Proxy reply restrictions support

squid/CHANGELOG

@@ -16,3 +16,5 @@ Added checkboxes and buttons for deleting multiple delay pools, refresh rules, o
 Added support for Squid 2.6, including the new logformat and access_log directives for specifying multiple custom log files.
 ---- Changes since 1.340 ----
 Fixed transparent proxy setup in Squid 2.6.
+---- Changes since 1.380 ----
+Added support for editing proxy reply restrictions, thanks to Steve Williams.

squid/delete_http_reply_accesses.cgi

@@ -0,0 +1,27 @@
+#!/usr/local/bin/perl
+# Delete multiple proxy REPLY restrictions
+
+require './squid-lib.pl';
+&error_setup($text{'dhttp_err'});
+$access{'actrl'} || &error($text{'eacl_ecannot'});
+&ReadParse();
+@d = split(/\0/, $in{'d'});
+@d || &error($text{'dhttp_enone'});
+
+# Get the existing restrictions
+&lock_file($config{'squid_conf'});
+$conf = &get_config();
+@http_replies = &find_config("http_reply_access", $conf);
+
+# Delete them
+foreach $d (sort { $b <=> $c } @d) {
+	$http_reply = $conf->[$d];
+	splice(@http_replies, &indexof($http_reply, @http_replies), 1);
+	}
+
+# Write out
+&save_directive($conf, "http_reply_access", \@http_replies);
+&flush_file_lines();
+&unlock_file($config{'squid_conf'});
+&webmin_log("delete", "http_replies", scalar(@d));
+&redirect("edit_acl.cgi");

squid/edit_acl.cgi

@@ -100,6 +100,60 @@ else {
 
 print "</td></tr><tr><td valign=top width=50%>\n";
 
+# List all HTTP REPLY restrictions, based on ACLs
+@http_reply = &find_config("http_reply_access", $conf);
+if (@http_reply) {
+	print &ui_subheading($text{'eacl_replypr'});
+	@tds = ( "width=5", "width=10%", undef, "width=32" );
+	print &ui_form_start("delete_http_reply_accesses.cgi", "post");
+	print "<a href=http_reply_access.cgi?new=1>$text{'eacl_addpr'}</a><br>\n";
+	print &ui_columns_start([ "",
+				  $text{'eacl_act'},
+				  $text{'eacl_acls1'},
+				  $text{'eacl_move'} ], 100, 0, \@tds);
+	$hc = 0;
+	foreach $h (@http_reply) {
+		@v = @{$h->{'values'}};
+		if ($v[0] eq "allow") {
+			$v[0] = $text{'eacl_allow'};
+			}
+		else {
+			$v[0] = $text{'eacl_deny'};
+			}
+		local @cols;
+		push(@cols, "<a href=\"http_reply_access.cgi?index=$h->{'index'}\">".
+			    "$v[0]</a>");
+		push(@cols, &html_escape(join(' ', @v[1..$#v])));
+		local $mover;
+		if ($hc != @http_reply-1) {
+			$mover .= "<a href=\"move_http_reply.cgi?$hc+1\">".
+			          "<img src=images/down.gif border=0></a>";
+			}
+		else {
+			$mover .= "<img src=images/gap.gif>";
+			}
+		if ($hc != 0) {
+			$mover .= "<a href=\"move_http_reply.cgi?$hc+-1\">".
+			          "<img src=images/up.gif border=0></a>";
+			}
+		else {
+			$mover .= "<img src=images/gap.gif>";
+			}
+		push(@cols, $mover);
+		print &ui_checked_columns_row(\@cols, \@tds, "d",$h->{'index'});
+		$hc++;
+		}
+	print &ui_columns_end();
+	print "<a href=http_reply_access.cgi?new=1>$text{'eacl_addpr'}</a><br>\n";
+	print &ui_form_end([ [ "delete", $text{'eacl_hdelete'} ] ]);
+	}
+else {
+	print "<b>$text{'eacl_noprr'}</b><p>\n";
+	print "<a href=http_reply_access.cgi?new=1>$text{'eacl_addprr'}</a><br>\n";
+	}
+
+print "</td></tr><tr><td valign=top width=50%>\n";
+
 # List all ICP restrictions, based on ACLs
 @icp = &find_config("icp_access", $conf);
 if (@icp) {

squid/http_reply_access.cgi

@@ -0,0 +1,65 @@
+#!/usr/local/bin/perl
+# http_access.cgi
+# A form for editing or creating a proxy REPLY access restriction
+
+require './squid-lib.pl';
+$access{'actrl'} || &error($text{'eacl_ecannot'});
+&ReadParse();
+$conf = &get_config();
+
+if (!defined($in{'index'})) {
+	&ui_print_header(undef, $text{'ahttp_replyheader'}, "",
+		undef, 0, 0, 0, &restart_button());
+	}
+else {
+	&ui_print_header(undef, $text{'ahttp_replyheader1'}, "",
+		undef, 0, 0, 0, &restart_button());
+	@http = @{$conf->[$in{'index'}]->{'values'}};
+	}
+
+print "<form action=http_reply_access_save.cgi>\n";
+if (@http) {
+	print "<input type=hidden name=index value=$in{'index'}>\n";
+	}
+print "<table border>\n";
+print "<tr $tb> <td><b>$text{'ahttp_replypr'}</b></td> </tr>\n";
+print "<tr $cb> <td><table>\n";
+
+print "<tr> <td><b>$text{'ahttp_a'}</b></td> <td colspan=3>\n";
+printf "<input type=radio name=action value=allow %s> $text{'ahttp_a1'}\n",
+	$http[0] eq "allow" ? "checked" : "";
+printf "<input type=radio name=action value=deny %s> $text{'ahttp_d'}</td> </tr>\n",
+	$http[0] eq "allow" ? "" : "checked";
+
+for($i=1; $i<@http; $i++) { $match{$http[$i]}++; }
+@acls = grep { !$done{$_->{'values'}->[0]}++ } &find_config("acl", $conf);
+$r = @acls; $r = 10 if ($r > 10);
+
+print "<tr> <td valign=top><b>$text{'ahttp_ma'}</b></td>\n";
+print "<td valign=top><select name=yes multiple size=$r width=100>\n";
+foreach $a (@acls) {
+	printf "<option %s>%s\n",
+		$match{$a->{'values'}->[0]} ? "selected" : "",
+		$a->{'values'}->[0];
+	}
+print "</select></td>\n";
+
+print "<td valign=top><b>$text{'ahttp_dma'}</b></td>\n";
+print "<td valign=top><select name=no multiple size=$r width=100>\n";
+foreach $a (@acls) {
+	printf "<option %s>%s\n",
+		$match{"!$a->{'values'}->[0]"} ? "selected" : "",
+		$a->{'values'}->[0];
+	}
+print "</select></td> </tr>\n";
+
+print "</table></td></tr></table>\n";
+print "<input type=submit value='$text{'buttsave'}'>\n";
+if (@http) {
+	print "<input type=submit value='$text{'buttdel'}' name=delete>\n";
+	}
+print "</form>\n";
+
+&ui_print_footer("edit_acl.cgi", $text{'ahttp_return'},
+	"", $text{'index_return'});
+

squid/http_reply_access_save.cgi

@@ -0,0 +1,34 @@
+#!/usr/local/bin/perl
+# http_reply_access_save.cgi
+# Save or delete a proxy REPLY restriction
+
+require './squid-lib.pl';
+$access{'actrl'} || &error($text{'eacl_ecannot'});
+&ReadParse();
+&lock_file($config{'squid_conf'});
+$conf = &get_config();
+$whatfailed = $text{'sahttp_replyftspr'};
+
+@http_replies = &find_config("http_reply_access", $conf);
+if (defined($in{'index'})) {
+	$http = $conf->[$in{'index'}];
+	}
+if ($in{'delete'}) {
+	# delete this restriction
+	splice(@http_replies, &indexof($http, @http_replies), 1);
+	}
+else {
+	# update or create
+	@vals = ( $in{'action'} );
+	foreach $y (split(/\0/, $in{'yes'})) { push(@vals, $y); }
+	foreach $n (split(/\0/, $in{'no'})) { push(@vals, "!$n"); }
+	$newhttp = { 'name' => 'http_reply_access', 'values' => \@vals };
+	if ($http) { splice(@http_replies, &indexof($http, @http_replies), 1, $newhttp); }
+	else { push(@http_replies, $newhttp); }
+	}
+&save_directive($conf, "http_reply_access", \@http_replies);
+&flush_file_lines();
+&unlock_file($config{'squid_conf'});
+&webmin_log($in{'delete'} ? 'delete' : $http ? 'modify' : 'create', "http");
+&redirect("edit_acl.cgi");
+

squid/lang/en

@@ -163,6 +163,12 @@ eacl_acls1=ACLs
 eacl_move=Move
 eacl_nopr=No proxy restrictions defined
 eacl_addpr=Add proxy restriction.
+eacl_noprr=No proxy reply restrictions defined
+eacl_addprr=Add proxy reply restriction.
+
+eacl_replypr=Reply proxy restrictions
+eacl_replynopr=No reply proxy restrictions defined
+
 eacl_icpr=ICP restrictions
 eacl_noicpr=No ICP restrictions defined
 eacl_addicpr=Add ICP restriction.
@@ -525,6 +531,13 @@ ahttp_return=ACL list
 
 sahttp_ftspr=Failed to save proxy restriction
 
+
+ahttp_replyheader=Create Proxy Reply Restriction
+ahttp_replyheader1=Edit Proxy Reply Restriction
+ahttp_replypr=Proxy Reply Restriction
+
+sahttp_ftspr=Failed to save proxy reply restriction
+
 aicp_header=Create ICP Restriction
 aicp_header1=Edit ICP Restriction
 aicp_ir=ICP Restriction

squid/move_http_reply.cgi

@@ -0,0 +1,20 @@
+#!/usr/local/bin/perl
+# move_http.cgi
+# Move a http_access directive up or down
+
+require './squid-lib.pl';
+$access{'actrl'} || &error($text{'eacl_ecannot'});
+&lock_file($config{'squid_conf'});
+$conf = &get_config();
+($pos, $move) = @ARGV;
+
+@http_relies = &find_config("http_reply_access", $conf);
+$newpos = $pos + $move;
+$oldv = $http_relies[$pos]->{'values'};
+$http_relies[$pos]->{'values'} = $http_relies[$newpos]->{'values'};
+$http_relies[$newpos]->{'values'} = $oldv;
+&save_directive($conf, "http_reply_access", \@http_relies);
+&flush_file_lines();
+&unlock_file($config{'squid_conf'});
+&webmin_log("move", "http");
+&redirect("edit_acl.cgi");

squid/save_authparam.cgi

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 # save_authparam.cgi
 # Save authentication program options