function apache_config() { $sock = new sockets(); $unix = new unix(); $EnablePHPFPM = 0; $APACHE_SRC_ACCOUNT = $unix->APACHE_SRC_ACCOUNT(); $APACHE_SRC_GROUP = $unix->APACHE_SRC_GROUP(); if (preg_match("#APACHE_RUN_GROUP#", $APACHE_SRC_GROUP)) { $APACHE_SRC_GROUP = "www-data"; } $LogFilePath = "/var/log/artica-wifidog/access.log"; $directories[] = "/var/run/apache2"; $directories[] = "/var/run/artica-apache"; $directories[] = "/var/log/artica-wifidog"; $directories[] = "/home/artica/hotspot/sessions"; $directories[] = "/home/artica/hotspot/caches"; while (list($index, $maindir) = each($directories)) { @mkdir($maindir, 0755, true); @chown($maindir, $APACHE_SRC_ACCOUNT); @chgrp($maindir, $APACHE_SRC_GROUP); } $ErrorLog = dirname($LogFilePath) . "/error.log"; if (!is_file($LogFilePath)) { @touch($LogFilePath); } @chown($LogFilePath, $APACHE_SRC_ACCOUNT); @chgrp($LogFilePath, $APACHE_SRC_GROUP); if (!is_file($ErrorLog)) { @touch($ErrorLog); } @chown($ErrorLog, $APACHE_SRC_ACCOUNT); @chgrp($ErrorLog, $APACHE_SRC_GROUP); $APACHE_MODULES_PATH = $unix->APACHE_MODULES_PATH(); $HotSpotMaxClients = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotMaxClients")); $HotSpotStartServers = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotStartServers")); $HotSpotForceDDOSDisable = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/HotSpotForceDDOSDisable")); if ($HotSpotMaxClients == 0) { $HotSpotMaxClients = 20; } if ($HotSpotStartServers == 0) { $HotSpotStartServers = 5; } $EnableArticaHotSpot = $sock->GET_INFO("EnableArticaHotSpot"); $SquidHotSpotPort = $sock->GET_INFO("SquidHotSpotPort"); $ArticaHotSpotPort = $sock->GET_INFO("ArticaHotSpotPort"); $ArticaSSLHotSpotPort = $sock->GET_INFO("ArticaSSLHotSpotPort"); $ArticaSplashHotSpotPort = $sock->GET_INFO("ArticaSplashHotSpotPort"); $ArticaSplashHotSpotPortSSL = $sock->GET_INFO("ArticaSplashHotSpotPortSSL"); if (!is_numeric($ArticaHotSpotPort)) { $ArticaHotSpotPort = 0; } if (!is_numeric($ArticaSplashHotSpotPort)) { $ArticaSplashHotSpotPort = 16080; } if (!is_numeric($ArticaSplashHotSpotPortSSL)) { $ArticaSplashHotSpotPortSSL = 16443; } $ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface"); $HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName")); $HotSpotErrorRedirect = $sock->GET_INFO("HotSpotErrorRedirect"); if ($HotSpotErrorRedirect == null) { $HotSpotErrorRedirect = "http://www.msftncsi.com"; } $Params = unserialize($sock->GET_INFO("HotSpotEvasive")); $ApacheEvasiveInstalled = intval($sock->GET_INFO("ApacheEvasiveInstalled")); if (!is_numeric($Params["DOSEnable"])) { $Params["DOSEnable"] = 1; } if (!is_numeric($Params["DOSHashTableSize"])) { $Params["DOSHashTableSize"] = 1024; } if (!is_numeric($Params["DOSPageCount"])) { $Params["DOSPageCount"] = 3; } if (!is_numeric($Params["DOSSiteCount"])) { $Params["DOSSiteCount"] = 20; } if (!is_numeric($Params["DOSPageInterval"])) { $Params["DOSPageInterval"] = 1; } if (!is_numeric($Params["DOSSiteInterval"])) { $Params["DOSSiteInterval"] = 10; } if (!is_numeric($Params["DOSBlockingPeriod"])) { $Params["DOSBlockingPeriod"] = 5; } $unix = new unix(); $NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES(); $ipaddr = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"]; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HotSpot run as {$ArticaHotSpotInterface} ( {$ipaddr} )\n"; } if ($ipaddr == "0.0.0.0") { $ipaddr = "*"; } if ($ipaddr == null) { $ipaddr = "*"; } $GLOBALS["HOSTPOT_WEB_INTERFACE"] = $ipaddr; $phpfpm = $unix->APACHE_LOCATE_PHP_FPM(); $php = $unix->LOCATE_PHP5_BIN(); $EnableArticaApachePHPFPM = $sock->GET_INFO("EnableArticaApachePHPFPM"); if (!is_numeric($EnableArticaApachePHPFPM)) { $EnableArticaApachePHPFPM = 0; } if (!is_file($phpfpm)) { $EnableArticaApachePHPFPM = 0; } $unix->chown_func($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "/var/run/artica-apache"); $apache_LOCATE_MIME_TYPES = $unix->apache_LOCATE_MIME_TYPES(); if ($EnableArticaApachePHPFPM == 1) { if (!is_file("{$APACHE_MODULES_PATH}/mod_fastcgi.so")) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} mod_fastcgi.so is required to use PHP5-FPM\n"; } $EnableArticaApachePHPFPM = 0; } } if ($APACHE_SRC_ACCOUNT == null) { $APACHE_SRC_ACCOUNT = "www-data"; $APACHE_SRC_GROUP = "www-data"; $unix->CreateUnixUser($APACHE_SRC_ACCOUNT, $APACHE_SRC_GROUP, "Apache username"); } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Run as....: {$APACHE_SRC_ACCOUNT}:{$APACHE_SRC_GROUP}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} HTTP Port.: {$ArticaSplashHotSpotPort} SSL Port: {$ArticaSplashHotSpotPortSSL}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP-FPM...: {$EnablePHPFPM}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} MaxClients: {$HotSpotMaxClients}\n"; } $f[] = "Group {$APACHE_SRC_GROUP}"; $f[] = "User {$APACHE_SRC_ACCOUNT}"; $f[] = "LockFile /var/run/apache2/hotspot-artica-accept.lock"; $f[] = "PidFile /var/run/artica-apache/hotspot-apache.pid"; $f[] = "AcceptMutex flock"; $f[] = "SSLRandomSeed startup file:/dev/urandom 256"; $f[] = "SSLRandomSeed connect builtin"; $f[] = "SSLSessionCache shmcb:/var/run/apache2/ssl_scache-hotspot(512000)"; $f[] = "SSLSessionCacheTimeout 300"; $f[] = "SSLSessionCacheTimeout 300"; $f[] = "DocumentRoot /usr/share/artica-postfix"; $f[] = "DirectoryIndex hotspot.html"; $f[] = "ErrorDocument 400 /hotspot.html"; $f[] = "ErrorDocument 401 /hotspot.html"; $f[] = "ErrorDocument 403 /hotspot.html"; $f[] = "ErrorDocument 404 /hotspot.html"; $f[] = "ErrorDocument 500 /hotspot.html"; $NameVirtualHost = $ipaddr; if ($HospotHTTPServerName != null) { $NameVirtualHost = $HospotHTTPServerName; } $f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}"; $f[] = "NameVirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}"; $f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPort}"; $f[] = "Listen {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}"; $ddos_config = null; if ($HotSpotForceDDOSDisable == 1) { $Params["DOSEnable"] = 0; } if ($Params["DOSEnable"] == 1) { //$ddos[]="<IfModule mod_evasive20.c>"; $ddos[] = "\tDOSHashTableSize {$Params["DOSHashTableSize"]}"; $ddos[] = "\tDOSPageCount {$Params["DOSPageCount"]}"; $ddos[] = "\tDOSSiteCount {$Params["DOSSiteCount"]}"; $ddos[] = "\tDOSPageInterval {$Params["DOSPageInterval"]}"; $ddos[] = "\tDOSSiteInterval {$Params["DOSSiteInterval"]}"; $ddos[] = "\tDOSBlockingPeriod {$Params["DOSBlockingPeriod"]}"; $ddos[] = "\tDOSLogDir \"/var/log/artica-wifidog\""; $ddos[] = "\tDOSSystemCommand \"/bin/echo `date '+%F %T'` HOTSPOT %s >> /var/log/artica-wifidog/dos_evasive_attacks.log\""; $ddos_config = @implode("\n", $ddos); //$ddos[]="</IfModule>"; } $f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPort}>"; $f[] = "\tServerName {$NameVirtualHost}"; $f[] = "\tDocumentRoot /usr/share/artica-postfix"; $f[] = "{$ddos_config}"; $f[] = "\tErrorDocument 400 /hotspot.html"; $f[] = "\tErrorDocument 401 /hotspot.html"; $f[] = "\tErrorDocument 403 /hotspot.html"; $f[] = "\tErrorDocument 404 /hotspot.html"; $f[] = "\tErrorDocument 500 /hotspot.html"; $f[] = "\tFallbackResource /hotspot.html"; $f[] = "</VirtualHost>"; $f[] = "<VirtualHost {$NameVirtualHost}:{$ArticaSplashHotSpotPortSSL}>"; $f[] = "\tServerName {$NameVirtualHost}"; $f[] = "\tDocumentRoot /usr/share/artica-postfix"; $f[] = "\tSSLEngine on"; $squid = new squidbee(); $ArticaSplashHotSpotCertificate = $sock->GET_INFO("ArticaSplashHotSpotCertificate"); $data = $squid->SaveCertificate($ArticaSplashHotSpotCertificate, false, true, false); if ($ArticaSplashHotSpotCertificate != null) { $apache = new apache_certificate($ArticaSplashHotSpotCertificate); $f[] = $apache->build(); } else { if (preg_match("#ssl_certificate\\s+(.+?);\\s+ssl_certificate_key\\s+(.+?);#is", $data, $re)) { $cert = $re[1]; $key = $re[2]; $f[] = "\tSSLCertificateFile \"{$cert}\""; $f[] = "\tSSLCertificateKeyFile \"{$key}\""; } } $f[] = "\tSSLVerifyClient none"; $f[] = "\tServerSignature Off"; $f[] = "{$ddos_config}"; $f[] = "\tErrorDocument 400 /hotspot.html"; $f[] = "\tErrorDocument 401 /hotspot.html"; $f[] = "\tErrorDocument 403 /hotspot.html"; $f[] = "\tErrorDocument 404 /hotspot.html"; $f[] = "\tErrorDocument 500 /hotspot.html"; $f[] = "\tFallbackResource /hotspot.html"; $f[] = "</VirtualHost>"; $f[] = "AccessFileName .htaccess"; $f[] = "<Files ~ \"^\\.ht\">"; $f[] = "\tOrder allow,deny"; $f[] = "\tDeny from all"; $f[] = "\tSatisfy all"; $f[] = "</Files>"; $f[] = "DefaultType text/plain"; $f[] = "HostnameLookups Off"; $f[] = "User\t\t\t\t {$APACHE_SRC_ACCOUNT}"; $f[] = "Group\t\t\t\t {$APACHE_SRC_GROUP}"; $f[] = "Timeout 300"; $f[] = "KeepAlive Off"; $f[] = "KeepAliveTimeout 3"; if ($HotSpotStartServers >= $HotSpotMaxClients) { $HotSpotMaxClients = $HotSpotMaxClients + $HotSpotStartServers; } if ($HotSpotMaxClients > 1024) { $HotSpotMaxClients = 1024; } $ServerLimit = $HotSpotMaxClients + 100; if ($ServerLimit > 2000) { $ServerLimit = 2000; } $f[] = "StartServers {$HotSpotStartServers}"; $f[] = "MaxClients {$HotSpotMaxClients}"; $f[] = "ServerLimit\t\t {$ServerLimit}"; $MinSpareServers = $HotSpotStartServers + 5; $MaxSpareServers = $MinSpareServers + 1; $f[] = "MinSpareServers {$MinSpareServers}"; $f[] = "MaxSpareServers {$MaxSpareServers}"; $f[] = "MaxRequestsPerChild 800"; $f[] = "MaxKeepAliveRequests 100"; $f[] = "ServerName " . $unix->hostname_g(); $f[] = "<IfModule mod_ssl.c>"; $f[] = "\tSSLRandomSeed connect builtin"; $f[] = "\tSSLRandomSeed connect file:/dev/urandom 512"; $f[] = "\tAddType application/x-x509-ca-cert .crt"; $f[] = "\tAddType application/x-pkcs7-crl .crl"; $f[] = "\tSSLPassPhraseDialog builtin"; $f[] = "\tSSLSessionCache shmcb:/var/run/apache2/ssl_scache-articahtp(512000)"; $f[] = "\tSSLSessionCacheTimeout 300"; $f[] = "\tSSLSessionCacheTimeout 300"; $f[] = "\tSSLMutex sem"; $f[] = "\tSSLCipherSuite HIGH:MEDIUM:!ADH"; $f[] = "\tSSLProtocol all -SSLv2"; $f[] = "</IfModule>"; $f[] = ""; $f[] = "AddType application/x-httpd-php .php"; $f[] = "php_value error_log \"/var/log/artica-wifidog/access.log\""; $f[] = "php_value session.save_path \"/home/artica/hotspot/sessions\""; $f[] = "<IfModule mod_fcgid.c>"; $f[] = "\tPHP_Fix_Pathinfo_Enable 1"; $f[] = "</IfModule>"; $f[] = "<IfModule mod_php5.c>"; $f[] = " <FilesMatch \"\\.ph(p3?|tml)\$\">"; $f[] = "\tSetHandler application/x-httpd-php"; $f[] = " </FilesMatch>"; $f[] = " <FilesMatch \"\\.phps\$\">"; $f[] = "\tSetHandler application/x-httpd-php-source"; $f[] = " </FilesMatch>"; $f[] = " <IfModule mod_userdir.c>"; $f[] = " <Directory /home/*/public_html>"; $f[] = " php_admin_value engine Off"; $f[] = " </Directory>"; $f[] = " </IfModule>"; $f[] = "</IfModule>"; $f[] = "<IfModule mod_mime.c>"; $f[] = "\tTypesConfig /etc/mime.types"; $f[] = "\tAddType application/x-compress .Z"; $f[] = "\tAddType application/x-gzip .gz .tgz"; $f[] = "\tAddType application/x-bzip2 .bz2"; $f[] = "\tAddType application/x-httpd-php .php .phtml"; $f[] = "\tAddType application/x-httpd-php-source .phps"; $f[] = "\tAddLanguage ca .ca"; $f[] = "\tAddLanguage cs .cz .cs"; $f[] = "\tAddLanguage da .dk"; $f[] = "\tAddLanguage de .de"; $f[] = "\tAddLanguage el .el"; $f[] = "\tAddLanguage en .en"; $f[] = "\tAddLanguage eo .eo"; $f[] = "\tRemoveType es"; $f[] = "\tAddLanguage es .es"; $f[] = "\tAddLanguage et .et"; $f[] = "\tAddLanguage fr .fr"; $f[] = "\tAddLanguage he .he"; $f[] = "\tAddLanguage hr .hr"; $f[] = "\tAddLanguage it .it"; $f[] = "\tAddLanguage ja .ja"; $f[] = "\tAddLanguage ko .ko"; $f[] = "\tAddLanguage ltz .ltz"; $f[] = "\tAddLanguage nl .nl"; $f[] = "\tAddLanguage nn .nn"; $f[] = "\tAddLanguage no .no"; $f[] = "\tAddLanguage pl .po"; $f[] = "\tAddLanguage pt .pt"; $f[] = "\tAddLanguage pt-BR .pt-br"; $f[] = "\tAddLanguage ru .ru"; $f[] = "\tAddLanguage sv .sv"; $f[] = "\tRemoveType tr"; $f[] = "\tAddLanguage tr .tr"; $f[] = "\tAddLanguage zh-CN .zh-cn"; $f[] = "\tAddLanguage zh-TW .zh-tw"; $f[] = "\tAddCharset us-ascii .ascii .us-ascii"; $f[] = "\tAddCharset ISO-8859-1 .iso8859-1 .latin1"; $f[] = "\tAddCharset ISO-8859-2 .iso8859-2 .latin2 .cen"; $f[] = "\tAddCharset ISO-8859-3 .iso8859-3 .latin3"; $f[] = "\tAddCharset ISO-8859-4 .iso8859-4 .latin4"; $f[] = "\tAddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru"; $f[] = "\tAddCharset ISO-8859-6 .iso8859-6 .arb .arabic"; $f[] = "\tAddCharset ISO-8859-7 .iso8859-7 .grk .greek"; $f[] = "\tAddCharset ISO-8859-8 .iso8859-8 .heb .hebrew"; $f[] = "\tAddCharset ISO-8859-9 .iso8859-9 .latin5 .trk"; $f[] = "\tAddCharset ISO-8859-10 .iso8859-10 .latin6"; $f[] = "\tAddCharset ISO-8859-13 .iso8859-13"; $f[] = "\tAddCharset ISO-8859-14 .iso8859-14 .latin8"; $f[] = "\tAddCharset ISO-8859-15 .iso8859-15 .latin9"; $f[] = "\tAddCharset ISO-8859-16 .iso8859-16 .latin10"; $f[] = "\tAddCharset ISO-2022-JP .iso2022-jp .jis"; $f[] = "\tAddCharset ISO-2022-KR .iso2022-kr .kis"; $f[] = "\tAddCharset ISO-2022-CN .iso2022-cn .cis"; $f[] = "\tAddCharset Big5 .Big5 .big5 .b5"; $f[] = "\tAddCharset cn-Big5 .cn-big5"; $f[] = "\t# For russian, more than one charset is used (depends on client, mostly):"; $f[] = "\tAddCharset WINDOWS-1251 .cp-1251 .win-1251"; $f[] = "\tAddCharset CP866 .cp866"; $f[] = "\tAddCharset KOI8 .koi8"; $f[] = "\tAddCharset KOI8-E .koi8-e"; $f[] = "\tAddCharset KOI8-r .koi8-r .koi8-ru"; $f[] = "\tAddCharset KOI8-U .koi8-u"; $f[] = "\tAddCharset KOI8-ru .koi8-uk .ua"; $f[] = "\tAddCharset ISO-10646-UCS-2 .ucs2"; $f[] = "\tAddCharset ISO-10646-UCS-4 .ucs4"; $f[] = "\tAddCharset UTF-7 .utf7"; $f[] = "\tAddCharset UTF-8 .utf8"; $f[] = "\tAddCharset UTF-16 .utf16"; $f[] = "\tAddCharset UTF-16BE .utf16be"; $f[] = "\tAddCharset UTF-16LE .utf16le"; $f[] = "\tAddCharset UTF-32 .utf32"; $f[] = "\tAddCharset UTF-32BE .utf32be"; $f[] = "\tAddCharset UTF-32LE .utf32le"; $f[] = "\tAddCharset euc-cn .euc-cn"; $f[] = "\tAddCharset euc-gb .euc-gb"; $f[] = "\tAddCharset euc-jp .euc-jp"; $f[] = "\tAddCharset euc-kr .euc-kr"; $f[] = "\tAddCharset EUC-TW .euc-tw"; $f[] = "\tAddCharset gb2312 .gb2312 .gb"; $f[] = "\tAddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2"; $f[] = "\tAddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4"; $f[] = "\tAddCharset shift_jis .shift_jis .sjis"; $f[] = "\tAddType text/html .shtml"; $f[] = "\tAddOutputFilter INCLUDES .shtml"; $f[] = "</IfModule>"; $f[] = "Alias /index.php /hotspot.html"; $f[] = "Alias /index.html /hotspot.html"; $f[] = "Alias /Microsoft-Server-ActiveSync /hotspot-none.html"; $f[] = "<Directory \"/usr/share/artica-postfix\">"; $f[] = "\tDirectorySlash On"; $f[] = "\tDirectoryIndex hostpot.php"; $f[] = "\t\t<Files \"hostpot.php\">"; $f[] = "\t\t\tOrder allow,deny"; $f[] = "\t\t\tallow from all"; $f[] = "\t\t</Files>"; $f[] = "\t\t<Files \"hostpot.html\">"; $f[] = "\t\t\tOrder allow,deny"; $f[] = "\t\t\tallow from all"; $f[] = "\t\t</Files>"; $f[] = "\t\t<FilesMatch \"!(hostpot)\\.(html|php)\$\">"; $f[] = "\t\t\tOrder allow,deny"; $f[] = "\t\t\tdeny from all"; $f[] = "\t\t</FilesMatch>"; $f[] = "\tErrorDocument 400 /hotspot.html"; $f[] = "\tErrorDocument 401 /hotspot.html"; $f[] = "\tErrorDocument 403 /hotspot.html"; $f[] = "\tErrorDocument 404 /hotspot.html"; $f[] = "\tErrorDocument 500 /hotspot.html"; $f[] = "\tFallbackResource /hotspot.html"; $f[] = "\tOptions -Indexes"; $f[] = "\tSSLOptions +StdEnvVars"; $f[] = "\tAllowOverride All"; $f[] = "\tOrder allow,deny"; $f[] = "\tAllow from all"; $f[] = "</Directory>"; if ($EnableArticaApachePHPFPM == 1) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Activate PHP5-FPM\n"; } shell_exec("{$php} /usr/share/artica-postfix/exec.initslapd.php --phppfm"); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Restarting PHP5-FPM\n"; } shell_exec("/etc/init.d/php5-fpm restart"); $f[] = "\tAlias /php5.fastcgi /var/run/artica-apache/php5.fastcgi"; $f[] = "\tAddHandler php-script .php"; $f[] = "\tFastCGIExternalServer /var/run/artica-apache/php5.fastcgi -socket /var/run/php-fpm.sock -idle-timeout 610"; $f[] = "\tAction php-script /php5.fastcgi virtual"; $f[] = "\t<Directory /var/run/artica-apache>"; $f[] = "\t\t<Files php5.fastcgi>"; $f[] = "\t\tOrder deny,allow"; $f[] = "\t\tAllow from all"; $f[] = "\t\t</Files>"; $f[] = "\t</Directory>"; } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} PHP5-FPM is disabled\n"; } } $f[] = "Loglevel debug"; $f[] = "ErrorLog {$ErrorLog}"; $f[] = "LogFormat \"%h %l %u %t \\\"%r\\\" %<s %b\" common"; $f[] = "CustomLog {$LogFilePath} common"; if ($EnableArticaApachePHPFPM == 0) { $array["php5_module"] = "libphp5.so"; } $array["actions_module"] = "mod_actions.so"; $array["expires_module"] = "mod_expires.so"; $array["rewrite_module"] = "mod_rewrite.so"; $array["dir_module"] = "mod_dir.so"; $array["mime_module"] = "mod_mime.so"; $array["alias_module"] = "mod_alias.so"; $array["auth_basic_module"] = "mod_auth_basic.so"; $array["authz_host_module"] = "mod_authz_host.so"; $array["autoindex_module"] = "mod_autoindex.so"; $array["negotiation_module"] = "mod_negotiation.so"; $array["ssl_module"] = "mod_ssl.so"; $array["headers_module"] = "mod_headers.so"; $array["ldap_module"] = "mod_ldap.so"; if ($Params["DOSEnable"] == 1) { $array["evasive20_module"] = "mod_evasive20.so"; } if ($EnableArticaApachePHPFPM == 1) { $array["fastcgi_module"] = "mod_fastcgi.so"; } if (is_dir("/etc/apache2")) { if (!is_file("/etc/apache2/mime.types")) { if ($apache_LOCATE_MIME_TYPES != "/etc/apache2/mime.types") { @copy($apache_LOCATE_MIME_TYPES, "/etc/apache2/mime.types"); } } } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Mime types path.......: {$apache_LOCATE_MIME_TYPES}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Modules path..........: {$APACHE_MODULES_PATH}\n"; } while (list($module, $lib) = each($array)) { if (is_file("{$APACHE_MODULES_PATH}/{$lib}")) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} include module \"{$module}\"\n"; } $f[] = "LoadModule {$module} {$APACHE_MODULES_PATH}/{$lib}"; } else { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} skip module \"{$module}\"\n"; } } } build_error_page(); @file_put_contents("/etc/artica-postfix/hotspot-httpd.conf", @implode("\n", $f) . "\n"); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/artica-postfix/hotspot-httpd.conf done\n"; } }
function buildconfig() { # $Id$"; msg_html(); $sock = new sockets(); $unix = new unix(); $q = new mysql_squid_builder(); $q->check_hotspot_tables(); $php = $unix->LOCATE_PHP5_BIN(); $SquidHotSpotPort = intval($sock->GET_INFO("SquidHotSpotPort")); $ArticaHotSpotPort = intval($sock->GET_INFO("ArticaHotSpotPort")); $ArticaSSLHotSpotPort = intval($sock->GET_INFO("ArticaSSLHotSpotPort")); $ArticaSplashHotSpotPort = intval($sock->GET_INFO("ArticaSplashHotSpotPort")); $SquidHotSpotSSLPort = intval($sock->GET_INFO("SquidHotSpotSSLPort")); $HospotNoSSL = intval($sock->GET_INFO("HospotNoSSL")); $HotSpotDenySSL = intval($sock->GET_INFO("HotSpotDenySSL")); $ArticaHotSpotEmergency = intval($sock->GET_INFO("ArticaHotSpotEmergency")); $ArticaSplashHotSpotPortSSL = intval($sock->GET_INFO("ArticaSplashHotSpotPortSSL")); $ArticaSplashHotSpotCertificate = $sock->GET_INFO("ArticaSplashHotSpotCertificate"); $ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface"); $ArticaHotSpotInterface2 = $sock->GET_INFO("ArticaHotSpotInterface2"); if ($ArticaHotSpotInterface == null) { $ArticaHotSpotInterface = "eth0"; } $ArticaHotSpotEnableMIT = $sock->GET_INFO("ArticaHotSpotEnableMIT"); $ArticaHotSpotEnableProxy = $sock->GET_INFO("ArticaHotSpotEnableProxy"); if (!is_numeric($ArticaHotSpotEnableMIT)) { $ArticaHotSpotEnableMIT = 1; } if (!is_numeric($ArticaHotSpotEnableProxy)) { $ArticaHotSpotEnableProxy = 1; } if ($ArticaHotSpotInterface2 == $ArticaHotSpotInterface) { $ArticaHotSpotInterface2 = null; } if ($ArticaSplashHotSpotPort == 0) { $ArticaSplashHotSpotPort = 16080; } if ($ArticaSplashHotSpotPortSSL == 0) { $ArticaSplashHotSpotPortSSL = 16443; } if ($ArticaHotSpotPort == 0) { $ArticaHotSpotPort = rand(38000, 64000); $sock->SET_INFO("ArticaHotSpotPort", $ArticaHotSpotPort); } if ($ArticaSSLHotSpotPort == 0) { $ArticaSSLHotSpotPort = rand(38500, 64000); $sock->SET_INFO("ArticaSSLHotSpotPort", $ArticaSSLHotSpotPort); } if ($SquidHotSpotPort == 0) { $SquidHotSpotPort = rand(40000, 64000); $sock->SET_INFO("SquidHotSpotPort", $SquidHotSpotPort); } if ($SquidHotSpotSSLPort == 0) { $SquidHotSpotSSLPort = rand(40500, 64000); $sock->SET_INFO("SquidHotSpotSSLPort", $SquidHotSpotSSLPort); } $NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES(); $IPADDR = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"]; $GatewayAddress = $IPADDR; $sock->SET_INFO("HotSpotGatewayAddr", $IPADDR); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HTTP service on {$NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface]["IPADDR"]} `{$IPADDR}` port\n"; } $HospotHTTPServerName = trim($sock->GET_INFO("HospotHTTPServerName")); $IPADDR2 = $NETWORK_ALL_INTERFACES[$ArticaHotSpotInterface2]["IPADDR"]; $WifiDogDebugLevel = intval($sock->GET_INFO("WifiDogDebugLevel")); build_progress("{reconfiguring}", 60); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HTTP service on {$ArticaSplashHotSpotPort} port\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HTTPS service on {$ArticaSplashHotSpotPortSSL} port\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: HotSpot service on {$ArticaHotSpotPort} port\n"; } if ($ArticaHotSpotInterface2 != null) { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Listen IN on {$ArticaHotSpotInterface} ( {$IPADDR} )\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Listen OUT on {$ArticaHotSpotInterface2} ( {$IPADDR2} )\n"; } } else { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Listen on {$ArticaHotSpotInterface} ( {$IPADDR} )\n"; } } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Proxy Listen on {$SquidHotSpotPort} port\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Re-authenticate each {$ArticaSplashHotSpotCacheAuth} Minutes\n"; } if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Debug Level:{$WifiDogDebugLevel}\n"; } $Checking_squid = Checking_squid($SquidHotSpotPort); if (!$Checking_squid) { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy...\n"; } shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force"); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Restarting Proxy...\n"; } shell_exec("/etc/init.d/squid restart --force {$GLOBALS["SCRIPT_SUFFIX"]}"); } build_progress("{reconfiguring}", 61); $Checking_squid = Checking_squid($SquidHotSpotPort); if (!$Checking_squid) { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy on port {$SquidHotSpotPort} Failed!!!\n"; } } build_progress("{reconfiguring}", 62); if ($ArticaHotSpotEnableMIT == 1) { $Checking_squid = Checking_squid($SquidHotSpotSSLPort); build_progress("{reconfiguring}", 63); if (!$Checking_squid) { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy...\n"; } shell_exec("{$php} /usr/share/artica-postfix/exec.squid.php --build --force"); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Restarting Proxy...\n"; } shell_exec("/etc/init.d/squid restart --force {$GLOBALS["SCRIPT_SUFFIX"]}"); } $Checking_squid = Checking_squid($SquidHotSpotSSLPort); if (!$Checking_squid) { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Reconfiguring proxy on port {$SquidHotSpotSSLPort} Failed!!!\n"; } } } $modprobe = $unix->find_program("modprobe"); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: probing iptables modules...\n"; } $array = array(); $array[] = "ip_tables"; $array[] = "ip_conntrack"; $array[] = "ip_conntrack_ftp"; $array[] = "ip_conntrack_irc"; $array[] = "iptable_nat"; $array[] = "ip_nat_ftp"; while (list($num, $ligne) = each($array)) { if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: probing {$ligne}\n"; } shell_exec("{$modprobe} {$ligne}"); } $sysctl = $unix->find_program("sysctl"); $echo = $unix->find_program("echo"); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Enable gateway..\n"; } shell_exec("{$echo} 1 > /proc/sys/net/ipv4/ip_forward"); shell_exec("{$echo} 1 > /proc/sys/net/ipv4/ip_dynaddr"); shell_exec("{$sysctl} -w net.ipv4.ip_forward=1 2>&1"); shell_exec("{$echo} 1 > /proc/sys/net/ipv4/ip_forward"); $comment = " -m comment --comment \"WiFiDog_NAT\""; if ($ArticaHotSpotInterface2 != null) { $iptables = $unix->find_program("iptables"); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Chain {$ArticaHotSpotInterface} and {$ArticaHotSpotInterface2}\n"; } $EXTIF = $ArticaHotSpotInterface2; $INTIF = $ArticaHotSpotInterface; shell_exec("{$iptables} -A FORWARD -i {$EXTIF} -o {$INTIF} -m state --state ESTABLISHED,RELATED {$comment} -j ACCEPT"); shell_exec("{$iptables} -A FORWARD -i {$INTIF} -o {$EXTIF} {$comment} -j ACCEPT"); shell_exec("{$iptables} -t nat -A POSTROUTING -o {$EXTIF} {$comment} -j MASQUERADE"); } $WifidogClientTimeout = intval($sock->GET_INFO("WifidogClientTimeout")); if ($WifidogClientTimeout < 5) { $WifidogClientTimeout = 30; } build_progress("{reconfiguring}", 64); $f[] = "# WiFiDog Configuration file"; $f[] = "# Saved by artica on " . date("Y-m-d H:i:s"); $f[] = ""; $f[] = "# Parameter: GatewayID"; $f[] = "# Default: default"; $f[] = "# Optional"; $f[] = "#"; $f[] = "# Set this to the node ID on the auth server"; $f[] = "# This is used to give a customized login page to the clients and for"; $f[] = "# monitoring/statistics purpose. If you run multiple gateways on the same"; $f[] = "# machine each gateway needs to have a different gateway id."; $f[] = "# If none is supplied, the mac address of the GatewayInterface interface will be used,"; $f[] = "# without the : separators"; $f[] = ""; $f[] = "# GatewayID default"; $f[] = ""; $f[] = "# Parameter: ExternalInterface"; $f[] = "# Default: NONE"; $f[] = "# Optional"; $f[] = "#"; $f[] = "# Set this to the external interface (the one going out to the Inernet or your larger LAN). "; $f[] = "# Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise,"; $f[] = "# Normally autodetected"; $f[] = ""; if ($ArticaHotSpotInterface2 != null) { $f[] = "ExternalInterface {$ArticaHotSpotInterface2}"; } else { $f[] = "#ExternalInterface eth0 or ppp0 otherwise"; } $f[] = ""; $f[] = "GatewayInterface {$ArticaHotSpotInterface}"; $f[] = "GatewayAddress {$GatewayAddress}"; $f[] = ""; $f[] = "# Parameter: HtmlMessageFile"; $f[] = "# Default: wifidog-msg.html"; $f[] = "# Optional"; $f[] = "#"; $f[] = "# This allows you to specify a custome HTML file which will be used for"; $f[] = "# system errors by the gateway. Any \$title, \$message and \$node variables"; $f[] = "# used inside the file will be replaced."; $f[] = "#"; $f[] = "# HtmlMessageFile /opt/wifidog/etc/wifidog-.html"; $f[] = ""; $f[] = "# Parameter: AuthServer"; $f[] = "# Default: NONE"; $f[] = "# Mandatory, repeatable"; $f[] = "#"; $f[] = "# This allows you to configure your auth server(s). Each one will be tried in order, untill one responds."; $f[] = "# Set this to the hostname or IP of your auth server(s), the path where"; $f[] = "# WiFiDog-auth resides in and the port it listens on."; $f[] = "#AuthServer {"; $f[] = "#\tHostname (Mandatory; Default: NONE)"; $f[] = "#\tSSLAvailable (Optional; Default: no; Possible values: yes, no)"; $f[] = "#\tSSLPort (Optional; Default: 443)"; $f[] = "#\tHTTPPort (Optional; Default: 80)"; $f[] = "#\tPath (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)"; $f[] = "# LoginScriptPathFragment (Optional; Default: login/? Note: This is the script the user will be sent to for login.)"; $f[] = "# PortalScriptPathFragment (Optional; Default: portal/? Note: This is the script the user will be sent to after a successfull login.)"; $f[] = "# MsgScriptPathFragment (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon error to read a readable message.)"; $f[] = "# PingScriptPathFragment (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to read a readable message.)"; $f[] = "# AuthScriptPathFragment (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to read a readable message.)"; $f[] = "#}"; $f[] = "# HospotHTTPServerName = {$HospotHTTPServerName}"; $f[] = "AuthServer {"; if ($HospotHTTPServerName != null) { $f[] = " Hostname {$HospotHTTPServerName}"; $unix->create_EtcHosts($HospotHTTPServerName, $IPADDR); } else { $f[] = " Hostname {$IPADDR}"; } if ($HotSpotDenySSL == 1) { $HospotNoSSL = 1; } $f[] = " SSLPort {$ArticaSplashHotSpotPortSSL}"; if ($HospotNoSSL == 0) { $f[] = " SSLAvailable yes"; } else { $f[] = " SSLAvailable no"; } $f[] = " HTTPPort {$ArticaSplashHotSpotPort}"; $f[] = " LoginScriptPathFragment hotspot.php?wifidog-login=yes&"; $f[] = " PingScriptPathFragment hotspot.php?wifidog-ping=yes&"; $f[] = " AuthScriptPathFragment hotspot.php?wifidog-auth=yes&"; $f[] = " PortalScriptPathFragment hotspot.php?wifidog-portal=yes&"; $f[] = " Path /"; $f[] = "}"; $f[] = ""; $f[] = "Daemon 1"; $f[] = "GatewayPort {$ArticaHotSpotPort}"; if ($ArticaHotSpotEnableProxy == 1) { $f[] = "ProxyPort {$SquidHotSpotPort}"; } $f[] = "HTTPDName Artica HotSpot"; $f[] = "# HTTPDMaxConn 50"; $f[] = ""; $f[] = "# Parameter: HTTPDRealm"; $f[] = "# Default: WiFiDog"; $f[] = "# Optional"; $f[] = "#"; $f[] = "# The name of the HTTP authentication realm. This only used when a user"; $f[] = "# tries to access a protected WiFiDog internal page. See HTTPUserName."; $f[] = "# HTTPDRealm WiFiDog"; $f[] = ""; $f[] = "# Parameter: HTTPDUserName / HTTPDPassword"; $f[] = "# Default: unset"; $f[] = "# Optional"; $f[] = "#"; $f[] = "# The gateway exposes some information such as the status page through its web"; $f[] = "# interface. This information can be protected with a username and password,"; $f[] = "# which can be set through the HTTPDUserName and HTTPDPassword parameters."; $f[] = "# HTTPDUserName admin"; $f[] = "# HTTPDPassword secret"; $f[] = ""; $f[] = "CheckInterval 60"; $f[] = "ClientTimeout {$WifidogClientTimeout}"; $f[] = ""; $f[] = "# Parameter: TrustedMACList"; $f[] = "# Default: none"; $f[] = "# Optional"; $f[] = "#"; $f[] = "# Comma separated list of MAC addresses who are allowed to pass"; $f[] = "# through without authentication"; $f[] = "#TrustedMACList 00:15:5D:01:09:06,00:00:C0:1D:F0:0D"; build_progress("{reconfiguring}", 65); $trusted_macs = trusted_macs(); if ($trusted_macs != null) { $f[] = "TrustedMACList {$trusted_macs}"; } $f[] = ""; $f[] = "# Parameter: FirewallRuleSet"; $f[] = "# Default: none"; $f[] = "# Mandatory"; $f[] = "#"; $f[] = "# Groups a number of FirewallRule statements together."; $f[] = ""; $f[] = "# Parameter: FirewallRule"; $f[] = "# Default: none"; $f[] = "# "; $f[] = "# Define one firewall rule in a rule set."; $f[] = ""; $f[] = "# Rule Set: global"; $f[] = "# "; $f[] = "# Used for rules to be applied to all other rulesets except locked."; $f[] = "FirewallRuleSet global {"; if ($ArticaHotSpotEmergency == 1) { $f[] = "\tFirewallRule allow udp to 0.0.0.0/0"; $f[] = "\tFirewallRule allow tcp to 0.0.0.0/0"; } else { $f[] = firewall_rules(0); } $f[] = " # FirewallRule syntax:"; $f[] = " # FirewallRule (block|drop|allow|log|ulog) [(tcp|udp|icmp) [port X]] [to IP/CIDR]"; $f[] = ""; $f[] = " ## To block SMTP out, as it's a tech support nightmare, and a legal liability"; $f[] = " #FirewallRule block tcp port 25"; $f[] = " "; $f[] = " ## Use the following if you don't want clients to be able to access machines on "; $f[] = " ## the private LAN that gives internet access to wifidog. Note that this is not"; $f[] = " ## client isolation; The laptops will still be able to talk to one another, as"; $f[] = " ## well as to any machine bridged to the wifi of the router."; $f[] = " # FirewallRule block to 192.168.0.0/16"; $f[] = " # FirewallRule block to 172.16.0.0/12"; $f[] = " # FirewallRule block to 10.0.0.0/8"; $f[] = " "; $f[] = " ## This is an example ruleset for the Teliphone service."; $f[] = " #FirewallRule allow udp to 69.90.89.192/27"; $f[] = " #FirewallRule allow udp to 69.90.85.0/27"; $f[] = " #FirewallRule allow tcp port 80 to 69.90.89.205"; $f[] = ""; $f[] = " ## Use the following to log or ulog the traffic you want to allow or block."; $f[] = " # For OPENWRT: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies"; $f[] = " # iptables-mod-extra and iptables-mod-ulog (to adapt it to the linux distribution). "; $f[] = " # Note: the log or ulog rule must be passed before, the rule you want to match."; $f[] = " # for openwrt: use of these feature requires modules ipt_LOG or ipt_ULOG present in dependencies"; $f[] = " # iptables-mod-extra and iptables-mod-ulog"; $f[] = " # For example, you want to log (ulog works the same way) the traffic allowed on port 80 to the ip 69.90.89.205:"; $f[] = " #FirewallRule log tcp port 80 to 69.90.89.205"; $f[] = " #FirewallRule allow tcp port 80 to 69.90.89.205"; $f[] = " # And you want to know, who matche your block rule:"; $f[] = " #FirewallRule log to 0.0.0.0/0"; $f[] = " #FirewallRule block to 0.0.0.0/0"; $f[] = "}"; $f[] = ""; $f[] = "# Rule Set: validating-users"; $f[] = "# Used for new users validating their account"; $f[] = "FirewallRuleSet validating-users {"; if ($ArticaHotSpotEmergency == 1) { $f[] = "\tFirewallRule allow udp to 0.0.0.0/0"; $f[] = "\tFirewallRule allow tcp to 0.0.0.0/0"; } else { $f[] = firewall_rules(1); } $f[] = "FirewallRule allow tcp port 80 to 0.0.0.0/0"; $f[] = "FirewallRule allow tcp port 443 to 0.0.0.0/0"; $f[] = "}"; $f[] = ""; $f[] = "# Rule Set: known-users"; $f[] = "# Used for normal validated users."; $f[] = "FirewallRuleSet known-users {"; if ($ArticaHotSpotEmergency == 1) { $f[] = "\tFirewallRule allow udp to 0.0.0.0/0"; $f[] = "\tFirewallRule allow tcp to 0.0.0.0/0"; } else { $f[] = firewall_rules(1); } $f[] = "FirewallRule allow tcp port 80 to 0.0.0.0/0"; $f[] = "FirewallRule allow tcp port 443 to 0.0.0.0/0"; $f[] = "}"; $f[] = ""; $f[] = "# Rule Set: unknown-users"; $f[] = "#"; $f[] = "# Used for unvalidated users, this is the ruleset that gets redirected."; $f[] = "#"; $f[] = "# XXX The redirect code adds the Default DROP clause."; $f[] = "FirewallRuleSet unknown-users {"; if ($ArticaHotSpotEmergency == 1) { $f[] = "\tFirewallRule allow udp to 0.0.0.0/0"; $f[] = "\tFirewallRule allow tcp to 0.0.0.0/0"; } else { if ($HotSpotDenySSL == 1) { $f[] = "FirewallRule block tcp port 443 to 0.0.0.0/0"; } if ($HotSpotDenySSL == 0) { $f[] = "FirewallRule allow tcp port 443 to 0.0.0.0/0"; } $f[] = " FirewallRule allow udp port 53"; $f[] = " FirewallRule allow tcp port 53"; $f[] = " FirewallRule allow udp port 67"; $f[] = " FirewallRule allow tcp port 67"; $f[] = firewall_rules(2); } $f[] = "}"; $f[] = ""; $f[] = "# Rule Set: locked-users"; $f[] = "#"; $f[] = "# Not currently used"; $f[] = "FirewallRuleSet locked-users {"; if ($ArticaHotSpotEmergency == 1) { $f[] = "\tFirewallRule allow udp to 0.0.0.0/0"; $f[] = "\tFirewallRule allow tcp to 0.0.0.0/0"; } else { $f[] = "\tFirewallRule block to 0.0.0.0/0"; } $f[] = "}"; $f[] = ""; @file_put_contents("/etc/wifidog.conf", @implode("\n", $f)); build_progress("{reconfiguring}", 90); build_error_page(); }