summaryrefslogtreecommitdiffstats
path: root/lib/network/squid.pm
diff options
context:
space:
mode:
Diffstat (limited to 'lib/network/squid.pm')
-rw-r--r--lib/network/squid.pm73
1 files changed, 73 insertions, 0 deletions
diff --git a/lib/network/squid.pm b/lib/network/squid.pm
new file mode 100644
index 0000000..7ca60d2
--- /dev/null
+++ b/lib/network/squid.pm
@@ -0,0 +1,73 @@
+package network::squid;
+
+use strict;
+use common;
+
+our $squid_conf_file = "$::prefix/etc/squid/squid.conf";
+
+sub read_squid_conf {
+ my ($o_file) = @_;
+ my $s = cat_($o_file || $squid_conf_file);
+ { http_port => [ $s =~ /^\s*http_port\s+(.*)/mg ],
+ cache_size => [ if_($s =~ /^\s*cache_dir diskd\s+(.*)/mg, split(' ', $1)) ],
+ admin_mail => [ if_($s =~ /^\s*err_html_text\s+(.*)/mg, split(' ', $1)) ] };
+}
+
+sub write_squid_conf {
+ my ($squid_conf, $intf, $internal_domain_name) = @_;
+
+ renamef($squid_conf_file, "$squid_conf_file.old");
+ output($squid_conf_file, qq(
+http_port $squid_conf->{http_port}[0]
+hierarchy_stoplist cgi-bin ?
+acl QUERY urlpath_regex cgi-bin \\?
+no_cache deny QUERY
+cache_dir diskd /var/spool/squid $squid_conf->{cache_size}[1] 16 256
+cache_store_log none
+auth_param basic children 5
+auth_param basic realm Squid proxy-caching web server
+auth_param basic credentialsttl 2 hours
+refresh_pattern ^ftp: 1440 20% 10080
+refresh_pattern ^gopher: 1440 0% 1440
+refresh_pattern . 0 20% 4320
+half_closed_clients off
+acl all src 0.0.0.0/0.0.0.0
+acl manager proto cache_object
+acl localhost src 127.0.0.1/255.255.255.255
+acl to_localhost dst 127.0.0.0/8
+acl SSL_ports port 443 563
+acl Safe_ports port 80 # http
+acl Safe_ports port 21 # ftp
+acl Safe_ports port 443 563 # https, snews
+acl Safe_ports port 70 # gopher
+acl Safe_ports port 210 # wais
+acl Safe_ports port 1025-65535 # unregistered ports
+acl Safe_ports port 280 # http-mgmt
+acl Safe_ports port 488 # gss-http
+acl Safe_ports port 591 # filemaker
+acl Safe_ports port 777 # multiling http
+acl CONNECT method CONNECT
+http_access allow manager localhost
+http_access deny manager
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access deny to_localhost
+acl mynetwork src $intf->{NETWORK}/$intf->{NETMASK}
+http_access allow mynetwork
+http_access allow localhost
+http_reply_access allow all
+icp_access allow all
+visible_hostname $squid_conf->{visible_hostname}[0]
+httpd_accel_host virtual
+httpd_accel_with_proxy on
+httpd_accel_uses_host_header on
+append_domain .$internal_domain_name
+err_html_text $squid_conf->{admin_mail}[0]
+deny_info ERR_CUSTOM_ACCESS_DENIED all
+memory_pools off
+coredump_dir /var/spool/squid
+ie_refresh on
+)) if !$::testing;
+}
+
+1;