This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl - /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de --- html/cgi-bin/proxy.cgi | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..369a5cb 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl"; my $acl_ports_ssl = "$acldir/ports_ssl.acl"; my $acl_include = "$acldir/include.acl";
+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl"; +my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl"; + my $updaccelversion = 'n/a'; my $urlfilterversion = 'n/a';
@@ -2763,6 +2766,42 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
+ # Additional exceptions for URLs + # The file has to be created by the user and should contain one entry per line + # Line-Format: <URL incl. wildcards> + # e.g. *ipfire.org* + if (-s "$acl_dst_noproxy_url") { + undef @templist; + + open(NOPROXY,"$acl_dst_noproxy_url"); + @templist = <NOPROXY>; + close(NOPROXY); + chomp (@templist); + + foreach (@templist) + { + print FILE " (shExpMatch(url, "$_")) ||\n"; + } + } + + # Additional exceptions for Subnets + # The file has to be created by the user and should contain one entry per line + # Line-Format: "<IP>", "<SUBNET MASK>" + # e.g. "192.168.0.0", "255.255.255.0" + if (-s "$acl_dst_noproxy_ip") { + undef @templist; + + open(NOPROXY,"$acl_dst_noproxy_ip"); + @templist = <NOPROXY>; + close(NOPROXY); + chomp (@templist); + + foreach (@templist) + { + print FILE " (isInNet(host, $_)) ||\n"; + } + } + print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
Hello Alex,
Thanks for submitting the patch.
I guess the code looks fine, but where is the UI?
Why should this not be configurable on the web interface?
-Michael
On 14 Apr 2019, at 11:08, Alexander Koch ipfire@starkstromkonsument.de wrote:
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de
html/cgi-bin/proxy.cgi | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..369a5cb 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl"; my $acl_ports_ssl = "$acldir/ports_ssl.acl"; my $acl_include = "$acldir/include.acl";
+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl"; +my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
my $updaccelversion = 'n/a'; my $urlfilterversion = 'n/a';
@@ -2763,6 +2766,42 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
- # Additional exceptions for URLs
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: <URL incl. wildcards>
- # e.g. *ipfire.org*
- if (-s "$acl_dst_noproxy_url") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_url");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (shExpMatch(url, \"$_\")) ||\n";}- }
- # Additional exceptions for Subnets
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: "<IP>", "<SUBNET MASK>"
- # e.g. "192.168.0.0", "255.255.255.0"
- if (-s "$acl_dst_noproxy_ip") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_ip");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (isInNet(host, $_)) ||\n";}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 2.7.4
Hello Michael,
my motivation for the patch is to provide a possibility to make exceptions survive an update of squid, as I'm repatching proxy.cgi by myself after each upgrade. I suppose there are more people out there with the same issue. I agree that it would by very nice to have it on the GUI as well, but unfortunately I don't have any experience with CGI yet and I don't have the time to learn it right now. I think patching the integration of the exception files into proxy.cgi is a good first step. It can be used as the base for extending the GUI. Maybe somebody else with CGI experience can help out? It's "just" two textareas and some file i/o basically...
As far as I know, the WPAD-Feature does not have any GUI support in general (e.g. checkboxes for enabled, enabled on a per subnet basis, etc.) until now. Additionally the WPAD-Feature requires the user to set up the extra apache-vhost or haproxy-frontend for port 80 (for http://wpad.<IPFire-Network-Domain>/wpad.dat) via CLI by himself anyway (another ToDo for a future patch ;-).
Having this said, I think it is reasonable for the users to maintain their exceptions via CLI in the first instance until a GUI is available. Usually these things are not changed very often. It is still better than having to fix them after each upgrade of proxy.cgi If nobody else grabs this, I might possibly come back to it by myself at a later date.
Should I write a bug report for the WPAD-GUI feature request?
Best regards, Alex
Am 15.04.2019 um 11:43 schrieb Michael Tremer:
Hello Alex,
Thanks for submitting the patch.
I guess the code looks fine, but where is the UI?
Why should this not be configurable on the web interface?
-Michael
On 14 Apr 2019, at 11:08, Alexander Koch ipfire@starkstromkonsument.de wrote:
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de
html/cgi-bin/proxy.cgi | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..369a5cb 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl"; my $acl_ports_ssl = "$acldir/ports_ssl.acl"; my $acl_include = "$acldir/include.acl";
+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl"; +my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
my $updaccelversion = 'n/a'; my $urlfilterversion = 'n/a';
@@ -2763,6 +2766,42 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
- # Additional exceptions for URLs
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: <URL incl. wildcards>
- # e.g. *ipfire.org*
- if (-s "$acl_dst_noproxy_url") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_url");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (shExpMatch(url, \"$_\")) ||\n";}- }
- # Additional exceptions for Subnets
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: "<IP>", "<SUBNET MASK>"
- # e.g. "192.168.0.0", "255.255.255.0"
- if (-s "$acl_dst_noproxy_ip") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_ip");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (isInNet(host, $_)) ||\n";}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 2.7.4
Hi,
On 15 Apr 2019, at 21:12, Alexander Koch ipfire@starkstromkonsument.de wrote:
Hello Michael,
my motivation for the patch is to provide a possibility to make exceptions survive an update of squid, as I'm repatching proxy.cgi by myself after each upgrade. I suppose there are more people out there with the same issue. I agree that it would by very nice to have it on the GUI as well, but unfortunately I don't have any experience with CGI yet and I don't have the time to learn it right now. I think patching the integration of the exception files into proxy.cgi is a good first step. It can be used as the base for extending the GUI. Maybe somebody else with CGI experience can help out? It's "just" two textareas and some file i/o basically…
You can literally just copy and paste that. Give it a try!
As far as I know, the WPAD-Feature does not have any GUI support in general (e.g. checkboxes for enabled, enabled on a per subnet basis, etc.) until now. Additionally the WPAD-Feature requires the user to set up the extra apache-vhost or haproxy-frontend for port 80 (for http://wpad.<IPFire-Network-Domain>/wpad.dat) via CLI by himself anyway (another ToDo for a future patch ;-).
It is available on http://<ipfire>:81/wpad.dat. No need for an extra host.
Having this said, I think it is reasonable for the users to maintain their exceptions via CLI in the first instance until a GUI is available. Usually these things are not changed very often. It is still better than having to fix them after each upgrade of proxy.cgi If nobody else grabs this, I might possibly come back to it by myself at a later date.
Should I write a bug report for the WPAD-GUI feature request?
If you want to track it, why not.
-Michael
Best regards, Alex
Am 15.04.2019 um 11:43 schrieb Michael Tremer:
Hello Alex,
Thanks for submitting the patch.
I guess the code looks fine, but where is the UI?
Why should this not be configurable on the web interface?
-Michael
On 14 Apr 2019, at 11:08, Alexander Koch ipfire@starkstromkonsument.de wrote:
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de
html/cgi-bin/proxy.cgi | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..369a5cb 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl"; my $acl_ports_ssl = "$acldir/ports_ssl.acl"; my $acl_include = "$acldir/include.acl";
+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl"; +my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
my $updaccelversion = 'n/a'; my $urlfilterversion = 'n/a';
@@ -2763,6 +2766,42 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
- # Additional exceptions for URLs
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: <URL incl. wildcards>
- # e.g. *ipfire.org*
- if (-s "$acl_dst_noproxy_url") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_url");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (shExpMatch(url, \"$_\")) ||\n";}- }
- # Additional exceptions for Subnets
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: "<IP>", "<SUBNET MASK>"
- # e.g. "192.168.0.0", "255.255.255.0"
- if (-s "$acl_dst_noproxy_ip") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_ip");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (isInNet(host, $_)) ||\n";}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 2.7.4
This patch adds the missing Web-GUI for the WPAD-Exceptions to proxy.cgi
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de --- html/cgi-bin/proxy.cgi | 110 +++++++++++++++++++++++++++++++++++++++++++++++-- langs/de/cgi-bin/de.pl | 7 ++++ langs/en/cgi-bin/en.pl | 7 ++++ langs/es/cgi-bin/es.pl | 7 ++++ langs/fr/cgi-bin/fr.pl | 7 ++++ langs/it/cgi-bin/it.pl | 7 ++++ langs/nl/cgi-bin/nl.pl | 7 ++++ langs/pl/cgi-bin/pl.pl | 7 ++++ langs/ru/cgi-bin/ru.pl | 7 ++++ langs/tr/cgi-bin/tr.pl | 7 ++++ 10 files changed, 169 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 369a5cb..46908d2 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -559,6 +559,8 @@ ERROR: delete $proxysettings{'SRC_UNRESTRICTED_MAC'}; delete $proxysettings{'DST_NOCACHE'}; delete $proxysettings{'DST_NOAUTH'}; + delete $proxysettings{'DST_NOPROXY_IP'}; + delete $proxysettings{'DST_NOPROXY_URL'}; delete $proxysettings{'PORTS_SAFE'}; delete $proxysettings{'PORTS_SSL'}; delete $proxysettings{'MIME_TYPES'}; @@ -1318,6 +1320,58 @@ END ; }
+# =================================================================== +# WPAD settings +# =================================================================== + +print <<END +<table width='100%'> +<tr> + <td colspan='4'><b>$Lang::tr{'advproxy wpad title'}</b></td> +</tr> +<tr> + <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td> +</tr> +<tr> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_ip'}:</td> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_url'}:</td> +</tr> +<tr> + <td colspan='2'><textarea name='DST_NOPROXY_IP' cols='32' rows='3' wrap='off'> +END +; + + print $proxysettings{'DST_NOPROXY_IP'}; + +print <<END + </textarea></td> + + <td colspan='2'><textarea name='DST_NOPROXY_URL' cols='32' rows='3' wrap='off'> +END +; + + print $proxysettings{'DST_NOPROXY_URL'}; + +print <<END + </textarea></td> +</tr> +<tr> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_ip'}</td> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_url'}</td> +</tr> +<tr> + <td colspan="4"> </td> +</tr> +<tr> + <td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td> +</tr> +</table> + +<hr size='1'> + +END +; + # -------------------------------------------------------------------
print <<END @@ -2261,6 +2315,18 @@ sub read_acls while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ }; close(FILE); } + if (-e "$acl_dst_noproxy_ip") { + open(FILE,"$acl_dst_noproxy_ip"); + delete $proxysettings{'DST_NOPROXY_IP'}; + while (<FILE>) { $proxysettings{'DST_NOPROXY_IP'} .= $_ }; + close(FILE); + } + if (-e "$acl_dst_noproxy_url") { + open(FILE,"$acl_dst_noproxy_url"); + delete $proxysettings{'DST_NOPROXY_URL'}; + while (<FILE>) { $proxysettings{'DST_NOPROXY_URL'} .= $_ }; + close(FILE); + } if (-e "$acl_ports_safe") { open(FILE,"$acl_ports_safe"); delete $proxysettings{'PORTS_SAFE'}; @@ -2446,6 +2512,31 @@ sub check_acls } }
+ @temp = split(/\n/,$proxysettings{'DST_NOPROXY_IP'}); + undef $proxysettings{'DST_NOPROXY_IP'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg wpad invalid ip or mask'}; } + $proxysettings{'DST_NOPROXY_IP'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'DST_NOPROXY_URL'}); + undef $proxysettings{'DST_NOPROXY_URL'}; + foreach (@temp) + { + s/^\s+//g; + unless (/^#/) { s/\s+//g; } + if ($_) + { + if (/^./) { $_ = '*'.$_; } + $proxysettings{'DST_NOPROXY_URL'} .= $_."\n"; + } + } + if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) { @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'}); @@ -2584,6 +2675,16 @@ sub write_acls print FILE $proxysettings{'DST_NOAUTH'}; close(FILE);
+ open(FILE, ">$acl_dst_noproxy_ip"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOPROXY_IP'}; + close(FILE); + + open(FILE, ">$acl_dst_noproxy_url"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOPROXY_URL'}; + close(FILE); + open(FILE, ">$acl_dst_noauth_net"); close(FILE); open(FILE, ">$acl_dst_noauth_dom"); @@ -2769,7 +2870,7 @@ END # Additional exceptions for URLs # The file has to be created by the user and should contain one entry per line # Line-Format: <URL incl. wildcards> - # e.g. *ipfire.org* + # e.g. *.ipfire.org* if (-s "$acl_dst_noproxy_url") { undef @templist;
@@ -2786,8 +2887,8 @@ END
# Additional exceptions for Subnets # The file has to be created by the user and should contain one entry per line - # Line-Format: "<IP>", "<SUBNET MASK>" - # e.g. "192.168.0.0", "255.255.255.0" + # Line-Format: <IP>/<SUBNET MASK> + # e.g. 192.168.0.0/255.255.255.0 if (-s "$acl_dst_noproxy_ip") { undef @templist;
@@ -2798,7 +2899,8 @@ END
foreach (@templist) { - print FILE " (isInNet(host, $_)) ||\n"; + @temp = split(///); + print FILE " (isInNet(host, "$temp[0]", "$temp[1]")) ||\n"; } }
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index d63ebe6..764ea60 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -396,6 +396,13 @@ 'advproxy visible hostname' => 'Sichtbarer Hostname', 'advproxy web browser' => 'Web-Browser', 'advproxy wednesday' => 'Mi', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Ausgenommene URL's (eine pro Zeile)', +'advproxy wpad label dst_noproxy_ip' => 'Ausgenommene IP-Subnetze (eins pro Zeile)', +'advproxy wpad example dst_noproxy_url' => 'z.B. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'z.B. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Ungültige IP oder Subnetz für ausgenommenes IP-Subnetz', +'advproxy wpad view pac' => 'PAC-Datei aufrufen', 'again' => 'Wiederholung:', 'age second' => 'Sekunde', 'age seconds' => 'Sekunden', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a709604..c66914d 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -397,6 +397,13 @@ 'advproxy visible hostname' => 'Visible hostname', 'advproxy web browser' => 'Web browser', 'advproxy wednesday' => 'Wed', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Again:', 'age second' => 'second', 'age seconds' => 'seconds', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 23bc207..f960461 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -316,6 +316,13 @@ 'advproxy visible hostname' => 'Nombre de host visible', 'advproxy web browser' => 'Navegador Web', 'advproxy wednesday' => 'Mie', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'De nuevo:', 'aktiv' => 'Activo', 'album' => 'Album', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index b4ecf32..f5d3e51 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -394,6 +394,13 @@ 'advproxy visible hostname' => 'Nom d'hôte visible ', 'advproxy web browser' => 'Navigateur web', 'advproxy wednesday' => 'Mer', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'De nouveau :', 'age second' => 'seconde', 'age seconds' => 'secondes', diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl index 6c9137c..2b819ff 100644 --- a/langs/it/cgi-bin/it.pl +++ b/langs/it/cgi-bin/it.pl @@ -331,6 +331,13 @@ 'advproxy visible hostname' => 'Hostname Visible', 'advproxy web browser' => 'Web browser', 'advproxy wednesday' => 'Mer', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Again:', 'age second' => 'Secondi', 'age seconds' => 'Secondi', diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl index 5fa89b1..a2b4633 100644 --- a/langs/nl/cgi-bin/nl.pl +++ b/langs/nl/cgi-bin/nl.pl @@ -330,6 +330,13 @@ 'advproxy visible hostname' => 'Zichtbare hostnaam', 'advproxy web browser' => 'Webbrowser', 'advproxy wednesday' => 'Woe', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Nogmaals:', 'age second' => 'seconde', 'age seconds' => 'seconden', diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl index 521381a..ab2ef42 100644 --- a/langs/pl/cgi-bin/pl.pl +++ b/langs/pl/cgi-bin/pl.pl @@ -318,6 +318,13 @@ 'advproxy visible hostname' => 'Widoczna nazwa hosta', 'advproxy web browser' => 'Przeglądarka WWW', 'advproxy wednesday' => 'Śr', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Ponownie:', 'aktiv' => 'Aktywny', 'album' => 'Album', diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl index 9ac46d4..1963468 100644 --- a/langs/ru/cgi-bin/ru.pl +++ b/langs/ru/cgi-bin/ru.pl @@ -316,6 +316,13 @@ 'advproxy visible hostname' => 'Видимое имя хоста', 'advproxy web browser' => 'Веб Браузер: ', 'advproxy wednesday' => 'Ср', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Ещё раз:', 'aktiv' => 'Активен', 'album' => 'Альбом', diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl index 1917b82..d23616d 100644 --- a/langs/tr/cgi-bin/tr.pl +++ b/langs/tr/cgi-bin/tr.pl @@ -394,6 +394,13 @@ 'advproxy visible hostname' => 'Ana bilgisayar adını göster', 'advproxy web browser' => 'İnternet tarayıcısı', 'advproxy wednesday' => 'Çar', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Tekrar:', 'age second' => 'saniye', 'age seconds' => 'saniye',
Some clients require the correct MIME type to be set for accepting/handling the Proxy-Settings properly.
See: http://findproxyforurl.com/deploying-wpad/
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de --- config/etc/mime.types | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/config/etc/mime.types b/config/etc/mime.types index bf088b0..af82d48 100644 --- a/config/etc/mime.types +++ b/config/etc/mime.types @@ -168,6 +168,8 @@ application/x-javascript js application/x-koan skp skd skt skm application/x-latex latex application/x-netcdf nc cdf +application/x-ns-proxy-autoconfig pac +application/x-ns-proxy-autoconfig dat # The standard is that rpm is audio/x-pn-realaudio-plugin... oh well... application/x-rpm rpm application/x-sh sh
Hello Michael,
thank you for reviewing and merging my patches and preventing me from getting "hurt" for my apostrophes ;-)
This patch has not been merged though. Did you skip it on purpose or by accident?
Regards, Alex
Am 18.04.19 um 01:54 schrieb Alexander Koch:
Some clients require the correct MIME type to be set for accepting/handling the Proxy-Settings properly.
See: http://findproxyforurl.com/deploying-wpad/
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de
config/etc/mime.types | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/config/etc/mime.types b/config/etc/mime.types index bf088b0..af82d48 100644 --- a/config/etc/mime.types +++ b/config/etc/mime.types @@ -168,6 +168,8 @@ application/x-javascript js application/x-koan skp skd skt skm application/x-latex latex application/x-netcdf nc cdf +application/x-ns-proxy-autoconfig pac +application/x-ns-proxy-autoconfig dat # The standard is that rpm is audio/x-pn-realaudio-plugin... oh well... application/x-rpm rpm application/x-sh sh
Hi,
On 23 Apr 2019, at 16:23, Alexander Koch ipfire@starkstromkonsument.de wrote:
Hello Michael,
thank you for reviewing and merging my patches and preventing me from getting "hurt" for my apostrophes ;-)
This patch has not been merged though. Did you skip it on purpose or by accident?
No, I missed this. Thanks for reminding me.
We should attempt to keep patchsets together in the future and if one patch is changed, resending the whole patchset. That will make sure that my old brain does not forget things so easily.
-Michael
Regards, Alex
Am 18.04.19 um 01:54 schrieb Alexander Koch:
Some clients require the correct MIME type to be set for accepting/handling the Proxy-Settings properly.
See: http://findproxyforurl.com/deploying-wpad/
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de
config/etc/mime.types | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/config/etc/mime.types b/config/etc/mime.types index bf088b0..af82d48 100644 --- a/config/etc/mime.types +++ b/config/etc/mime.types @@ -168,6 +168,8 @@ application/x-javascript js application/x-koan skp skd skt skm application/x-latex latex application/x-netcdf nc cdf +application/x-ns-proxy-autoconfig pac +application/x-ns-proxy-autoconfig dat # The standard is that rpm is audio/x-pn-realaudio-plugin... oh well... application/x-rpm rpm application/x-sh sh
This looks good. Good work!
And also fast :)
I didn’t run it yet, so I do not know where the boxes on the page have gone and if that position makes sense to me.
On 18 Apr 2019, at 00:54, Alexander Koch ipfire@starkstromkonsument.de wrote:
This patch adds the missing Web-GUI for the WPAD-Exceptions to proxy.cgi
Note: The translations are only done for "en" and "de" yet!
Those are a problem though. If you do not have translations, please leave them empty. The web UI will automatically fall back to the English string. But when the strings exist, we won’t know that they are not translated.
Would you please submit without the other translations?
-Michael
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de
html/cgi-bin/proxy.cgi | 110 +++++++++++++++++++++++++++++++++++++++++++++++-- langs/de/cgi-bin/de.pl | 7 ++++ langs/en/cgi-bin/en.pl | 7 ++++ langs/es/cgi-bin/es.pl | 7 ++++ langs/fr/cgi-bin/fr.pl | 7 ++++ langs/it/cgi-bin/it.pl | 7 ++++ langs/nl/cgi-bin/nl.pl | 7 ++++ langs/pl/cgi-bin/pl.pl | 7 ++++ langs/ru/cgi-bin/ru.pl | 7 ++++ langs/tr/cgi-bin/tr.pl | 7 ++++ 10 files changed, 169 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 369a5cb..46908d2 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -559,6 +559,8 @@ ERROR: delete $proxysettings{'SRC_UNRESTRICTED_MAC'}; delete $proxysettings{'DST_NOCACHE'}; delete $proxysettings{'DST_NOAUTH'};
delete $proxysettings{'DST_NOPROXY_IP'};delete $proxysettings{'DST_NOPROXY_URL'};@@ -1318,6 +1320,58 @@ END ; }
+# =================================================================== +# WPAD settings +# ===================================================================
+print <<END +<table width='100%'> +<tr>
<td colspan='4'><b>$Lang::tr{'advproxy wpad title'}</b></td>
+</tr> +<tr>
<td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
+</tr> +<tr>
<td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_ip'}:</td>
<td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_url'}:</td>
+</tr> +<tr>
<td colspan='2'><textarea name='DST_NOPROXY_IP' cols='32' rows='3' wrap='off'>
+END +;
- print $proxysettings{'DST_NOPROXY_IP'};
+print <<END
- </textarea></td>
<td colspan='2'><textarea name='DST_NOPROXY_URL' cols='32' rows='3' wrap='off'>
+END +;
- print $proxysettings{'DST_NOPROXY_URL'};
+print <<END
- </textarea></td>
+</tr> +<tr>
<td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_ip'}</td>
<td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_url'}</td>
+</tr> +<tr>
<td colspan="4"> </td>
+</tr> +<tr>
<td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td>
+</tr> +</table>
+<hr size='1'>
+END +;
# -------------------------------------------------------------------
print <<END @@ -2261,6 +2315,18 @@ sub read_acls while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ }; close(FILE); }
- if (-e "$acl_dst_noproxy_ip") {
open(FILE,"$acl_dst_noproxy_ip");delete $proxysettings{'DST_NOPROXY_IP'};while (<FILE>) { $proxysettings{'DST_NOPROXY_IP'} .= $_ };close(FILE);- }
- if (-e "$acl_dst_noproxy_url") {
open(FILE,"$acl_dst_noproxy_url");delete $proxysettings{'DST_NOPROXY_URL'};while (<FILE>) { $proxysettings{'DST_NOPROXY_URL'} .= $_ };close(FILE);- } if (-e "$acl_ports_safe") { open(FILE,"$acl_ports_safe"); delete $proxysettings{'PORTS_SAFE'};
@@ -2446,6 +2512,31 @@ sub check_acls } }
- @temp = split(/\n/,$proxysettings{'DST_NOPROXY_IP'});
- undef $proxysettings{'DST_NOPROXY_IP'};
- foreach (@temp)
- {
s/^\s+//g; s/\s+$//g;if ($_){unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg wpad invalid ip or mask'}; }$proxysettings{'DST_NOPROXY_IP'} .= $_."\n";}- }
- @temp = split(/\n/,$proxysettings{'DST_NOPROXY_URL'});
- undef $proxysettings{'DST_NOPROXY_URL'};
- foreach (@temp)
- {
s/^\s+//g;unless (/^#/) { s/\s+//g; }if ($_){if (/^\./) { $_ = '*'.$_; }$proxysettings{'DST_NOPROXY_URL'} .= $_."\n";}- }
- if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) { @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
@@ -2584,6 +2675,16 @@ sub write_acls print FILE $proxysettings{'DST_NOAUTH'}; close(FILE);
- open(FILE, ">$acl_dst_noproxy_ip");
- flock(FILE, 2);
- print FILE $proxysettings{'DST_NOPROXY_IP'};
- close(FILE);
- open(FILE, ">$acl_dst_noproxy_url");
- flock(FILE, 2);
- print FILE $proxysettings{'DST_NOPROXY_URL'};
- close(FILE);
- open(FILE, ">$acl_dst_noauth_net"); close(FILE); open(FILE, ">$acl_dst_noauth_dom");
@@ -2769,7 +2870,7 @@ END # Additional exceptions for URLs # The file has to be created by the user and should contain one entry per line # Line-Format: <URL incl. wildcards>
- # e.g. *ipfire.org*
- # e.g. *.ipfire.org* if (-s "$acl_dst_noproxy_url") { undef @templist;
@@ -2786,8 +2887,8 @@ END
# Additional exceptions for Subnets # The file has to be created by the user and should contain one entry per line
- # Line-Format: "<IP>", "<SUBNET MASK>"
- # e.g. "192.168.0.0", "255.255.255.0"
- # Line-Format: <IP>/<SUBNET MASK>
- # e.g. 192.168.0.0/255.255.255.0 if (-s "$acl_dst_noproxy_ip") { undef @templist;
@@ -2798,7 +2899,8 @@ END
foreach (@templist) {
print FILE " (isInNet(host, $_)) ||\n";
@temp = split(/\//);print FILE " (isInNet(host, \"$temp[0]\", \"$temp[1]\")) ||\n";diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index d63ebe6..764ea60 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -396,6 +396,13 @@ 'advproxy visible hostname' => 'Sichtbarer Hostname', 'advproxy web browser' => 'Web-Browser', 'advproxy wednesday' => 'Mi', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Ausgenommene URL's (eine pro Zeile)', +'advproxy wpad label dst_noproxy_ip' => 'Ausgenommene IP-Subnetze (eins pro Zeile)', +'advproxy wpad example dst_noproxy_url' => 'z.B. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'z.B. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Ungültige IP oder Subnetz für ausgenommenes IP-Subnetz', +'advproxy wpad view pac' => 'PAC-Datei aufrufen', 'again' => 'Wiederholung:', 'age second' => 'Sekunde', 'age seconds' => 'Sekunden', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a709604..c66914d 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -397,6 +397,13 @@ 'advproxy visible hostname' => 'Visible hostname', 'advproxy web browser' => 'Web browser', 'advproxy wednesday' => 'Wed', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Again:', 'age second' => 'second', 'age seconds' => 'seconds', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 23bc207..f960461 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -316,6 +316,13 @@ 'advproxy visible hostname' => 'Nombre de host visible', 'advproxy web browser' => 'Navegador Web', 'advproxy wednesday' => 'Mie', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'De nuevo:', 'aktiv' => 'Activo', 'album' => 'Album', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index b4ecf32..f5d3e51 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -394,6 +394,13 @@ 'advproxy visible hostname' => 'Nom d'hôte visible ', 'advproxy web browser' => 'Navigateur web', 'advproxy wednesday' => 'Mer', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'De nouveau :', 'age second' => 'seconde', 'age seconds' => 'secondes', diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl index 6c9137c..2b819ff 100644 --- a/langs/it/cgi-bin/it.pl +++ b/langs/it/cgi-bin/it.pl @@ -331,6 +331,13 @@ 'advproxy visible hostname' => 'Hostname Visible', 'advproxy web browser' => 'Web browser', 'advproxy wednesday' => 'Mer', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Again:', 'age second' => 'Secondi', 'age seconds' => 'Secondi', diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl index 5fa89b1..a2b4633 100644 --- a/langs/nl/cgi-bin/nl.pl +++ b/langs/nl/cgi-bin/nl.pl @@ -330,6 +330,13 @@ 'advproxy visible hostname' => 'Zichtbare hostnaam', 'advproxy web browser' => 'Webbrowser', 'advproxy wednesday' => 'Woe', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Nogmaals:', 'age second' => 'seconde', 'age seconds' => 'seconden', diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl index 521381a..ab2ef42 100644 --- a/langs/pl/cgi-bin/pl.pl +++ b/langs/pl/cgi-bin/pl.pl @@ -318,6 +318,13 @@ 'advproxy visible hostname' => 'Widoczna nazwa hosta', 'advproxy web browser' => 'Przeglądarka WWW', 'advproxy wednesday' => 'Śr', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Ponownie:', 'aktiv' => 'Aktywny', 'album' => 'Album', diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl index 9ac46d4..1963468 100644 --- a/langs/ru/cgi-bin/ru.pl +++ b/langs/ru/cgi-bin/ru.pl @@ -316,6 +316,13 @@ 'advproxy visible hostname' => 'Видимое имя хоста', 'advproxy web browser' => 'Веб Браузер: ', 'advproxy wednesday' => 'Ср', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Ещё раз:', 'aktiv' => 'Активен', 'album' => 'Альбом', diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl index 1917b82..d23616d 100644 --- a/langs/tr/cgi-bin/tr.pl +++ b/langs/tr/cgi-bin/tr.pl @@ -394,6 +394,13 @@ 'advproxy visible hostname' => 'Ana bilgisayar adını göster', 'advproxy web browser' => 'İnternet tarayıcısı', 'advproxy wednesday' => 'Çar', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Tekrar:', 'age second' => 'saniye', 'age seconds' => 'saniye', -- 2.7.4
Hi,
Am 17.04.2019 um 16:08 schrieb Michael Tremer:
Hi,
On 15 Apr 2019, at 21:12, Alexander Koch ipfire@starkstromkonsument.de wrote:
Hello Michael,
my motivation for the patch is to provide a possibility to make exceptions survive an update of squid, as I'm repatching proxy.cgi by myself after each upgrade. I suppose there are more people out there with the same issue. I agree that it would by very nice to have it on the GUI as well, but unfortunately I don't have any experience with CGI yet and I don't have the time to learn it right now. I think patching the integration of the exception files into proxy.cgi is a good first step. It can be used as the base for extending the GUI. Maybe somebody else with CGI experience can help out? It's "just" two textareas and some file i/o basically…
You can literally just copy and paste that. Give it a try!
Have a look at it please, I just sent in an additional patch ... the translations for all languages except en and de need to be revised, how is this usually done? I copied the english versions into the language files I'm not able to translate by myself to avoid empty texts in the frontend.
As far as I know, the WPAD-Feature does not have any GUI support in general (e.g. checkboxes for enabled, enabled on a per subnet basis, etc.) until now. Additionally the WPAD-Feature requires the user to set up the extra apache-vhost or haproxy-frontend for port 80 (for http://wpad.<IPFire-Network-Domain>/wpad.dat) via CLI by himself anyway (another ToDo for a future patch ;-).
It is available on http://<ipfire>:81/wpad.dat. No need for an extra host.
This only provides WPAD via DHCP (if option 252 is configured by the user). Firefox for example does not support this (see http://findproxyforurl.com/browser-support/) and it alternatively uses WPAD via DNS. This requires one of the following URL's to work: http://wpad.<IPFire-Network-Domain>/wpad.dat or http://wpad/wpad.dat
Port 80 does not seem to be in use on a new IPFire-Host by default. I could provide a patch for an additional apache-vhost. I'm not sure whether this is a good idea though. If users are running a haproxy on port 80/443 for example, this could break their running setup ... shipping some working example lines for haproxy.cfg to provide a frontend/backend-pair for wpad on port 80 is also a possibility. Or a Checkbox in the GUI to enable the vhost. Or just leave it as it is and provide the infos on the Wiki.
What do you think?
Best regards, Alex
Having this said, I think it is reasonable for the users to maintain their exceptions via CLI in the first instance until a GUI is available. Usually these things are not changed very often. It is still better than having to fix them after each upgrade of proxy.cgi If nobody else grabs this, I might possibly come back to it by myself at a later date.
Should I write a bug report for the WPAD-GUI feature request?
If you want to track it, why not.
-Michael
Best regards, Alex
Am 15.04.2019 um 11:43 schrieb Michael Tremer:
Hello Alex,
Thanks for submitting the patch.
I guess the code looks fine, but where is the UI?
Why should this not be configurable on the web interface?
-Michael
On 14 Apr 2019, at 11:08, Alexander Koch ipfire@starkstromkonsument.de wrote:
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de
html/cgi-bin/proxy.cgi | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..369a5cb 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl"; my $acl_ports_ssl = "$acldir/ports_ssl.acl"; my $acl_include = "$acldir/include.acl";
+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl"; +my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
my $updaccelversion = 'n/a'; my $urlfilterversion = 'n/a';
@@ -2763,6 +2766,42 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
- # Additional exceptions for URLs
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: <URL incl. wildcards>
- # e.g. *ipfire.org*
- if (-s "$acl_dst_noproxy_url") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_url");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (shExpMatch(url, \"$_\")) ||\n";}- }
- # Additional exceptions for Subnets
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: "<IP>", "<SUBNET MASK>"
- # e.g. "192.168.0.0", "255.255.255.0"
- if (-s "$acl_dst_noproxy_ip") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_ip");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (isInNet(host, $_)) ||\n";}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 2.7.4
Hi,
On 18 Apr 2019, at 02:41, Alexander Koch ipfire@starkstromkonsument.de wrote:
Hi,
Am 17.04.2019 um 16:08 schrieb Michael Tremer:
Hi,
On 15 Apr 2019, at 21:12, Alexander Koch ipfire@starkstromkonsument.de wrote:
Hello Michael,
my motivation for the patch is to provide a possibility to make exceptions survive an update of squid, as I'm repatching proxy.cgi by myself after each upgrade. I suppose there are more people out there with the same issue. I agree that it would by very nice to have it on the GUI as well, but unfortunately I don't have any experience with CGI yet and I don't have the time to learn it right now. I think patching the integration of the exception files into proxy.cgi is a good first step. It can be used as the base for extending the GUI. Maybe somebody else with CGI experience can help out? It's "just" two textareas and some file i/o basically…
You can literally just copy and paste that. Give it a try!
Have a look at it please, I just sent in an additional patch ... the translations for all languages except en and de need to be revised, how is this usually done? I copied the english versions into the language files I'm not able to translate by myself to avoid empty texts in the frontend.
I already replied to this on the patch. Just leave them empty if you don’t have a translation. English is a must. Do not use Google Translate or something. That never goes well.
As far as I know, the WPAD-Feature does not have any GUI support in general (e.g. checkboxes for enabled, enabled on a per subnet basis, etc.) until now. Additionally the WPAD-Feature requires the user to set up the extra apache-vhost or haproxy-frontend for port 80 (for http://wpad.<IPFire-Network-Domain>/wpad.dat) via CLI by himself anyway (another ToDo for a future patch ;-).
It is available on http://<ipfire>:81/wpad.dat. No need for an extra host.
This only provides WPAD via DHCP (if option 252 is configured by the user). Firefox for example does not support this (see http://findproxyforurl.com/browser-support/) and it alternatively uses WPAD via DNS. This requires one of the following URL's to work: http://wpad.<IPFire-Network-Domain>/wpad.dat or http://wpad/wpad.dat
Yeah that is indeed a problem.
Port 80 does not seem to be in use on a new IPFire-Host by default. I could provide a patch for an additional apache-vhost. I'm not sure whether this is a good idea though. If users are running a haproxy on port 80/443 for example, this could break their running setup ... shipping some working example lines for haproxy.cfg to provide a frontend/backend-pair for wpad on port 80 is also a possibility. Or a Checkbox in the GUI to enable the vhost. Or just leave it as it is and provide the infos on the Wiki.
How do we solve conflicts then when people either run a web server on IPFire or use a port-forwarding? A checkbox is quite complicated. We could use an iptables redirect rule or something but that all creates new problems.
I really would like to support WPAD across platforms, but WPAD over DNS is a nightmare. There is no clean way to “make it just work”.
-Michael
What do you think?
Best regards, Alex
Having this said, I think it is reasonable for the users to maintain their exceptions via CLI in the first instance until a GUI is available. Usually these things are not changed very often. It is still better than having to fix them after each upgrade of proxy.cgi If nobody else grabs this, I might possibly come back to it by myself at a later date.
Should I write a bug report for the WPAD-GUI feature request?
If you want to track it, why not.
-Michael
Best regards, Alex
Am 15.04.2019 um 11:43 schrieb Michael Tremer:
Hello Alex,
Thanks for submitting the patch.
I guess the code looks fine, but where is the UI?
Why should this not be configurable on the web interface?
-Michael
On 14 Apr 2019, at 11:08, Alexander Koch ipfire@starkstromkonsument.de wrote:
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de
html/cgi-bin/proxy.cgi | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..369a5cb 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl"; my $acl_ports_ssl = "$acldir/ports_ssl.acl"; my $acl_include = "$acldir/include.acl";
+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl"; +my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
my $updaccelversion = 'n/a'; my $urlfilterversion = 'n/a';
@@ -2763,6 +2766,42 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
- # Additional exceptions for URLs
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: <URL incl. wildcards>
- # e.g. *ipfire.org*
- if (-s "$acl_dst_noproxy_url") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_url");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (shExpMatch(url, \"$_\")) ||\n";}- }
- # Additional exceptions for Subnets
- # The file has to be created by the user and should contain one entry per line
- # Line-Format: "<IP>", "<SUBNET MASK>"
- # e.g. "192.168.0.0", "255.255.255.0"
- if (-s "$acl_dst_noproxy_ip") {
undef @templist;open(NOPROXY,"$acl_dst_noproxy_ip");@templist = <NOPROXY>;close(NOPROXY);chomp (@templist);foreach (@templist){print FILE " (isInNet(host, $_)) ||\n";}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0"))
)
2.7.4
This patch adds the missing Web-GUI for the WPAD-Exceptions to proxy.cgi
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de --- html/cgi-bin/proxy.cgi | 110 +++++++++++++++++++++++++++++++++++++++++++++++-- langs/de/cgi-bin/de.pl | 7 ++++ langs/en/cgi-bin/en.pl | 7 ++++ 3 files changed, 120 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 369a5cb..55fdc1c 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -559,6 +559,8 @@ ERROR: delete $proxysettings{'SRC_UNRESTRICTED_MAC'}; delete $proxysettings{'DST_NOCACHE'}; delete $proxysettings{'DST_NOAUTH'}; + delete $proxysettings{'DST_NOPROXY_IP'}; + delete $proxysettings{'DST_NOPROXY_URL'}; delete $proxysettings{'PORTS_SAFE'}; delete $proxysettings{'PORTS_SSL'}; delete $proxysettings{'MIME_TYPES'}; @@ -1318,6 +1320,58 @@ END ; }
+# =================================================================== +# WPAD settings +# =================================================================== + +print <<END +<table width='100%'> +<tr> + <td colspan='4'><b>$Lang::tr{'advproxy wpad title'}</b></td> +</tr> +<tr> + <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td> +</tr> +<tr> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_ip'}:</td> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_url'}:</td> +</tr> +<tr> + <td colspan='2'><textarea name='DST_NOPROXY_IP' cols='32' rows='3' wrap='off'> +END +; + + print $proxysettings{'DST_NOPROXY_IP'}; + +print <<END +</textarea></td> + + <td colspan='2'><textarea name='DST_NOPROXY_URL' cols='32' rows='3' wrap='off'> +END +; + + print $proxysettings{'DST_NOPROXY_URL'}; + +print <<END +</textarea></td> +</tr> +<tr> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_ip'}</td> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_url'}</td> +</tr> +<tr> + <td colspan="4"> </td> +</tr> +<tr> + <td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td> +</tr> +</table> + +<hr size='1'> + +END +; + # -------------------------------------------------------------------
print <<END @@ -2261,6 +2315,18 @@ sub read_acls while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ }; close(FILE); } + if (-e "$acl_dst_noproxy_ip") { + open(FILE,"$acl_dst_noproxy_ip"); + delete $proxysettings{'DST_NOPROXY_IP'}; + while (<FILE>) { $proxysettings{'DST_NOPROXY_IP'} .= $_ }; + close(FILE); + } + if (-e "$acl_dst_noproxy_url") { + open(FILE,"$acl_dst_noproxy_url"); + delete $proxysettings{'DST_NOPROXY_URL'}; + while (<FILE>) { $proxysettings{'DST_NOPROXY_URL'} .= $_ }; + close(FILE); + } if (-e "$acl_ports_safe") { open(FILE,"$acl_ports_safe"); delete $proxysettings{'PORTS_SAFE'}; @@ -2446,6 +2512,31 @@ sub check_acls } }
+ @temp = split(/\n/,$proxysettings{'DST_NOPROXY_IP'}); + undef $proxysettings{'DST_NOPROXY_IP'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg wpad invalid ip or mask'}; } + $proxysettings{'DST_NOPROXY_IP'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'DST_NOPROXY_URL'}); + undef $proxysettings{'DST_NOPROXY_URL'}; + foreach (@temp) + { + s/^\s+//g; + unless (/^#/) { s/\s+//g; } + if ($_) + { + if (/^./) { $_ = '*'.$_; } + $proxysettings{'DST_NOPROXY_URL'} .= $_."\n"; + } + } + if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) { @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'}); @@ -2584,6 +2675,16 @@ sub write_acls print FILE $proxysettings{'DST_NOAUTH'}; close(FILE);
+ open(FILE, ">$acl_dst_noproxy_ip"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOPROXY_IP'}; + close(FILE); + + open(FILE, ">$acl_dst_noproxy_url"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOPROXY_URL'}; + close(FILE); + open(FILE, ">$acl_dst_noauth_net"); close(FILE); open(FILE, ">$acl_dst_noauth_dom"); @@ -2769,7 +2870,7 @@ END # Additional exceptions for URLs # The file has to be created by the user and should contain one entry per line # Line-Format: <URL incl. wildcards> - # e.g. *ipfire.org* + # e.g. *.ipfire.org* if (-s "$acl_dst_noproxy_url") { undef @templist;
@@ -2786,8 +2887,8 @@ END
# Additional exceptions for Subnets # The file has to be created by the user and should contain one entry per line - # Line-Format: "<IP>", "<SUBNET MASK>" - # e.g. "192.168.0.0", "255.255.255.0" + # Line-Format: <IP>/<SUBNET MASK> + # e.g. 192.168.0.0/255.255.255.0 if (-s "$acl_dst_noproxy_ip") { undef @templist;
@@ -2798,7 +2899,8 @@ END
foreach (@templist) { - print FILE " (isInNet(host, $_)) ||\n"; + @temp = split(///); + print FILE " (isInNet(host, "$temp[0]", "$temp[1]")) ||\n"; } }
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 90b1ada..8f84042 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -396,6 +396,13 @@ 'advproxy visible hostname' => 'Sichtbarer Hostname', 'advproxy web browser' => 'Web-Browser', 'advproxy wednesday' => 'Mi', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Ausgenommene URL's (eine pro Zeile)', +'advproxy wpad label dst_noproxy_ip' => 'Ausgenommene IP-Subnetze (eins pro Zeile)', +'advproxy wpad example dst_noproxy_url' => 'z.B. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'z.B. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Ungültige IP oder Subnetz für ausgenommenes IP-Subnetz', +'advproxy wpad view pac' => 'PAC-Datei aufrufen', 'again' => 'Wiederholung:', 'age second' => 'Sekunde', 'age seconds' => 'Sekunden', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 98e99f1..9a3e8b0 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -397,6 +397,13 @@ 'advproxy visible hostname' => 'Visible hostname', 'advproxy web browser' => 'Web browser', 'advproxy wednesday' => 'Wed', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per line)', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP-Subnets (one per line)', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', +'advproxy wpad view pac' => 'Open PAC-File', 'again' => 'Again:', 'age second' => 'second', 'age seconds' => 'seconds',
This patch adds a notice with a link to the Wiki-page https://wiki.ipfire.org/configuration/network/proxy/extend/wpad to the new WebGUI-Setion to make the user aware of the fact, that WPAD will only work correctly if he makes further adjustments:
- Add DHCP-Options for WPAD via DHCP - Add HOST-Entries to DNS and Apache-vhost or haproxy-frontend/backend or firewall-redirect for WPAD via DNS
These additional options depend on the users environment and can not be shipped by default as they might break the users setups.
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de --- html/cgi-bin/proxy.cgi | 6 ++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 8 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 55fdc1c..91e4fce 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -1365,6 +1365,12 @@ print <<END <tr> <td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td> </tr> +<tr> + <td colspan="4"> </td> +</tr> +<tr> + <td colspan="4">$Lang::tr{'advproxy wpad notice'}</td> +</tr> </table>
<hr size='1'> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 8f84042..6468fde 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -403,6 +403,7 @@ 'advproxy wpad example dst_noproxy_ip' => 'z.B. 192.168.2.0/255.255.255.0', 'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Ungültige IP oder Subnetz für ausgenommenes IP-Subnetz', 'advproxy wpad view pac' => 'PAC-Datei aufrufen', +'advproxy wpad notice' => 'Hinweis: Damit WPAD / PAC korrekt funktioniert, sind weitere Anpassungen erforderlich. Bitte in das <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a> schauen.', 'again' => 'Wiederholung:', 'age second' => 'Sekunde', 'age seconds' => 'Sekunden', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 9a3e8b0..879cff1 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -404,6 +404,7 @@ 'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', 'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP-subnet', 'advproxy wpad view pac' => 'Open PAC-File', +'advproxy wpad notice' => 'Notice: For WPAD / PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.', 'again' => 'Again:', 'age second' => 'second', 'age seconds' => 'seconds',
Hi,
first: happy eastern(!) and thanks(!) for your work ... but:
Could you please remove the apostrophs!? Its one of the most common failures in spelling - and otherwise my oldest daughter will come after you. She is married (no chance!) and knows some terrible torture methods... ;-))
On 21.04.2019 23:56, Alexander Koch wrote:
+'advproxy wpad label dst_noproxy_url' => 'Ausgenommene URL's (eine pro Zeile)',
...
+'advproxy wpad label dst_noproxy_url' => 'Excluded URL's (one per
line)',
They should be:
de.pl: +'advproxy wpad label dst_noproxy_url' => 'Ausgenommene URLs (eine pro Zeile)',
en.pl: +'advproxy wpad label dst_noproxy_url' => 'Excluded URLs (one per line)',
There are several others, though...
Best, Matthias
On Apr 22, 2019, at 4:02 AM, Matthias Fischer matthias.fischer@ipfire.org wrote:
<snip>
Could you please remove the apostrophs!? Its one of the most common failures in spelling -
[snip]
For more detail: http://apostropheabuse.com
[snip]
and otherwise my oldest daughter will come after you. She is married (no chance!) and knows some terrible torture methods... ;-))
Are you implying that marriage is an effective torture method?
<grin>
Tom
On 22.04.2019 16:06, Tom Rymes wrote:
... and otherwise my oldest daughter will come after you. She is married (no chance!) and knows some terrible torture methods... ;-))
Are you implying that marriage is an effective torture method?
<grin>
Hmmm. Can't say at the moment. I'll ask her husband when he's out of the hospital... :-))
Best, Matthias
Hi,
On 22 Apr 2019, at 16:10, Matthias Fischer matthias.fischer@ipfire.org wrote:
On 22.04.2019 16:06, Tom Rymes wrote:
... and otherwise my oldest daughter will come after you. She is married (no chance!) and knows some terrible torture methods... ;-))
Are you implying that marriage is an effective torture method?
<grin>
Hmmm. Can't say at the moment. I'll ask her husband when he's out of the hospital... :-))
LOL I like this :)
I merged the patches and made the proposed changes so that nobody has to get hurt!
Thanks for the suggestion. I think I would have missed in. In the future you can send patches straight away for things like this.
-Michael
Best, Matthias
-
Alexander Koch -
Matthias Fischer -
Michael Tremer -
Tom Rymes