Merge pull request #883 from fabianfrz/https_proxy

add link to proxy page and extend the nat template

Merge pull request #883 from fabianfrz/https_proxy
add link to proxy page and extend the nat template
1106416d · Ad Schellevis · 99f49d36 · 4aa0ce0f · 1106416d · 1106416d
Commit 1106416d authored Apr 11, 2016 by Ad Schellevis
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 21 deletions

main.xml ...pnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml +11 -10

firewall_nat_edit.php src/www/firewall_nat_edit.php +23 -11

No files found.
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@@ -200,15 +200,15 @@
                <help><![CDATA[The port the proxy service will listen to.]]></help>
            </field>
            <field>
-                    <id>proxy.forward.transparentMode</id>
+                <id>proxy.forward.transparentMode</id>
-                    <label>Enable Transparent HTTP proxy</label>
+                <label>Enable Transparent HTTP proxy</label>
-                    <type>checkbox</type>
+                <type>checkbox</type>
-                    <help><![CDATA[
+                <help><![CDATA[
-			Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server.
+                  Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server.
-			You may leave the proxy interfaces empty, but remember to set a valid ACL in that case.
+                  You may leave the proxy interfaces empty, but remember to set a valid ACL in that case.
-			<br/>
+                  <br/>
-			<a href="/firewall_nat_edit.php?template=transparant_proxy"> add a new firewall rule </a>
+                  <a href="/firewall_nat_edit.php?template=transparant_proxy"> Add a new firewall rule </a>
-                    ]]></help>
+                  ]]></help>
            </field>
            <field>
                <id>proxy.forward.sslbump</id>
@@ -220,7 +220,8 @@
                  Be aware of the security implications before enabling this option.
                  <br/><br/>
                  Transparent HTTP proxy needs to be enabled and you need nat rules to reflect your traffic
-                  for this feature to work.
+                  for this feature to work.<br/>
+                  <a href="/firewall_nat_edit.php?template=transparant_proxy&https=1"> Add a new firewall rule </a>
                  ]]></help>
            </field>
            <field>

--- a/src/www/firewall_nat_edit.php
+++ b/src/www/firewall_nat_edit.php
@@ -150,19 +150,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $pconfig['interface'] = "lan";
        $pconfig['src'] = "lan";
        $pconfig['dst'] = "any";
-        $pconfig['dstbeginport'] = 80 ;
+        if (isset($_GET['https'])){
-        $pconfig['dstendport'] = 80 ;
+            $pconfig['dstbeginport'] = 443;
-        $pconfig['target'] = '127.0.0.1';
+            $pconfig['dstendport'] = 443;
-        // try to read the proxy configuration to determine the current port
+            if (isset($config['OPNsense']['proxy']['forward']['sslbumpport'])) {
-        // this has some disadvantages in case of dependencies, but there isn't
+                $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['sslbumpport'];
-        // a much better solution available at the moment.
+            } else {
-        if (isset($config['OPNsense']['proxy']['forward']['port'])) {
+                $pconfig['local-port'] = 3129;
-            $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port'];
+            }
-        } else {
-            $pconfig['local-port'] = 3128;
        }
+        else {
+            $pconfig['dstbeginport'] = 80;
+            $pconfig['dstendport'] = 80;
+            // try to read the proxy configuration to determine the current port
+            // this has some disadvantages in case of dependencies, but there isn't
+            // a much better solution available at the moment.
+            if (isset($config['OPNsense']['proxy']['forward']['port'])) {
+                $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port'];
+            } else {
+                $pconfig['local-port'] = 3128;
+            }
+        }
+        $pconfig['target'] = '127.0.0.1';
        $pconfig['natreflection'] = 'enable';
-        $pconfig['descr'] = "redirect traffic to proxy";
+        $pconfig['descr'] = gettext("redirect traffic to proxy");
    } else {
        $pconfig['src'] = "any";
    }