Proxy.xml 12.5 KB
Newer Older
Jos Schellevis's avatar
Jos Schellevis committed
1 2 3 4 5 6 7
<model>
    <mount>//OPNsense/proxy</mount>
    <description>
        (squid) proxy settings
    </description>
    <items>
        <general>
8 9 10 11
            <enabled type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </enabled>
12 13 14
            <icpPort type="IntegerField">
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
15
                <ValidationMessage>ICP port needs to be an integer value between 1 and 65535</ValidationMessage>
16 17
                <Required>N</Required>
            </icpPort>
18 19 20 21 22 23 24 25 26 27 28
            <logging>
                <enable>
                    <accessLog type="BooleanField">
                        <default>1</default>
                        <Required>Y</Required>
                    </accessLog>
                    <storeLog type="BooleanField">
                        <default>1</default>
                        <Required>Y</Required>
                    </storeLog>
                </enable>
29 30
                <ignoreLogACL type="CSVListField">
                    <Required>N</Required>
31
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
32
                </ignoreLogACL>
33 34 35
            </logging>
            <alternateDNSservers type="CSVListField">
                <Required>N</Required>
36
                <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
37 38 39 40 41
            </alternateDNSservers>
            <dnsV4First type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </dnsV4First>
42
            <forwardedForHandling type="OptionField">
43 44 45 46 47 48 49 50
                <default>on</default>
                <Required>N</Required>
                <OptionValues>
                    <on>Append client's IP (on)</on>
                    <off>Set forward header to unknown (off)</off>
                    <transparent>Do not alter forward header (transparent)</transparent>
                    <truncate>Replace all with client's IP (truncate)</truncate>
                </OptionValues>
51
            </forwardedForHandling>
52
            <uriWhitespaceHandling type="OptionField">
53 54 55 56 57 58 59 60 61
                <default>strip</default>
                <Required>N</Required>
                <OptionValues>
                    <strip>Strip whitespaces</strip>
                    <deny>Deny request</deny>
                    <allow>Allow whitespaces</allow>
                    <encode>Encode whitespaces (RFC1738)</encode>
                    <chop>Chop URI at first whitespace</chop>
                </OptionValues>
62 63 64 65 66 67 68 69 70
            </uriWhitespaceHandling>
            <useViaHeader type="BooleanField">
                <default>1</default>
                <Required>N</Required>
            </useViaHeader>
            <suppressVersion type="BooleanField">
                <default>0</default>
                <Required>N</Required>
            </suppressVersion>
71 72 73 74 75 76 77 78 79 80 81 82 83
            <cache>
                <local>
                    <enabled type="BooleanField">
                        <default>0</default>
                        <Required>Y</Required>
                    </enabled>
                    <directory type="TextField">
                        <default>/var/squid/cache</default>
                        <Required>Y</Required>
                    </directory>
                    <size type="IntegerField">
                        <default>100</default>
                        <MinimumValue>1</MinimumValue>
84
                        <ValidationMessage>Specify a positive cache size. (number of MB's)</ValidationMessage>
85 86 87 88 89
                        <Required>Y</Required>
                    </size>
                    <l1 type="IntegerField">
                        <default>16</default>
                        <MinimumValue>1</MinimumValue>
90
                        <ValidationMessage>Specify a positive number of first-level subdirectories.</ValidationMessage>
91 92 93 94 95
                        <Required>Y</Required>
                    </l1>
                    <l2 type="IntegerField">
                        <default>256</default>
                        <MinimumValue>1</MinimumValue>
96
                        <ValidationMessage>Specify a positive number of second-level subdirectories.</ValidationMessage>
97 98 99 100 101 102 103 104 105 106 107 108
                        <Required>Y</Required>
                    </l2>
                </local>
            </cache>
            <traffic>
                <enabled type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </enabled>
                <maxDownloadSize type="IntegerField">
                    <default>2048</default>
                    <MinimumValue>1</MinimumValue>
109
                    <ValidationMessage>Specify the maximum download size. (number of KBs)</ValidationMessage>
110 111 112 113 114
                    <Required>N</Required>
                </maxDownloadSize>
                <maxUploadSize type="IntegerField">
                    <default>1024</default>
                    <MinimumValue>1</MinimumValue>
115
                    <ValidationMessage>Specify the maximum upload size. (number of KBs)</ValidationMessage>
116 117 118 119 120
                    <Required>N</Required>
                </maxUploadSize>
                <OverallBandwidthTrotteling type="IntegerField">
                    <default>1024</default>
                    <MinimumValue>1</MinimumValue>
121
                    <ValidationMessage>Specify the overall bandwidth for downloads in kilobits per second.</ValidationMessage>
122 123 124 125 126
                    <Required>N</Required>
                </OverallBandwidthTrotteling>
                <perHostTrotteling type="IntegerField">
                    <default>256</default>
                    <MinimumValue>1</MinimumValue>
127
                    <ValidationMessage>Specify the per host bandwidth for downloads in kilobits per second.</ValidationMessage>
128 129 130
                    <Required>N</Required>
                </perHostTrotteling>
            </traffic>
Jos Schellevis's avatar
Jos Schellevis committed
131 132
        </general>
        <forward>
133
            <interfaces type="InterfaceField">
Jos Schellevis's avatar
Jos Schellevis committed
134
                <Required>N</Required>
135
                <multiple>Y</multiple>
136
                <default>lan</default>
137 138 139 140
                <filters>
                    <enable>/^(?!0).*$/</enable>
                    <ipaddr>/^((?!dhcp).)*$/</ipaddr>
                </filters>
Jos Schellevis's avatar
Jos Schellevis committed
141 142 143 144 145
            </interfaces>
            <port type="IntegerField">
                <default>3128</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
146
                <ValidationMessage>Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
Jos Schellevis's avatar
Jos Schellevis committed
147 148
                <Required>Y</Required>
            </port>
149
            <ftpInterfaces type="InterfaceField">
150
                <Required>N</Required>
151 152 153 154 155
                <multiple>Y</multiple>
                <filters>
                    <enable>/^(?!0).*$/</enable>
                    <ipaddr>/^((?!dhcp).)*$/</ipaddr>
                </filters>
156 157 158 159 160
            </ftpInterfaces>
            <ftpPort type="IntegerField">
                <default>2121</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
161
                <ValidationMessage>FTP Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
162 163 164 165 166 167
                <Required>Y</Required>
            </ftpPort>
            <ftpTransparentMode type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </ftpTransparentMode>
Jos Schellevis's avatar
Jos Schellevis committed
168 169 170 171
            <addACLforInterfaceSubnets type="BooleanField">
                <default>1</default>
                <Required>Y</Required>
            </addACLforInterfaceSubnets>
172
            <transparentMode type="BooleanField">
Jos Schellevis's avatar
Jos Schellevis committed
173 174
                <default>0</default>
                <Required>Y</Required>
175
            </transparentMode>
176 177 178
            <acl>
                <allowedSubnets type="CSVListField">
                    <Required>N</Required>
179
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
180 181 182
                </allowedSubnets>
                <unrestricted type="CSVListField">
                    <Required>N</Required>
183
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
184 185 186
                </unrestricted>
                <bannedHosts type="CSVListField">
                    <Required>N</Required>
187
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
188 189 190 191 192 193 194
                </bannedHosts>
                <whiteList type="CSVListField">
                    <Required>N</Required>
                </whiteList>
                <blackList type="CSVListField">
                    <Required>N</Required>
                </blackList>
195 196 197 198 199 200 201 202
                <browser type="CSVListField">
                    <Required>N</Required>
                </browser>
                <mimeType type="CSVListField">
                    <Required>N</Required>
                </mimeType>
                <safePorts type="CSVListField">
                    <default>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</default>
203
                    <mask>/^([ \-0-9a-zA-Z:,])*/u</mask>
204 205 206 207 208
                    <Required>N</Required>
                </safePorts>
                <sslPorts type="CSVListField">
                    <default>443:https</default>
                    <Required>N</Required>
209
                    <mask>/^([ \-0-9a-zA-Z:,])*/u</mask>
210
                </sslPorts>
211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228
                <remoteACLs>
                    <blacklists>
                        <blacklist type="ArrayField">
                            <enabled type="BooleanField">
                                <default>0</default>
                                <Required>Y</Required>
                            </enabled>
                            <filename type="TextField">
                                <Required>Y</Required>
                                <Mask>/^[a-zA-Z0-9]{1,245}\.?[a-zA-z0-9]{1,10}$/</Mask>
                                <ValidationMessage>The filename may only contain letters,digits and one dot (not required).</ValidationMessage>
                            </filename>
                            <url type="UrlField">
                                <Required>Y</Required>
                                <ValidationMessage>This does not look like a valid url.</ValidationMessage>
                            </url>
                            <description type="TextField">
                                <Required>Y</Required>
229
                                <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u</mask>
230 231 232
                            </description>
                        </blacklist>
                    </blacklists>
233 234 235 236 237 238 239 240 241 242 243 244 245 246
                    <UpdateCron type="ModelRelationField">
                        <Model>
                            <queues>
                                <source>OPNsense.Cron.Cron</source>
                                <items>jobs.job</items>
                                <display>description</display>
                                <filters>
                                    <origin>/Proxy/</origin>
                                </filters>
                            </queues>
                        </Model>
                        <ValidationMessage>Related cron not found</ValidationMessage>
                        <Required>N</Required>
                    </UpdateCron>
247
                </remoteACLs>
248
            </acl>
249
            <authentication>
250
                <method type="AuthenticationServerField">
251
                    <Required>N</Required>
252 253
                    <multiple>Y</multiple>
                    <default>Local Database</default>
254 255 256
                </method>
                <realm type="TextField">
                    <default>OPNsense proxy authentication</default>
257
                    <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){0,255}$/u</mask>
258 259 260 261 262
                    <Required>N</Required>
                </realm>
                <credentialsttl type="IntegerField">
                    <default>2</default>
                    <MinimumValue>1</MinimumValue>
263
                    <ValidationMessage>Credentials TTL needs to be an integer value above 0</ValidationMessage>
264 265 266 267 268
                    <Required>N</Required>
                </credentialsttl>
                <children type="IntegerField">
                    <default>5</default>
                    <MinimumValue>1</MinimumValue>
269
                    <ValidationMessage>Number of children needs to be an integer value above 0</ValidationMessage>
270 271 272
                    <Required>N</Required>
                </children>
            </authentication>
Jos Schellevis's avatar
Jos Schellevis committed
273 274 275
        </forward>
    </items>
</model>