<model>
    <mount>//OPNsense/proxy</mount>
    <description>
        (squid) proxy settings
    </description>
    <items>
        <general>
            <enabled type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </enabled>
            <icpPort type="IntegerField">
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
                <ValidationMessage>ICP port needs to be an integer value between 1 and 65535</ValidationMessage>
                <Required>N</Required>
            </icpPort>
            <logging>
                <enable>
                    <accessLog type="BooleanField">
                        <default>1</default>
                        <Required>Y</Required>
                    </accessLog>
                    <storeLog type="BooleanField">
                        <default>1</default>
                        <Required>Y</Required>
                    </storeLog>
                </enable>
                <ignoreLogACL type="CSVListField">
                    <Required>N</Required>
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
                </ignoreLogACL>
            </logging>
            <alternateDNSservers type="CSVListField">
                <Required>N</Required>
                <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
            </alternateDNSservers>
            <dnsV4First type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </dnsV4First>
            <forwardedForHandling type="OptionField">
                <default>on</default>
                <Required>N</Required>
                <OptionValues>
                    <on>Append client's IP (on)</on>
                    <off>Set forward header to unknown (off)</off>
                    <transparent>Do not alter forward header (transparent)</transparent>
                    <truncate>Replace all with client's IP (truncate)</truncate>
                </OptionValues>
            </forwardedForHandling>
            <uriWhitespaceHandling type="OptionField">
                <default>strip</default>
                <Required>N</Required>
                <OptionValues>
                    <strip>Strip whitespaces</strip>
                    <deny>Deny request</deny>
                    <allow>Allow whitespaces</allow>
                    <encode>Encode whitespaces (RFC1738)</encode>
                    <chop>Chop URI at first whitespace</chop>
                </OptionValues>
            </uriWhitespaceHandling>
            <useViaHeader type="BooleanField">
                <default>1</default>
                <Required>N</Required>
            </useViaHeader>
            <suppressVersion type="BooleanField">
                <default>0</default>
                <Required>N</Required>
            </suppressVersion>
            <cache>
                <local>
                    <enabled type="BooleanField">
                        <default>0</default>
                        <Required>Y</Required>
                    </enabled>
                    <directory type="TextField">
                        <default>/var/squid/cache</default>
                        <Required>Y</Required>
                    </directory>
                    <size type="IntegerField">
                        <default>100</default>
                        <MinimumValue>1</MinimumValue>
                        <ValidationMessage>Specify a positive cache size. (number of MB's)</ValidationMessage>
                        <Required>Y</Required>
                    </size>
                    <l1 type="IntegerField">
                        <default>16</default>
                        <MinimumValue>1</MinimumValue>
                        <ValidationMessage>Specify a positive number of first-level subdirectories.</ValidationMessage>
                        <Required>Y</Required>
                    </l1>
                    <l2 type="IntegerField">
                        <default>256</default>
                        <MinimumValue>1</MinimumValue>
                        <ValidationMessage>Specify a positive number of second-level subdirectories.</ValidationMessage>
                        <Required>Y</Required>
                    </l2>
                </local>
            </cache>
            <traffic>
                <enabled type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </enabled>
                <maxDownloadSize type="IntegerField">
                    <default>2048</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Specify the maximum download size. (number of KBs)</ValidationMessage>
                    <Required>N</Required>
                </maxDownloadSize>
                <maxUploadSize type="IntegerField">
                    <default>1024</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Specify the maximum upload size. (number of KBs)</ValidationMessage>
                    <Required>N</Required>
                </maxUploadSize>
                <OverallBandwidthTrotteling type="IntegerField">
                    <default>1024</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Specify the overall bandwidth for downloads in kilobits per second.</ValidationMessage>
                    <Required>N</Required>
                </OverallBandwidthTrotteling>
                <perHostTrotteling type="IntegerField">
                    <default>256</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Specify the per host bandwidth for downloads in kilobits per second.</ValidationMessage>
                    <Required>N</Required>
                </perHostTrotteling>
            </traffic>
        </general>
        <forward>
            <interfaces type="InterfaceField">
                <Required>N</Required>
                <multiple>Y</multiple>
                <default>lan</default>
                <filters>
                    <enable>/^(?!0).*$/</enable>
                    <ipaddr>/^((?!dhcp).)*$/</ipaddr>
                </filters>
            </interfaces>
            <port type="IntegerField">
                <default>3128</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
                <ValidationMessage>Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
                <Required>Y</Required>
            </port>
            <ftpInterfaces type="InterfaceField">
                <Required>N</Required>
                <multiple>Y</multiple>
                <filters>
                    <enable>/^(?!0).*$/</enable>
                    <ipaddr>/^((?!dhcp).)*$/</ipaddr>
                </filters>
            </ftpInterfaces>
            <ftpPort type="IntegerField">
                <default>2121</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
                <ValidationMessage>FTP Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
                <Required>Y</Required>
            </ftpPort>
            <ftpTransparentMode type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </ftpTransparentMode>
            <addACLforInterfaceSubnets type="BooleanField">
                <default>1</default>
                <Required>Y</Required>
            </addACLforInterfaceSubnets>
            <transparentMode type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </transparentMode>
            <acl>
                <allowedSubnets type="CSVListField">
                    <Required>N</Required>
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
                </allowedSubnets>
                <unrestricted type="CSVListField">
                    <Required>N</Required>
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
                </unrestricted>
                <bannedHosts type="CSVListField">
                    <Required>N</Required>
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
                </bannedHosts>
                <whiteList type="CSVListField">
                    <Required>N</Required>
                </whiteList>
                <blackList type="CSVListField">
                    <Required>N</Required>
                </blackList>
                <browser type="CSVListField">
                    <Required>N</Required>
                </browser>
                <mimeType type="CSVListField">
                    <Required>N</Required>
                </mimeType>
                <safePorts type="CSVListField">
                    <default>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</default>
                    <mask>/^([ \-0-9a-zA-Z:,])*/u</mask>
                    <Required>N</Required>
                </safePorts>
                <sslPorts type="CSVListField">
                    <default>443:https</default>
                    <Required>N</Required>
                    <mask>/^([ \-0-9a-zA-Z:,])*/u</mask>
                </sslPorts>
                <remoteACLs>
                    <blacklists>
                        <blacklist type="ArrayField">
                            <enabled type="BooleanField">
                                <default>0</default>
                                <Required>Y</Required>
                            </enabled>
                            <filename type="TextField">
                                <Required>Y</Required>
                                <Mask>/^[a-zA-Z0-9]{1,245}\.?[a-zA-z0-9]{1,10}$/</Mask>
                                <ValidationMessage>The filename may only contain letters,digits and one dot (not required).</ValidationMessage>
                            </filename>
                            <url type="UrlField">
                                <Required>Y</Required>
                                <ValidationMessage>This does not look like a valid url.</ValidationMessage>
                            </url>
                            <description type="TextField">
                                <Required>Y</Required>
                                <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u</mask>
                            </description>
                        </blacklist>
                    </blacklists>
                    <UpdateCron type="ModelRelationField">
                        <Model>
                            <queues>
                                <source>OPNsense.Cron.Cron</source>
                                <items>jobs.job</items>
                                <display>description</display>
                                <filters>
                                    <origin>/Proxy/</origin>
                                </filters>
                            </queues>
                        </Model>
                        <ValidationMessage>Related cron not found</ValidationMessage>
                        <Required>N</Required>
                    </UpdateCron>
                </remoteACLs>
            </acl>
            <authentication>
                <method type="AuthenticationServerField">
                    <Required>N</Required>
                    <multiple>Y</multiple>
                    <default>Local Database</default>
                </method>
                <realm type="TextField">
                    <default>OPNsense proxy authentication</default>
                    <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){0,255}$/u</mask>
                    <Required>N</Required>
                </realm>
                <credentialsttl type="IntegerField">
                    <default>2</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Credentials TTL needs to be an integer value above 0</ValidationMessage>
                    <Required>N</Required>
                </credentialsttl>
                <children type="IntegerField">
                    <default>5</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Number of children needs to be an integer value above 0</ValidationMessage>
                    <Required>N</Required>
                </children>
            </authentication>
        </forward>
    </items>
</model>