web proxy: lock down caching completely if set to off

PR: https://forum.opnsense.org/index.php?topic=4152.0
opnsense · Jan 9, 2017 · d3e27cf · d3e27cf
1 parent 397c95f
commit d3e27cf
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -264,18 +264,18 @@ icap_enable off
 
 {% include "OPNsense/Proxy/squid.user.post_auth.conf" ignore missing with context %}
 
-{% if helpers.exists('OPNsense.proxy.general.cache.local')  %}
+{% if helpers.exists('OPNsense.proxy.general.cache.local') and OPNsense.proxy.general.cache.local.enabled == '1' %}
 cache_mem {{ OPNsense.proxy.general.cache.local.cache_mem|default('256') }} MB
-{%   if OPNsense.proxy.general.cache.local.maximum_object_size|default('') != '' %}
+{%  if OPNsense.proxy.general.cache.local.maximum_object_size|default('') != '' %}
 maximum_object_size {{OPNsense.proxy.general.cache.local.maximum_object_size}} MB
-{%      if OPNsense.proxy.general.cache.local.maximum_object_size|int > 4 %}
+{%   if OPNsense.proxy.general.cache.local.maximum_object_size|int > 4 %}
 cache_replacement_policy heap LFUDA
-{%      endif %}
 {%   endif %}
-{%  if OPNsense.proxy.general.cache.local.enabled == '1' %}
-# Uncomment and adjust the following to add a disk cache directory.
-cache_dir ufs {{OPNsense.proxy.general.cache.local.directory}} {{OPNsense.proxy.general.cache.local.size}} {{OPNsense.proxy.general.cache.local.l1}} {{OPNsense.proxy.general.cache.local.l2}}
 {%  endif %}
+cache_dir ufs {{OPNsense.proxy.general.cache.local.directory}} {{OPNsense.proxy.general.cache.local.size}} {{OPNsense.proxy.general.cache.local.l1}} {{OPNsense.proxy.general.cache.local.l2}}
+{% else %}
+cache deny all
+cache_mem 0
 {% endif %}
 
 # Leave coredumps in the first cache dir