www/squid: patch up squid wanting ACL definitions out of the box

(cherry picked from commit 3ab6e06) (cherry picked from commit b560bdb) (cherry picked from commit 13a9db5) (cherry picked from commit 548909f)
opnsense · Jul 30, 2024 · 590aabb · 590aabb
1 parent 1f58117
commit 590aabb
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 12 deletions.
diff --git a/www/squid/Makefile b/www/squid/Makefile
@@ -1,6 +1,6 @@
 PLUGIN_NAME=		squid
 PLUGIN_VERSION=		1.0
-PLUGIN_REVISION=	2
+PLUGIN_REVISION=	3
 PLUGIN_COMMENT=		Squid is a caching proxy for the web
 PLUGIN_DEPENDS=		squid squid-langpack
 PLUGIN_TIER=		2

diff --git a/www/squid/pkg-descr b/www/squid/pkg-descr
@@ -10,3 +10,4 @@ Plugin Changelog
 * Initial version based on the OPNsense 23.7.12 core code
 * Workaround for segmentation faults using OpenSSL legacy provider
 * Correct migration to Python ipaddress library use
+* Set default ACL values vor Safe_ports and SSL_ports
diff --git a/www/squid/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml b/www/squid/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/proxy</mount>
-    <version>1.0.6</version>
+    <version>1.0.7</version>
     <description>Squid web proxy settings</description>
     <items>
         <general>
@@ -362,10 +362,14 @@
                     </OptionValues>
                 </youtube>
                 <safePorts type="CSVListField">
+                    <Default>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</Default>
                     <Mask>/^([ \-0-9a-zA-Z:,])*/u</Mask>
+                    <Required>Y</Required>
                 </safePorts>
                 <sslPorts type="CSVListField">
+                    <Default>443:https</Default>
                     <Mask>/^([ \-0-9a-zA-Z:,])*/u</Mask>
+                    <Required>Y</Required>
                 </sslPorts>
                 <remoteACLs>
                     <blacklists>

diff --git a/www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -219,21 +219,15 @@ acl blockmimetypes_requests req_mime_type {{element}}
 {% endif %}
 
 # ACL - SSL ports, default are configured in config.xml
-# Configured SSL ports (if defaults are not listed, then they have been removed from the configuration!):
-{% if helpers.exists('OPNsense.proxy.forward.acl.sslPorts') %}
-{%  for element in OPNsense.proxy.forward.acl.sslPorts.split(",") %}
+{% for element in OPNsense.proxy.forward.acl.sslPorts.split(",") %}
 acl SSL_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}}
-{%  endfor %}
-{% endif %}
+{% endfor %}
 
 # Default Safe ports are now defined in config.xml
-# Configured Safe ports (if defaults are not listed, then they have been removed from the configuration!):
-{% if helpers.exists('OPNsense.proxy.forward.acl.safePorts') %}
 # ACL - Safe_ports
-{%  for element in OPNsense.proxy.forward.acl.safePorts.split(",") %}
+{% for element in OPNsense.proxy.forward.acl.safePorts.split(",") %}
 acl Safe_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}}
-{%  endfor %}
-{% endif %}
+{% endfor %}
 acl CONNECT method CONNECT
 
 # ICAP SETTINGS