netbird/plugins
0
0
Fork 0
mirror of https://github.com/netbirdio/plugins.git synced 2026-05-22 18:44:07 -07:00
Code Issues Packages Projects Releases Wiki Activity

www/squid: select behavior for banned hosts (#4710)

Browse Source
This commit is contained in:
Andy Binder
2025-05-22 08:44:49 +02:00
committed by GitHub
parent eac547341a
commit f1ffc53eb7
3 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
www/squid/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+6
View File
@@ -421,6 +421,12 @@
<help>Type IP addresses you want to deny access to the proxy server.</help>
<allownew>true</allownew>
</field>
<field>
<id>proxy.forward.acl.allowWhitelistBannedHosts</id>
<label>Whitelist access for banned hosts</label>
<type>checkbox</type>
<help>Allows banned hosts to access domains listed in whitelist.</help>
</field>
<field>
<id>proxy.forward.acl.whiteList</id>
<label>Whitelist</label>
www/squid/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+4
View File
@@ -355,6 +355,10 @@
<bannedHosts type="CSVListField">
<Mask>/^([\/0-9a-fA-F.:,])*/u</Mask>
</bannedHosts>
<allowWhitelistBannedHosts type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</allowWhitelistBannedHosts>
<whiteList type="CSVListField"/>
<blackList type="CSVListField"/>
<browser type="CSVListField"/>
www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf
+17 -1
View File
@@ -14,6 +14,20 @@ adaptation_access request_mod allow unrestricted
http_access allow unrestricted
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') and OPNsense.proxy.forward.acl.allowWhitelistBannedHosts|default('1') == '0' %}
# ACL list (Deny) banned hosts
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %}
adaptation_access response_mod deny bannedHosts
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %}
adaptation_access request_mod deny bannedHosts
{% endif %}
{% endif %}
http_access deny bannedHosts
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %}
# ACL list (Allow) whitelist
@@ -139,7 +153,9 @@ adaptation_access request_mod deny CONNECT !SSL_ports {% if helpers.exists('OPNs
http_access deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %}
{% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') and OPNsense.proxy.forward.acl.allowWhitelistBannedHosts|default('1') == '1' %}
# ACL list (Deny) banned hosts
{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
{% if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %}
adaptation_access response_mod deny bannedHosts