* [PATCH 1/2] proxy.cgi: remove old CVS licence clutter
@ 2020-06-21 10:57 Peter Müller
2020-06-21 10:57 ` [PATCH 2/2] Revert "proxy: Remove AUTH_IPCACHE_TTL" Peter Müller
0 siblings, 1 reply; 2+ messages in thread
From: Peter Müller @ 2020-06-21 10:57 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 801 bytes --]
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
html/cgi-bin/proxy.cgi | 7 -------
1 file changed, 7 deletions(-)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 73646a5ae..d1de4522d 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -18,13 +18,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
-#
-# (c) 2004-2009 marco.s - http://www.advproxy.net
-#
-# This code is distributed under the terms of the GPL
-#
-# $Id: advproxy.cgi,v 3.0.2 2009/02/04 00:00:00 marco.s Exp $
-#
use strict;
use Apache::Htpasswd;
--
2.26.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 2/2] Revert "proxy: Remove AUTH_IPCACHE_TTL"
2020-06-21 10:57 [PATCH 1/2] proxy.cgi: remove old CVS licence clutter Peter Müller
@ 2020-06-21 10:57 ` Peter Müller
0 siblings, 0 replies; 2+ messages in thread
From: Peter Müller @ 2020-06-21 10:57 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 24010 bytes --]
This reverts commit dc637f087fe07ab26ae1dee00133da69bab5e6a1.
Rationale: "authenticate_ip_ttl" can be safely used as it does not
introduces an authentication bypass, but saves relationships between
successfully authenticated users and their IP addresses.
"max_user_ip" depends on such an authentication cache, so credential
sharing between several IPs (on purpose or by chance) can be detected
properly. This is useful in case of crompromised machines and/or
attackers in internal networks having stolen proxy authentication
credentials.
Quoted from squid.conf.documented or man 5 squid.conf:
> acl aclname max_user_ip [-s] number
> # This will be matched when the user attempts to log in from more
> # than <number> different ip addresses. The authenticate_ip_ttl
> # parameter controls the timeout on the ip entries. [fast]
> # If -s is specified the limit is strict, denying browsing
> # from any further IP addresses until the ttl has expired. Without
> # -s Squid will just annoy the user by "randomly" denying requests.
> # (the counter is reset each time the limit is reached and a
> # request is denied)
> # NOTE: in acceleration mode or where there is mesh of child proxies,
> # clients may appear to come from multiple addresses if they are
> # going through proxy farms, so a limit of 1 may cause user problems.
Fixes: #11994
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
doc/language_issues.de | 3 ---
doc/language_issues.en | 2 ++
doc/language_issues.es | 7 ++-----
doc/language_issues.fr | 3 ---
doc/language_issues.it | 3 ---
doc/language_issues.nl | 3 ---
doc/language_issues.pl | 7 ++-----
doc/language_issues.ru | 5 +----
doc/language_issues.tr | 3 ---
html/cgi-bin/proxy.cgi | 28 +++++++++++++++++++---------
10 files changed, 26 insertions(+), 38 deletions(-)
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 2dc986d0a..f2d628d51 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -48,7 +48,6 @@ WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: adsl settings
WARNING: translation string unused: advproxy AUTH method ntlm
-WARNING: translation string unused: advproxy AUTH user IP cache TTL
WARNING: translation string unused: advproxy LDAP auth
WARNING: translation string unused: advproxy NTLM BDC hostname
WARNING: translation string unused: advproxy NTLM PDC hostname
@@ -73,8 +72,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password
WARNING: translation string unused: advproxy chgwebpwd new password confirm
WARNING: translation string unused: advproxy chgwebpwd old password
WARNING: translation string unused: advproxy chgwebpwd username
-WARNING: translation string unused: advproxy content based throttling
-WARNING: translation string unused: advproxy errmsg auth ipcache ttl
WARNING: translation string unused: advproxy errmsg change fail
WARNING: translation string unused: advproxy errmsg change success
WARNING: translation string unused: advproxy errmsg invalid bdc
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 88fa6ed79..76c4237d4 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -128,6 +128,7 @@ WARNING: untranslated string: advproxy AUTH method radius = RADIUS
WARNING: untranslated string: advproxy AUTH no auth = Domains without authentication (one per line)
WARNING: untranslated string: advproxy AUTH number of auth processes = Number of authentication processes
WARNING: untranslated string: advproxy AUTH realm = Authentication realm prompt
+WARNING: untranslated string: advproxy AUTH user IP cache TTL = User/IP cache TTL (in minutes)
WARNING: untranslated string: advproxy IDENT authorized users = Authorized users (one per line)
WARNING: untranslated string: advproxy IDENT aware hosts = Ident aware hosts (one per line)
WARNING: untranslated string: advproxy IDENT identd settings = Common identd settings
@@ -206,6 +207,7 @@ WARNING: untranslated string: advproxy errmsg acl cannot be empty = Access contr
WARNING: untranslated string: advproxy errmsg auth cache ttl = Invalid value for authentication cache TTL
WARNING: untranslated string: advproxy errmsg auth children = Invalid number of authentication processes
WARNING: untranslated string: advproxy errmsg auth ipcache may not be null = Authentication cache TTL may not be 0 when using IP address limits
+WARNING: untranslated string: advproxy errmsg auth ipcache ttl = Invalid value for user/IP cache TTL
WARNING: untranslated string: advproxy errmsg cache = The RAM cache size is greater than the harddisk cache size:
WARNING: untranslated string: advproxy errmsg hdd cache size = Invalid value for harddisk cache size (min 10 MB required)
WARNING: untranslated string: advproxy errmsg ident timeout = Invalid ident timeout
diff --git a/doc/language_issues.es b/doc/language_issues.es
index ef78d6680..4d74fe91b 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -24,7 +24,6 @@ WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
-WARNING: translation string unused: advproxy AUTH user IP cache TTL
WARNING: translation string unused: advproxy LDAP auth
WARNING: translation string unused: advproxy NTLM BDC hostname
WARNING: translation string unused: advproxy NTLM PDC hostname
@@ -49,8 +48,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password
WARNING: translation string unused: advproxy chgwebpwd new password confirm
WARNING: translation string unused: advproxy chgwebpwd old password
WARNING: translation string unused: advproxy chgwebpwd username
-WARNING: translation string unused: advproxy content based throttling
-WARNING: translation string unused: advproxy errmsg auth ipcache ttl
WARNING: translation string unused: advproxy errmsg change fail
WARNING: translation string unused: advproxy errmsg change success
WARNING: translation string unused: advproxy errmsg invalid bdc
@@ -900,7 +897,7 @@ WARNING: untranslated string: fireinfo please enable = Please enable the fireinf
WARNING: untranslated string: fireinfo settings = Fireinfo settings
WARNING: untranslated string: fireinfo system version = System versions
WARNING: untranslated string: fireinfo why descr1 = It is very important for the development of IPFire that you enable this
-WARNING: untranslated string: fireinfo why descr2 = service.
+WARNING: untranslated string: fireinfo why descr2 = service.
WARNING: untranslated string: fireinfo why enable = Why should I enable fireinfo?
WARNING: untranslated string: fireinfo why read more = Read more about the reasons.
WARNING: untranslated string: fireinfo your profile id = Your profile ID
@@ -958,7 +955,7 @@ WARNING: untranslated string: fwdfw err tgt_port = Invalid destination port.
WARNING: untranslated string: fwdfw err time = You have to select at least one day.
WARNING: untranslated string: fwdfw external port nat = External port (NAT)
WARNING: untranslated string: fwdfw hint ip1 = The last generated rule may never match, because source and destination subnets may overlap.
-WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense:
+WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense:
WARNING: untranslated string: fwdfw hint mac = The destination group contains MAC addresses, which will be skipped during rule creation.
WARNING: untranslated string: fwdfw iface = Interface
WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections per IP address
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index fd10b171e..c5953d5ba 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -52,7 +52,6 @@ WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: adsl settings
WARNING: translation string unused: advproxy AUTH method ntlm
-WARNING: translation string unused: advproxy AUTH user IP cache TTL
WARNING: translation string unused: advproxy LDAP auth
WARNING: translation string unused: advproxy NTLM BDC hostname
WARNING: translation string unused: advproxy NTLM PDC hostname
@@ -77,8 +76,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password
WARNING: translation string unused: advproxy chgwebpwd new password confirm
WARNING: translation string unused: advproxy chgwebpwd old password
WARNING: translation string unused: advproxy chgwebpwd username
-WARNING: translation string unused: advproxy content based throttling
-WARNING: translation string unused: advproxy errmsg auth ipcache ttl
WARNING: translation string unused: advproxy errmsg change fail
WARNING: translation string unused: advproxy errmsg change success
WARNING: translation string unused: advproxy errmsg invalid bdc
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 16ff776b5..059c73a59 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -26,7 +26,6 @@ WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: advproxy AUTH method ntlm
-WARNING: translation string unused: advproxy AUTH user IP cache TTL
WARNING: translation string unused: advproxy LDAP auth
WARNING: translation string unused: advproxy NTLM BDC hostname
WARNING: translation string unused: advproxy NTLM PDC hostname
@@ -51,8 +50,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password
WARNING: translation string unused: advproxy chgwebpwd new password confirm
WARNING: translation string unused: advproxy chgwebpwd old password
WARNING: translation string unused: advproxy chgwebpwd username
-WARNING: translation string unused: advproxy content based throttling
-WARNING: translation string unused: advproxy errmsg auth ipcache ttl
WARNING: translation string unused: advproxy errmsg change fail
WARNING: translation string unused: advproxy errmsg change success
WARNING: translation string unused: advproxy errmsg invalid bdc
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 328a8e1f2..8a79baa83 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -25,7 +25,6 @@ WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
-WARNING: translation string unused: advproxy AUTH user IP cache TTL
WARNING: translation string unused: advproxy LDAP auth
WARNING: translation string unused: advproxy NTLM BDC hostname
WARNING: translation string unused: advproxy NTLM PDC hostname
@@ -50,8 +49,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password
WARNING: translation string unused: advproxy chgwebpwd new password confirm
WARNING: translation string unused: advproxy chgwebpwd old password
WARNING: translation string unused: advproxy chgwebpwd username
-WARNING: translation string unused: advproxy content based throttling
-WARNING: translation string unused: advproxy errmsg auth ipcache ttl
WARNING: translation string unused: advproxy errmsg change fail
WARNING: translation string unused: advproxy errmsg change success
WARNING: translation string unused: advproxy errmsg invalid bdc
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index ef78d6680..4d74fe91b 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -24,7 +24,6 @@ WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
-WARNING: translation string unused: advproxy AUTH user IP cache TTL
WARNING: translation string unused: advproxy LDAP auth
WARNING: translation string unused: advproxy NTLM BDC hostname
WARNING: translation string unused: advproxy NTLM PDC hostname
@@ -49,8 +48,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password
WARNING: translation string unused: advproxy chgwebpwd new password confirm
WARNING: translation string unused: advproxy chgwebpwd old password
WARNING: translation string unused: advproxy chgwebpwd username
-WARNING: translation string unused: advproxy content based throttling
-WARNING: translation string unused: advproxy errmsg auth ipcache ttl
WARNING: translation string unused: advproxy errmsg change fail
WARNING: translation string unused: advproxy errmsg change success
WARNING: translation string unused: advproxy errmsg invalid bdc
@@ -900,7 +897,7 @@ WARNING: untranslated string: fireinfo please enable = Please enable the fireinf
WARNING: untranslated string: fireinfo settings = Fireinfo settings
WARNING: untranslated string: fireinfo system version = System versions
WARNING: untranslated string: fireinfo why descr1 = It is very important for the development of IPFire that you enable this
-WARNING: untranslated string: fireinfo why descr2 = service.
+WARNING: untranslated string: fireinfo why descr2 = service.
WARNING: untranslated string: fireinfo why enable = Why should I enable fireinfo?
WARNING: untranslated string: fireinfo why read more = Read more about the reasons.
WARNING: untranslated string: fireinfo your profile id = Your profile ID
@@ -958,7 +955,7 @@ WARNING: untranslated string: fwdfw err tgt_port = Invalid destination port.
WARNING: untranslated string: fwdfw err time = You have to select at least one day.
WARNING: untranslated string: fwdfw external port nat = External port (NAT)
WARNING: untranslated string: fwdfw hint ip1 = The last generated rule may never match, because source and destination subnets may overlap.
-WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense:
+WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense:
WARNING: untranslated string: fwdfw hint mac = The destination group contains MAC addresses, which will be skipped during rule creation.
WARNING: untranslated string: fwdfw iface = Interface
WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections per IP address
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 0a579d406..d435f0437 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -25,7 +25,6 @@ WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
-WARNING: translation string unused: advproxy AUTH user IP cache TTL
WARNING: translation string unused: advproxy LDAP auth
WARNING: translation string unused: advproxy NTLM BDC hostname
WARNING: translation string unused: advproxy NTLM PDC hostname
@@ -50,8 +49,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password
WARNING: translation string unused: advproxy chgwebpwd new password confirm
WARNING: translation string unused: advproxy chgwebpwd old password
WARNING: translation string unused: advproxy chgwebpwd username
-WARNING: translation string unused: advproxy content based throttling
-WARNING: translation string unused: advproxy errmsg auth ipcache ttl
WARNING: translation string unused: advproxy errmsg change fail
WARNING: translation string unused: advproxy errmsg change success
WARNING: translation string unused: advproxy errmsg invalid bdc
@@ -952,7 +949,7 @@ WARNING: untranslated string: fwdfw err tgt_port = Invalid destination port.
WARNING: untranslated string: fwdfw err time = You have to select at least one day.
WARNING: untranslated string: fwdfw external port nat = External port (NAT)
WARNING: untranslated string: fwdfw hint ip1 = The last generated rule may never match, because source and destination subnets may overlap.
-WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense:
+WARNING: untranslated string: fwdfw hint ip2 = Please double-check if this rule makes sense:
WARNING: untranslated string: fwdfw hint mac = The destination group contains MAC addresses, which will be skipped during rule creation.
WARNING: untranslated string: fwdfw iface = Interface
WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections per IP address
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index d04c99305..d4cbbac2d 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -48,7 +48,6 @@ WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: adsl settings
WARNING: translation string unused: advproxy AUTH method ntlm
-WARNING: translation string unused: advproxy AUTH user IP cache TTL
WARNING: translation string unused: advproxy LDAP auth
WARNING: translation string unused: advproxy NTLM BDC hostname
WARNING: translation string unused: advproxy NTLM PDC hostname
@@ -73,8 +72,6 @@ WARNING: translation string unused: advproxy chgwebpwd new password
WARNING: translation string unused: advproxy chgwebpwd new password confirm
WARNING: translation string unused: advproxy chgwebpwd old password
WARNING: translation string unused: advproxy chgwebpwd username
-WARNING: translation string unused: advproxy content based throttling
-WARNING: translation string unused: advproxy errmsg auth ipcache ttl
WARNING: translation string unused: advproxy errmsg change fail
WARNING: translation string unused: advproxy errmsg change success
WARNING: translation string unused: advproxy errmsg invalid bdc
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index d1de4522d..fdf9bddaf 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -232,6 +232,7 @@ $proxysettings{'AUTH_METHOD'} = 'none';
$proxysettings{'AUTH_REALM'} = '';
$proxysettings{'AUTH_MAX_USERIP'} = '';
$proxysettings{'AUTH_CACHE_TTL'} = '60';
+$proxysettings{'AUTH_IPCACHE_TTL'} = '0';
$proxysettings{'AUTH_CHILDREN'} = '5';
$proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
$proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
@@ -437,18 +438,23 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
}
}
}
+ if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
+ ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
+ {
+ $errormessage = $Lang::tr{'advproxy errmsg max userip'};
+ goto ERROR;
+ }
if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
{
$errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
goto ERROR;
}
- if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
- ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
+ if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
{
- $errormessage = $Lang::tr{'advproxy errmsg max userip'};
+ $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
goto ERROR;
}
- if (!($proxysettings{'AUTH_MAX_USERIP'} eq ''))
+ if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
{
$errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
goto ERROR;
@@ -1735,6 +1741,10 @@ print <<END
<td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
<td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
</tr>
+<tr>
+ <td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
+ <td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
+</tr>
<tr>
<td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
<td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
@@ -2031,6 +2041,7 @@ print <<END
<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
+<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
<td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
<td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
@@ -2042,6 +2053,7 @@ print <<END
<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
+<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
END
; }
@@ -3255,11 +3267,6 @@ END
}
print FILE "\n";
- # If we use authentication, users must always authenticate
- unless ($proxysettings{"AUTH_METHOD"} eq "") {
- print FILE "authenticate_ip_ttl 0\n\n";
- }
-
if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
{
if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
@@ -3268,6 +3275,7 @@ END
print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
print FILE "auth_param basic realm $authrealm\n";
print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
+ if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
}
if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
@@ -3312,6 +3320,7 @@ END
print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
print FILE "auth_param basic realm $authrealm\n";
print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
+ if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
}
if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
@@ -3352,6 +3361,7 @@ END
print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
print FILE "auth_param basic realm $authrealm\n";
print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
+ if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
}
print FILE "\n";
--
2.26.2
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-21 10:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-21 10:57 [PATCH 1/2] proxy.cgi: remove old CVS licence clutter Peter Müller
2020-06-21 10:57 ` [PATCH 2/2] Revert "proxy: Remove AUTH_IPCACHE_TTL" Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox