From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] squid / WPAD: Add exception-files for generation of proxy.pac Date: Mon, 15 Apr 2019 10:43:32 +0100 Message-ID: <82CC20D5-7ACF-449C-A067-921271DBEAE8@ipfire.org> In-Reply-To: <1555236523-3509-1-git-send-email-ipfire@starkstromkonsument.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6439595114797628190==" List-Id: --===============6439595114797628190== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Alex, Thanks for submitting the patch. I guess the code looks fine, but where is the UI? Why should this not be configurable on the web interface? -Michael > On 14 Apr 2019, at 11:08, Alexander Koch = wrote: >=20 > This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by addition= al code for reading exceptions for URL's and IP's/Subnets from two new files: >=20 > - /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl > - /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl >=20 > as described in: https://wiki.ipfire.org/configuration/network/proxy/extend= /add_distri >=20 > These can be used to define additional URL's, IP's and Subnets that should = be retrieved "DIRECT" and not via the proxy. The files have to be created by = the user, as the WPAD-Feature is not enabled by default anyway. If the files = are not present or their size is 0, nothing is done. I'll revise the wiki-pag= e, after the patch is merged and the core update is released. >=20 > Signed-off-by: Alexander Koch > --- > html/cgi-bin/proxy.cgi | 39 +++++++++++++++++++++++++++++++++++++++ > 1 file changed, 39 insertions(+) >=20 > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index 6daa7fb..369a5cb 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -124,6 +124,9 @@ my $acl_ports_safe =3D "$acldir/ports_safe.acl"; > my $acl_ports_ssl =3D "$acldir/ports_ssl.acl"; > my $acl_include =3D "$acldir/include.acl"; >=20 > +my $acl_dst_noproxy_url =3D "$acldir/dst_noproxy_url.acl"; > +my $acl_dst_noproxy_ip =3D "$acldir/dst_noproxy_ip.acl"; > + > my $updaccelversion =3D 'n/a'; > my $urlfilterversion =3D 'n/a'; >=20 > @@ -2763,6 +2766,42 @@ END > print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"= $netsettings{'ORANGE_NETMASK'}\")) ||\n"; > } >=20 > + # Additional exceptions for URLs > + # The file has to be created by the user and should contain one entry per= line > + # Line-Format: > + # e.g. *ipfire.org* > + if (-s "$acl_dst_noproxy_url") { > + undef @templist; > + > + open(NOPROXY,"$acl_dst_noproxy_url"); > + @templist =3D ; > + close(NOPROXY); > + chomp (@templist); > + > + foreach (@templist) > + { > + print FILE " (shExpMatch(url, \"$_\")) ||\n"; > + } > + } > + > + # Additional exceptions for Subnets > + # The file has to be created by the user and should contain one entry per= line > + # Line-Format: "", "" > + # e.g. "192.168.0.0", "255.255.255.0" > + if (-s "$acl_dst_noproxy_ip") { > + undef @templist; > + > + open(NOPROXY,"$acl_dst_noproxy_ip"); > + @templist =3D ; > + close(NOPROXY); > + chomp (@templist); > + > + foreach (@templist) > + { > + print FILE " (isInNet(host, $_)) ||\n"; > + } > + } > + > print FILE < (isInNet(host, "169.254.0.0", "255.255.0.0")) > ) > --=20 > 2.7.4 >=20 --===============6439595114797628190==--