/** * Auto configures web proxy. * * @return void * @throws Engine_Exception */ public function auto_configure() { clearos_profile(__METHOD__, __LINE__); // Bail if auto configure disabled //-------------------------------- if (!$this->get_auto_configure_state()) { return; } // Grab some network info first //----------------------------- $iface_manager = new Iface_Manager(); $ips = $iface_manager->get_most_trusted_ips(); $lans = $iface_manager->get_most_trusted_networks(TRUE, TRUE); $firewall = new Squid_Firewall(); $is_firewall_transparent = $firewall->get_proxy_transparent_state(); $is_proxy_filter_running = $firewall->get_proxy_filter_state(); $network = new Network(); $mode = $network->get_mode(); $is_standalone = $mode === Network::MODE_STANDALONE || $mode === Network::MODE_TRUSTED_STANDALONE ? TRUE : FALSE; // Handle error templates //----------------------- $folder = new Folder($this->error_templates); $templates = $folder->get_listing(); foreach ($templates as $template) { $target = preg_replace('/\\.template$/', '', $template); $file = new File($this->error_templates . '/' . $template); $contents = $file->get_contents(); $contents = preg_replace('/PCN_LAN_IP/s', $ips[0], $contents); $current_contents = ''; $file = new File(self::PATH_TEMPLATES . '/' . $target); if ($file->exists()) { $current_contents = $file->get_contents(); } if (trim($current_contents) != trim($contents)) { if ($file->exists()) { $file->delete(); } $file->create('root', 'root', '0644'); $file->add_lines("{$contents}\n"); } } // Handle proxy port listener //--------------------------- $reload_squid = FALSE; $transparent = $is_firewall_transparent && !$is_standalone && !$is_proxy_filter_running ? ' intercept' : ''; if (!in_array('127.0.0.1', $ips)) { array_unshift($ips, '127.0.0.1'); } $current_lines = ''; $new_lines = "# Created automatically based on network configuration\n"; foreach ($ips as $ip) { $new_lines .= "http_port {$ip}:3128{$transparent}\n"; } $file = new File(self::FILE_PORT_CONFIG); if ($file->exists()) { $current_lines = $file->get_contents(); } if (trim($current_lines) != trim($new_lines)) { clearos_log('web_proxy', 'auto-configuration - updating port configuration'); if ($file->exists()) { $file->delete(); } $file->create('root', 'root', '0644'); $file->add_lines($new_lines); $reload_squid = TRUE; } // LAN ACL definitions //-------------------- if (empty($lans)) { $lans = array('10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16'); } $lan_list = ''; foreach ($lans as $lan) { $lan_list .= " {$lan}"; } $current_lines = ''; $new_lines = "# Created automatically based on network configuration\n"; $new_lines .= "acl webconfig_lan src{$lan_list}\n"; $new_lines .= "acl webconfig_to_lan dst{$lan_list}\n"; $file = new File(self::FILE_LANS_CONFIG); if ($file->exists()) { $current_lines = $file->get_contents(); } if (trim($current_lines) != trim($new_lines)) { clearos_log('web_proxy', 'auto-configuration - updating LAN configuration'); if ($file->exists()) { $file->delete(); } $file->create('root', 'root', '0644'); $file->add_lines($new_lines); $reload_squid = TRUE; } // Reload Squid if a change occurred //---------------------------------- if ($reload_squid) { $this->reset(); } }
/** * Returns capability of proxy transparent mode. * * @return boolean TRUE if transparent mode is available * @throws Engine_Exception */ public function get_proxy_transparent_capability() { clearos_profile(__METHOD__, __LINE__); $network = new Network(); $mode = $network->get_mode(); if ($mode === Network::MODE_STANDALONE || $mode === Network::MODE_TRUSTED_STANDALONE) { return FALSE; } else { return TRUE; } }