/usr/local/www/system_advanced_admin.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_advanced_admin.php @ 6f75aab2

1	df81417f	Matthew Grooms	<?php
2			/* $Id$ */
3			/*
4			system_advanced_admin.php
5			part of pfSense
6	4fe9c2dc	Scott Ullrich	Copyright (C) 2005-2010 Scott Ullrich
7	df81417f	Matthew Grooms
8			Copyright (C) 2008 Shrew Soft Inc
9
10			originally part of m0n0wall (http://m0n0.ch/wall)
11			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
12			All rights reserved.
13
14			Redistribution and use in source and binary forms, with or without
15			modification, are permitted provided that the following conditions are met:
16
17			1. Redistributions of source code must retain the above copyright notice,
18			this list of conditions and the following disclaimer.
19
20			2. Redistributions in binary form must reproduce the above copyright
21			notice, this list of conditions and the following disclaimer in the
22			documentation and/or other materials provided with the distribution.
23
24			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
26			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
28			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33			POSSIBILITY OF SUCH DAMAGE.
34			*/
35	1d333258	Scott Ullrich	/*
36			pfSense_BUILDER_BINARIES: /usr/bin/killall
37			pfSense_MODULE: system
38			*/
39	df81417f	Matthew Grooms
40			##\|+PRIV
41			##\|*IDENT=page-system-advanced-admin
42			##\|*NAME=System: Advanced: Admin Access Page
43			##\|*DESCR=Allow access to the 'System: Advanced: Admin Access' page.
44			##\|MATCH=system_advanced_admin.php
45			##\|-PRIV
46
47			require("guiconfig.inc");
48	7a927e67	Scott Ullrich	require_once("functions.inc");
49			require_once("filter.inc");
50			require_once("shaper.inc");
51	df81417f	Matthew Grooms
52	fb1266d3	Matthew Grooms	$pconfig['webguiproto'] = $config['system']['webgui']['protocol'];
53			$pconfig['webguiport'] = $config['system']['webgui']['port'];
54	c41602e1	jim-p	$pconfig['max_procs'] = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
55	fb1266d3	Matthew Grooms	$pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
56	36f83f68	Chris Buechler	$pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']);
57	df81417f	Matthew Grooms	$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
58			$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
59	14eab6fb	jim-p	$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']);
60	4fe9c2dc	Scott Ullrich	$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']);
61	1031c9ea	jim-p	$pconfig['noautocomplete'] = isset($config['system']['webgui']['noautocomplete']);
62	86b21903	jim-p	$pconfig['althostnames'] = $config['system']['webgui']['althostnames'];
63	df81417f	Matthew Grooms	$pconfig['enableserial'] = $config['system']['enableserial'];
64			$pconfig['enablesshd'] = $config['system']['enablesshd'];
65			$pconfig['sshport'] = $config['system']['ssh']['port'];
66	561d5162	Ermal Luçi	$pconfig['sshdkeyonly'] = isset($config['system']['ssh']['sshdkeyonly']);
67	bb3c6562	smos	$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']);
68	fb1266d3	Matthew Grooms
69	b4e6524c	jim-p	$a_cert =& $config['cert'];
70	fb1266d3	Matthew Grooms
71			$certs_available = false;
72			if (is_array($a_cert) && count($a_cert))
73			$certs_available = true;
74
75			if (!$pconfig['webguiproto'] \|\| !$certs_available)
76			$pconfig['webguiproto'] = "http";
77	df81417f	Matthew Grooms
78			if ($_POST) {
79
80			unset($input_errors);
81			$pconfig = $_POST;
82
83			/* input validation */
84	fb1266d3	Matthew Grooms	if ($_POST['webguiport'])
85			if(!is_port($_POST['webguiport']))
86	1eacdc8a	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify a valid webConfigurator port number");
87	df81417f	Matthew Grooms
88	c41602e1	jim-p	if ($_POST['max_procs'])
89			if(!is_numeric($_POST['max_procs']) \|\| ($_POST['max_procs'] < 1) \|\| ($_POST['max_procs'] > 500))
90			$input_errors[] = gettext("Max Processes must be a number 1 or greater");
91
92	86b21903	jim-p	if ($_POST['althostnames']) {
93			$althosts = explode(" ", $_POST['althostnames']);
94			foreach ($althosts as $ah)
95			if (!is_hostname($ah))
96	d1d0a1ad	Vinicius Coque	$input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."),htmlspecialchars($ah));
97	86b21903	jim-p	}
98
99	df81417f	Matthew Grooms	if ($_POST['sshport'])
100			if(!is_port($_POST['sshport']))
101	1eacdc8a	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify a valid port number");
102	df81417f	Matthew Grooms
103			if($_POST['sshdkeyonly'] == "yes")
104			$config['system']['ssh']['sshdkeyonly'] = "enabled";
105	f51f3989	Ermal Luçi	else if (isset($config['system']['ssh']['sshdkeyonly']))
106	df81417f	Matthew Grooms	unset($config['system']['ssh']['sshdkeyonly']);
107
108			ob_flush();
109			flush();
110
111			if (!$input_errors) {
112
113	fb1266d3	Matthew Grooms	if (update_if_changed("webgui protocol", $config['system']['webgui']['protocol'], $_POST['webguiproto']))
114			$restart_webgui = true;
115			if (update_if_changed("webgui port", $config['system']['webgui']['port'], $_POST['webguiport']))
116			$restart_webgui = true;
117			if (update_if_changed("webgui certificate", $config['system']['webgui']['ssl-certref'], $_POST['ssl-certref']))
118			$restart_webgui = true;
119	c41602e1	jim-p	if (update_if_changed("webgui max processes", $config['system']['webgui']['max_procs'], $_POST['max_procs']))
120			$restart_webgui = true;
121	df81417f	Matthew Grooms
122	f37caa93	Ermal	if ($_POST['disablehttpredirect'] == "yes") {
123	36f83f68	Chris Buechler	$config['system']['webgui']['disablehttpredirect'] = true;
124	f37caa93	Ermal	$restart_webgui = true;
125			} else {
126	36f83f68	Chris Buechler	unset($config['system']['webgui']['disablehttpredirect']);
127	f37caa93	Ermal	$restart_webgui = true;
128			}
129	bb3c6562	smos	if ($_POST['quietlogin'] == "yes") {
130			$config['system']['webgui']['quietlogin'] = true;
131			} else {
132			unset($config['system']['webgui']['quietlogin']);
133			}
134	f37caa93	Ermal
135	df81417f	Matthew Grooms	if($_POST['disableconsolemenu'] == "yes") {
136			$config['system']['disableconsolemenu'] = true;
137	a46e450c	Ermal Lu?i	auto_login();
138	df81417f	Matthew Grooms	} else {
139			unset($config['system']['disableconsolemenu']);
140	a46e450c	Ermal Lu?i	auto_login();
141	df81417f	Matthew Grooms	}
142
143			if ($_POST['noantilockout'] == "yes")
144			$config['system']['webgui']['noantilockout'] = true;
145			else
146			unset($config['system']['webgui']['noantilockout']);
147
148			if ($_POST['enableserial'] == "yes")
149			$config['system']['enableserial'] = true;
150			else
151			unset($config['system']['enableserial']);
152
153	14eab6fb	jim-p	if ($_POST['nodnsrebindcheck'] == "yes")
154			$config['system']['webgui']['nodnsrebindcheck'] = true;
155			else
156			unset($config['system']['webgui']['nodnsrebindcheck']);
157
158	4fe9c2dc	Scott Ullrich	if ($_POST['nohttpreferercheck'] == "yes")
159			$config['system']['webgui']['nohttpreferercheck'] = true;
160			else
161			unset($config['system']['webgui']['nohttpreferercheck']);
162
163	1031c9ea	jim-p	if ($_POST['noautocomplete'] == "yes")
164			$config['system']['webgui']['noautocomplete'] = true;
165			else
166			unset($config['system']['webgui']['noautocomplete']);
167
168	86b21903	jim-p	if ($_POST['althostnames'])
169			$config['system']['webgui']['althostnames'] = $_POST['althostnames'];
170			else
171			unset($config['system']['webgui']['althostnames']);
172
173	fb1266d3	Matthew Grooms	$sshd_enabled = $config['system']['enablesshd'];
174			if($_POST['enablesshd'])
175	df81417f	Matthew Grooms	$config['system']['enablesshd'] = "enabled";
176	fb1266d3	Matthew Grooms	else
177	df81417f	Matthew Grooms	unset($config['system']['enablesshd']);
178
179	09ba7f74	jim-p	$sshd_keyonly = isset($config['system']['sshdkeyonly']);
180	fb1266d3	Matthew Grooms	if ($_POST['sshdkeyonly'])
181	df81417f	Matthew Grooms	$config['system']['sshdkeyonly'] = true;
182	fb1266d3	Matthew Grooms	else
183	df81417f	Matthew Grooms	unset($config['system']['sshdkeyonly']);
184
185	fb1266d3	Matthew Grooms	$sshd_port = $config['system']['ssh']['port'];
186			if ($_POST['sshport'])
187			$config['system']['ssh']['port'] = $_POST['sshport'];
188	e09a935c	Ermal Luçi	else if (isset($config['system']['ssh']['port']))
189	fb1266d3	Matthew Grooms	unset($config['system']['ssh']['port']);
190
191			if (($sshd_enabled != $config['system']['enablesshd']) \|\|
192			($sshd_keyonly != $config['system']['sshdkeyonly']) \|\|
193			($sshd_port != $config['system']['ssh']['port']))
194			$restart_sshd = true;
195
196			if ($restart_webgui) {
197			global $_SERVER;
198			list($host) = explode(":", $_SERVER['HTTP_HOST']);
199			$prot = $config['system']['webgui']['protocol'];
200			$port = $config['system']['webgui']['port'];
201			if ($port)
202			$url = "{$prot}://{$host}:{$port}/system_advanced_admin.php";
203			else
204	b11bd589	jim-p	$url = "{$prot}://{$host}/system_advanced_admin.php";
205	fb1266d3	Matthew Grooms	}
206	df81417f	Matthew Grooms
207			write_config();
208
209			$retval = filter_configure();
210	fb1266d3	Matthew Grooms	$savemsg = get_std_save_message($retval);
211	0027de0a	Ermal Lu?i
212	fb1266d3	Matthew Grooms	if ($restart_webgui)
213	f0d1af93	Carlos Eduardo Ramos	$savemsg .= sprintf("<br />" . gettext("One moment...redirecting to %s in 20 seconds."),$url);
214	fb1266d3	Matthew Grooms
215	df81417f	Matthew Grooms	conf_mount_rw();
216			setup_serial_port();
217	1b94e73b	Scott Ullrich	// Restart dnsmasq in case dns rebinding toggled
218			services_dnsmasq_configure();
219	df81417f	Matthew Grooms	conf_mount_ro();
220			}
221			}
222
223	bca12a76	Vinicius Coque	$pgtitle = array(gettext("System"),gettext("Advanced: Admin Access"));
224	df81417f	Matthew Grooms	include("head.inc");
225
226			?>
227
228			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
229	fb1266d3	Matthew Grooms	<?php include("fbegin.inc"); ?>
230			<script language="JavaScript">
231			<!--
232
233			function prot_change() {
234
235			if (document.iform.https_proto.checked)
236			document.getElementById("ssl_opts").style.display="";
237			else
238			document.getElementById("ssl_opts").style.display="none";
239			}
240
241			//-->
242			</script>
243	df81417f	Matthew Grooms	<?php
244			if ($input_errors)
245			print_input_errors($input_errors);
246			if ($savemsg)
247			print_info_box($savemsg);
248			?>
249	ab3c8553	Matthew Grooms	<form action="system_advanced_admin.php" method="post" name="iform" id="iform">
250			<table width="100%" border="0" cellpadding="0" cellspacing="0">
251			<tr>
252			<td>
253			<?php
254			$tab_array = array();
255	bca12a76	Vinicius Coque	$tab_array[] = array(gettext("Admin Access"), true, "system_advanced_admin.php");
256			$tab_array[] = array(gettext("Firewall / NAT"), false, "system_advanced_firewall.php");
257			$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
258			$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
259			$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
260			$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
261	ab3c8553	Matthew Grooms	display_top_tabs($tab_array);
262			?>
263			</td>
264			</tr>
265			<tr>
266	2ff19bfd	Matthew Grooms	<td id="mainarea">
267			<div class="tabcont">
268			<span class="vexpl">
269			<span class="red">
270	48f55356	Warren Baker	<strong><?=gettext("Note:"); ?>&nbsp</strong>
271	2ff19bfd	Matthew Grooms	</span>
272	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("The options on this page are intended for use by advanced users only."); ?>
273	2ff19bfd	Matthew Grooms	<br/>
274			</span>
275			<br/>
276			<table width="100%" border="0" cellpadding="6" cellspacing="0">
277	ab3c8553	Matthew Grooms	<tr>
278	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("webConfigurator"); ?></td>
279	ab3c8553	Matthew Grooms	</tr>
280			<tr>
281	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Protocol"); ?></td>
282	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
283	fb1266d3	Matthew Grooms	<?php
284	ab3c8553	Matthew Grooms	if ($pconfig['webguiproto'] == "http")
285			$http_chk = "checked";
286			if ($pconfig['webguiproto'] == "https")
287			$https_chk = "checked";
288			if (!$certs_available)
289			$https_disabled = "disabled";
290	fb1266d3	Matthew Grooms	?>
291	ab3c8553	Matthew Grooms	<input name="webguiproto" id="http_proto" type="radio" value="http" <?=$http_chk;?> onClick="prot_change()">
292	42c7b553	Carlos Eduardo Ramos	<?=gettext("HTTP"); ?>
293	ab3c8553	Matthew Grooms
294			<input name="webguiproto" id="https_proto" type="radio" value="https" <?=$https_chk;?> <?=$https_disabled;?> onClick="prot_change()">
295	42c7b553	Carlos Eduardo Ramos	<?=gettext("HTTPS"); ?>
296	ab3c8553	Matthew Grooms	<?php if (!$certs_available): ?>
297			<br/>
298	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("No Certificates have been defined. You must"); ?>
299			<a href="system_certmanager.php"><?=gettext("Create or Import"); ?></a>
300			<?=gettext("a Certificate before SSL can be enabled."); ?>
301	ab3c8553	Matthew Grooms	<?php endif; ?>
302			</td>
303			</tr>
304			<tr id="ssl_opts">
305	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("SSL Certificate"); ?></td>
306	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
307			<select name="ssl-certref" id="ssl-certref" class="formselect">
308			<?php
309			foreach($a_cert as $cert):
310			$selected = "";
311			if ($pconfig['ssl-certref'] == $cert['refid'])
312			$selected = "selected";
313			?>
314	f2a86ca9	jim-p	<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'];?></option>
315	ab3c8553	Matthew Grooms	<?php endforeach; ?>
316			</select>
317			</td>
318			</tr>
319			<tr>
320	1eacdc8a	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("TCP port"); ?></td>
321	ab3c8553	Matthew Grooms	<td class="vtable">
322			<input name="webguiport" type="text" class="formfld unknown" id="webguiport" "size="5" value="<?=htmlspecialchars($config['system']['webgui']['port']);?>">
323			<br>
324			<span class="vexpl">
325	f0d1af93	Carlos Eduardo Ramos	<?=gettext("Enter a custom port number for the webConfigurator " .
326			"above if you want to override the default (80 for HTTP, 443 " .
327			"for HTTPS). Changes will take effect immediately after save."); ?>
328	ab3c8553	Matthew Grooms	</span>
329			</td>
330			</tr>
331	c41602e1	jim-p	<tr>
332			<td valign="top" class="vncell"><?=gettext("Max Processes"); ?></td>
333			<td class="vtable">
334			<input name="max_procs" type="text" class="formfld unknown" id="max_procs" "size="5" value="<?=htmlspecialchars($pconfig['max_procs']);?>">
335			<br>
336			<span class="vexpl">
337			<?=gettext("Enter the number of webConfigurator processes you " .
338			"want to run. This defaults to 2. Increasing this will allow more " .
339			"users/browsers to access the GUI concurrently."); ?>
340			</span>
341			</td>
342			</tr>
343	f37caa93	Ermal	<tr>
344			<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI redirect"); ?></td>
345			<td width="78%" class="vtable">
346			<input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked"; ?> />
347			<strong><?=gettext("Disable webConfigurator redirect rule"); ?></strong>
348			<br/>
349	bb3c6562	smos	<?php echo gettext("When this is unchecked, access to the webConfigurator " .
350	1031c9ea	jim-p	"is always permitted even on port 80, regardless of the listening port configured. " .
351	f37caa93	Ermal	"Check this box to disable this automatically added redirect rule. ");
352			?>
353			</td>
354			</tr>
355	1031c9ea	jim-p	<tr>
356			<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI Login Autocomplete"); ?></td>
357			<td width="78%" class="vtable">
358			<input name="noautocomplete" type="checkbox" id="noautocomplete" value="yes" <?php if ($pconfig['noautocomplete']) echo "checked"; ?> />
359			<strong><?=gettext("Disable webConfigurator login autocomplete"); ?></strong>
360			<br/>
361			<?php echo gettext("When this is unchecked, login credentials for the webConfigurator " .
362			"may be saved by the browser. While convenient, some security standards require this to be disabled. " .
363			"Check this box to disable autocomplete on the login form so that browsers will not prompt to save credentials (NOTE: Some browsers do not respect this option). ");
364			?>
365			</td>
366			</tr>
367	ab3c8553	Matthew Grooms	<tr>
368	bb3c6562	smos	<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI login messages"); ?></td>
369			<td width="78%" class="vtable">
370			<input name="quietlogin" type="checkbox" id="quietlogin" value="yes" <?php if ($pconfig['quietlogin']) echo "checked"; ?> />
371	78544d4a	Chris Buechler	<strong><?=gettext("Disable logging of webConfigurator successful logins"); ?></strong>
372	bb3c6562	smos	<br/>
373			<?php echo gettext("When this is checked, successful logins to the webConfigurator " .
374			"will not be logged.");
375			?>
376			</td>
377			</tr>
378			<tr>
379	ca72c3f5	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Anti-lockout"); ?></td>
380	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
381			<?php
382			if($config['interfaces']['lan'])
383			$lockout_interface = "LAN";
384			else
385			$lockout_interface = "WAN";
386			?>
387			<input name="noantilockout" type="checkbox" id="noantilockout" value="yes" <?php if ($pconfig['noantilockout']) echo "checked"; ?> />
388	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("Disable webConfigurator anti-lockout rule"); ?></strong>
389	ab3c8553	Matthew Grooms	<br/>
390	3a3fb8ea	Erik Fonnesbeck	<?php printf(gettext("When this is unchecked, access to the webConfigurator " .
391	f49a012c	Renato Botelho	"on the %s interface is always permitted, regardless of the user-defined firewall " .
392			"rule set. Check this box to disable this automatically added rule, so access " .
393			"to the webConfigurator is controlled by the user-defined firewall rules " .
394			"(ensure you have a firewall rule in place that allows you in, or you will " .
395			"lock yourself out!)"), $lockout_interface); ?>
396			<em> <?=gettext("Hint: the "Set interface(s) IP address" option in the console menu resets this setting as well."); ?> </em>
397	ab3c8553	Matthew Grooms	</td>
398			</tr>
399	14eab6fb	jim-p	<tr>
400			<td width="22%" valign="top" class="vncell"><?=gettext("DNS Rebind Check"); ?></td>
401			<td width="78%" class="vtable">
402			<input name="nodnsrebindcheck" type="checkbox" id="nodnsrebindcheck" value="yes" <?php if ($pconfig['nodnsrebindcheck']) echo "checked"; ?> />
403	ff998f10	Chris Buechler	<strong><?=gettext("Disable DNS Rebinding Checks"); ?></strong>
404	14eab6fb	jim-p	<br/>
405	ff998f10	Chris Buechler	<?php echo gettext("When this is unchecked, your system " .
406	14eab6fb	jim-p	"is protected against <a href=\"http://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding attacks</a>. " .
407	ff998f10	Chris Buechler	"This blocks private IP responses from your configured DNS servers. Check this box to disable this protection if it interferes with " .
408			"webConfigurator access or name resolution in your environment. "); ?>
409	14eab6fb	jim-p	</td>
410			</tr>
411	86b21903	jim-p	<tr>
412			<td width="22%" valign="top" class="vncell"><?=gettext("Alternate Hostnames"); ?></td>
413			<td width="78%" class="vtable">
414			<input name="althostnames" type="text" class="formfld unknown" id="althostnames" size="75" value="<?=htmlspecialchars($pconfig['althostnames']);?>"/>
415			<br/>
416	612fa572	Scott Ullrich	<strong><?=gettext("Alternate Hostnames for DNS Rebinding and HTTP_REFERER Checks"); ?></strong>
417	86b21903	jim-p	<br/>
418			<?php echo gettext("Here you can specify alternate hostnames by which the router may be queried, to " .
419			"bypass the DNS Rebinding Attack checks. Separate hostnames with spaces."); ?>
420			</td>
421			</tr>
422	4fe9c2dc	Scott Ullrich	<tr>
423			<td width="22%" valign="top" class="vncell"><?=gettext("Browser HTTP_REFERER enforcement"); ?></td>
424			<td width="78%" class="vtable">
425			<input name="nohttpreferercheck" type="checkbox" id="nohttpreferercheck" value="yes" <?php if ($pconfig['nohttpreferercheck']) echo "checked"; ?> />
426			<strong><?=gettext("Disable HTTP_REFERER enforcement check"); ?></strong>
427			<br/>
428			<?php echo gettext("When this is unchecked, access to the webConfigurator " .
429			"is protected against HTTP_REFERER redirection attempts. " .
430			"Check this box to disable this protection if you find that it interferes with " .
431	e8f4a58f	Chris Buechler	"webConfigurator access in certain corner cases such as using external scripts to interact with this system. More information on HTTP_REFERER is available from <a target='_new' href='http://en.wikipedia.org/wiki/HTTP_referrer'>Wikipedia</a>."); ?>
432	4fe9c2dc	Scott Ullrich	</td>
433			</tr>
434	ab3c8553	Matthew Grooms	<tr>
435			<td colspan="2" class="list" height="12"> </td>
436			</tr>
437			<tr>
438	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Secure Shell"); ?></td>
439	ab3c8553	Matthew Grooms	</tr>
440			<tr>
441	ca72c3f5	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Secure Shell Server"); ?></td>
442	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
443			<input name="enablesshd" type="checkbox" id="enablesshd" value="yes" <?php if (isset($pconfig['enablesshd'])) echo "checked"; ?> />
444	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("Enable Secure Shell"); ?></strong>
445	ab3c8553	Matthew Grooms	</td>
446			</tr>
447			<tr>
448	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication Method"); ?></td>
449	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
450	4d18eb07	Ermal Luçi	<input name="sshdkeyonly" type="checkbox" id="sshdkeyonly" value="yes" <?php if ($pconfig['sshdkeyonly']) echo "checked"; ?> />
451	22a11a58	Larry Gilbert	<strong><?=gettext("Disable password login for Secure Shell (RSA key only)"); ?></strong>
452	ab3c8553	Matthew Grooms	<br/>
453	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("When enabled, authorized keys need to be configured for each"); ?>
454	c395a830	Carlos Eduardo Ramos	<a href="system_usermanager.php"><?=gettext("user"); ?></a>
455	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("that has been granted secure shell access."); ?>
456	ab3c8553	Matthew Grooms	</td>
457			</tr>
458			<tr>
459	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("SSH port"); ?></td>
460	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
461			<input name="sshport" type="text" id="sshport" value="<?php echo $pconfig['sshport']; ?>" />
462			<br/>
463	22a11a58	Larry Gilbert	<span class="vexpl"><?=gettext("Note: Leave this blank for the default of 22."); ?></span>
464	ab3c8553	Matthew Grooms	</td>
465			</tr>
466			<tr>
467			<td colspan="2" class="list" height="12"> </td>
468			</tr>
469			<?php if($g['platform'] == "pfSense" \|\| $g['platform'] == "cdrom"): ?>
470			<tr>
471	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Serial Communcations"); ?></td>
472	ab3c8553	Matthew Grooms	</tr>
473			<tr>
474	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Serial Terminal"); ?></td>
475	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
476			<input name="enableserial" type="checkbox" id="enableserial" value="yes" <?php if (isset($pconfig['enableserial'])) echo "checked"; ?> />
477	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("This will enable the first serial port with 9600/8/N/1"); ?></strong>
478	ab3c8553	Matthew Grooms	<br>
479	5a05633a	jim-p	<span class="vexpl"><?=gettext("Note: This will redirect the console output and messages to the serial port. You can still access the console menu from the internal video card/keyboard. A <b>null modem</b> serial cable or adapter is required to use the serial console."); ?></span>
480	ab3c8553	Matthew Grooms	</td>
481			</tr>
482			<tr>
483			<td colspan="2" class="list" height="12"> </td>
484			</tr>
485			<?php endif; ?>
486			<tr>
487	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Console Options"); ?></td>
488	ab3c8553	Matthew Grooms	</tr>
489			<tr>
490	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Console menu"); ?></td>
491	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
492			<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked"; ?> />
493	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("Password protect the console menu"); ?></strong>
494	ab3c8553	Matthew Grooms	<br/>
495	1eacdc8a	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Changes to this option will take effect after a reboot."); ?></span>
496	ab3c8553	Matthew Grooms	</td>
497			</tr>
498			<tr>
499	306f082a	Scott Ullrich	<td colspan="2" class="list" height="12"> </td>
500			</tr>
501			<tr>
502	ab3c8553	Matthew Grooms	<td width="22%" valign="top"> </td>
503	bca12a76	Vinicius Coque	<td width="78%"><input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /></td>
504	ab3c8553	Matthew Grooms	</tr>
505			<tr>
506			<td colspan="2" class="list" height="12"> </td>
507			</tr>
508			</table>
509			</div>
510			</td>
511			</tr>
512			</table>
513			</form>
514	fb1266d3	Matthew Grooms	<script language="JavaScript" type="text/javascript">
515			<!--
516			prot_change();
517			//-->
518			</script>
519	df81417f	Matthew Grooms
520			<?php include("fend.inc"); ?>
521	fb1266d3	Matthew Grooms	<?php
522			if ($restart_webgui)
523	e647cc2e	Matthew Grooms	echo "<meta http-equiv=\"refresh\" content=\"20;url={$url}\">";
524	fb1266d3	Matthew Grooms	?>
525	df81417f	Matthew Grooms	</body>
526			</html>
527
528			<?php
529	fb1266d3	Matthew Grooms	if ($restart_sshd) {
530	df81417f	Matthew Grooms
531	56c91631	Ermal	killbyname("sshd");
532	1eacdc8a	Carlos Eduardo Ramos	log_error(gettext("secure shell configuration has changed. Stopping sshd."));
533	fb1266d3	Matthew Grooms
534			if ($config['system']['enablesshd']) {
535	1eacdc8a	Carlos Eduardo Ramos	log_error(gettext("secure shell configuration has changed. Restarting sshd."));
536	0ae6daf8	Ermal	send_event("service restart sshd");
537	df81417f	Matthew Grooms	}
538			}
539	fb1266d3	Matthew Grooms	if ($restart_webgui) {
540			ob_flush();
541			flush();
542	1eacdc8a	Carlos Eduardo Ramos	log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator."));
543	fbd5fc52	Ermal	send_event("service restart webgui");
544	fb1266d3	Matthew Grooms	}
545	1d333258	Scott Ullrich
546	42c7b553	Carlos Eduardo Ramos	?>

Project

General

Profile

pfSense