#
# Automatic generated configuration for Squid.
# Do not edit this file manually.

{# wrap http_port ssl bump configuration for reuse #}
{% macro sslbump_httpsconfig(network, tags='') -%}
  {% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %}
https_port {{network}}:{{OPNsense.proxy.forward.sslbumpport|default('3129')}} {{tags}} ssl-bump cert=/var/squid/ssl/ca.pem  dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
  {% endif %}
{%- endmacro %}

{% if helpers.exists('OPNsense.proxy.forward.transparentMode') and OPNsense.proxy.forward.transparentMode == '1' %}
# transparent mode, listen on localhost
http_port 127.0.0.1:{{ OPNsense.proxy.forward.port }} intercept
{{ sslbump_httpsconfig('127.0.0.1', 'intercept') }}
http_port [::1]:{{ OPNsense.proxy.forward.port }} intercept
{{ sslbump_httpsconfig('[::1]', 'intercept') }}
{% endif %}

# Setup listen configuration
{% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
{%   for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{%      for intf_key,intf_item in interfaces.iteritems() %}
{%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }}
{%          endif %}
{%      endfor %}
{# virtual ip's #}
{%      if helpers.exists('virtualip') %}
{%          for intf_key,intf_item in virtualip.iteritems() %}
{%              if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
{%              endif %}
{%          endfor %}
{%      endif %}
{%   endfor %}
{% endif %}

{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %}
# setup ssl re-cert
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/ssl_crtd -M {{ OPNsense.proxy.forward.ssl_crtd_storage_max_size|default('4') }}MB
sslcrtd_children {{ OPNsense.proxy.forward.sslcrtd_children|default('5') }}
# setup ssl bump acl's
acl bump_step1 at_step SslBump1
acl bump_step2 at_step SslBump2
acl bump_step3 at_step SslBump3
acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"

# configure bump
ssl_bump peek bump_step1 all
ssl_bump splice bump_nobumpsites
ssl_bump peek bump_step2 bump_nobumpsites
ssl_bump splice bump_step3 bump_nobumpsites
ssl_bump bump

sslproxy_cert_error deny all
{% endif %}

acl ftp proto FTP
http_access allow ftp

{% if helpers.exists('OPNsense.proxy.forward.ftpTransparentMode') and OPNsense.proxy.forward.ftpTransparentMode == '1' %}
# transparent mode, listen on localhost
ftp_port 127.0.0.1:{{ OPNsense.proxy.forward.ftpPort }} intercept
ftp_port [::1]:{{ OPNsense.proxy.forward.ftpPort }} intercept
{% endif %}

# Setup ftp proxy
{% if helpers.exists('OPNsense.proxy.forward.ftpInterfaces') %}
{%   for interface in OPNsense.proxy.forward.ftpInterfaces.split(",") %}
{%      for intf_key,intf_item in interfaces.iteritems() %}
{%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
ftp_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP
{%          endif %}
{%      endfor %}
{# virtual ip's #}
{%      if helpers.exists('virtualip') %}
{%          for intf_key,intf_item in virtualip.iteritems() %}
{%              if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
ftp_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP
{%              endif %}
{%          endfor %}
{%      endif %}
{%   endfor %}
{% endif %}

# Rules allowing access from your local networks.
# Generated list of (internal) IP networks from where browsing
# should be allowed. (Allow interface subnets).
{% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
{%  if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %}
{%      if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %}
{%      for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{%          for intf_key,intf_item in interfaces.iteritems() %}
{%              if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
acl localnet src {{intf_item.ipaddr.split(".")[0:3]|join(".")}}.0/{{intf_item.subnet}} # Possible internal network
{%              endif %}
{%          endfor %}
{%          if helpers.exists('virtualip') %}
{%              for intf_key,intf_item in virtualip.iteritems() %}
{%                  if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
{%                  endif %}
{%              endfor %}
{%          endif %}
{%      endfor %}
{%      endif %}
{%  endif %}
{% endif %}
# Default allow for local-link and private networks
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

# ACL lists
{% if helpers.exists('OPNsense.proxy.forward.acl.allowedSubnets') %}

# ACL - Allow Subnets - User defined (subnets)
{%  for network in OPNsense.proxy.forward.acl.allowedSubnets.split(",") %}
acl subnets src {{network}}
{%  endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}

# ACL - Unrestricted IPs - User defined (unrestricted)
{%  for ip in OPNsense.proxy.forward.acl.unrestricted.split(",") %}
acl unrestricted src {{ip}}
{%  endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %}

# ACL - Banned Hosts - User defined (bannedHosts)
{%  for ip in OPNsense.proxy.forward.acl.bannedHosts.split(",") %}
acl bannedHosts src {{ip}}
{%  endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %}
# ACL - Whitelist - User defined (whiteList)
{%  for element in OPNsense.proxy.forward.acl.whiteList.split(",") %}
{%      if '^' in element or '\\' in element or '$' in element or '[' in element %}
acl whiteList url_regex {{element}}
{%      else %}
acl whiteList url_regex {{element|replace(".","\.")}}
{%      endif %}
{%  endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %}

# ACL - Blacklist - User defined (blackList)
{%  for element in OPNsense.proxy.forward.acl.blackList.split(",") %}
{%      if '^' in element or '\\' in element or '$' in element or '[' in element %}
acl blackList url_regex {{element}}
{%      else %}
acl blackList url_regex {{element|replace(".","\.")}}
{%      endif %}
{%  endfor %}
{% endif %}

# ACL - Remote fetched Blacklist (remoteblacklist)
{% if helpers.exists('OPNsense.proxy.forward.acl.remoteACLs.blacklists') %}
{%   for blacklist in helpers.toList('OPNsense.proxy.forward.acl.remoteACLs.blacklists.blacklist') %}
{%      if blacklist.enabled=='1' %}
acl remoteblacklist_{{blacklist.filename}} dstdomain "/usr/local/etc/squid/acl/{{blacklist.filename}}"
{%      endif %}
{%   endfor %}
{% endif %}

# ACL - Block browser/user-agent - User defined (browser)
{% if helpers.exists('OPNsense.proxy.forward.acl.browser') %}
{%  for element in OPNsense.proxy.forward.acl.browser.split(",") %}
acl blockuseragents browser {{element}}
{%  endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %}

# ACL - Block MIME types - User defined (mimetype)
{%  for element in OPNsense.proxy.forward.acl.mimeType.split(",") %}
acl blockmimetypes rep_mime_type {{element}}
acl blockmimetypes_requests req_mime_type {{element}}
{%  endfor %}
{% endif %}

# ACL - SSL ports, default are configured in config.xml
# Configured SSL ports (if defaults are not listed, then they have been removed from the configuration!):
{% if helpers.exists('OPNsense.proxy.forward.acl.sslPorts') %}
{%  for element in OPNsense.proxy.forward.acl.sslPorts.split(",") %}
acl SSL_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}}
{%  endfor %}
{% endif %}

# Default Safe ports are now defined in config.xml
# Configured Safe ports (if defaults are not listed, then they have been removed from the configuration!):
{% if helpers.exists('OPNsense.proxy.forward.acl.safePorts') %}
# ACL - Safe_ports
{%  for element in OPNsense.proxy.forward.acl.safePorts.split(",") %}
acl Safe_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}}
{%  endfor %}
{% endif %}
acl CONNECT method CONNECT

# ICAP SETTINGS
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
# enable icap
icap_enable on
{%   if helpers.exists('OPNsense.proxy.forward.icap.OptionsTTL') %}
icap_default_options_ttl {{OPNsense.proxy.forward.icap.OptionsTTL}}
{%   endif %}

# send user information to the icap server
{%   if helpers.exists('OPNsense.proxy.forward.icap.SendClientIP') and OPNsense.proxy.forward.icap.SendClientIP == '1' %}
adaptation_send_client_ip on
{%   else %}
adaptation_send_client_ip off
{%   endif %}
{%   if helpers.exists('OPNsense.proxy.forward.icap.SendUsername') and OPNsense.proxy.forward.icap.SendUsername == '1' %}
adaptation_send_username on
{%   else %}
adaptation_send_username off
{%   endif %}
{%   if helpers.exists('OPNsense.proxy.forward.icap.EncodeUsername') and OPNsense.proxy.forward.icap.EncodeUsername == '1' %}
icap_client_username_encode on
{%   else %}
icap_client_username_encode off
{%   endif %}

# preview
{%   if helpers.exists('OPNsense.proxy.forward.icap.EnablePreview') and OPNsense.proxy.forward.icap.EnablePreview == '1' %}
icap_preview_enable on
{%   else %}
icap_preview_enable off
{%   endif %}
{% if helpers.exists('OPNsense.proxy.forward.icap.PreviewSize') %}
icap_preview_size {{OPNsense.proxy.forward.icap.PreviewSize}}
{%   endif %}

# add the servers
{%   if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %}
icap_service response_mod respmod_precache {{OPNsense.proxy.forward.icap.ResponseURL}}
{%   endif %}
{%   if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %}
icap_service request_mod reqmod_precache {{OPNsense.proxy.forward.icap.RequestURL}}
{%   endif %}

{% else %}
# disable icap
icap_enable off
{% endif %}

# Authentication Settings
{% if helpers.exists('OPNsense.proxy.forward.authentication.method') and  OPNsense.proxy.forward.authentication.method != '' %}
# Configure Local User Authentication helper
auth_param basic program /usr/local/etc/inc/squid.auth-user.php
{% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %}
auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %}
auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.children') %}
auth_param basic children {{OPNsense.proxy.forward.authentication.children}}
{% endif %}
# ACL - Local Authorized Users - local_auth
acl local_auth proxy_auth REQUIRED
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}

# ALLOW UNRESTRICTED
# ACL list (Allow) unrestricted
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod allow unrestricted
adaptation_access request_mod allow unrestricted
{% endif %}
http_access allow unrestricted
{% endif %}

{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %}

# ACL list (Allow) whitelist
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod allow whiteList
adaptation_access request_mod allow whiteList
{% endif %}
http_access allow whiteList
{% endif %}

{% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %}

#
# ACL list (Deny) blacklist
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod deny blackList
adaptation_access request_mod deny blackList
{% endif %}
http_access deny blackList
{% endif %}

{% if helpers.exists('OPNsense.proxy.forward.acl.remoteACLs.blacklists') %}
{%   for blacklist in helpers.toList('OPNsense.proxy.forward.acl.remoteACLs.blacklists.blacklist') if blacklist.enabled=='1' %}
# ACL list (Deny) remoteblacklist_{{blacklist.filename}}
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod deny remoteblacklist_{{blacklist.filename}}
adaptation_access request_mod deny remoteblacklist_{{blacklist.filename}}
{% endif %}
http_access deny remoteblacklist_{{blacklist.filename}}
{%   endfor %}
{% endif %}

{% if helpers.exists('OPNsense.proxy.forward.acl.browser') %}

# ACL list (Deny) blockuseragent
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod deny blockuseragents
adaptation_access request_mod deny blockuseragents
{% endif %}
http_access deny blockuseragents
{% endif %}

{% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %}

# ACL list (Deny) blockmimetypes
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}
adaptation_access request_mod deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}
adaptation_access response_mod deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}
adaptation_access request_mod deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}
{% endif %}
http_reply_access deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}

http_access deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}

{% endif %}

# Deny requests to certain unsafe ports
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}

adaptation_access request_mod deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
{% endif %}

http_access deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}

# Deny CONNECT to other than secure SSL ports
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}

adaptation_access request_mod deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
{% endif %}

http_access deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}

{% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %}
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod deny bannedHosts
adaptation_access request_mod deny bannedHosts
{% endif %}
http_access deny bannedHosts
{% endif %}

# Only allow cachemgr access from localhost
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod allow localhost manager
adaptation_access request_mod allow localhost manager
adaptation_access response_mod deny manager
adaptation_access request_mod deny manager
{% endif %}
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod deny to_localhost
adaptation_access request_mod deny to_localhost
{% endif %}
http_access deny to_localhost

#
# Access Permission configuration:
#
# Deny request from unauthorized clients
{% if helpers.exists('OPNsense.proxy.forward.authentication.method') and  OPNsense.proxy.forward.authentication.method != '' %}
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod allow local_auth
adaptation_access request_mod allow local_auth
{% endif %}
http_access allow local_auth
{% endif %}

#
# ACL - localnet - default these include ranges from selected interfaces (Allow local subnets)
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod allow localnet
adaptation_access request_mod allow localnet
{% endif %}
http_access allow localnet

# ACL - localhost
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod allow localhost
adaptation_access request_mod allow localhost
{% endif %}
http_access allow localhost
{% if helpers.exists('OPNsense.proxy.forward.acl.allowedSubnets') %}

# ACL list (Allow) subnets
{%   if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod allow subnets
adaptation_access request_mod allow subnets
{%   endif %}
http_access allow subnets
{% endif %}

# Deny all other access to this proxy
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
adaptation_access response_mod deny all
adaptation_access request_mod deny all
{% endif %}
http_access deny all

{% if helpers.exists('OPNsense.proxy.general.cache.local')  %}
cache_mem {{ OPNsense.proxy.general.cache.local.cache_mem|default('256') }} MB
{%   if OPNsense.proxy.general.cache.local.maximum_object_size|default('') != '' %}
maximum_object_size {{OPNsense.proxy.general.cache.local.maximum_object_size}} MB
{%      if OPNsense.proxy.general.cache.local.maximum_object_size|int > 4 %}
cache_replacement_policy heap LFUDA
{%      endif %}
{%   endif %}
{%  if OPNsense.proxy.general.cache.local.enabled == '1' %}
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs {{OPNsense.proxy.general.cache.local.directory}} {{OPNsense.proxy.general.cache.local.size}} {{OPNsense.proxy.general.cache.local.l1}} {{OPNsense.proxy.general.cache.local.l2}}
{%  endif %}
{% endif %}

# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

# Squid Options
{% if helpers.exists('OPNsense.proxy.general.dnsV4First') %}
{%      if OPNsense.proxy.general.dnsV4First == '1' %}
# dns_v4_first reverses the order of preference to make Squid contact dual-stack websites over IPv4 first
dns_v4_first on
{%      endif %}
{% endif %}

{% if helpers.exists('OPNsense.proxy.general.logging.enable.accessLog') %}
{%      if OPNsense.proxy.general.logging.enable.accessLog == '0' %}
# Disable access logging
access_log none
{%      elif OPNsense.proxy.general.logging.ignoreLogACL|default('') != '' %}
# ignore source hosts from access.log
acl accesslog_ignore src {{ OPNsense.proxy.general.logging.ignoreLogACL.replace(',', ' ') }}
access_log /var/log/squid/access.log squid !accesslog_ignore
{%      endif %}
{% endif %}

{% if helpers.exists('OPNsense.proxy.general.logging.enable.storeLog') %}
{%      if OPNsense.proxy.general.logging.enable.storeLog == '0' %}
# Disable cache store log
cache_store_log none
{%      else %}
cache_store_log /var/log/squid/store.log
{%      endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.alternateDNSservers' ) %}
{%   for dns in OPNsense.proxy.general.alternateDNSservers.split(",") %}
dns_nameservers {{dns}}
{%   endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.useViaHeader') %}
{%      if OPNsense.proxy.general.useViaHeader == '0' %}
# Disable via Header
via off
{%      endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.suppressVersion') %}
{%      if OPNsense.proxy.general.suppressVersion == '1' %}
# Suppres http version string (default=off)
httpd_suppress_version_string on
{%      endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.icpPort') %}
{%      if OPNsense.proxy.general.icpPort != '' %}
icp_port {{OPNsense.proxy.general.icpPort}}
{%      endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.uriWhitespaceHandling') %}
# URI hanlding with Whitespaces (default=strip)
uri_whitespace {{OPNsense.proxy.general.uriWhitespaceHandling}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.forwardedForHandling') %}
# X-Forwarded header handling (default=on)
forwarded_for {{OPNsense.proxy.general.forwardedForHandling}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.traffic.enabled') and OPNsense.proxy.general.traffic.enabled == '1' %}
{%  if helpers.exists('OPNsense.proxy.general.traffic.maxDownloadSize') %}
# Define max download size
reply_body_max_size {{OPNsense.proxy.general.traffic.maxDownloadSize}} KB
{%  endif %}
{%  if helpers.exists('OPNsense.proxy.general.traffic.maxUploadSize') %}
# Define max upload size
request_body_max_size {{OPNsense.proxy.general.traffic.maxUploadSize}} KB
{%  endif %}
{%  if helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %}
delay_pools 1
delay_class 1 3
delay_access 1 allow all
{%      if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') %}
# Define PerHost and Overall Bandwith Trotteling
delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}} -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}
{%      else %}
# Define PerHost Trotteling
delay_parameters -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}
{%      endif %}
{%  endif %}
{%  if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') and not helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %}
# Define Overall Bandwidth Trotteling
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}
{%  endif %}
{% endif %}
# Disable squid logfile rotate to use system defaults
logfile_rotate 0
{% if helpers.exists('OPNsense.proxy.general.VisibleHostname') %}
# Define visible hostname
visible_hostname {{OPNsense.proxy.general.VisibleHostname}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.VisibleEmail') %}
# Define visible email
cache_mgr {{OPNsense.proxy.general.VisibleEmail}}
{% endif %}