<model>
    <mount>//OPNsense/proxy</mount>
    <description>
        (squid) proxy settings
    </description>
    <items>
        <general>
            <enabled type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </enabled>
            <icpPort type="IntegerField">
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
                <ValidationMessage>ICP port needs to be an integer value between 1 and 65535</ValidationMessage>
                <Required>N</Required>
            </icpPort>
            <logging>
                <enable>
                    <accessLog type="BooleanField">
                        <default>1</default>
                        <Required>Y</Required>
                    </accessLog>
                    <storeLog type="BooleanField">
                        <default>1</default>
                        <Required>Y</Required>
                    </storeLog>
                </enable>
                <ignoreLogACL type="CSVListField">
                    <Required>N</Required>
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
                </ignoreLogACL>
            </logging>
            <alternateDNSservers type="CSVListField">
                <Required>N</Required>
                <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
            </alternateDNSservers>
            <dnsV4First type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </dnsV4First>
            <forwardedForHandling type="OptionField">
                <default>on</default>
                <Required>N</Required>
                <BlankDesc>Default</BlankDesc>
                <OptionValues>
                    <on>Append client's IP (on)</on>
                    <off>Set forward header to unknown (off)</off>
                    <transparent>Do not alter forward header (transparent)</transparent>
                    <truncate>Replace all with client's IP (truncate)</truncate>
                </OptionValues>
            </forwardedForHandling>
            <uriWhitespaceHandling type="OptionField">
                <default>strip</default>
                <Required>N</Required>
                <OptionValues>
                    <strip>Strip whitespaces</strip>
                    <deny>Deny request</deny>
                    <allow>Allow whitespaces</allow>
                    <encode>Encode whitespaces (RFC1738)</encode>
                    <chop>Chop URI at first whitespace</chop>
                </OptionValues>
            </uriWhitespaceHandling>
            <useViaHeader type="BooleanField">
                <default>1</default>
                <Required>N</Required>
            </useViaHeader>
            <suppressVersion type="BooleanField">
                <default>0</default>
                <Required>N</Required>
            </suppressVersion>
            <VisibleEmail type="EmailField">
                <default>admin@localhost.local</default>
                <Required>N</Required>
                <ValidationMessage>Please enter a valid email address.</ValidationMessage>
            </VisibleEmail>
            <VisibleHostname type="TextField">
                <default>localhost</default>
                <Required>N</Required>
                <mask>/^([0-9a-zA-Z\.,_\-:]){0,1024}$/u</mask>
                <ValidationMessage>Please enter a valid servername, ip address or leave this option blank.</ValidationMessage>
            </VisibleHostname>
            <cache>
                <local>
                    <enabled type="BooleanField">
                        <default>0</default>
                        <Required>Y</Required>
                    </enabled>
                    <directory type="TextField">
                        <default>/var/squid/cache</default>
                        <Required>Y</Required>
                    </directory>
                    <cache_mem type="IntegerField">
                        <default>256</default>
                        <MinimumValue>1</MinimumValue>
                        <ValidationMessage>Specify a positive memory cache size. (number of MB's)</ValidationMessage>
                        <Required>Y</Required>
                    </cache_mem>
                    <maximum_object_size type="IntegerField">
                      <MinimumValue>1</MinimumValue>
                      <MaximumValue>99999</MaximumValue>
                      <ValidationMessage>Specify a maximum object size. (number of MB's)</ValidationMessage>
                      <Required>N</Required>
                    </maximum_object_size>
                    <size type="IntegerField">
                        <default>100</default>
                        <MinimumValue>1</MinimumValue>
                        <ValidationMessage>Specify a positive cache size. (number of MB's)</ValidationMessage>
                        <Required>Y</Required>
                    </size>
                    <l1 type="IntegerField">
                        <default>16</default>
                        <MinimumValue>1</MinimumValue>
                        <ValidationMessage>Specify a positive number of first-level subdirectories.</ValidationMessage>
                        <Required>Y</Required>
                    </l1>
                    <l2 type="IntegerField">
                        <default>256</default>
                        <MinimumValue>1</MinimumValue>
                        <ValidationMessage>Specify a positive number of second-level subdirectories.</ValidationMessage>
                        <Required>Y</Required>
                    </l2>
                </local>
            </cache>
            <traffic>
                <enabled type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </enabled>
                <maxDownloadSize type="IntegerField">
                    <default>2048</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Specify the maximum download size. (number of KBs)</ValidationMessage>
                    <Required>N</Required>
                </maxDownloadSize>
                <maxUploadSize type="IntegerField">
                    <default>1024</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Specify the maximum upload size. (number of KBs)</ValidationMessage>
                    <Required>N</Required>
                </maxUploadSize>
                <OverallBandwidthTrotteling type="IntegerField">
                    <default>1024</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Specify the overall bandwidth for downloads in kilobits per second.</ValidationMessage>
                    <Required>N</Required>
                </OverallBandwidthTrotteling>
                <perHostTrotteling type="IntegerField">
                    <default>256</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Specify the per host bandwidth for downloads in kilobits per second.</ValidationMessage>
                    <Required>N</Required>
                </perHostTrotteling>
            </traffic>
        </general>
        <forward>
            <interfaces type="InterfaceField">
                <Required>N</Required>
                <multiple>Y</multiple>
                <default>lan</default>
                <filters>
                    <enable>/^(?!0).*$/</enable>
                    <ipaddr>/^((?!dhcp).)*$/</ipaddr>
                </filters>
            </interfaces>
            <port type="IntegerField">
                <default>3128</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
                <ValidationMessage>Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
                <Required>Y</Required>
            </port>
            <sslbumpport type="IntegerField">
                <default>3129</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
                <ValidationMessage>SSL Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
                <Required>Y</Required>
            </sslbumpport>
            <sslbump type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </sslbump>
            <sslcertificate type="CertificateField">
                <Required>N</Required>
                <Type>ca</Type>
                <ValidationMessage>Please select a valid certificate from the list</ValidationMessage>
            </sslcertificate>
            <sslnobumpsites type="CSVListField">
              <Required>N</Required>
              <mask>/^([a-zA-Z0-9.:,]){0,}/</mask>
              <ValidationMessage>Please enter ip addresses or domain names here</ValidationMessage>
            </sslnobumpsites>
            <ssl_crtd_storage_max_size type="IntegerField">
              <Required>Y</Required>
              <default>4</default>
              <MinimumValue>1</MinimumValue>
              <MaximumValue>65535</MaximumValue>
              <ValidationMessage>max size needs to be an integer value between 1 and 65535</ValidationMessage>
            </ssl_crtd_storage_max_size>
            <sslcrtd_children type="IntegerField">
              <Required>Y</Required>
              <default>5</default>
              <MinimumValue>1</MinimumValue>
              <MaximumValue>32</MaximumValue>
              <ValidationMessage>the number of sslrtd children needs to be an integer value between 1 and 32</ValidationMessage>
            </sslcrtd_children>
            <ftpInterfaces type="InterfaceField">
                <Required>N</Required>
                <multiple>Y</multiple>
                <filters>
                    <enable>/^(?!0).*$/</enable>
                    <ipaddr>/^((?!dhcp).)*$/</ipaddr>
                </filters>
            </ftpInterfaces>
            <ftpPort type="IntegerField">
                <default>2121</default>
                <MinimumValue>1</MinimumValue>
                <MaximumValue>65535</MaximumValue>
                <ValidationMessage>FTP Proxy port needs to be an integer value between 1 and 65535</ValidationMessage>
                <Required>Y</Required>
            </ftpPort>
            <ftpTransparentMode type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </ftpTransparentMode>
            <addACLforInterfaceSubnets type="BooleanField">
                <default>1</default>
                <Required>Y</Required>
            </addACLforInterfaceSubnets>
            <transparentMode type="BooleanField">
                <default>0</default>
                <Required>Y</Required>
            </transparentMode>
            <acl>
                <allowedSubnets type="CSVListField">
                    <Required>N</Required>
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
                </allowedSubnets>
                <unrestricted type="CSVListField">
                    <Required>N</Required>
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
                </unrestricted>
                <bannedHosts type="CSVListField">
                    <Required>N</Required>
                    <mask>/^([\/0-9a-fA-F.:,])*/u</mask>
                </bannedHosts>
                <whiteList type="CSVListField">
                    <Required>N</Required>
                </whiteList>
                <blackList type="CSVListField">
                    <Required>N</Required>
                </blackList>
                <browser type="CSVListField">
                    <Required>N</Required>
                </browser>
                <mimeType type="CSVListField">
                    <Required>N</Required>
                </mimeType>
                <safePorts type="CSVListField">
                    <default>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</default>
                    <mask>/^([ \-0-9a-zA-Z:,])*/u</mask>
                    <Required>N</Required>
                </safePorts>
                <sslPorts type="CSVListField">
                    <default>443:https</default>
                    <Required>N</Required>
                    <mask>/^([ \-0-9a-zA-Z:,])*/u</mask>
                </sslPorts>
                <remoteACLs>
                    <blacklists>
                        <blacklist type="ArrayField">
                            <enabled type="BooleanField">
                                <default>0</default>
                                <Required>Y</Required>
                            </enabled>
                            <filename type="TextField">
                                <Required>Y</Required>
                                <Mask>/^[a-zA-Z0-9]{1,245}\.?[a-zA-z0-9]{1,10}$/</Mask>
                                <ValidationMessage>The filename may only contain letters,digits and one dot (not required).</ValidationMessage>
                            </filename>
                            <url type="UrlField">
                                <Required>Y</Required>
                                <ValidationMessage>This does not look like a valid url.</ValidationMessage>
                            </url>
                            <filter type="JsonKeyValueStoreField">
                                <Required>N</Required>
                                <SourceField>filename</SourceField>
                                <SourceFile>/usr/local/etc/squid/acl/%s.index</SourceFile>
                                <SelectAll>Y</SelectAll>
                                <Multiple>Y</Multiple>
                            </filter>
                            <description type="TextField">
                                <Required>Y</Required>
                                <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u</mask>
                            </description>
                        </blacklist>
                    </blacklists>
                    <UpdateCron type="ModelRelationField">
                        <Model>
                            <queues>
                                <source>OPNsense.Cron.Cron</source>
                                <items>jobs.job</items>
                                <display>description</display>
                                <filters>
                                    <origin>/Proxy/</origin>
                                </filters>
                            </queues>
                        </Model>
                        <ValidationMessage>Related cron not found</ValidationMessage>
                        <Required>N</Required>
                    </UpdateCron>
                </remoteACLs>
            </acl>
            <icap>
                <enable type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </enable>
                <RequestURL type="TextField">
                    <Required>Y</Required>
                    <default>icap://127.0.0.1/reqmod</default>
                </RequestURL>
                <ResponseURL type="TextField">
                    <default>icap://127.0.0.1/respmod</default>
                    <Required>Y</Required>
                </ResponseURL>
                <SendClientIP type="BooleanField">
                    <Required>Y</Required>
                    <default>1</default>
                </SendClientIP>
                <SendUsername type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </SendUsername>
                <EncodeUsername type="BooleanField">
                    <default>0</default>
                    <Required>Y</Required>
                </EncodeUsername>
                <UsernameHeader type="TextField">
                    <Required>Y</Required>
                    <default>X-Username</default>
                    <mask>/^([a-zA-Z-]+)$/</mask>
                </UsernameHeader>
                <EnablePreview type="BooleanField">
                    <default>1</default>
                    <Required>Y</Required>
                </EnablePreview>
                <PreviewSize type="IntegerField">
                    <default>1024</default>
                    <Required>Y</Required>
                </PreviewSize>
                <OptionsTTL type="IntegerField">
                    <default>60</default>
                    <Required>Y</Required>
                </OptionsTTL>
            </icap>
            <authentication>
                <method type="AuthenticationServerField">
                    <Required>N</Required>
                    <multiple>Y</multiple>
                </method>
                <realm type="TextField">
                    <default>OPNsense proxy authentication</default>
                    <mask>/^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){0,255}$/u</mask>
                    <Required>N</Required>
                </realm>
                <credentialsttl type="IntegerField">
                    <default>2</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Credentials TTL needs to be an integer value above 0</ValidationMessage>
                    <Required>N</Required>
                </credentialsttl>
                <children type="IntegerField">
                    <default>5</default>
                    <MinimumValue>1</MinimumValue>
                    <ValidationMessage>Number of children needs to be an integer value above 0</ValidationMessage>
                    <Required>N</Required>
                </children>
            </authentication>
        </forward>
    </items>
</model>