<model> <mount>//OPNsense/proxy</mount> <description> (squid) proxy settings </description> <items> <general> <enabled type="BooleanField"> <default>0</default> <Required>Y</Required> </enabled> <icpPort type="IntegerField"> <MinimumValue>1</MinimumValue> <MaximumValue>65535</MaximumValue> <ValidationMessage>ICP port needs to be an integer value between 1 and 65535</ValidationMessage> <Required>N</Required> </icpPort> <logging> <enable> <accessLog type="BooleanField"> <default>1</default> <Required>Y</Required> </accessLog> <storeLog type="BooleanField"> <default>1</default> <Required>Y</Required> </storeLog> </enable> <ignoreLogACL type="CSVListField"> <Required>N</Required> <mask>/^([\/0-9a-fA-F.:,])*/u</mask> </ignoreLogACL> </logging> <alternateDNSservers type="CSVListField"> <Required>N</Required> <mask>/^([\/0-9a-fA-F.:,])*/u</mask> </alternateDNSservers> <dnsV4First type="BooleanField"> <default>0</default> <Required>Y</Required> </dnsV4First> <forwardedForHandling type="OptionField"> <default>on</default> <Required>N</Required> <OptionValues> <on>Append client's IP (on)</on> <off>Set forward header to unknown (off)</off> <transparent>Do not alter forward header (transparent)</transparent> <truncate>Replace all with client's IP (truncate)</truncate> </OptionValues> </forwardedForHandling> <uriWhitespaceHandling type="OptionField"> <default>strip</default> <Required>N</Required> <OptionValues> <strip>Strip whitespaces</strip> <deny>Deny request</deny> <allow>Allow whitespaces</allow> <encode>Encode whitespaces (RFC1738)</encode> <chop>Chop URI at first whitespace</chop> </OptionValues> </uriWhitespaceHandling> <useViaHeader type="BooleanField"> <default>1</default> <Required>N</Required> </useViaHeader> <suppressVersion type="BooleanField"> <default>0</default> <Required>N</Required> </suppressVersion> <cache> <local> <enabled type="BooleanField"> <default>0</default> <Required>Y</Required> </enabled> <directory type="TextField"> <default>/var/squid/cache</default> <Required>Y</Required> </directory> <size type="IntegerField"> <default>100</default> <MinimumValue>1</MinimumValue> <ValidationMessage>Specify a positive cache size. (number of MB's)</ValidationMessage> <Required>Y</Required> </size> <l1 type="IntegerField"> <default>16</default> <MinimumValue>1</MinimumValue> <ValidationMessage>Specify a positive number of first-level subdirectories.</ValidationMessage> <Required>Y</Required> </l1> <l2 type="IntegerField"> <default>256</default> <MinimumValue>1</MinimumValue> <ValidationMessage>Specify a positive number of second-level subdirectories.</ValidationMessage> <Required>Y</Required> </l2> </local> </cache> <traffic> <enabled type="BooleanField"> <default>0</default> <Required>Y</Required> </enabled> <maxDownloadSize type="IntegerField"> <default>2048</default> <MinimumValue>1</MinimumValue> <ValidationMessage>Specify the maximum download size. (number of KBs)</ValidationMessage> <Required>N</Required> </maxDownloadSize> <maxUploadSize type="IntegerField"> <default>1024</default> <MinimumValue>1</MinimumValue> <ValidationMessage>Specify the maximum upload size. (number of KBs)</ValidationMessage> <Required>N</Required> </maxUploadSize> <OverallBandwidthTrotteling type="IntegerField"> <default>1024</default> <MinimumValue>1</MinimumValue> <ValidationMessage>Specify the overall bandwidth for downloads in kilobits per second.</ValidationMessage> <Required>N</Required> </OverallBandwidthTrotteling> <perHostTrotteling type="IntegerField"> <default>256</default> <MinimumValue>1</MinimumValue> <ValidationMessage>Specify the per host bandwidth for downloads in kilobits per second.</ValidationMessage> <Required>N</Required> </perHostTrotteling> </traffic> </general> <forward> <interfaces type="InterfaceField"> <Required>N</Required> <multiple>Y</multiple> <default>lan</default> <filters> <enable>/^(?!0).*$/</enable> <ipaddr>/^((?!dhcp).)*$/</ipaddr> </filters> </interfaces> <port type="IntegerField"> <default>3128</default> <MinimumValue>1</MinimumValue> <MaximumValue>65535</MaximumValue> <ValidationMessage>Proxy port needs to be an integer value between 1 and 65535</ValidationMessage> <Required>Y</Required> </port> <ftpInterfaces type="InterfaceField"> <Required>N</Required> <multiple>Y</multiple> <filters> <enable>/^(?!0).*$/</enable> <ipaddr>/^((?!dhcp).)*$/</ipaddr> </filters> </ftpInterfaces> <ftpPort type="IntegerField"> <default>2121</default> <MinimumValue>1</MinimumValue> <MaximumValue>65535</MaximumValue> <ValidationMessage>FTP Proxy port needs to be an integer value between 1 and 65535</ValidationMessage> <Required>Y</Required> </ftpPort> <ftpTransparentMode type="BooleanField"> <default>0</default> <Required>Y</Required> </ftpTransparentMode> <addACLforInterfaceSubnets type="BooleanField"> <default>1</default> <Required>Y</Required> </addACLforInterfaceSubnets> <transparentMode type="BooleanField"> <default>0</default> <Required>Y</Required> </transparentMode> <acl> <allowedSubnets type="CSVListField"> <Required>N</Required> <mask>/^([\/0-9a-fA-F.:,])*/u</mask> </allowedSubnets> <unrestricted type="CSVListField"> <Required>N</Required> <mask>/^([\/0-9a-fA-F.:,])*/u</mask> </unrestricted> <bannedHosts type="CSVListField"> <Required>N</Required> <mask>/^([\/0-9a-fA-F.:,])*/u</mask> </bannedHosts> <whiteList type="CSVListField"> <Required>N</Required> </whiteList> <blackList type="CSVListField"> <Required>N</Required> </blackList> <browser type="CSVListField"> <Required>N</Required> </browser> <mimeType type="CSVListField"> <Required>N</Required> </mimeType> <safePorts type="CSVListField"> <default>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</default> <mask>/^([ \-0-9a-zA-Z:,])*/u</mask> <Required>N</Required> </safePorts> <sslPorts type="CSVListField"> <default>443:https</default> <Required>N</Required> <mask>/^([ \-0-9a-zA-Z:,])*/u</mask> </sslPorts> <remoteACLs> <blacklists> <blacklist type="ArrayField"> <enabled type="BooleanField"> <default>0</default> <Required>Y</Required> </enabled> <filename type="TextField"> <Required>Y</Required> <Mask>/^[a-zA-Z0-9]{1,245}\.?[a-zA-z0-9]{1,10}$/</Mask> <ValidationMessage>The filename may only contain letters,digits and one dot (not required).</ValidationMessage> </filename> <url type="UrlField"> <Required>Y</Required> <ValidationMessage>This does not look like a valid url.</ValidationMessage> </url> <description type="TextField"> <Required>Y</Required> <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u</mask> </description> </blacklist> </blacklists> <UpdateCron type="ModelRelationField"> <Model> <queues> <source>OPNsense.Cron.Cron</source> <items>jobs.job</items> <display>description</display> <filters> <origin>/Proxy/</origin> </filters> </queues> </Model> <ValidationMessage>Related cron not found</ValidationMessage> <Required>N</Required> </UpdateCron> </remoteACLs> </acl> <authentication> <method type="AuthenticationServerField"> <Required>N</Required> <multiple>Y</multiple> <default>Local Database</default> </method> <realm type="TextField"> <default>OPNsense proxy authentication</default> <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){0,255}$/u</mask> <Required>N</Required> </realm> <credentialsttl type="IntegerField"> <default>2</default> <MinimumValue>1</MinimumValue> <ValidationMessage>Credentials TTL needs to be an integer value above 0</ValidationMessage> <Required>N</Required> </credentialsttl> <children type="IntegerField"> <default>5</default> <MinimumValue>1</MinimumValue> <ValidationMessage>Number of children needs to be an integer value above 0</ValidationMessage> <Required>N</Required> </children> </authentication> </forward> </items> </model>