# # Automatic generated configuration for Squid. # Do not edit this file manually. {# wrap http_port ssl bump configuration for reuse #} {% macro sslbump_httpsconfig(network, tags='') -%} {% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %} https_port {{network}}:{{OPNsense.proxy.forward.sslbumpport|default('3129')}} {{tags}} ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on {% endif %} {%- endmacro %} {% if helpers.exists('OPNsense.proxy.forward.transparentMode') and OPNsense.proxy.forward.transparentMode == '1' %} # transparent mode, listen on localhost http_port 127.0.0.1:{{ OPNsense.proxy.forward.port }} intercept {{ sslbump_httpsconfig('127.0.0.1', 'intercept') }} http_port [::1]:{{ OPNsense.proxy.forward.port }} intercept {{ sslbump_httpsconfig('[::1]', 'intercept') }} {% endif %} # Setup listen configuration {% if helpers.exists('OPNsense.proxy.forward.interfaces') %} {% for interface in OPNsense.proxy.forward.interfaces.split(",") %} {% for intf_key,intf_item in interfaces.iteritems() %} {% if intf_key == interface and intf_item.ipaddr != 'dhcp' %} http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }} {% endif %} {% endfor %} {# virtual ip's #} {% if helpers.exists('virtualip') %} {% for intf_key,intf_item in virtualip.iteritems() %} {% if intf_item.interface == interface and intf_item.mode == 'ipalias' %} http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }} {% endif %} {% endfor %} {% endif %} {% endfor %} {% endif %} {% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %} # setup ssl re-cert sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/ssl_crtd -M {{ OPNsense.proxy.forward.ssl_crtd_storage_max_size|default('4') }}MB sslcrtd_children {{ OPNsense.proxy.forward.sslcrtd_children|default('5') }} # setup ssl bump acl's acl bump_step1 at_step SslBump1 acl bump_step2 at_step SslBump2 acl bump_step3 at_step SslBump3 acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl" # configure bump ssl_bump peek bump_step1 all ssl_bump splice bump_nobumpsites ssl_bump peek bump_step2 bump_nobumpsites ssl_bump splice bump_step3 bump_nobumpsites ssl_bump bump sslproxy_cert_error deny all {% endif %} acl ftp proto FTP http_access allow ftp {% if helpers.exists('OPNsense.proxy.forward.ftpTransparentMode') and OPNsense.proxy.forward.ftpTransparentMode == '1' %} # transparent mode, listen on localhost ftp_port 127.0.0.1:{{ OPNsense.proxy.forward.ftpPort }} intercept ftp_port [::1]:{{ OPNsense.proxy.forward.ftpPort }} intercept {% endif %} # Setup ftp proxy {% if helpers.exists('OPNsense.proxy.forward.ftpInterfaces') %} {% for interface in OPNsense.proxy.forward.ftpInterfaces.split(",") %} {% for intf_key,intf_item in interfaces.iteritems() %} {% if intf_key == interface and intf_item.ipaddr != 'dhcp' %} ftp_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP {% endif %} {% endfor %} {# virtual ip's #} {% if helpers.exists('virtualip') %} {% for intf_key,intf_item in virtualip.iteritems() %} {% if intf_item.interface == interface and intf_item.mode == 'ipalias' %} ftp_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP {% endif %} {% endfor %} {% endif %} {% endfor %} {% endif %} # Rules allowing access from your local networks. # Generated list of (internal) IP networks from where browsing # should be allowed. (Allow interface subnets). {% if helpers.exists('OPNsense.proxy.forward.interfaces') %} {% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %} {% if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %} {% for interface in OPNsense.proxy.forward.interfaces.split(",") %} {% for intf_key,intf_item in interfaces.iteritems() %} {% if intf_key == interface and intf_item.ipaddr != 'dhcp' %} acl localnet src {{intf_item.ipaddr.split(".")[0:3]|join(".")}}.0/{{intf_item.subnet}} # Possible internal network {% endif %} {% endfor %} {% if helpers.exists('virtualip') %} {% for intf_key,intf_item in virtualip.iteritems() %} {% if intf_item.interface == interface and intf_item.mode == 'ipalias' %} acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network {% endif %} {% endfor %} {% endif %} {% endfor %} {% endif %} {% endif %} {% endif %} # Default allow for local-link and private networks acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines # ACL lists {% if helpers.exists('OPNsense.proxy.forward.acl.allowedSubnets') %} # ACL - Allow Subnets - User defined (subnets) {% for network in OPNsense.proxy.forward.acl.allowedSubnets.split(",") %} acl subnets src {{network}} {% endfor %} {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %} # ACL - Unrestricted IPs - User defined (unrestricted) {% for ip in OPNsense.proxy.forward.acl.unrestricted.split(",") %} acl unrestricted src {{ip}} {% endfor %} {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %} # ACL - Banned Hosts - User defined (bannedHosts) {% for ip in OPNsense.proxy.forward.acl.bannedHosts.split(",") %} acl bannedHosts src {{ip}} {% endfor %} {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %} # ACL - Whitelist - User defined (whiteList) {% for element in OPNsense.proxy.forward.acl.whiteList.split(",") %} {% if '^' in element or '\\' in element or '$' in element or '[' in element %} acl whiteList url_regex {{element}} {% else %} acl whiteList url_regex {{element|replace(".","\.")}} {% endif %} {% endfor %} {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %} # ACL - Blacklist - User defined (blackList) {% for element in OPNsense.proxy.forward.acl.blackList.split(",") %} {% if '^' in element or '\\' in element or '$' in element or '[' in element %} acl blackList url_regex {{element}} {% else %} acl blackList url_regex {{element|replace(".","\.")}} {% endif %} {% endfor %} {% endif %} # ACL - Remote fetched Blacklist (remoteblacklist) {% if helpers.exists('OPNsense.proxy.forward.acl.remoteACLs.blacklists') %} {% for blacklist in helpers.toList('OPNsense.proxy.forward.acl.remoteACLs.blacklists.blacklist') %} {% if blacklist.enabled=='1' %} acl remoteblacklist_{{blacklist.filename}} dstdomain "/usr/local/etc/squid/acl/{{blacklist.filename}}" {% endif %} {% endfor %} {% endif %} # ACL - Block browser/user-agent - User defined (browser) {% if helpers.exists('OPNsense.proxy.forward.acl.browser') %} {% for element in OPNsense.proxy.forward.acl.browser.split(",") %} acl blockuseragents browser {{element}} {% endfor %} {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %} # ACL - Block MIME types - User defined (mimetype) {% for element in OPNsense.proxy.forward.acl.mimeType.split(",") %} acl blockmimetypes rep_mime_type {{element}} acl blockmimetypes_requests req_mime_type {{element}} {% endfor %} {% endif %} # ACL - SSL ports, default are configured in config.xml # Configured SSL ports (if defaults are not listed, then they have been removed from the configuration!): {% if helpers.exists('OPNsense.proxy.forward.acl.sslPorts') %} {% for element in OPNsense.proxy.forward.acl.sslPorts.split(",") %} acl SSL_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}} {% endfor %} {% endif %} # Default Safe ports are now defined in config.xml # Configured Safe ports (if defaults are not listed, then they have been removed from the configuration!): {% if helpers.exists('OPNsense.proxy.forward.acl.safePorts') %} # ACL - Safe_ports {% for element in OPNsense.proxy.forward.acl.safePorts.split(",") %} acl Safe_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}} {% endfor %} {% endif %} acl CONNECT method CONNECT # ICAP SETTINGS {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} # enable icap icap_enable on {% if helpers.exists('OPNsense.proxy.forward.icap.OptionsTTL') %} icap_default_options_ttl {{OPNsense.proxy.forward.icap.OptionsTTL}} {% endif %} # send user information to the icap server {% if helpers.exists('OPNsense.proxy.forward.icap.SendClientIP') and OPNsense.proxy.forward.icap.SendClientIP == '1' %} adaptation_send_client_ip on {% else %} adaptation_send_client_ip off {% endif %} {% if helpers.exists('OPNsense.proxy.forward.icap.SendUsername') and OPNsense.proxy.forward.icap.SendUsername == '1' %} adaptation_send_username on {% else %} adaptation_send_username off {% endif %} {% if helpers.exists('OPNsense.proxy.forward.icap.EncodeUsername') and OPNsense.proxy.forward.icap.EncodeUsername == '1' %} icap_client_username_encode on {% else %} icap_client_username_encode off {% endif %} # preview {% if helpers.exists('OPNsense.proxy.forward.icap.EnablePreview') and OPNsense.proxy.forward.icap.EnablePreview == '1' %} icap_preview_enable on {% else %} icap_preview_enable off {% endif %} {% if helpers.exists('OPNsense.proxy.forward.icap.PreviewSize') %} icap_preview_size {{OPNsense.proxy.forward.icap.PreviewSize}} {% endif %} # add the servers {% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %} icap_service response_mod respmod_precache {{OPNsense.proxy.forward.icap.ResponseURL}} {% endif %} {% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %} icap_service request_mod reqmod_precache {{OPNsense.proxy.forward.icap.RequestURL}} {% endif %} {% else %} # disable icap icap_enable off {% endif %} # Authentication Settings {% if helpers.exists('OPNsense.proxy.forward.authentication.method') and OPNsense.proxy.forward.authentication.method != '' %} # Configure Local User Authentication helper auth_param basic program /usr/local/etc/inc/squid.auth-user.php {% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %} auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}} {% endif %} {% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %} auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours {% endif %} {% if helpers.exists('OPNsense.proxy.forward.authentication.children') %} auth_param basic children {{OPNsense.proxy.forward.authentication.children}} {% endif %} # ACL - Local Authorized Users - local_auth acl local_auth proxy_auth REQUIRED {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %} # ALLOW UNRESTRICTED # ACL list (Allow) unrestricted {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod allow unrestricted adaptation_access request_mod allow unrestricted {% endif %} http_access allow unrestricted {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %} # ACL list (Allow) whitelist {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod allow whiteList adaptation_access request_mod allow whiteList {% endif %} http_access allow whiteList {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %} # # ACL list (Deny) blacklist {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod deny blackList adaptation_access request_mod deny blackList {% endif %} http_access deny blackList {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.remoteACLs.blacklists') %} {% for blacklist in helpers.toList('OPNsense.proxy.forward.acl.remoteACLs.blacklists.blacklist') if blacklist.enabled=='1' %} # ACL list (Deny) remoteblacklist_{{blacklist.filename}} {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod deny remoteblacklist_{{blacklist.filename}} adaptation_access request_mod deny remoteblacklist_{{blacklist.filename}} {% endif %} http_access deny remoteblacklist_{{blacklist.filename}} {% endfor %} {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.browser') %} # ACL list (Deny) blockuseragent {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod deny blockuseragents adaptation_access request_mod deny blockuseragents {% endif %} http_access deny blockuseragents {% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %} # ACL list (Deny) blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} adaptation_access request_mod deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} adaptation_access response_mod deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} adaptation_access request_mod deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} {% endif %} http_reply_access deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} http_access deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %} {% endif %} # Deny requests to certain unsafe ports {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} adaptation_access request_mod deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} {% endif %} http_access deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} # Deny CONNECT to other than secure SSL ports {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} adaptation_access request_mod deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} {% endif %} http_access deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %} {% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %} {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod deny bannedHosts adaptation_access request_mod deny bannedHosts {% endif %} http_access deny bannedHosts {% endif %} # Only allow cachemgr access from localhost {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod allow localhost manager adaptation_access request_mod allow localhost manager adaptation_access response_mod deny manager adaptation_access request_mod deny manager {% endif %} http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod deny to_localhost adaptation_access request_mod deny to_localhost {% endif %} http_access deny to_localhost # # Access Permission configuration: # # Deny request from unauthorized clients {% if helpers.exists('OPNsense.proxy.forward.authentication.method') and OPNsense.proxy.forward.authentication.method != '' %} {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod allow local_auth adaptation_access request_mod allow local_auth {% endif %} http_access allow local_auth {% endif %} # # ACL - localnet - default these include ranges from selected interfaces (Allow local subnets) {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod allow localnet adaptation_access request_mod allow localnet {% endif %} http_access allow localnet # ACL - localhost {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod allow localhost adaptation_access request_mod allow localhost {% endif %} http_access allow localhost {% if helpers.exists('OPNsense.proxy.forward.acl.allowedSubnets') %} # ACL list (Allow) subnets {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod allow subnets adaptation_access request_mod allow subnets {% endif %} http_access allow subnets {% endif %} # Deny all other access to this proxy {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %} adaptation_access response_mod deny all adaptation_access request_mod deny all {% endif %} http_access deny all {% if helpers.exists('OPNsense.proxy.general.cache.local') %} cache_mem {{ OPNsense.proxy.general.cache.local.cache_mem|default('256') }} MB {% if OPNsense.proxy.general.cache.local.maximum_object_size|default('') != '' %} maximum_object_size {{OPNsense.proxy.general.cache.local.maximum_object_size}} MB {% if OPNsense.proxy.general.cache.local.maximum_object_size|int > 4 %} cache_replacement_policy heap LFUDA {% endif %} {% endif %} {% if OPNsense.proxy.general.cache.local.enabled == '1' %} # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs {{OPNsense.proxy.general.cache.local.directory}} {{OPNsense.proxy.general.cache.local.size}} {{OPNsense.proxy.general.cache.local.l1}} {{OPNsense.proxy.general.cache.local.l2}} {% endif %} {% endif %} # Leave coredumps in the first cache dir coredump_dir /var/squid/cache # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # Squid Options {% if helpers.exists('OPNsense.proxy.general.dnsV4First') %} {% if OPNsense.proxy.general.dnsV4First == '1' %} # dns_v4_first reverses the order of preference to make Squid contact dual-stack websites over IPv4 first dns_v4_first on {% endif %} {% endif %} {% if helpers.exists('OPNsense.proxy.general.logging.enable.accessLog') %} {% if OPNsense.proxy.general.logging.enable.accessLog == '0' %} # Disable access logging access_log none {% elif OPNsense.proxy.general.logging.ignoreLogACL|default('') != '' %} # ignore source hosts from access.log acl accesslog_ignore src {{ OPNsense.proxy.general.logging.ignoreLogACL.replace(',', ' ') }} access_log /var/log/squid/access.log squid !accesslog_ignore {% endif %} {% endif %} {% if helpers.exists('OPNsense.proxy.general.logging.enable.storeLog') %} {% if OPNsense.proxy.general.logging.enable.storeLog == '0' %} # Disable cache store log cache_store_log none {% else %} cache_store_log /var/log/squid/store.log {% endif %} {% endif %} {% if helpers.exists('OPNsense.proxy.general.alternateDNSservers' ) %} {% for dns in OPNsense.proxy.general.alternateDNSservers.split(",") %} dns_nameservers {{dns}} {% endfor %} {% endif %} {% if helpers.exists('OPNsense.proxy.general.useViaHeader') %} {% if OPNsense.proxy.general.useViaHeader == '0' %} # Disable via Header via off {% endif %} {% endif %} {% if helpers.exists('OPNsense.proxy.general.suppressVersion') %} {% if OPNsense.proxy.general.suppressVersion == '1' %} # Suppres http version string (default=off) httpd_suppress_version_string on {% endif %} {% endif %} {% if helpers.exists('OPNsense.proxy.general.icpPort') %} {% if OPNsense.proxy.general.icpPort != '' %} icp_port {{OPNsense.proxy.general.icpPort}} {% endif %} {% endif %} {% if helpers.exists('OPNsense.proxy.general.uriWhitespaceHandling') %} # URI hanlding with Whitespaces (default=strip) uri_whitespace {{OPNsense.proxy.general.uriWhitespaceHandling}} {% endif %} {% if helpers.exists('OPNsense.proxy.general.forwardedForHandling') %} # X-Forwarded header handling (default=on) forwarded_for {{OPNsense.proxy.general.forwardedForHandling}} {% endif %} {% if helpers.exists('OPNsense.proxy.general.traffic.enabled') and OPNsense.proxy.general.traffic.enabled == '1' %} {% if helpers.exists('OPNsense.proxy.general.traffic.maxDownloadSize') %} # Define max download size reply_body_max_size {{OPNsense.proxy.general.traffic.maxDownloadSize}} KB {% endif %} {% if helpers.exists('OPNsense.proxy.general.traffic.maxUploadSize') %} # Define max upload size request_body_max_size {{OPNsense.proxy.general.traffic.maxUploadSize}} KB {% endif %} {% if helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %} delay_pools 1 delay_class 1 3 delay_access 1 allow all {% if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') %} # Define PerHost and Overall Bandwith Trotteling delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}} -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}} {% else %} # Define PerHost Trotteling delay_parameters -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}} {% endif %} {% endif %} {% if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') and not helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %} # Define Overall Bandwidth Trotteling delay_pools 1 delay_class 1 1 delay_access 1 allow all delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}} {% endif %} {% endif %} # Disable squid logfile rotate to use system defaults logfile_rotate 0 {% if helpers.exists('OPNsense.proxy.general.VisibleHostname') %} # Define visible hostname visible_hostname {{OPNsense.proxy.general.VisibleHostname}} {% endif %} {% if helpers.exists('OPNsense.proxy.general.VisibleEmail') %} # Define visible email cache_mgr {{OPNsense.proxy.general.VisibleEmail}} {% endif %}