Commit f56f7e86 authored by Fabio Miguel Mello's avatar Fabio Miguel Mello

URL Filter Only at HTTPS Proxy

parent 0dca6edd
......@@ -231,6 +231,14 @@
<a href="/firewall_nat_edit.php?template=transparant_proxy&https=1"> Add a new firewall rule </a>
]]></help>
</field>
<field>
<id>proxy.forward.sslurlonly</id>
<label>SSL URL Only</label>
<type>checkbox</type>
<help><![CDATA[
Dont filter content, only url
]]></help>
</field>
<field>
<id>proxy.forward.sslbumpport</id>
<label>SSL Proxy port</label>
......
......@@ -188,6 +188,10 @@
<default>0</default>
<Required>Y</Required>
</sslbump>
<sslurlonly type="BooleanField">
<default>0</default>
<Required>Y</Required>
</sslurlonly>
<sslcertificate type="CertificateField">
<Required>N</Required>
<Type>ca</Type>
......
......@@ -40,17 +40,24 @@ http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
# setup ssl re-cert
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/ssl_crtd -M {{ OPNsense.proxy.forward.ssl_crtd_storage_max_size|default('4') }}MB
sslcrtd_children {{ OPNsense.proxy.forward.sslcrtd_children|default('5') }}
# setup ssl bump acl's
acl bump_step1 at_step SslBump1
acl bump_step2 at_step SslBump2
acl bump_step3 at_step SslBump3
acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"
# configure bump
ssl_bump peek bump_step1 all
{% if helpers.exists('OPNsense.proxy.forward.sslurlonly') and OPNsense.proxy.forward.sslurlonly == '1' %}
ssl_bump splice all
ssl_bump peek bump_step2 all
ssl_bump splice bump_step3 all
{% else %}
ssl_bump splice bump_nobumpsites
ssl_bump peek bump_step2 bump_nobumpsites
ssl_bump splice bump_step3 bump_nobumpsites
{% endif %}
ssl_bump bump
sslproxy_cert_error deny all
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment