Hi,
On 15 Apr 2019, at 21:12, Alexander Koch ipfire@starkstromkonsument.de wrote:
Hello Michael,
my motivation for the patch is to provide a possibility to make exceptions survive an update of squid, as I'm repatching proxy.cgi by myself after each upgrade. I suppose there are more people out there with the same issue. I agree that it would by very nice to have it on the GUI as well, but unfortunately I don't have any experience with CGI yet and I don't have the time to learn it right now. I think patching the integration of the exception files into proxy.cgi is a good first step. It can be used as the base for extending the GUI. Maybe somebody else with CGI experience can help out? It's "just" two textareas and some file i/o basically…
You can literally just copy and paste that. Give it a try!
As far as I know, the WPAD-Feature does not have any GUI support in general (e.g. checkboxes for enabled, enabled on a per subnet basis, etc.) until now. Additionally the WPAD-Feature requires the user to set up the extra apache-vhost or haproxy-frontend for port 80 (for http://wpad.<IPFire-Network-Domain>/wpad.dat) via CLI by himself anyway (another ToDo for a future patch ;-).
It is available on http://<ipfire>:81/wpad.dat. No need for an extra host.
Having this said, I think it is reasonable for the users to maintain their exceptions via CLI in the first instance until a GUI is available. Usually these things are not changed very often. It is still better than having to fix them after each upgrade of proxy.cgi If nobody else grabs this, I might possibly come back to it by myself at a later date.
Should I write a bug report for the WPAD-GUI feature request?
If you want to track it, why not.
-Michael
Best regards, Alex
Am 15.04.2019 um 11:43 schrieb Michael Tremer:
Hello Alex,
Thanks for submitting the patch.
I guess the code looks fine, but where is the UI?
Why should this not be configurable on the web interface?
-Michael
On 14 Apr 2019, at 11:08, Alexander Koch ipfire@starkstromkonsument.de wrote:
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de
html/cgi-bin/proxy.cgi | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..369a5cb 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl"; my $acl_ports_ssl = "$acldir/ports_ssl.acl"; my $acl_include = "$acldir/include.acl";
+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl"; +my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
my $updaccelversion = 'n/a'; my $urlfilterversion = 'n/a';
@@ -2763,6 +2766,42 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
- # Additional exceptions for URLs
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: <URL incl. wildcards>
- # e.g. *ipfire.org*
- if (-s "$acl_dst_noproxy_url") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_url");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (shExpMatch(url, \"$_\")) ||\n";}- }
- # Additional exceptions for Subnets
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: "<IP>", "<SUBNET MASK>"
- # e.g. "192.168.0.0", "255.255.255.0"
- if (-s "$acl_dst_noproxy_ip") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_ip");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (isInNet(host, $_)) ||\n";}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 2.7.4