Proxy.xml 17.7 KB
Newer Older
Jos Schellevis's avatar
Jos Schellevis committed
1 2 3 4 5 6 7
<model>
    <mount>//OPNsense/proxy</mount>
    <description>
        (squid) proxy settings
    </description>
    <items>
        <general>
8 9 10 11
            <enabled type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </enabled>
12 13 14
            <icpPort type="IntegerField">
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
15
                <ValidationMessage>ICP port needs to be an integer value between 1 and 65535</ValidationMessage>
16 17
                <Required>N</Required>
            </icpPort>
18 19 20 21 22 23 24 25 26 27 28
            <logging>
                <enable>
                    <accessLog type="BooleanField">
                        <default>1</default>
                        <Required>Y</Required>
                    </accessLog>
                    <storeLog type="BooleanField">
                        <default>1</default>
                        <Required>Y</Required>
                    </storeLog>
                </enable>
29 30
                <ignoreLogACL type="CSVListField">
                    <Required>N</Required>
31
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
32
                </ignoreLogACL>
33 34 35
            </logging>
            <alternateDNSservers type="CSVListField">
                <Required>N</Required>
36
                <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
37 38 39 40 41
            </alternateDNSservers>
            <dnsV4First type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </dnsV4First>
42
            <forwardedForHandling type="OptionField">
43 44
                <default>on</default>
                <Required>N</Required>
45
                <BlankDesc>Default</BlankDesc>
46 47 48 49 50 51
                <OptionValues>
                    <on>Append client's IP (on)</on>
                    <off>Set forward header to unknown (off)</off>
                    <transparent>Do not alter forward header (transparent)</transparent>
                    <truncate>Replace all with client's IP (truncate)</truncate>
                </OptionValues>
52
            </forwardedForHandling>
53
            <uriWhitespaceHandling type="OptionField">
54 55 56 57 58 59 60 61 62
                <default>strip</default>
                <Required>N</Required>
                <OptionValues>
                    <strip>Strip whitespaces</strip>
                    <deny>Deny request</deny>
                    <allow>Allow whitespaces</allow>
                    <encode>Encode whitespaces (RFC1738)</encode>
                    <chop>Chop URI at first whitespace</chop>
                </OptionValues>
63 64 65 66 67 68 69 70 71
            </uriWhitespaceHandling>
            <useViaHeader type="BooleanField">
                <default>1</default>
                <Required>N</Required>
            </useViaHeader>
            <suppressVersion type="BooleanField">
                <default>0</default>
                <Required>N</Required>
            </suppressVersion>
72
            <VisibleEmail type="EmailField">
73
                <default>admin@localhost.local</default>
74
                <Required>N</Required>
75
                <ValidationMessage>Please enter a valid email address.</ValidationMessage>
76 77
            </VisibleEmail>
            <VisibleHostname type="TextField">
78
                <default>localhost</default>
79
                <Required>N</Required>
80
                <mask>/^([0-9a-zA-Z\.,_\-:]){0,1024}$/u</mask>
81
                <ValidationMessage>Please enter a valid servername, ip address or leave this option blank.</ValidationMessage>
82
            </VisibleHostname>
83 84 85 86 87 88 89 90 91 92
            <cache>
                <local>
                    <enabled type="BooleanField">
                        <default>0</default>
                        <Required>Y</Required>
                    </enabled>
                    <directory type="TextField">
                        <default>/var/squid/cache</default>
                        <Required>Y</Required>
                    </directory>
93 94 95 96 97 98
                    <cache_mem type="IntegerField">
                        <default>256</default>
                        <MinimumValue>1</MinimumValue>
                        <ValidationMessage>Specify a positive memory cache size. (number of MB's)</ValidationMessage>
                        <Required>Y</Required>
                    </cache_mem>
99 100 101 102 103 104
                    <maximum_object_size type="IntegerField">
                      <MinimumValue>1</MinimumValue>
                      <MaximumValue>99999</MaximumValue>
                      <ValidationMessage>Specify a maximum object size. (number of MB's)</ValidationMessage>
                      <Required>N</Required>
                    </maximum_object_size>
105 106 107
                    <size type="IntegerField">
                        <default>100</default>
                        <MinimumValue>1</MinimumValue>
108
                        <ValidationMessage>Specify a positive cache size. (number of MB's)</ValidationMessage>
109 110 111 112 113
                        <Required>Y</Required>
                    </size>
                    <l1 type="IntegerField">
                        <default>16</default>
                        <MinimumValue>1</MinimumValue>
114
                        <ValidationMessage>Specify a positive number of first-level subdirectories.</ValidationMessage>
115 116 117 118 119
                        <Required>Y</Required>
                    </l1>
                    <l2 type="IntegerField">
                        <default>256</default>
                        <MinimumValue>1</MinimumValue>
120
                        <ValidationMessage>Specify a positive number of second-level subdirectories.</ValidationMessage>
121 122 123 124 125 126 127 128 129 130 131 132
                        <Required>Y</Required>
                    </l2>
                </local>
            </cache>
            <traffic>
                <enabled type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </enabled>
                <maxDownloadSize type="IntegerField">
                    <default>2048</default>
                    <MinimumValue>1</MinimumValue>
133
                    <ValidationMessage>Specify the maximum download size. (number of KBs)</ValidationMessage>
134 135 136 137 138
                    <Required>N</Required>
                </maxDownloadSize>
                <maxUploadSize type="IntegerField">
                    <default>1024</default>
                    <MinimumValue>1</MinimumValue>
139
                    <ValidationMessage>Specify the maximum upload size. (number of KBs)</ValidationMessage>
140 141 142 143 144
                    <Required>N</Required>
                </maxUploadSize>
                <OverallBandwidthTrotteling type="IntegerField">
                    <default>1024</default>
                    <MinimumValue>1</MinimumValue>
145
                    <ValidationMessage>Specify the overall bandwidth for downloads in kilobits per second.</ValidationMessage>
146 147 148 149 150
                    <Required>N</Required>
                </OverallBandwidthTrotteling>
                <perHostTrotteling type="IntegerField">
                    <default>256</default>
                    <MinimumValue>1</MinimumValue>
151
                    <ValidationMessage>Specify the per host bandwidth for downloads in kilobits per second.</ValidationMessage>
152 153 154
                    <Required>N</Required>
                </perHostTrotteling>
            </traffic>
Jos Schellevis's avatar
Jos Schellevis committed
155 156
        </general>
        <forward>
157
            <interfaces type="InterfaceField">
Jos Schellevis's avatar
Jos Schellevis committed
158
                <Required>N</Required>
159
                <multiple>Y</multiple>
160
                <default>lan</default>
161 162 163 164
                <filters>
                    <enable>/^(?!0).*$/</enable>
                    <ipaddr>/^((?!dhcp).)*$/</ipaddr>
                </filters>
Jos Schellevis's avatar
Jos Schellevis committed
165 166 167 168 169
            </interfaces>
            <port type="IntegerField">
                <default>3128</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
170
                <ValidationMessage>Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
Jos Schellevis's avatar
Jos Schellevis committed
171 172
                <Required>Y</Required>
            </port>
Ad Schellevis's avatar
Ad Schellevis committed
173 174 175 176 177 178 179
            <sslbumpport type="IntegerField">
                <default>3129</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
                <ValidationMessage>SSL Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
                <Required>Y</Required>
            </sslbumpport>
180 181 182 183 184 185 186 187 188 189 190 191 192 193
            <sslbump type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </sslbump>
            <sslcertificate type="CertificateField">
                <Required>N</Required>
                <Type>ca</Type>
                <ValidationMessage>Please select a valid certificate from the list</ValidationMessage>
            </sslcertificate>
            <sslnobumpsites type="CSVListField">
              <Required>N</Required>
              <mask>/^([a-zA-Z0-9.:,]){0,}/</mask>
              <ValidationMessage>Please enter ip addresses or domain names here</ValidationMessage>
            </sslnobumpsites>
194 195 196 197 198 199 200 201 202 203 204 205 206 207
            <ssl_crtd_storage_max_size type="IntegerField">
              <Required>Y</Required>
              <default>4</default>
              <MinimumValue>1</MinimumValue>
              <MaximumValue>65535</MaximumValue>
              <ValidationMessage>max size needs to be an integer value between 1 and 65535</ValidationMessage>
            </ssl_crtd_storage_max_size>
            <sslcrtd_children type="IntegerField">
              <Required>Y</Required>
              <default>5</default>
              <MinimumValue>1</MinimumValue>
              <MaximumValue>32</MaximumValue>
              <ValidationMessage>the number of sslrtd children needs to be an integer value between 1 and 32</ValidationMessage>
            </sslcrtd_children>
208
            <ftpInterfaces type="InterfaceField">
209
                <Required>N</Required>
210 211 212 213 214
                <multiple>Y</multiple>
                <filters>
                    <enable>/^(?!0).*$/</enable>
                    <ipaddr>/^((?!dhcp).)*$/</ipaddr>
                </filters>
215 216 217 218 219
            </ftpInterfaces>
            <ftpPort type="IntegerField">
                <default>2121</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
220
                <ValidationMessage>FTP Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
221 222 223 224 225 226
                <Required>Y</Required>
            </ftpPort>
            <ftpTransparentMode type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </ftpTransparentMode>
Jos Schellevis's avatar
Jos Schellevis committed
227 228 229 230
            <addACLforInterfaceSubnets type="BooleanField">
                <default>1</default>
                <Required>Y</Required>
            </addACLforInterfaceSubnets>
231
            <transparentMode type="BooleanField">
Jos Schellevis's avatar
Jos Schellevis committed
232 233
                <default>0</default>
                <Required>Y</Required>
234
            </transparentMode>
235 236 237
            <acl>
                <allowedSubnets type="CSVListField">
                    <Required>N</Required>
238
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
239 240 241
                </allowedSubnets>
                <unrestricted type="CSVListField">
                    <Required>N</Required>
242
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
243 244 245
                </unrestricted>
                <bannedHosts type="CSVListField">
                    <Required>N</Required>
246
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
247 248 249 250 251 252 253
                </bannedHosts>
                <whiteList type="CSVListField">
                    <Required>N</Required>
                </whiteList>
                <blackList type="CSVListField">
                    <Required>N</Required>
                </blackList>
254 255 256 257 258 259 260 261
                <browser type="CSVListField">
                    <Required>N</Required>
                </browser>
                <mimeType type="CSVListField">
                    <Required>N</Required>
                </mimeType>
                <safePorts type="CSVListField">
                    <default>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</default>
262
                    <mask>/^([ \-0-9a-zA-Z:,])*/u</mask>
263 264 265 266 267
                    <Required>N</Required>
                </safePorts>
                <sslPorts type="CSVListField">
                    <default>443:https</default>
                    <Required>N</Required>
268
                    <mask>/^([ \-0-9a-zA-Z:,])*/u</mask>
269
                </sslPorts>
270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285
                <remoteACLs>
                    <blacklists>
                        <blacklist type="ArrayField">
                            <enabled type="BooleanField">
                                <default>0</default>
                                <Required>Y</Required>
                            </enabled>
                            <filename type="TextField">
                                <Required>Y</Required>
                                <Mask>/^[a-zA-Z0-9]{1,245}\.?[a-zA-z0-9]{1,10}$/</Mask>
                                <ValidationMessage>The filename may only contain letters,digits and one dot (not required).</ValidationMessage>
                            </filename>
                            <url type="UrlField">
                                <Required>Y</Required>
                                <ValidationMessage>This does not look like a valid url.</ValidationMessage>
                            </url>
286 287 288
                            <filter type="JsonKeyValueStoreField">
                                <Required>N</Required>
                                <SourceField>filename</SourceField>
289
                                <SourceFile>/usr/local/etc/squid/acl/%s.index</SourceFile>
290
                                <SelectAll>Y</SelectAll>
291
                                <Multiple>Y</Multiple>
292
                            </filter>
293 294
                            <description type="TextField">
                                <Required>Y</Required>
295
                                <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u</mask>
296 297 298
                            </description>
                        </blacklist>
                    </blacklists>
299 300 301 302 303 304 305 306 307 308 309 310 311 312
                    <UpdateCron type="ModelRelationField">
                        <Model>
                            <queues>
                                <source>OPNsense.Cron.Cron</source>
                                <items>jobs.job</items>
                                <display>description</display>
                                <filters>
                                    <origin>/Proxy/</origin>
                                </filters>
                            </queues>
                        </Model>
                        <ValidationMessage>Related cron not found</ValidationMessage>
                        <Required>N</Required>
                    </UpdateCron>
313
                </remoteACLs>
314
            </acl>
315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357
            <icap>
                <enable type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </enable>
                <RequestURL type="TextField">
                    <Required>Y</Required>
                    <default>icap://127.0.0.1/reqmod</default>
                </RequestURL>
                <ResponseURL type="TextField">
                    <default>icap://127.0.0.1/respmod</default>
                    <Required>Y</Required>
                </ResponseURL>
                <SendClientIP type="BooleanField">
                    <Required>Y</Required>
                    <default>1</default>
                </SendClientIP>
                <SendUsername type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </SendUsername>
                <EncodeUsername type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </EncodeUsername>
                <UsernameHeader type="TextField">
                    <Required>Y</Required>
                    <default>X-Username</default>
                    <mask>/^([a-zA-Z-]+)$/</mask>
                </UsernameHeader>
                <EnablePreview type="BooleanField">
                    <default>1</default>
                    <Required>Y</Required>
                </EnablePreview>
                <PreviewSize type="IntegerField">
                    <default>1024</default>
                    <Required>Y</Required>
                </PreviewSize>
                <OptionsTTL type="IntegerField">
                    <default>60</default>
                    <Required>Y</Required>
                </OptionsTTL>
            </icap>
358
            <authentication>
359
                <method type="AuthenticationServerField">
360
                    <Required>N</Required>
361
                    <multiple>Y</multiple>
362 363 364
                </method>
                <realm type="TextField">
                    <default>OPNsense proxy authentication</default>
365
                    <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){0,255}$/u</mask>
366 367 368 369 370
                    <Required>N</Required>
                </realm>
                <credentialsttl type="IntegerField">
                    <default>2</default>
                    <MinimumValue>1</MinimumValue>
371
                    <ValidationMessage>Credentials TTL needs to be an integer value above 0</ValidationMessage>
372 373 374 375 376
                    <Required>N</Required>
                </credentialsttl>
                <children type="IntegerField">
                    <default>5</default>
                    <MinimumValue>1</MinimumValue>
377
                    <ValidationMessage>Number of children needs to be an integer value above 0</ValidationMessage>
378 379 380
                    <Required>N</Required>
                </children>
            </authentication>
Jos Schellevis's avatar
Jos Schellevis committed
381 382 383
        </forward>
    </items>
</model>