www/squid: patch up squid wanting ACL definitions out of the box

(cherry picked from commit 3ab6e06aaa) (cherry picked from commit b560bdb92b) (cherry picked from commit 13a9db5d5f) (cherry picked from commit 548909f5cc)
2026-02-03 20:40:37 -05:00 · 2024-07-30 11:51:39 +02:00 · 2024-07-30 11:51:39 +02:00 · 590aabbac7
commit 590aabbac7
parent 1f58117448
4 changed files with 11 additions and 12 deletions
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@ -1,6 +1,6 @@
 PLUGIN_NAME=		squid
 PLUGIN_VERSION=		1.0
-PLUGIN_REVISION=	2
+PLUGIN_REVISION=	3
 PLUGIN_COMMENT=		Squid is a caching proxy for the web
 PLUGIN_DEPENDS=		squid squid-langpack
 PLUGIN_TIER=		2
--- a/www/squid/pkg-descr
+++ b/www/squid/pkg-descr
@ -10,3 +10,4 @@ Plugin Changelog
 * Initial version based on the OPNsense 23.7.12 core code
 * Workaround for segmentation faults using OpenSSL legacy provider
 * Correct migration to Python ipaddress library use
+* Set default ACL values vor Safe_ports and SSL_ports
--- a/www/squid/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/www/squid/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@ -1,6 +1,6 @@
 <model>
    <mount>//OPNsense/proxy</mount>
-    <version>1.0.6</version>
+    <version>1.0.7</version>
    <description>Squid web proxy settings</description>
    <items>
        <general>
@ -362,10 +362,14 @@
                    </OptionValues>
                </youtube>
                <safePorts type="CSVListField">
+                    <Default>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</Default>
                    <Mask>/^([ \-0-9a-zA-Z:,])*/u</Mask>
+                    <Required>Y</Required>
                </safePorts>
                <sslPorts type="CSVListField">
+                    <Default>443:https</Default>
                    <Mask>/^([ \-0-9a-zA-Z:,])*/u</Mask>
+                    <Required>Y</Required>
                </sslPorts>
                <remoteACLs>
                    <blacklists>
--- a/www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@ -219,21 +219,15 @@ acl blockmimetypes_requests req_mime_type {{element}}
 {% endif %}

 # ACL - SSL ports, default are configured in config.xml
-# Configured SSL ports (if defaults are not listed, then they have been removed from the configuration!):
-{% if helpers.exists('OPNsense.proxy.forward.acl.sslPorts') %}
-{%  for element in OPNsense.proxy.forward.acl.sslPorts.split(",") %}
+{% for element in OPNsense.proxy.forward.acl.sslPorts.split(",") %}
 acl SSL_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}}
-{%  endfor %}
-{% endif %}
+{% endfor %}

 # Default Safe ports are now defined in config.xml
-# Configured Safe ports (if defaults are not listed, then they have been removed from the configuration!):
-{% if helpers.exists('OPNsense.proxy.forward.acl.safePorts') %}
 # ACL - Safe_ports
-{%  for element in OPNsense.proxy.forward.acl.safePorts.split(",") %}
+{% for element in OPNsense.proxy.forward.acl.safePorts.split(",") %}
 acl Safe_ports port {{element.split(":")[0]}} # {{element.split(":")[1]|default('unknown')}}
-{%  endfor %}
-{% endif %}
+{% endfor %}
 acl CONNECT method CONNECT

 # ICAP SETTINGS