!is_numeric($Params["DOSHashTableSize"])) {
$Params["DOSHashTableSize"] = 1024;
}
if (!is_numeric($Params["DOSPageCount"])) {
$Params["DOSPageCount"] = 3;
}
if (!is_numeric($Params["DOSSiteCount"])) {
$Params["DOSSiteCount"] = 20;
}
if (!is_numeric($Params["DOSPageInterval"])) {
$Params["DOSPageInterval"] = 1;
}
if (!is_numeric($Params["DOSSiteInterval"])) {
$Params["DOSSiteInterval"] = 10;
}
if (!is_numeric($Params["DOSBlockingPeriod"])) {
$Params["DOSBlockingPeriod"] = 5;
}
$unix = new unix();
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
$ipaddr = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"];
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HotSpot run as {$ArticaHotSpotInterface} ( {$ipaddr} )\n";
}
if ($ipaddr == "0.0.0.0") {
$ipaddr = "*";
}
if ($ipaddr == null) {
$ipaddr = "*";
}
$GLOBALS["HOSTPOT_WEB_INTERFACE"] = $ipaddr;
$phpfpm = $unix->APACHE_LOCATE_PHP_FPM();
$php = $unix->LOCATE_PHP5_BIN();
$EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM");
if (!is_numeric($EnableArticaApachePHPFPM)) {
$EnableArticaApachePHPFPM = 0;
}
if (!is_file($phpfpm)) {
$EnableArticaApachePHPFPM = 0;
}
$unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/artica-apache");
$apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES();
if ($EnableArticaApachePHPFPM == 1) {
if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n";
}
$EnableArticaApachePHPFPM = 0;
}
}
if ($APACHE_SRC_ACCOUNT == null) {
$APACHE_SRC_ACCOUNT = "www-data";
$APACHE_SRC_GROUP = "www-data";
$unix->CreateUnixUser($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "Apache username");
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as....: {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port.: {$ArticaSplashHotSpotPort} SSL Port: {$ArticaSplashHotSpotPortSSL}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM...: {$EnablePHPFPM}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} MaxClients: {$HotSpotMaxClients}\n";
}
$f[] = "Group {$APACHE_SRC_GROUP}";
$f[] = "User {$APACHE_SRC_ACCOUNT}";
$f[] = "LockFile /var/run/apache2/hotspot-artica-accept.lock";
$f[] = "PidFile /var/run/artica-apache/hotspot-apache.pid";
$f[] = "AcceptMutex flock";
$f[] = "SSLRandomSeed startup file:/dev/urandom 256";
$f[] = "SSLRandomSeed connect builtin";
$f[] = "SSLSessionCache shmcb:/var/run/apache2/ssl_scache-hotspot(512000)";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "SSLSessionCacheTimeout 300";
$f[] = "DocumentRoot /usr/share/artica-postfix";
$f[] = "DirectoryIndex hotspot.html";
$f[] = "ErrorDocument 400 /hotspot.html";
$f[] = "ErrorDocument 401 /hotspot.html";
$f[] = "ErrorDocument 403 /hotspot.html";
$f[] = "ErrorDocument 404 /hotspot.html";
$f[] = "ErrorDocument 500 /hotspot.html";
$NameVirtualHost = $ipaddr;
if ($HospotHTTPServerName != null) {
$NameVirtualHost = $HospotHTTPServerName;
}
$f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}";
$f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}";
$f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPort}";
$f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}";
$ddos_config = null;
if ($HotSpotForceDDOSDisable == 1) {
$Params["DOSEnable"] = 0;
}
if ($Params["DOSEnable"] == 1) {
//$ddos[]="<IfModule mod_evasive20.c>";
$ddos[] = "\tDOSHashTableSize {$Params["DOSHashTableSize"]}";
$ddos[] = "\tDOSPageCount {$Params["DOSPageCount"]}";
$ddos[] = "\tDOSSiteCount {$Params["DOSSiteCount"]}";
$ddos[] = "\tDOSPageInterval {$Params["DOSPageInterval"]}";
$ddos[] = "\tDOSSiteInterval {$Params["DOSSiteInterval"]}";
$ddos[] = "\tDOSBlockingPeriod {$Params["DOSBlockingPeriod"]}";
$ddos[] = "\tDOSLogDir \"/var/log/artica-wifidog\"";
$ddos[] = "\tDOSSystemCommand \"/bin/echo `date '+%F %T'` HOTSPOT %s >> /var/log/artica-wifidog/dos_evasive_attacks.log\"";
$ddos_config = @implode("\n", $ddos);
//$ddos[]="</IfModule>";
}
$f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}>";
$f[] = "\tServerName {$NameVirtualHost}";
$f[] = "\tDocumentRoot /usr/share/artica-postfix";
$f[] = "{$ddos_config}";
$f[] = "\tErrorDocument 400 /hotspot.html";
$f[] = "\tErrorDocument 401 /hotspot.html";
$f[] = "\tErrorDocument 403 /hotspot.html";
$f[] = "\tErrorDocument 404 /hotspot.html";
$f[] = "\tErrorDocument 500 /hotspot.html";
$f[] = "\tFallbackResource /hotspot.html";
$f[] = "</VirtualHost>";
$f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}>";
$f[] = "\tServerName {$NameVirtualHost}";
$f[] = "\tDocumentRoot /usr/share/artica-postfix";
$f[] = "\tSSLEngine on";
$squid = new squidbee();
$ArticaSplashHotSpotCertificate = $sock->GET_INFO("ArticaSplashHotSpotCertificate");
$data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false);
if ($ArticaSplashHotSpotCertificate != null) {
$apache = new apache_certificate($ArticaSplashHotSpotCertificate);
$f[] = $apache->build();
} else {
if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) {
$cert = $re[1];
$key = $re[2];
$f[] = "\tSSLCertificateFile \"{$cert}\"";
$f[] = "\tSSLCertificateKeyFile \"{$key}\"";
}
}
$f[] = "\tSSLVerifyClient none";
$f[] = "\tServerSignature Off";
$f[] = "{$ddos_config}";
$f[] = "\tErrorDocument 400 /hotspot.html";
$f[] = "\tErrorDocument 401 /hotspot.html";
$f[] = "\tErrorDocument 403 /hotspot.html";
$f[] = "\tErrorDocument 404 /hotspot.html";
$f[] = "\tErrorDocument 500 /hotspot.html";
$f[] = "\tFallbackResource /hotspot.html";
$f[] = "</VirtualHost>";
$f[] = "AccessFileName .htaccess";
$f[] = "<Files ~ \"^\\.ht\">";
$f[] = "\tOrder allow,deny";
$f[] = "\tDeny from all";
$f[] = "\tSatisfy all";
$f[] = "</Files>";
$f[] = "DefaultType text/plain";
$f[] = "HostnameLookups Off";
$f[] = "User\t\t\t\t {$APACHE_SRC_ACCOUNT}";
$f[] = "Group\t\t\t\t {$APACHE_SRC_GROUP}";
$f[] = "Timeout 300";
$f[] = "KeepAlive Off";
$f[] = "KeepAliveTimeout 3";
if ($HotSpotStartServers >= $HotSpotMaxClients) {
$HotSpotMaxClients = $HotSpotMaxClients + $HotSpotStartServers;
}
if ($HotSpotMaxClients > 1024) {
$HotSpotMaxClients = 1024;
}
$ServerLimit = $HotSpotMaxClients + 100;
if ($ServerLimit > 2000) {
$ServerLimit = 2000;
}
$f[] = "StartServers {$HotSpotStartServers}";
$f[] = "MaxClients {$HotSpotMaxClients}";
$f[] = "ServerLimit\t\t {$ServerLimit}";
$MinSpareServers = $HotSpotStartServers + 5;
$MaxSpareServers = $MinSpareServers + 1;
$f[] = "MinSpareServers {$MinSpareServers}";
$f[] = "MaxSpareServers {$MaxSpareServers}";
$f[] = "MaxRequestsPerChild 800";
$f[] = "MaxKeepAliveRequests 100";
$f[] = "ServerName " . $unix->hostname_g();
$f[] = "<IfModule mod_ssl.c>";
$f[] = "\tSSLRandomSeed connect builtin";
$f[] = "\tSSLRandomSeed connect file:/dev/urandom 512";
$f[] = "\tAddType application/x-x509-ca-cert .crt";
$f[] = "\tAddType application/x-pkcs7-crl .crl";
$f[] = "\tSSLPassPhraseDialog builtin";
$f[] = "\tSSLSessionCache shmcb:/var/run/apache2/ssl_scache-articahtp(512000)";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLSessionCacheTimeout 300";
$f[] = "\tSSLMutex sem";
$f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH";
$f[] = "\tSSLProtocol all -SSLv2";
$f[] = "</IfModule>";
$f[] = "";
$f[] = "AddType application/x-httpd-php .php";
$f[] = "php_value error_log \"/var/log/artica-wifidog/access.log\"";
$f[] = "php_value session.save_path \"/home/artica/hotspot/sessions\"";
$f[] = "<IfModule mod_fcgid.c>";
$f[] = "\tPHP_Fix_Pathinfo_Enable 1";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_php5.c>";
$f[] = " <FilesMatch \"\\.ph(p3?|tml)\$\">";
$f[] = "\tSetHandler application/x-httpd-php";
$f[] = " </FilesMatch>";
$f[] = " <FilesMatch \"\\.phps\$\">";
$f[] = "\tSetHandler application/x-httpd-php-source";
$f[] = " </FilesMatch>";
$f[] = " <IfModule mod_userdir.c>";
$f[] = " <Directory /home/*/public_html>";
$f[] = " php_admin_value engine Off";
$f[] = " </Directory>";
$f[] = " </IfModule>";
$f[] = "</IfModule>";
$f[] = "<IfModule mod_mime.c>";
$f[] = "\tTypesConfig /etc/mime.types";
$f[] = "\tAddType application/x-compress .Z";
$f[] = "\tAddType application/x-gzip .gz .tgz";
$f[] = "\tAddType application/x-bzip2 .bz2";
$f[] = "\tAddType application/x-httpd-php .php .phtml";
$f[] = "\tAddType application/x-httpd-php-source .phps";
$f[] = "\tAddLanguage ca .ca";
$f[] = "\tAddLanguage cs .cz .cs";
$f[] = "\tAddLanguage da .dk";
$f[] = "\tAddLanguage de .de";
$f[] = "\tAddLanguage el .el";
$f[] = "\tAddLanguage en .en";
$f[] = "\tAddLanguage eo .eo";
$f[] = "\tRemoveType es";
$f[] = "\tAddLanguage es .es";
$f[] = "\tAddLanguage et .et";
$f[] = "\tAddLanguage fr .fr";
$f[] = "\tAddLanguage he .he";
$f[] = "\tAddLanguage hr .hr";
$f[] = "\tAddLanguage it .it";
$f[] = "\tAddLanguage ja .ja";
$f[] = "\tAddLanguage ko .ko";
$f[] = "\tAddLanguage ltz .ltz";
$f[] = "\tAddLanguage nl .nl";
$f[] = "\tAddLanguage nn .nn";
$f[] = "\tAddLanguage no .no";
$f[] = "\tAddLanguage pl .po";
$f[] = "\tAddLanguage pt .pt";
$f[] = "\tAddLanguage pt-BR .pt-br";
$f[] = "\tAddLanguage ru .ru";
$f[] = "\tAddLanguage sv .sv";
$f[] = "\tRemoveType tr";
$f[] = "\tAddLanguage tr .tr";
$f[] = "\tAddLanguage zh-CN .zh-cn";
$f[] = "\tAddLanguage zh-TW .zh-tw";
$f[] = "\tAddCharset us-ascii .ascii .us-ascii";
$f[] = "\tAddCharset ISO-8859-1 .iso8859-1 .latin1";
$f[] = "\tAddCharset ISO-8859-2 .iso8859-2 .latin2 .cen";
$f[] = "\tAddCharset ISO-8859-3 .iso8859-3 .latin3";
$f[] = "\tAddCharset ISO-8859-4 .iso8859-4 .latin4";
$f[] = "\tAddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru";
$f[] = "\tAddCharset ISO-8859-6 .iso8859-6 .arb .arabic";
$f[] = "\tAddCharset ISO-8859-7 .iso8859-7 .grk .greek";
$f[] = "\tAddCharset ISO-8859-8 .iso8859-8 .heb .hebrew";
$f[] = "\tAddCharset ISO-8859-9 .iso8859-9 .latin5 .trk";
$f[] = "\tAddCharset ISO-8859-10 .iso8859-10 .latin6";
$f[] = "\tAddCharset ISO-8859-13 .iso8859-13";
$f[] = "\tAddCharset ISO-8859-14 .iso8859-14 .latin8";
$f[] = "\tAddCharset ISO-8859-15 .iso8859-15 .latin9";
$f[] = "\tAddCharset ISO-8859-16 .iso8859-16 .latin10";
$f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis";
$f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis";
$f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis";
$f[] = "\tAddCharset Big5 .Big5 .big5 .b5";
$f[] = "\tAddCharset cn-Big5 .cn-big5";
$f[] = "\t# For russian, more than one charset is used (depends on client, mostly):";
$f[] = "\tAddCharset WINDOWS-1251 .cp-1251 .win-1251";
$f[] = "\tAddCharset CP866 .cp866";
$f[] = "\tAddCharset KOI8 .koi8";
$f[] = "\tAddCharset KOI8-E .koi8-e";
$f[] = "\tAddCharset KOI8-r .koi8-r .koi8-ru";
$f[] = "\tAddCharset KOI8-U .koi8-u";
$f[] = "\tAddCharset KOI8-ru .koi8-uk .ua";
$f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2";
$f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4";
$f[] = "\tAddCharset UTF-7 .utf7";
$f[] = "\tAddCharset UTF-8 .utf8";
$f[] = "\tAddCharset UTF-16 .utf16";
$f[] = "\tAddCharset UTF-16BE .utf16be";
$f[] = "\tAddCharset UTF-16LE .utf16le";
$f[] = "\tAddCharset UTF-32 .utf32";
$f[] = "\tAddCharset UTF-32BE .utf32be";
$f[] = "\tAddCharset UTF-32LE .utf32le";
$f[] = "\tAddCharset euc-cn .euc-cn";
$f[] = "\tAddCharset euc-gb .euc-gb";
$f[] = "\tAddCharset euc-jp .euc-jp";
$f[] = "\tAddCharset euc-kr .euc-kr";
$f[] = "\tAddCharset EUC-TW .euc-tw";
$f[] = "\tAddCharset gb2312 .gb2312 .gb";
$f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2";
$f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4";
$f[] = "\tAddCharset shift_jis .shift_jis .sjis";
$f[] = "\tAddType text/html .shtml";
$f[] = "\tAddOutputFilter INCLUDES .shtml";
$f[] = "</IfModule>";
$f[] = "Alias /index.php /hotspot.html";
$f[] = "Alias /index.html /hotspot.html";
$f[] = "Alias /Microsoft-Server-ActiveSync /hotspot-none.html";
$f[] = "<Directory \"/usr/share/artica-postfix\">";
$f[] = "\tDirectorySlash On";
$f[] = "\tDirectoryIndex hostpot.php";
$f[] = "\t\t<Files \"hostpot.php\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tallow from all";
$f[] = "\t\t</Files>";
$f[] = "\t\t<Files \"hostpot.html\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tallow from all";
$f[] = "\t\t</Files>";
$f[] = "\t\t<FilesMatch \"!(hostpot)\\.(html|php)\$\">";
$f[] = "\t\t\tOrder allow,deny";
$f[] = "\t\t\tdeny from all";
$f[] = "\t\t</FilesMatch>";
$f[] = "\tErrorDocument 400 /hotspot.html";
$f[] = "\tErrorDocument 401 /hotspot.html";
$f[] = "\tErrorDocument 403 /hotspot.html";
$f[] = "\tErrorDocument 404 /hotspot.html";
$f[] = "\tErrorDocument 500 /hotspot.html";
$f[] = "\tFallbackResource /hotspot.html";
$f[] = "\tOptions -Indexes";
$f[] = "\tSSLOptions +StdEnvVars";
$f[] = "\tAllowOverride All";
$f[] = "\tOrder allow,deny";
$f[] = "\tAllow from all";
$f[] = "</Directory>";
if ($EnableArticaApachePHPFPM == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n";
}
shell_exec("/etc/init.d/php5-fpm restart");
$f[] = "\tAlias /php5.fastcgi /var/run/artica-apache/php5.fastcgi";
$f[] = "\tAddHandler php-script .php";
$f[] = "\tFastCGIExternalServer /var/run/artica-apache/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610";
$f[] = "\tAction php-script /php5.fastcgi virtual";
$f[] = "\t<Directory /var/run/artica-apache>";
$f[] = "\t\t<Files php5.fastcgi>";
$f[] = "\t\tOrder deny,allow";
$f[] = "\t\tAllow from all";
$f[] = "\t\t</Files>";
$f[] = "\t</Directory>";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n";
}
}
$f[] = "Loglevel debug";
$f[] = "ErrorLog {$ErrorLog}";
$f[] = "LogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common";
$f[] = "CustomLog {$LogFilePath} common";
if ($EnableArticaApachePHPFPM == 0) {
$array["php5_module"] = "libphp5.so";
}
$array["actions_module"] = "mod_actions.so";
$array["expires_module"] = "mod_expires.so";
$array["rewrite_module"] = "mod_rewrite.so";
$array["dir_module"] = "mod_dir.so";
$array["mime_module"] = "mod_mime.so";
$array["alias_module"] = "mod_alias.so";
$array["auth_basic_module"] = "mod_auth_basic.so";
$array["authz_host_module"] = "mod_authz_host.so";
$array["autoindex_module"] = "mod_autoindex.so";
$array["negotiation_module"] = "mod_negotiation.so";
$array["ssl_module"] = "mod_ssl.so";
$array["headers_module"] = "mod_headers.so";
$array["ldap_module"] = "mod_ldap.so";
if ($Params["DOSEnable"] == 1) {
$array["evasive20_module"] = "mod_evasive20.so";
}
if ($EnableArticaApachePHPFPM == 1) {
$array["fastcgi_module"] = "mod_fastcgi.so";
}
if (is_dir("/etc/apache2")) {
if (!is_file("/etc/apache2/mime.types")) {
if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") {
@copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types");
}
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n";
}
while (list($module, $lib) = each($array)) {
if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n";
}
$f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}";
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n";
}
}
}
build_error_page();
@file_put_contents("/etc/artica-postfix/hotspot-httpd.conf", @implode("\n", $f) . "\n");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/hotspot-httpd.conf done\n";
}
}
function buildconfig()
{
# $Id$";
msg_html();
$sock = new sockets();
$unix = new unix();
$q = new mysql_squid_builder();
$q->check_hotspot_tables();
$php = $unix->LOCATE_PHP5_BIN();
$SquidHotSpotPort = intval($sock->GET_INFO("SquidHotSpotPort"));
$ArticaHotSpotPort = intval($sock->GET_INFO("ArticaHotSpotPort"));
$ArticaSSLHotSpotPort = intval($sock->GET_INFO("ArticaSSLHotSpotPort"));
$ArticaSplashHotSpotPort = intval($sock->GET_INFO("ArticaSplashHotSpotPort"));
$SquidHotSpotSSLPort = intval($sock->GET_INFO("SquidHotSpotSSLPort"));
$HospotNoSSL = intval($sock->GET_INFO("HospotNoSSL"));
$HotSpotDenySSL = intval($sock->GET_INFO("HotSpotDenySSL"));
$ArticaHotSpotEmergency = intval($sock->GET_INFO("ArticaHotSpotEmergency"));
$ArticaSplashHotSpotPortSSL = intval($sock->GET_INFO("ArticaSplashHotSpotPortSSL"));
$ArticaSplashHotSpotCertificate = $sock->GET_INFO("ArticaSplashHotSpotCertificate");
$ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface");
$ArticaHotSpotInterface2 = $sock->GET_INFO("ArticaHotSpotInterface2");
if ($ArticaHotSpotInterface == null) {
$ArticaHotSpotInterface = "eth0";
}
$ArticaHotSpotEnableMIT = $sock->GET_INFO("ArticaHotSpotEnableMIT");
$ArticaHotSpotEnableProxy = $sock->GET_INFO("ArticaHotSpotEnableProxy");
if (!is_numeric($ArticaHotSpotEnableMIT)) {
$ArticaHotSpotEnableMIT = 1;
}
if (!is_numeric($ArticaHotSpotEnableProxy)) {
$ArticaHotSpotEnableProxy = 1;
}
if ($ArticaHotSpotInterface2 == $ArticaHotSpotInterface) {
$ArticaHotSpotInterface2 = null;
}
if ($ArticaSplashHotSpotPort == 0) {
$ArticaSplashHotSpotPort = 16080;
}
if ($ArticaSplashHotSpotPortSSL == 0) {
$ArticaSplashHotSpotPortSSL = 16443;
}
if ($ArticaHotSpotPort == 0) {
$ArticaHotSpotPort = rand(38000, 64000);
$sock->SET_INFO("ArticaHotSpotPort", $ArticaHotSpotPort);
}
if ($ArticaSSLHotSpotPort == 0) {
$ArticaSSLHotSpotPort = rand(38500, 64000);
$sock->SET_INFO("ArticaSSLHotSpotPort", $ArticaSSLHotSpotPort);
}
if ($SquidHotSpotPort == 0) {
$SquidHotSpotPort = rand(40000, 64000);
$sock->SET_INFO("SquidHotSpotPort", $SquidHotSpotPort);
}
if ($SquidHotSpotSSLPort == 0) {
$SquidHotSpotSSLPort = rand(40500, 64000);
$sock->SET_INFO("SquidHotSpotSSLPort", $SquidHotSpotSSLPort);
}
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
$IPADDR = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"];
$GatewayAddress = $IPADDR;
$sock->SET_INFO("HotSpotGatewayAddr", $IPADDR);
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HTTP service on {$NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"]} `{$IPADDR}` port\n";
}
$HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName"));
$IPADDR2 = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface2]["IPADDR"];
$WifiDogDebugLevel = intval($sock->GET_INFO("WifiDogDebugLevel"));
build_progress("{reconfiguring}", 60);
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HTTP service on {$ArticaSplashHotSpotPort} port\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HTTPS service on {$ArticaSplashHotSpotPortSSL} port\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HotSpot service on {$ArticaHotSpotPort} port\n";
}
if ($ArticaHotSpotInterface2 != null) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Listen IN on {$ArticaHotSpotInterface} ( {$IPADDR} )\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Listen OUT on {$ArticaHotSpotInterface2} ( {$IPADDR2} )\n";
}
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Listen on {$ArticaHotSpotInterface} ( {$IPADDR} )\n";
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Proxy Listen on {$SquidHotSpotPort} port\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Re-authenticate each {$ArticaSplashHotSpotCacheAuth} Minutes\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Debug Level:{$WifiDogDebugLevel}\n";
}
$Checking_squid = Checking_squid($SquidHotSpotPort);
if (!$Checking_squid) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy...\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Restarting Proxy...\n";
}
shell_exec("/etc/init.d/squid restart --force {$GLOBALS["SCRIPT_SUFFIX"]}");
}
build_progress("{reconfiguring}", 61);
$Checking_squid = Checking_squid($SquidHotSpotPort);
if (!$Checking_squid) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy on port {$SquidHotSpotPort} Failed!!!\n";
}
}
build_progress("{reconfiguring}", 62);
if ($ArticaHotSpotEnableMIT == 1) {
$Checking_squid = Checking_squid($SquidHotSpotSSLPort);
build_progress("{reconfiguring}", 63);
if (!$Checking_squid) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy...\n";
}
shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Restarting Proxy...\n";
}
shell_exec("/etc/init.d/squid restart --force {$GLOBALS["SCRIPT_SUFFIX"]}");
}
$Checking_squid = Checking_squid($SquidHotSpotSSLPort);
if (!$Checking_squid) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy on port {$SquidHotSpotSSLPort} Failed!!!\n";
}
}
}
$modprobe = $unix->find_program("modprobe");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: probing iptables modules...\n";
}
$array = array();
$array[] = "ip_tables";
$array[] = "ip_conntrack";
$array[] = "ip_conntrack_ftp";
$array[] = "ip_conntrack_irc";
$array[] = "iptable_nat";
$array[] = "ip_nat_ftp";
while (list($num, $ligne) = each($array)) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: probing {$ligne}\n";
}
shell_exec("{$modprobe} {$ligne}");
}
$sysctl = $unix->find_program("sysctl");
$echo = $unix->find_program("echo");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Enable gateway..\n";
}
shell_exec("{$echo} 1 > /proc/sys/net/ipv4/ip_forward");
shell_exec("{$echo} 1 > /proc/sys/net/ipv4/ip_dynaddr");
shell_exec("{$sysctl} -w net.ipv4.ip_forward=1 2>&1");
shell_exec("{$echo} 1 > /proc/sys/net/ipv4/ip_forward");
$comment = " -m comment --comment \"WiFiDog_NAT\"";
if ($ArticaHotSpotInterface2 != null) {
$iptables = $unix->find_program("iptables");
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Chain {$ArticaHotSpotInterface} and {$ArticaHotSpotInterface2}\n";
}
$EXTIF = $ArticaHotSpotInterface2;
$INTIF = $ArticaHotSpotInterface;
shell_exec("{$iptables} -A FORWARD -i {$EXTIF} -o {$INTIF} -m state --state ESTABLISHED,RELATED {$comment} -j ACCEPT");
shell_exec("{$iptables} -A FORWARD -i {$INTIF} -o {$EXTIF} {$comment} -j ACCEPT");
shell_exec("{$iptables} -t nat -A POSTROUTING -o {$EXTIF} {$comment} -j MASQUERADE");
}
$WifidogClientTimeout = intval($sock->GET_INFO("WifidogClientTimeout"));
if ($WifidogClientTimeout < 5) {
$WifidogClientTimeout = 30;
}
build_progress("{reconfiguring}", 64);
$f[] = "# WiFiDog Configuration file";
$f[] = "# Saved by artica on " . date("Y-m-d H:i:s");
$f[] = "";
$f[] = "# Parameter: GatewayID";
$f[] = "# Default: default";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# Set this to the node ID on the auth server";
$f[] = "# This is used to give a customized login page to the clients and for";
$f[] = "# monitoring/statistics purpose. If you run multiple gateways on the same";
$f[] = "# machine each gateway needs to have a different gateway id.";
$f[] = "# If none is supplied, the mac address of the GatewayInterface interface will be used,";
$f[] = "# without the : separators";
$f[] = "";
$f[] = "# GatewayID default";
$f[] = "";
$f[] = "# Parameter: ExternalInterface";
$f[] = "# Default: NONE";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# Set this to the external interface (the one going out to the Inernet or your larger LAN). ";
$f[] = "# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,";
$f[] = "# Normally autodetected";
$f[] = "";
if ($ArticaHotSpotInterface2 != null) {
$f[] = "ExternalInterface {$ArticaHotSpotInterface2}";
} else {
$f[] = "#ExternalInterface eth0 or ppp0 otherwise";
}
$f[] = "";
$f[] = "GatewayInterface {$ArticaHotSpotInterface}";
$f[] = "GatewayAddress {$GatewayAddress}";
$f[] = "";
$f[] = "# Parameter: HtmlMessageFile";
$f[] = "# Default: wifidog-msg.html";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# This allows you to specify a custome HTML file which will be used for";
$f[] = "# system errors by the gateway. Any \$title, \$message and \$node variables";
$f[] = "# used inside the file will be replaced.";
$f[] = "#";
$f[] = "# HtmlMessageFile /opt/wifidog/etc/wifidog-.html";
$f[] = "";
$f[] = "# Parameter: AuthServer";
$f[] = "# Default: NONE";
$f[] = "# Mandatory, repeatable";
$f[] = "#";
$f[] = "# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds.";
$f[] = "# Set this to the hostname or IP of your auth server(s), the path where";
$f[] = "# WiFiDog-auth resides in and the port it listens on.";
$f[] = "#AuthServer {";
$f[] = "#\tHostname (Mandatory; Default: NONE)";
$f[] = "#\tSSLAvailable (Optional; Default: no; Possible values: yes, no)";
$f[] = "#\tSSLPort (Optional; Default: 443)";
$f[] = "#\tHTTPPort (Optional; Default: 80)";
$f[] = "#\tPath (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)";
$f[] = "# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.)";
$f[] = "# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.)";
$f[] = "# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.)";
$f[] = "# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.)";
$f[] = "# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.)";
$f[] = "#}";
$f[] = "# HospotHTTPServerName = {$HospotHTTPServerName}";
$f[] = "AuthServer {";
if ($HospotHTTPServerName != null) {
$f[] = " Hostname {$HospotHTTPServerName}";
$unix->create_EtcHosts($HospotHTTPServerName, $IPADDR);
} else {
$f[] = " Hostname {$IPADDR}";
}
if ($HotSpotDenySSL == 1) {
$HospotNoSSL = 1;
}
$f[] = " SSLPort {$ArticaSplashHotSpotPortSSL}";
if ($HospotNoSSL == 0) {
$f[] = " SSLAvailable yes";
} else {
$f[] = " SSLAvailable no";
}
$f[] = " HTTPPort {$ArticaSplashHotSpotPort}";
$f[] = " LoginScriptPathFragment hotspot.php?wifidog-login=yes&";
$f[] = " PingScriptPathFragment hotspot.php?wifidog-ping=yes&";
$f[] = " AuthScriptPathFragment hotspot.php?wifidog-auth=yes&";
$f[] = " PortalScriptPathFragment hotspot.php?wifidog-portal=yes&";
$f[] = " Path /";
$f[] = "}";
$f[] = "";
$f[] = "Daemon 1";
$f[] = "GatewayPort {$ArticaHotSpotPort}";
if ($ArticaHotSpotEnableProxy == 1) {
$f[] = "ProxyPort {$SquidHotSpotPort}";
}
$f[] = "HTTPDName Artica HotSpot";
$f[] = "# HTTPDMaxConn 50";
$f[] = "";
$f[] = "# Parameter: HTTPDRealm";
$f[] = "# Default: WiFiDog";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# The name of the HTTP authentication realm. This only used when a user";
$f[] = "# tries to access a protected WiFiDog internal page. See HTTPUserName.";
$f[] = "# HTTPDRealm WiFiDog";
$f[] = "";
$f[] = "# Parameter: HTTPDUserName / HTTPDPassword";
$f[] = "# Default: unset";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# The gateway exposes some information such as the status page through its web";
$f[] = "# interface. This information can be protected with a username and password,";
$f[] = "# which can be set through the HTTPDUserName and HTTPDPassword parameters.";
$f[] = "# HTTPDUserName admin";
$f[] = "# HTTPDPassword secret";
$f[] = "";
$f[] = "CheckInterval 60";
$f[] = "ClientTimeout {$WifidogClientTimeout}";
$f[] = "";
$f[] = "# Parameter: TrustedMACList";
$f[] = "# Default: none";
$f[] = "# Optional";
$f[] = "#";
$f[] = "# Comma separated list of MAC addresses who are allowed to pass";
$f[] = "# through without authentication";
$f[] = "#TrustedMACList 00:15:5D:01:09:06,00:00:C0:1D:F0:0D";
build_progress("{reconfiguring}", 65);
$trusted_macs = trusted_macs();
if ($trusted_macs != null) {
$f[] = "TrustedMACList {$trusted_macs}";
}
$f[] = "";
$f[] = "# Parameter: FirewallRuleSet";
$f[] = "# Default: none";
$f[] = "# Mandatory";
$f[] = "#";
$f[] = "# Groups a number of FirewallRule statements together.";
$f[] = "";
$f[] = "# Parameter: FirewallRule";
$f[] = "# Default: none";
$f[] = "# ";
$f[] = "# Define one firewall rule in a rule set.";
$f[] = "";
$f[] = "# Rule Set: global";
$f[] = "# ";
$f[] = "# Used for rules to be applied to all other rulesets except locked.";
$f[] = "FirewallRuleSet global {";
if ($ArticaHotSpotEmergency == 1) {
$f[] = "\tFirewallRule allow udp to 0.0.0.0/0";
$f[] = "\tFirewallRule allow tcp to 0.0.0.0/0";
} else {
$f[] = firewall_rules(0);
}
$f[] = " # FirewallRule syntax:";
$f[] = " # FirewallRule (block|drop|allow|log|ulog) [(tcp|udp|icmp) [port X]] [to IP/CIDR]";
$f[] = "";
$f[] = " ## To block SMTP out, as it's a tech support nightmare, and a legal liability";
$f[] = " #FirewallRule block tcp port 25";
$f[] = " ";
$f[] = " ## Use the following if you don't want clients to be able to access machines on ";
$f[] = " ## the private LAN that gives internet access to wifidog. Note that this is not";
$f[] = " ## client isolation; The laptops will still be able to talk to one another, as";
$f[] = " ## well as to any machine bridged to the wifi of the router.";
$f[] = " # FirewallRule block to 192.168.0.0/16";
$f[] = " # FirewallRule block to 172.16.0.0/12";
$f[] = " # FirewallRule block to 10.0.0.0/8";
$f[] = " ";
$f[] = " ## This is an example ruleset for the Teliphone service.";
$f[] = " #FirewallRule allow udp to 69.90.89.192/27";
$f[] = " #FirewallRule allow udp to 69.90.85.0/27";
$f[] = " #FirewallRule allow tcp port 80 to 69.90.89.205";
$f[] = "";
$f[] = " ## Use the following to log or ulog the traffic you want to allow or block.";
$f[] = " # For OPENWRT: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies";
$f[] = " # iptables-mod-extra and iptables-mod-ulog (to adapt it to the linux distribution). ";
$f[] = " # Note: the log or ulog rule must be passed before, the rule you want to match.";
$f[] = " # for openwrt: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies";
$f[] = " # iptables-mod-extra and iptables-mod-ulog";
$f[] = " # For example, you want to log (ulog works the same way) the traffic allowed on port 80 to the ip 69.90.89.205:";
$f[] = " #FirewallRule log tcp port 80 to 69.90.89.205";
$f[] = " #FirewallRule allow tcp port 80 to 69.90.89.205";
$f[] = " # And you want to know, who matche your block rule:";
$f[] = " #FirewallRule log to 0.0.0.0/0";
$f[] = " #FirewallRule block to 0.0.0.0/0";
$f[] = "}";
$f[] = "";
$f[] = "# Rule Set: validating-users";
$f[] = "# Used for new users validating their account";
$f[] = "FirewallRuleSet validating-users {";
if ($ArticaHotSpotEmergency == 1) {
$f[] = "\tFirewallRule allow udp to 0.0.0.0/0";
$f[] = "\tFirewallRule allow tcp to 0.0.0.0/0";
} else {
$f[] = firewall_rules(1);
}
$f[] = "FirewallRule allow tcp port 80 to 0.0.0.0/0";
$f[] = "FirewallRule allow tcp port 443 to 0.0.0.0/0";
$f[] = "}";
$f[] = "";
$f[] = "# Rule Set: known-users";
$f[] = "# Used for normal validated users.";
$f[] = "FirewallRuleSet known-users {";
if ($ArticaHotSpotEmergency == 1) {
$f[] = "\tFirewallRule allow udp to 0.0.0.0/0";
$f[] = "\tFirewallRule allow tcp to 0.0.0.0/0";
} else {
$f[] = firewall_rules(1);
}
$f[] = "FirewallRule allow tcp port 80 to 0.0.0.0/0";
$f[] = "FirewallRule allow tcp port 443 to 0.0.0.0/0";
$f[] = "}";
$f[] = "";
$f[] = "# Rule Set: unknown-users";
$f[] = "#";
$f[] = "# Used for unvalidated users, this is the ruleset that gets redirected.";
$f[] = "#";
$f[] = "# XXX The redirect code adds the Default DROP clause.";
$f[] = "FirewallRuleSet unknown-users {";
if ($ArticaHotSpotEmergency == 1) {
$f[] = "\tFirewallRule allow udp to 0.0.0.0/0";
$f[] = "\tFirewallRule allow tcp to 0.0.0.0/0";
} else {
if ($HotSpotDenySSL == 1) {
$f[] = "FirewallRule block tcp port 443 to 0.0.0.0/0";
}
if ($HotSpotDenySSL == 0) {
$f[] = "FirewallRule allow tcp port 443 to 0.0.0.0/0";
}
$f[] = " FirewallRule allow udp port 53";
$f[] = " FirewallRule allow tcp port 53";
$f[] = " FirewallRule allow udp port 67";
$f[] = " FirewallRule allow tcp port 67";
$f[] = firewall_rules(2);
}
$f[] = "}";
$f[] = "";
$f[] = "# Rule Set: locked-users";
$f[] = "#";
$f[] = "# Not currently used";
$f[] = "FirewallRuleSet locked-users {";
if ($ArticaHotSpotEmergency == 1) {
$f[] = "\tFirewallRule allow udp to 0.0.0.0/0";
$f[] = "\tFirewallRule allow tcp to 0.0.0.0/0";
} else {
$f[] = "\tFirewallRule block to 0.0.0.0/0";
}
$f[] = "}";
$f[] = "";
@file_put_contents("/etc/wifidog.conf", @implode("\n", $f));
build_progress("{reconfiguring}", 90);
build_error_page();
}
