From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] squid / WPAD: Add exception-files for generation of proxy.pac Date: Wed, 17 Apr 2019 15:08:39 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2303456877401520181==" List-Id: --===============2303456877401520181== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, > On 15 Apr 2019, at 21:12, Alexander Koch = wrote: >=20 > Hello Michael, >=20 > my motivation for the patch is to provide a possibility to make exceptions = survive an update of squid, as I'm repatching proxy.cgi by myself after each = upgrade. I suppose there are more people out there with the same issue. I agr= ee that it would by very nice to have it on the GUI as well, but unfortunatel= y I don't have any experience with CGI yet and I don't have the time to learn= it right now. I think patching the integration of the exception files into p= roxy.cgi is a good first step. It can be used as the base for extending the G= UI. Maybe somebody else with CGI experience can help out? It's "just" two tex= tareas and some file i/o basically=E2=80=A6 You can literally just copy and paste that. Give it a try! > As far as I know, the WPAD-Feature does not have any GUI support in general= (e.g. checkboxes for enabled, enabled on a per subnet basis, etc.) until now= . Additionally the WPAD-Feature requires the user to set up the extra apache-= vhost or haproxy-frontend for port 80 (for http://wpad./wpad.dat) via CLI by himself anyway (another ToDo for a future patch ;-). It is available on http://:81/wpad.dat. No need for an extra host. > Having this said, I think it is reasonable for the users to maintain their = exceptions via CLI in the first instance until a GUI is available. Usually th= ese things are not changed very often. It is still better than having to fix = them after each upgrade of proxy.cgi If nobody else grabs this, I might possi= bly come back to it by myself at a later date. >=20 > Should I write a bug report for the WPAD-GUI feature request? If you want to track it, why not. -Michael >=20 > Best regards, > Alex=20 >=20 >=20 > Am 15.04.2019 um 11:43 schrieb Michael Tremer: >> Hello Alex, >>=20 >> Thanks for submitting the patch. >>=20 >> I guess the code looks fine, but where is the UI? >>=20 >> Why should this not be configurable on the web interface? >>=20 >> -Michael >>=20 >>> On 14 Apr 2019, at 11:08, Alexander Koch wrote: >>>=20 >>> This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additi= onal code for reading exceptions for URL's and IP's/Subnets from two new file= s: >>>=20 >>> - /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl >>> - /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl >>>=20 >>> as described in: https://wiki.ipfire.org/configuration/network/proxy/exte= nd/add_distri >>>=20 >>> These can be used to define additional URL's, IP's and Subnets that shoul= d be retrieved "DIRECT" and not via the proxy. The files have to be created b= y the user, as the WPAD-Feature is not enabled by default anyway. If the file= s are not present or their size is 0, nothing is done. I'll revise the wiki-p= age, after the patch is merged and the core update is released. >>>=20 >>> Signed-off-by: Alexander Koch >>> --- >>> html/cgi-bin/proxy.cgi | 39 +++++++++++++++++++++++++++++++++++++++ >>> 1 file changed, 39 insertions(+) >>>=20 >>> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi >>> index 6daa7fb..369a5cb 100644 >>> --- a/html/cgi-bin/proxy.cgi >>> +++ b/html/cgi-bin/proxy.cgi >>> @@ -124,6 +124,9 @@ my $acl_ports_safe =3D "$acldir/ports_safe.acl"; >>> my $acl_ports_ssl =3D "$acldir/ports_ssl.acl"; >>> my $acl_include =3D "$acldir/include.acl"; >>>=20 >>> +my $acl_dst_noproxy_url =3D "$acldir/dst_noproxy_url.acl"; >>> +my $acl_dst_noproxy_ip =3D "$acldir/dst_noproxy_ip.acl"; >>> + >>> my $updaccelversion =3D 'n/a'; >>> my $urlfilterversion =3D 'n/a'; >>>=20 >>> @@ -2763,6 +2766,42 @@ END >>> print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", = \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; >>> } >>>=20 >>> + # Additional exceptions for URLs >>> + # The file has to be created by the user and should contain one entry p= er line >>> + # Line-Format: >>> + # e.g. *ipfire.org* >>> + if (-s "$acl_dst_noproxy_url") { >>> + undef @templist; >>> + >>> + open(NOPROXY,"$acl_dst_noproxy_url"); >>> + @templist =3D ; >>> + close(NOPROXY); >>> + chomp (@templist); >>> + >>> + foreach (@templist) >>> + { >>> + print FILE " (shExpMatch(url, \"$_\")) ||\n"; >>> + } >>> + } >>> + >>> + # Additional exceptions for Subnets >>> + # The file has to be created by the user and should contain one entry p= er line >>> + # Line-Format: "", "" >>> + # e.g. "192.168.0.0", "255.255.255.0" >>> + if (-s "$acl_dst_noproxy_ip") { >>> + undef @templist; >>> + >>> + open(NOPROXY,"$acl_dst_noproxy_ip"); >>> + @templist =3D ; >>> + close(NOPROXY); >>> + chomp (@templist); >>> + >>> + foreach (@templist) >>> + { >>> + print FILE " (isInNet(host, $_)) ||\n"; >>> + } >>> + } >>> + >>> print FILE <>> (isInNet(host, "169.254.0.0", "255.255.0.0")) >>> ) >>> --=20 >>> 2.7.4 >>>=20 >>=20 --===============2303456877401520181==--