<form>
    <tab id="proxy-general" description="General Proxy Settings">
        <subtab id="proxy-general-settings" description="General Proxy Settings">
            <field>
                <id>proxy.general.enabled</id>
                <label>Enable proxy</label>
                <type>checkbox</type>
                <help>Enable or disable the proxy service.</help>
            </field>
            <field>
                <id>proxy.general.icpPort</id>
                <label>ICP port</label>
                <type>text</type>
                <help>The port number where Squid sends and receives ICP queries to and from neighbor caches. Leave blank to disable (default). The standard UDP port for ICP is 3130.</help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.logging.enable.accessLog</id>
                <label>Enable access logging</label>
                <type>checkbox</type>
                <help>Enable access logging.</help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.logging.enable.storeLog</id>
                <label>Enable store logging</label>
                <type>checkbox</type>
                <help><![CDATA[Enable store logging.]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.logging.ignoreLogACL</id>
                <label>Ignore hosts in access.log</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Type subnets/addresses you want to ignore for the access.log <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Type subnet addresses (ex. 192.168.2.0/24)</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.alternateDNSservers</id>
                <label>Use alternate DNS-servers</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Type IPs of alternative DNS servers you like to use. <div class="text-info"><b>TIP: </b>You can also paste a comma seperated list into this field.</div>]]></help>
                <hint>Type IP addresses, followed by Enter or comma.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.dnsV4First</id>
                <label>Enable DNS v4 first</label>
                <type>checkbox</type>
                <help><![CDATA[This option reverses the order of preference to make Squid contact dual-stack websites over IPv4 first.
            Squid will still perform both IPv6 and IPv4 DNS lookups before connecting.
            <div class="alert alert-warning"><b class="text-danger">Warning:</b> This option will restrict the situations under which IPv6
                connectivity is used (and tested). Hiding network problems
                which would otherwise be detected and warned about.</div>]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.useViaHeader</id>
                <label>Use Via header</label>
                <type>checkbox</type>
                <help><![CDATA[If set (default), Squid will include a Via header in requests and replies as required by RFC2616.]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.forwardedForHandling</id>
                <label>X-Forwarded for header handling</label>
                <type>dropdown</type>
                <help><![CDATA[Select what to do with X-Forwarded for header.]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.VisibleHostname</id>
                <label>Visible Hostname</label>
                <type>text</type>
                <help><![CDATA[This is the hostname to be displayed in proxy server error messages.]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.VisibleEmail</id>
                <label>Administrator's Email</label>
                <type>text</type>
                <help><![CDATA[This is the email address displayed in error messages to the users.]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.suppressVersion</id>
                <label>Suppress version string</label>
                <type>checkbox</type>
                <help><![CDATA[Suppress Squid version string info in HTTP headers and HTML error pages.]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.uriWhitespaceHandling</id>
                <label>Whitespace handling of URI</label>
                <type>dropdown</type>
                <help><![CDATA[Select what to do with URI that contain whitespaces.<br/>
            <div class="text-info"><b>NOTE:</b> the current Squid implementation of encode and chop violates
                RFC2616 by not using a 301 redirect after altering the URL.</div>]]></help>
                <advanced>true</advanced>
            </field>
        </subtab>
        <subtab id="proxy-general-cache-local" description="Local Cache Settings">
            <field>
                <id>proxy.general.cache.local.cache_mem</id>
                <label>Memory Cache size in Megabytes</label>
                <type>text</type>
                <help><![CDATA[Enter the cache memory size to use.]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.cache.local.enabled</id>
                <label>Enable local cache (requires service restart)</label>
                <type>checkbox</type>
                <help><![CDATA[Enable or disable the local cache.<br/>
        Currently only ufs directory cache type is supported.<br/>
        <b class="text-danger">Do not enable on embedded systems with SD or CF cards as this may break your drive.</b>]]></help>
            </field>
            <field>
                <id>proxy.general.cache.local.size</id>
                <label>Cache size in Megabytes</label>
                <type>text</type>
                <help><![CDATA[Enter the storage size for the local cache (default is 100).]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.cache.local.l1</id>
                <label>Number of first-level subdirectories</label>
                <type>text</type>
                <help><![CDATA[Enter the number of first-level subdirectories for the local cache (default is 16).]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.cache.local.l2</id>
                <label>Number of second-level subdirectories</label>
                <type>text</type>
                <help><![CDATA[Enter the number of first-level subdirectories for the local cache (default is 256).]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.general.cache.local.maximum_object_size</id>
                <label>Maximum object size (MB)</label>
                <type>text</type>
                <help><![CDATA[Set the maximum object size (default 4MB when left empty).]]></help>
                <advanced>true</advanced>
            </field>
        </subtab>
        <subtab id="proxy-general-traffic" description="Traffic Management Settings">
            <field>
                <id>proxy.general.traffic.enabled</id>
                <label>Enable traffic management.</label>
                <type>checkbox</type>
                <help><![CDATA[Enable or disable traffic management.]]></help>
            </field>
            <field>
                <id>proxy.general.traffic.maxDownloadSize</id>
                <label>Maximum download size (Kb)</label>
                <type>text</type>
                <help><![CDATA[Enter the maxium size for downloads in kilobytes (leave empty to disable).]]></help>
            </field>
            <field>
                <id>proxy.general.traffic.maxUploadSize</id>
                <label>Maximum upload size (Kb)</label>
                <type>text</type>
                <help><![CDATA[Enter the maxium size for uploads in kilobytes (leave empty to disable).]]></help>
            </field>
            <field>
                <id>proxy.general.traffic.OverallBandwidthTrotteling</id>
                <label>Overall bandwidth throttling (Kbps)</label>
                <type>text</type>
                <help><![CDATA[Enter the allowed overall bandtwith in kilobits per second (leave empty to disable).]]></help>
            </field>
            <field>
                <id>proxy.general.traffic.perHostTrotteling</id>
                <label>Per host bandwidth throttling (Kbps)</label>
                <type>text</type>
                <help><![CDATA[Enter the allowed per host bandwidth in kilobits per second (leave empty to disable).]]></help>
            </field>
        </subtab>
    </tab>
    <tab id="proxy-forward" description="Forward Proxy">
        <subtab id="proxy-forward-general" description="General Forward Settings">
            <field>
                <id>proxy.forward.interfaces</id>
                <label>Proxy interfaces</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Select interface(s) the proxy will bind to.]]></help>
                <hint>Type or select interface.</hint>
            </field>
            <field>
                <id>proxy.forward.port</id>
                <label>Proxy port</label>
                <type>text</type>
                <help><![CDATA[The port the proxy service will listen to.]]></help>
            </field>
            <field>
                <id>proxy.forward.transparentMode</id>
                <label>Enable Transparent HTTP proxy</label>
                <type>checkbox</type>
                <help><![CDATA[
                  Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server.
                  You may leave the proxy interfaces empty, but remember to set a valid ACL in that case.
                  <br/>
                  <a href="/firewall_nat_edit.php?template=transparant_proxy"> Add a new firewall rule </a>
                  ]]></help>
            </field>
            <field>
                <id>proxy.forward.sslbump</id>
                <label>Enable SSL mode</label>
                <type>checkbox</type>
                <help><![CDATA[
                  Enable sslbump mode,
                  which makes the proxy act as a man in the middle between the internet and your clients.<br/>
                  Be aware of the security implications before enabling this option.
                  <br/><br/>
                  Transparent HTTP proxy needs to be enabled and you need nat rules to reflect your traffic
                  for this feature to work.<br/>
                  <a href="/firewall_nat_edit.php?template=transparant_proxy&https=1"> Add a new firewall rule </a>
                  ]]></help>
            </field>
            <field>
                <id>proxy.forward.sslbumpport</id>
                <label>SSL Proxy port</label>
                <type>text</type>
                <help><![CDATA[The port the ssl proxy service will listen to.]]></help>
            </field>
            <field>
                <id>proxy.forward.sslcertificate</id>
                <label>CA to use</label>
                <type>dropdown</type>
                <help><![CDATA[
                  Select a Certificate Authority to use. To create a CA, go to <a href="/system_camanager.php">CA Manager</a>.
                  ]]></help>
            </field>
            <field>
                <id>proxy.forward.sslnobumpsites</id>
                <label>SSL no bump sites</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <allownew>true</allownew>
                <help><![CDATA[
                  Create a list of sites which may not be inspected, for example bank sites.<br/>
                  Prefix the domain with a . to accept all subdomains (e.g. .google.com).
                  ]]></help>
            </field>
            <field>
                <id>proxy.forward.ssl_crtd_storage_max_size</id>
                <label>SSL cache size</label>
                <type>text</type>
                <help><![CDATA[Enter the maximum size (in MB) to use for SSL certificates.]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.sslcrtd_children</id>
                <label>SSL cert workers</label>
                <type>text</type>
                <help><![CDATA[Enter the number of ssl certificate workers to use (sslcrtd_children).]]></help>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.addACLforInterfaceSubnets</id>
                <label>Allow interface subnets</label>
                <type>checkbox</type>
                <help><![CDATA[When enabled the subnets of the selected interfaces will be added to the allow access list.]]></help>
                <advanced>true</advanced>
            </field>
        </subtab>
        <subtab id="proxy-forward-ftp" description="FTP Proxy Settings">
            <field>
                <id>proxy.forward.ftpInterfaces</id>
                <label>FTP proxy interfaces</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Select interface(s) the ftp proxy will bind to.]]></help>
                <hint>Type or select interface (Leave blank to disable ftp proxy).</hint>
            </field>
            <field>
                <id>proxy.forward.ftpPort</id>
                <label>FTP proxy port</label>
                <type>text</type>
                <help><![CDATA[The port the proxy service will listen to.]]></help>
            </field>
            <field>
                <id>proxy.forward.ftpTransparentMode</id>
                <label>Enable Transparent mode</label>
                <type>checkbox</type>
                <help><![CDATA[Enable transparent ftp proxy mode to forward all requests for destination port 21 to the proxy server without any additional configuration.]]></help>
            </field>
        </subtab>
        <subtab id="proxy-forward-acl" description="Access Control List">
            <field>
                <id>proxy.forward.acl.allowedSubnets</id>
                <label>Allowed Subnets</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Type subnets you want to allow access to the proxy server, use a comma or press Enter for new item. <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Type subnet addresses (ex. 192.168.2.0/24)</hint>
                <allownew>true</allownew>
            </field>
            <field>
                <id>proxy.forward.acl.unrestricted</id>
                <label>Unrestricted IP addresses</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Type IP addresses you want to allow access to the proxy server, use a comma or press Enter for new item. <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Type IP addresses (ex. 192.168.1.100)</hint>
                <allownew>true</allownew>
            </field>
            <field>
                <id>proxy.forward.acl.bannedHosts</id>
                <label>Banned host IP addresses</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Type IP addresses you want to deny access to the proxy server, use a comma or press Enter for new item. <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Type IP addresses (ex. 192.168.1.100)</hint>
                <allownew>true</allownew>
            </field>
            <field>
                <id>proxy.forward.acl.whiteList</id>
                <label>Whitelist</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Whitelist destination domains.<br/>
        You may use a regular expression, use a comma or press Enter for new item.<br/>
        <div class="alert alert-info">
            <b>Examples:</b><br/>
            <b class="text-primary">mydomain.com</b> -> matches on <b>*.mydomain.com</b><br/>
            <b class="text-primary">^https?:\/\/([a-zA-Z]+)\.mydomain\.</b> -> matches on <b>http(s)://textONLY.mydomain.*</b><br/>
            <b class="text-primary">\.gif$</b> -> matches on <b>\*.gif</b> but not on <b class="text-danger">\*.gif\test</b><br/>
            <b class="text-primary">\[0-9]+\.gif$</b> -> matches on <b>\123.gif</b> but not on <b class="text-danger">\test.gif</b><br/>
        </div>
        <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Regular expressions are allowed.</hint>
                <allownew>true</allownew>
            </field>
            <field>
                <id>proxy.forward.acl.blackList</id>
                <label>Blacklist</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Blacklist destination domains.<br/>
        You may use a regular expression, use a comma or press Enter for new item.<br/>
        <div class="alert alert-info">
            <b>Examples:</b><br/>
            <b class="text-primary">mydomain.com</b> -> matches on <b>*.mydomain.com</b><br/>
            <b class="text-primary">^https?:\/\/([a-zA-Z]+)\.mydomain\.</b> -> matches on <b>http(s)://textONLY.mydomain.*</b><br/>
            <b class="text-primary">\.gif$</b> -> matches on <b>\*.gif</b> but not on <b class="text-danger">\*.gif\test</b><br/>
            <b class="text-primary">\[0-9]+\.gif$</b> -> matches on <b>\123.gif</b> but not on <b class="text-danger">\test.gif</b><br/>
        </div>
        <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Regular expressions are allowed.</hint>
                <allownew>true</allownew>
            </field>
            <field>
                <id>proxy.forward.acl.browser</id>
                <label>Block browser/user-agents</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Block user-agents.<br/>
        You may use a regular expression, use a comma or press Enter for new item.<br/>
        <div class="alert alert-info">
            <b>Examples:</b><br/>
            <b class="text-primary">^(.)+Macintosh(.)+Firefox/37\.0</b> -> matches on <b>Macintosh version of Firefox revision 37.0</b><br/>
            <b class="text-primary">^Mozilla</b> -> matches on <b>all Mozilla based browsers</b><br/>
        </div>
        <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Regular expressions are allowed.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.acl.mimeType</id>
                <label>Block specific MIME type reply</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Block specific MIME type reply.<br/>
        You may use a regular expression, use a comma or press Enter for new item.<br/>
        <div class="alert alert-info">
            <b>Examples:</b><br/>
            <b class="text-primary">video/flv</b> -> matches on <b>Flash Video</b><br/>
            <b class="text-primary">application/x-javascript</b> -> matches on <b>javascripts</b><br/>
        </div>
        <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Regular expressions are allowed.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.acl.safePorts</id>
                <label>Allowed destination TCP port</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Allowed destination TCP ports, you may use ranges (ex. 222-226) and add comments with colon (ex. 22:ssh).<br/>
        <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Type port number or range.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.acl.sslPorts</id>
                <label>Allowed SSL ports</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Allowed destination SSL ports, you may use ranges (ex. 222-226) and add comments with colon (ex. 22:ssh).<br/>
        <div class="text-info"><b>TIP: </b>You can also paste a comma separated list into this field.</div>]]></help>
                <hint>Type port number or range.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
        </subtab>
        <subtab id="proxy-icap" description="ICAP Settings">
            <field>
                <id>proxy.forward.icap.enable</id>
                <label>Enable ICAP</label>
                <type>checkbox</type>
                <style>tokenize</style>
                <help><![CDATA[If this checkbox is checked, you can use an ICAP server to filter or replace content.]]></help>
                <hint>Select if you want to use ICAP.</hint>
                <allownew>true</allownew>
                <advanced>false</advanced>
            </field>
            <field>
                <id>proxy.forward.icap.RequestURL</id>
                <label>Request Modify URL</label>
                <type>text</type>
                <style>tokenize</style>
                <help><![CDATA[Enter the url where the reqmod requests should be sent to.]]></help>
                <hint>Enter the url of the ICAP Server</hint>
                <allownew>true</allownew>
                <advanced>false</advanced>
            </field>
            <field>
                <id>proxy.forward.icap.ResponseURL</id>
                <label>Response Modify URL</label>
                <type>text</type>
                <style>tokenize</style>
                <help><![CDATA[Enter the url where the respmod requests should be sent to.]]></help>
                <hint>Enter the url of the ICAP Server</hint>
                <allownew>true</allownew>
                <advanced>false</advanced>
            </field>
            <field>
                <id>proxy.forward.icap.OptionsTTL</id>
                <label>Default Options TTL</label>
                <type>text</type>
                <style>tokenize</style>
                <help><![CDATA[Default ttl]]></help>
                <hint>Enter the default ttl.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.icap.SendClientIP</id>
                <label>Send Client IP</label>
                <type>checkbox</type>
                <style>tokenize</style>
                <help><![CDATA[If you enable this option, the client IP address will be sent to the ICAP server. This can be useful if you want to filter traffic based on IP addresses.]]></help>
                <hint>Send the client IP address to the ICAP server.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.icap.SendUsername</id>
                <label>Send Username</label>
                <type>checkbox</type>
                <style>tokenize</style>
                <help><![CDATA[If you enable this option, the username of the client will be sent to the ICAP server. This can be useful if you want to filter traffic based on usernames addresses. Note, that authentication is required to use usernames.]]></help>
                <hint>Check if the username should be sent to the ICAP server.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.icap.EncodeUsername</id>
                <label>Encode Username</label>
                <type>checkbox</type>
                <style>tokenize</style>
                <help><![CDATA[Use this option if your usernames need to be encoded.]]></help>
                <hint>Check if you want to encode the username using base64.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.icap.UsernameHeader</id>
                <label>Username Header</label>
                <type>text</type>
                <style>tokenize</style>
                <help><![CDATA[The header which should be used to send the username to the ICAP server.]]></help>
                <hint>Enter the name of the header.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.icap.EnablePreview</id>
                <label>Enable Preview</label>
                <type>checkbox</type>
                <style>tokenize</style>
                <help><![CDATA[If you use previews, only a part of the data is sent to the ICAP server. Setting this option can improve the performance. ]]></help>
                <hint>Enable if you want to use previews.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
            <field>
                <id>proxy.forward.icap.PreviewSize</id>
                <label>Preview Size</label>
                <type>text</type>
                <style>tokenize</style>
                <help><![CDATA[Enter the size of the preview wich is sent to the ICAP server.]]></help>
                <hint>Enter the size of the preview.</hint>
                <allownew>true</allownew>
                <advanced>true</advanced>
            </field>
        </subtab>
        <subtab id="proxy-general-authentication" description="Authentication Settings">
            <field>
                <id>proxy.forward.authentication.method</id>
                <label>Authentication method</label>
                <type>select_multiple</type>
                <style>tokenize</style>
                <help><![CDATA[Select Authentication method]]></help>
            </field>
            <field>
                <id>proxy.forward.authentication.realm</id>
                <label>Authentication Prompt</label>
                <type>text</type>
                <help><![CDATA[The prompt will be displayed in the authentication request window.]]></help>
            </field>
            <field>
                <id>proxy.forward.authentication.credentialsttl</id>
                <label>Authentication TTL (hours)</label>
                <type>text</type>
                <help><![CDATA[This specifies for how long (in hours) the proxy server assumes an externally validated username and password combination is valid (Time To Live).<br/>
            When the TTL expires, the user will be prompted for credentials again.]]></help>
            </field>
            <field>
                <id>proxy.forward.authentication.children</id>
                <label>Authentication processes</label>
                <type>text</type>
                <help><![CDATA[The total number of authenticator processes to spawn.]]></help>
            </field>
        </subtab>
    </tab>

    <activetab>proxy-general-settings</activetab>
</form>