/usr/local/www/system_advanced_admin.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_advanced_admin.php @ 9c54ed89

1	df81417f	Matthew Grooms	<?php
2			/* $Id$ */
3			/*
4			system_advanced_admin.php
5			part of pfSense
6	4fe9c2dc	Scott Ullrich	Copyright (C) 2005-2010 Scott Ullrich
7	df81417f	Matthew Grooms
8			Copyright (C) 2008 Shrew Soft Inc
9
10			originally part of m0n0wall (http://m0n0.ch/wall)
11			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
12			All rights reserved.
13
14			Redistribution and use in source and binary forms, with or without
15			modification, are permitted provided that the following conditions are met:
16
17			1. Redistributions of source code must retain the above copyright notice,
18			this list of conditions and the following disclaimer.
19
20			2. Redistributions in binary form must reproduce the above copyright
21			notice, this list of conditions and the following disclaimer in the
22			documentation and/or other materials provided with the distribution.
23
24			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
26			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
28			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33			POSSIBILITY OF SUCH DAMAGE.
34			*/
35	1d333258	Scott Ullrich	/*
36			pfSense_BUILDER_BINARIES: /usr/bin/killall
37			pfSense_MODULE: system
38			*/
39	df81417f	Matthew Grooms
40			##\|+PRIV
41			##\|*IDENT=page-system-advanced-admin
42			##\|*NAME=System: Advanced: Admin Access Page
43			##\|*DESCR=Allow access to the 'System: Advanced: Admin Access' page.
44			##\|MATCH=system_advanced_admin.php
45			##\|-PRIV
46
47			require("guiconfig.inc");
48	7a927e67	Scott Ullrich	require_once("functions.inc");
49			require_once("filter.inc");
50			require_once("shaper.inc");
51	df81417f	Matthew Grooms
52	fb1266d3	Matthew Grooms	$pconfig['webguiproto'] = $config['system']['webgui']['protocol'];
53			$pconfig['webguiport'] = $config['system']['webgui']['port'];
54	c41602e1	jim-p	$pconfig['max_procs'] = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
55	fb1266d3	Matthew Grooms	$pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
56	36f83f68	Chris Buechler	$pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']);
57	df81417f	Matthew Grooms	$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
58			$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
59	14eab6fb	jim-p	$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']);
60	4fe9c2dc	Scott Ullrich	$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']);
61	dce51b01	jim-p	$pconfig['beast_protection'] = isset($config['system']['webgui']['beast_protection']);
62	1031c9ea	jim-p	$pconfig['noautocomplete'] = isset($config['system']['webgui']['noautocomplete']);
63	86b21903	jim-p	$pconfig['althostnames'] = $config['system']['webgui']['althostnames'];
64	df81417f	Matthew Grooms	$pconfig['enableserial'] = $config['system']['enableserial'];
65	c1becc31	jim-p	$pconfig['serialspeed'] = $config['system']['serialspeed'];
66	bf4e62ac	jim-p	$pconfig['primaryconsole'] = $config['system']['primaryconsole'];
67	df81417f	Matthew Grooms	$pconfig['enablesshd'] = $config['system']['enablesshd'];
68			$pconfig['sshport'] = $config['system']['ssh']['port'];
69	561d5162	Ermal Luçi	$pconfig['sshdkeyonly'] = isset($config['system']['ssh']['sshdkeyonly']);
70	bb3c6562	smos	$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']);
71	fb1266d3	Matthew Grooms
72	b4e6524c	jim-p	$a_cert =& $config['cert'];
73	fb1266d3	Matthew Grooms
74			$certs_available = false;
75			if (is_array($a_cert) && count($a_cert))
76			$certs_available = true;
77
78			if (!$pconfig['webguiproto'] \|\| !$certs_available)
79			$pconfig['webguiproto'] = "http";
80	df81417f	Matthew Grooms
81			if ($_POST) {
82
83			unset($input_errors);
84			$pconfig = $_POST;
85
86			/* input validation */
87	fb1266d3	Matthew Grooms	if ($_POST['webguiport'])
88			if(!is_port($_POST['webguiport']))
89	1eacdc8a	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify a valid webConfigurator port number");
90	df81417f	Matthew Grooms
91	c41602e1	jim-p	if ($_POST['max_procs'])
92			if(!is_numeric($_POST['max_procs']) \|\| ($_POST['max_procs'] < 1) \|\| ($_POST['max_procs'] > 500))
93			$input_errors[] = gettext("Max Processes must be a number 1 or greater");
94
95	86b21903	jim-p	if ($_POST['althostnames']) {
96			$althosts = explode(" ", $_POST['althostnames']);
97			foreach ($althosts as $ah)
98			if (!is_hostname($ah))
99	d1d0a1ad	Vinicius Coque	$input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."),htmlspecialchars($ah));
100	86b21903	jim-p	}
101
102	df81417f	Matthew Grooms	if ($_POST['sshport'])
103			if(!is_port($_POST['sshport']))
104	1eacdc8a	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify a valid port number");
105	df81417f	Matthew Grooms
106			if($_POST['sshdkeyonly'] == "yes")
107			$config['system']['ssh']['sshdkeyonly'] = "enabled";
108	f51f3989	Ermal Luçi	else if (isset($config['system']['ssh']['sshdkeyonly']))
109	df81417f	Matthew Grooms	unset($config['system']['ssh']['sshdkeyonly']);
110
111			ob_flush();
112			flush();
113
114			if (!$input_errors) {
115
116	fb1266d3	Matthew Grooms	if (update_if_changed("webgui protocol", $config['system']['webgui']['protocol'], $_POST['webguiproto']))
117			$restart_webgui = true;
118			if (update_if_changed("webgui port", $config['system']['webgui']['port'], $_POST['webguiport']))
119			$restart_webgui = true;
120			if (update_if_changed("webgui certificate", $config['system']['webgui']['ssl-certref'], $_POST['ssl-certref']))
121			$restart_webgui = true;
122	c41602e1	jim-p	if (update_if_changed("webgui max processes", $config['system']['webgui']['max_procs'], $_POST['max_procs']))
123			$restart_webgui = true;
124	df81417f	Matthew Grooms
125	f37caa93	Ermal	if ($_POST['disablehttpredirect'] == "yes") {
126	36f83f68	Chris Buechler	$config['system']['webgui']['disablehttpredirect'] = true;
127	f37caa93	Ermal	$restart_webgui = true;
128			} else {
129	36f83f68	Chris Buechler	unset($config['system']['webgui']['disablehttpredirect']);
130	f37caa93	Ermal	$restart_webgui = true;
131			}
132	bb3c6562	smos	if ($_POST['quietlogin'] == "yes") {
133			$config['system']['webgui']['quietlogin'] = true;
134			} else {
135			unset($config['system']['webgui']['quietlogin']);
136			}
137	f37caa93	Ermal
138	df81417f	Matthew Grooms	if($_POST['disableconsolemenu'] == "yes") {
139			$config['system']['disableconsolemenu'] = true;
140	a46e450c	Ermal Lu?i	auto_login();
141	df81417f	Matthew Grooms	} else {
142			unset($config['system']['disableconsolemenu']);
143	a46e450c	Ermal Lu?i	auto_login();
144	df81417f	Matthew Grooms	}
145
146			if ($_POST['noantilockout'] == "yes")
147			$config['system']['webgui']['noantilockout'] = true;
148			else
149			unset($config['system']['webgui']['noantilockout']);
150
151	407fbf45	jim-p	if ($_POST['enableserial'] == "yes" \|\| $g['enableserial_force'])
152	df81417f	Matthew Grooms	$config['system']['enableserial'] = true;
153			else
154			unset($config['system']['enableserial']);
155
156	c1becc31	jim-p	if (is_numeric($_POST['serialspeed']))
157			$config['system']['serialspeed'] = $_POST['serialspeed'];
158			else
159			unset($config['system']['serialspeed']);
160
161	bf4e62ac	jim-p	if ($_POST['primaryconsole'])
162			$config['system']['primaryconsole'] = $_POST['primaryconsole'];
163			else
164			unset($config['system']['primaryconsole']);
165
166	14eab6fb	jim-p	if ($_POST['nodnsrebindcheck'] == "yes")
167			$config['system']['webgui']['nodnsrebindcheck'] = true;
168			else
169			unset($config['system']['webgui']['nodnsrebindcheck']);
170
171	4fe9c2dc	Scott Ullrich	if ($_POST['nohttpreferercheck'] == "yes")
172			$config['system']['webgui']['nohttpreferercheck'] = true;
173			else
174			unset($config['system']['webgui']['nohttpreferercheck']);
175
176	dce51b01	jim-p	if ($_POST['beast_protection'] == "yes")
177			$config['system']['webgui']['beast_protection'] = true;
178			else
179			unset($config['system']['webgui']['beast_protection']);
180
181	1031c9ea	jim-p	if ($_POST['noautocomplete'] == "yes")
182			$config['system']['webgui']['noautocomplete'] = true;
183			else
184			unset($config['system']['webgui']['noautocomplete']);
185
186	86b21903	jim-p	if ($_POST['althostnames'])
187			$config['system']['webgui']['althostnames'] = $_POST['althostnames'];
188			else
189			unset($config['system']['webgui']['althostnames']);
190
191	fb1266d3	Matthew Grooms	$sshd_enabled = $config['system']['enablesshd'];
192			if($_POST['enablesshd'])
193	df81417f	Matthew Grooms	$config['system']['enablesshd'] = "enabled";
194	fb1266d3	Matthew Grooms	else
195	df81417f	Matthew Grooms	unset($config['system']['enablesshd']);
196
197	09ba7f74	jim-p	$sshd_keyonly = isset($config['system']['sshdkeyonly']);
198	fb1266d3	Matthew Grooms	if ($_POST['sshdkeyonly'])
199	df81417f	Matthew Grooms	$config['system']['sshdkeyonly'] = true;
200	fb1266d3	Matthew Grooms	else
201	df81417f	Matthew Grooms	unset($config['system']['sshdkeyonly']);
202
203	fb1266d3	Matthew Grooms	$sshd_port = $config['system']['ssh']['port'];
204			if ($_POST['sshport'])
205			$config['system']['ssh']['port'] = $_POST['sshport'];
206	e09a935c	Ermal Luçi	else if (isset($config['system']['ssh']['port']))
207	fb1266d3	Matthew Grooms	unset($config['system']['ssh']['port']);
208
209			if (($sshd_enabled != $config['system']['enablesshd']) \|\|
210			($sshd_keyonly != $config['system']['sshdkeyonly']) \|\|
211			($sshd_port != $config['system']['ssh']['port']))
212			$restart_sshd = true;
213
214			if ($restart_webgui) {
215			global $_SERVER;
216	ac005767	smos	$http_host_port = explode("]", $_SERVER['HTTP_HOST']);
217			/* IPv6 address check */
218			if(strstr($_SERVER['HTTP_HOST'], "]")) {
219			if(count($http_host_port) > 1) {
220			array_pop($http_host_port);
221			$host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
222			$host = "[{$host}]";
223			} else {
224			$host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
225			$host = "[{$host}]";
226			}
227			} else {
228			list($host) = explode(":", $_SERVER['HTTP_HOST']);
229			}
230	fb1266d3	Matthew Grooms	$prot = $config['system']['webgui']['protocol'];
231			$port = $config['system']['webgui']['port'];
232			if ($port)
233			$url = "{$prot}://{$host}:{$port}/system_advanced_admin.php";
234			else
235	b11bd589	jim-p	$url = "{$prot}://{$host}/system_advanced_admin.php";
236	fb1266d3	Matthew Grooms	}
237	df81417f	Matthew Grooms
238			write_config();
239
240			$retval = filter_configure();
241	fb1266d3	Matthew Grooms	$savemsg = get_std_save_message($retval);
242	0027de0a	Ermal Lu?i
243	fb1266d3	Matthew Grooms	if ($restart_webgui)
244	f0d1af93	Carlos Eduardo Ramos	$savemsg .= sprintf("<br />" . gettext("One moment...redirecting to %s in 20 seconds."),$url);
245	fb1266d3	Matthew Grooms
246	df81417f	Matthew Grooms	conf_mount_rw();
247			setup_serial_port();
248	9c54ed89	Warren Baker	// Restart DNS in case dns rebinding toggled
249			if (isset($config['dnsmasq']['enable']))
250			services_dnsmasq_configure();
251			elseif (isset($config['unbound']['enable']))
252			services_unbound_configure();
253	df81417f	Matthew Grooms	conf_mount_ro();
254			}
255			}
256
257	dce51b01	jim-p	unset($hwcrypto);
258			$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");
259			if ($fd) {
260			while (!feof($fd)) {
261			$dmesgl = fgets($fd);
262			if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches)) {
263			unset($pconfig['beast_protection']);
264			$disable_beast_option = "disabled";
265			$hwcrypto = $matches[1];
266			break;
267			}
268			}
269			fclose($fd);
270			}
271
272	bca12a76	Vinicius Coque	$pgtitle = array(gettext("System"),gettext("Advanced: Admin Access"));
273	df81417f	Matthew Grooms	include("head.inc");
274
275			?>
276
277			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
278	fb1266d3	Matthew Grooms	<?php include("fbegin.inc"); ?>
279	3c119b78	Colin Fleming	<script type="text/javascript">
280			//<![CDATA[
281	fb1266d3	Matthew Grooms
282			function prot_change() {
283
284			if (document.iform.https_proto.checked)
285			document.getElementById("ssl_opts").style.display="";
286			else
287			document.getElementById("ssl_opts").style.display="none";
288			}
289
290	3c119b78	Colin Fleming	//]]>
291	fb1266d3	Matthew Grooms	</script>
292	df81417f	Matthew Grooms	<?php
293			if ($input_errors)
294			print_input_errors($input_errors);
295			if ($savemsg)
296			print_info_box($savemsg);
297			?>
298	ab3c8553	Matthew Grooms	<form action="system_advanced_admin.php" method="post" name="iform" id="iform">
299	3c119b78	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="system advanced admin">
300	ab3c8553	Matthew Grooms	<tr>
301			<td>
302			<?php
303			$tab_array = array();
304	bca12a76	Vinicius Coque	$tab_array[] = array(gettext("Admin Access"), true, "system_advanced_admin.php");
305			$tab_array[] = array(gettext("Firewall / NAT"), false, "system_advanced_firewall.php");
306			$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
307			$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
308			$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
309			$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
310	ab3c8553	Matthew Grooms	display_top_tabs($tab_array);
311			?>
312			</td>
313			</tr>
314			<tr>
315	2ff19bfd	Matthew Grooms	<td id="mainarea">
316			<div class="tabcont">
317			<span class="vexpl">
318			<span class="red">
319	3c119b78	Colin Fleming	<strong><?=gettext("NOTE:"); ?> </strong>
320	2ff19bfd	Matthew Grooms	</span>
321	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("The options on this page are intended for use by advanced users only."); ?>
322	8cd558b6	ayvis	<br />
323	2ff19bfd	Matthew Grooms	</span>
324	8cd558b6	ayvis	<br />
325	3c119b78	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
326	ab3c8553	Matthew Grooms	<tr>
327	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("webConfigurator"); ?></td>
328	ab3c8553	Matthew Grooms	</tr>
329			<tr>
330	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Protocol"); ?></td>
331	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
332	fb1266d3	Matthew Grooms	<?php
333	ab3c8553	Matthew Grooms	if ($pconfig['webguiproto'] == "http")
334	3c119b78	Colin Fleming	$http_chk = "checked=\"checked\"";
335	ab3c8553	Matthew Grooms	if ($pconfig['webguiproto'] == "https")
336	3c119b78	Colin Fleming	$https_chk = "checked=\"checked\"";
337	ab3c8553	Matthew Grooms	if (!$certs_available)
338	3c119b78	Colin Fleming	$https_disabled = "disabled=\"disabled\"";
339	fb1266d3	Matthew Grooms	?>
340	3c119b78	Colin Fleming	<input name="webguiproto" id="http_proto" type="radio" value="http" <?=$http_chk;?> onclick="prot_change()" />
341	42c7b553	Carlos Eduardo Ramos	<?=gettext("HTTP"); ?>
342	ab3c8553	Matthew Grooms
343	3c119b78	Colin Fleming	<input name="webguiproto" id="https_proto" type="radio" value="https" <?=$https_chk;?> <?=$https_disabled;?> onclick="prot_change()" />
344	42c7b553	Carlos Eduardo Ramos	<?=gettext("HTTPS"); ?>
345	ab3c8553	Matthew Grooms	<?php if (!$certs_available): ?>
346	8cd558b6	ayvis	<br />
347	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("No Certificates have been defined. You must"); ?>
348			<a href="system_certmanager.php"><?=gettext("Create or Import"); ?></a>
349			<?=gettext("a Certificate before SSL can be enabled."); ?>
350	ab3c8553	Matthew Grooms	<?php endif; ?>
351			</td>
352			</tr>
353			<tr id="ssl_opts">
354	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("SSL Certificate"); ?></td>
355	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
356			<select name="ssl-certref" id="ssl-certref" class="formselect">
357			<?php
358			foreach($a_cert as $cert):
359			$selected = "";
360			if ($pconfig['ssl-certref'] == $cert['refid'])
361	3c119b78	Colin Fleming	$selected = "selected=\"selected\"";
362	ab3c8553	Matthew Grooms	?>
363	f2a86ca9	jim-p	<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'];?></option>
364	ab3c8553	Matthew Grooms	<?php endforeach; ?>
365			</select>
366			</td>
367			</tr>
368			<tr>
369	1eacdc8a	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("TCP port"); ?></td>
370	ab3c8553	Matthew Grooms	<td class="vtable">
371	3c119b78	Colin Fleming	<input name="webguiport" type="text" class="formfld unknown" id="webguiport" size="5" value="<?=htmlspecialchars($config['system']['webgui']['port']);?>" />
372			<br />
373	ab3c8553	Matthew Grooms	<span class="vexpl">
374	f0d1af93	Carlos Eduardo Ramos	<?=gettext("Enter a custom port number for the webConfigurator " .
375			"above if you want to override the default (80 for HTTP, 443 " .
376			"for HTTPS). Changes will take effect immediately after save."); ?>
377	ab3c8553	Matthew Grooms	</span>
378			</td>
379			</tr>
380	c41602e1	jim-p	<tr>
381			<td valign="top" class="vncell"><?=gettext("Max Processes"); ?></td>
382			<td class="vtable">
383	3c119b78	Colin Fleming	<input name="max_procs" type="text" class="formfld unknown" id="max_procs" size="5" value="<?=htmlspecialchars($pconfig['max_procs']);?>" />
384			<br />
385	c41602e1	jim-p	<span class="vexpl">
386			<?=gettext("Enter the number of webConfigurator processes you " .
387			"want to run. This defaults to 2. Increasing this will allow more " .
388			"users/browsers to access the GUI concurrently."); ?>
389			</span>
390			</td>
391			</tr>
392	f37caa93	Ermal	<tr>
393			<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI redirect"); ?></td>
394			<td width="78%" class="vtable">
395	3c119b78	Colin Fleming	<input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked=\"checked\""; ?> />
396	f37caa93	Ermal	<strong><?=gettext("Disable webConfigurator redirect rule"); ?></strong>
397	8cd558b6	ayvis	<br />
398	bb3c6562	smos	<?php echo gettext("When this is unchecked, access to the webConfigurator " .
399	1031c9ea	jim-p	"is always permitted even on port 80, regardless of the listening port configured. " .
400	f37caa93	Ermal	"Check this box to disable this automatically added redirect rule. ");
401			?>
402			</td>
403			</tr>
404	1031c9ea	jim-p	<tr>
405			<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI Login Autocomplete"); ?></td>
406			<td width="78%" class="vtable">
407	3c119b78	Colin Fleming	<input name="noautocomplete" type="checkbox" id="noautocomplete" value="yes" <?php if ($pconfig['noautocomplete']) echo "checked=\"checked\""; ?> />
408	1031c9ea	jim-p	<strong><?=gettext("Disable webConfigurator login autocomplete"); ?></strong>
409	8cd558b6	ayvis	<br />
410	1031c9ea	jim-p	<?php echo gettext("When this is unchecked, login credentials for the webConfigurator " .
411			"may be saved by the browser. While convenient, some security standards require this to be disabled. " .
412			"Check this box to disable autocomplete on the login form so that browsers will not prompt to save credentials (NOTE: Some browsers do not respect this option). ");
413			?>
414			</td>
415			</tr>
416	ab3c8553	Matthew Grooms	<tr>
417	bb3c6562	smos	<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI login messages"); ?></td>
418			<td width="78%" class="vtable">
419	3c119b78	Colin Fleming	<input name="quietlogin" type="checkbox" id="quietlogin" value="yes" <?php if ($pconfig['quietlogin']) echo "checked=\"checked\""; ?> />
420	78544d4a	Chris Buechler	<strong><?=gettext("Disable logging of webConfigurator successful logins"); ?></strong>
421	8cd558b6	ayvis	<br />
422	bb3c6562	smos	<?php echo gettext("When this is checked, successful logins to the webConfigurator " .
423			"will not be logged.");
424			?>
425			</td>
426			</tr>
427			<tr>
428	ca72c3f5	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Anti-lockout"); ?></td>
429	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
430			<?php
431			if($config['interfaces']['lan'])
432			$lockout_interface = "LAN";
433			else
434			$lockout_interface = "WAN";
435			?>
436	3c119b78	Colin Fleming	<input name="noantilockout" type="checkbox" id="noantilockout" value="yes" <?php if ($pconfig['noantilockout']) echo "checked=\"checked\""; ?> />
437	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("Disable webConfigurator anti-lockout rule"); ?></strong>
438	8cd558b6	ayvis	<br />
439	3a3fb8ea	Erik Fonnesbeck	<?php printf(gettext("When this is unchecked, access to the webConfigurator " .
440	f49a012c	Renato Botelho	"on the %s interface is always permitted, regardless of the user-defined firewall " .
441			"rule set. Check this box to disable this automatically added rule, so access " .
442			"to the webConfigurator is controlled by the user-defined firewall rules " .
443			"(ensure you have a firewall rule in place that allows you in, or you will " .
444			"lock yourself out!)"), $lockout_interface); ?>
445			<em> <?=gettext("Hint: the "Set interface(s) IP address" option in the console menu resets this setting as well."); ?> </em>
446	ab3c8553	Matthew Grooms	</td>
447			</tr>
448	14eab6fb	jim-p	<tr>
449			<td width="22%" valign="top" class="vncell"><?=gettext("DNS Rebind Check"); ?></td>
450			<td width="78%" class="vtable">
451	3c119b78	Colin Fleming	<input name="nodnsrebindcheck" type="checkbox" id="nodnsrebindcheck" value="yes" <?php if ($pconfig['nodnsrebindcheck']) echo "checked=\"checked\""; ?> />
452	ff998f10	Chris Buechler	<strong><?=gettext("Disable DNS Rebinding Checks"); ?></strong>
453	8cd558b6	ayvis	<br />
454	ff998f10	Chris Buechler	<?php echo gettext("When this is unchecked, your system " .
455	14eab6fb	jim-p	"is protected against <a href=\"http://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding attacks</a>. " .
456	ff998f10	Chris Buechler	"This blocks private IP responses from your configured DNS servers. Check this box to disable this protection if it interferes with " .
457			"webConfigurator access or name resolution in your environment. "); ?>
458	14eab6fb	jim-p	</td>
459			</tr>
460	86b21903	jim-p	<tr>
461			<td width="22%" valign="top" class="vncell"><?=gettext("Alternate Hostnames"); ?></td>
462			<td width="78%" class="vtable">
463			<input name="althostnames" type="text" class="formfld unknown" id="althostnames" size="75" value="<?=htmlspecialchars($pconfig['althostnames']);?>"/>
464	8cd558b6	ayvis	<br />
465	612fa572	Scott Ullrich	<strong><?=gettext("Alternate Hostnames for DNS Rebinding and HTTP_REFERER Checks"); ?></strong>
466	8cd558b6	ayvis	<br />
467	86b21903	jim-p	<?php echo gettext("Here you can specify alternate hostnames by which the router may be queried, to " .
468			"bypass the DNS Rebinding Attack checks. Separate hostnames with spaces."); ?>
469			</td>
470			</tr>
471	4fe9c2dc	Scott Ullrich	<tr>
472			<td width="22%" valign="top" class="vncell"><?=gettext("Browser HTTP_REFERER enforcement"); ?></td>
473			<td width="78%" class="vtable">
474	3c119b78	Colin Fleming	<input name="nohttpreferercheck" type="checkbox" id="nohttpreferercheck" value="yes" <?php if ($pconfig['nohttpreferercheck']) echo "checked=\"checked\""; ?> />
475	4fe9c2dc	Scott Ullrich	<strong><?=gettext("Disable HTTP_REFERER enforcement check"); ?></strong>
476	8cd558b6	ayvis	<br />
477	4fe9c2dc	Scott Ullrich	<?php echo gettext("When this is unchecked, access to the webConfigurator " .
478			"is protected against HTTP_REFERER redirection attempts. " .
479			"Check this box to disable this protection if you find that it interferes with " .
480	3c119b78	Colin Fleming	"webConfigurator access in certain corner cases such as using external scripts to interact with this system. More information on HTTP_REFERER is available from <a target='_blank' href='http://en.wikipedia.org/wiki/HTTP_referrer'>Wikipedia</a>."); ?>
481	4fe9c2dc	Scott Ullrich	</td>
482			</tr>
483	dce51b01	jim-p	<tr>
484			<td width="22%" valign="top" class="vncell"><?=gettext("BEAST Attack Protection"); ?></td>
485			<td width="78%" class="vtable">
486			<input name="beast_protection" type="checkbox" id="beast_protection" value="yes" <?php if ($pconfig['beast_protection']) echo "checked=\"checked\""; ?> <?= $disable_beast_option ?>/>
487			<strong><?=gettext("Mitigate the BEAST SSL Attack"); ?></strong>
488	8cd558b6	ayvis	<br />
489	dce51b01	jim-p	<?php echo gettext("When this is checked, the webConfigurator can mitigate BEAST SSL attacks. ") ?>
490	8cd558b6	ayvis	<br />
491	dce51b01	jim-p	<?php if ($disable_beast_option) {
492	8cd558b6	ayvis	echo "<br />" . sprintf(gettext("This option has been automatically disabled because a conflicting cryptographic accelerator card has been detected (%s)."), $hwcrypto) . "<br /><br />";
493	dce51b01	jim-p	} ?>
494			<?php echo gettext("This option is off by default because Hifn accelerators do NOT work with this option, and the GUI will not function. " .
495			"It is possible that other accelerators have a similar problem that is not yet known/documented. " .
496			"More information on BEAST is available from <a target='_blank' href='https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack'>Wikipedia</a>."); ?>
497			</td>
498			</tr>
499	ab3c8553	Matthew Grooms	<tr>
500			<td colspan="2" class="list" height="12"> </td>
501			</tr>
502			<tr>
503	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Secure Shell"); ?></td>
504	ab3c8553	Matthew Grooms	</tr>
505			<tr>
506	ca72c3f5	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Secure Shell Server"); ?></td>
507	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
508	3c119b78	Colin Fleming	<input name="enablesshd" type="checkbox" id="enablesshd" value="yes" <?php if (isset($pconfig['enablesshd'])) echo "checked=\"checked\""; ?> />
509	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("Enable Secure Shell"); ?></strong>
510	ab3c8553	Matthew Grooms	</td>
511			</tr>
512			<tr>
513	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication Method"); ?></td>
514	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
515	3c119b78	Colin Fleming	<input name="sshdkeyonly" type="checkbox" id="sshdkeyonly" value="yes" <?php if ($pconfig['sshdkeyonly']) echo "checked=\"checked\""; ?> />
516	60879d14	jim-p	<strong><?=gettext("Disable password login for Secure Shell (RSA/DSA key only)"); ?></strong>
517	8cd558b6	ayvis	<br />
518	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("When enabled, authorized keys need to be configured for each"); ?>
519	c395a830	Carlos Eduardo Ramos	<a href="system_usermanager.php"><?=gettext("user"); ?></a>
520	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("that has been granted secure shell access."); ?>
521	ab3c8553	Matthew Grooms	</td>
522			</tr>
523			<tr>
524	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("SSH port"); ?></td>
525	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
526			<input name="sshport" type="text" id="sshport" value="<?php echo $pconfig['sshport']; ?>" />
527	8cd558b6	ayvis	<br />
528	22a11a58	Larry Gilbert	<span class="vexpl"><?=gettext("Note: Leave this blank for the default of 22."); ?></span>
529	ab3c8553	Matthew Grooms	</td>
530			</tr>
531			<tr>
532			<td colspan="2" class="list" height="12"> </td>
533			</tr>
534			<tr>
535	0ea03ffd	N0YB	<td colspan="2" valign="top" class="listtopic"><?=gettext("Serial Communications"); ?></td>
536	ab3c8553	Matthew Grooms	</tr>
537	407fbf45	jim-p	<?php if (!$g['enableserial_force'] && ($g['platform'] == "pfSense" \|\| $g['platform'] == "cdrom" \|\| file_exists("/etc/nano_use_vga.txt"))): ?>
538	ab3c8553	Matthew Grooms	<tr>
539	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Serial Terminal"); ?></td>
540	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
541	3c119b78	Colin Fleming	<input name="enableserial" type="checkbox" id="enableserial" value="yes" <?php if (isset($pconfig['enableserial'])) echo "checked=\"checked\""; ?> />
542	c1becc31	jim-p	<strong><?=gettext("Enables the first serial port with 9600/8/N/1 by default, or another speed selectable below."); ?></strong>
543	5a05633a	jim-p	<span class="vexpl"><?=gettext("Note: This will redirect the console output and messages to the serial port. You can still access the console menu from the internal video card/keyboard. A <b>null modem</b> serial cable or adapter is required to use the serial console."); ?></span>
544	ab3c8553	Matthew Grooms	</td>
545			</tr>
546	9d99eb95	jim-p	<?php endif; ?>
547	c1becc31	jim-p	<tr>
548			<td width="22%" valign="top" class="vncell"><?=gettext("Serial Speed")?></td>
549			<td width="78%" class="vtable">
550			<select name="serialspeed" id="serialspeed" class="formselect">
551	3c119b78	Colin Fleming	<option value="9600" <?php if ($pconfig['serialspeed'] == "9600") echo "selected=\"selected\"";?>>9600</option>
552			<option value="14400" <?php if ($pconfig['serialspeed'] == "14400") echo "selected=\"selected\"";?>>14400</option>
553			<option value="19200" <?php if ($pconfig['serialspeed'] == "19200") echo "selected=\"selected\"";?>>19200</option>
554			<option value="38400" <?php if ($pconfig['serialspeed'] == "38400") echo "selected=\"selected\"";?>>38400</option>
555			<option value="57600" <?php if ($pconfig['serialspeed'] == "57600") echo "selected=\"selected\"";?>>57600</option>
556			<option value="115200" <?php if ($pconfig['serialspeed'] == "115200") echo "selected=\"selected\"";?>>115200</option>
557	c1becc31	jim-p	</select> bps
558	8cd558b6	ayvis	<br /><?=gettext("Allows selection of different speeds for the serial console port."); ?>
559	c1becc31	jim-p	</td>
560			</tr>
561	bf4e62ac	jim-p	<?php if (!$g['primaryconsole_force'] && ($g['platform'] == "pfSense" \|\| $g['platform'] == "cdrom" \|\| file_exists("/etc/nano_use_vga.txt"))): ?>
562			<tr>
563			<td width="22%" valign="top" class="vncell"><?=gettext("Primary Console")?></td>
564			<td width="78%" class="vtable">
565			<select name="primaryconsole" id="primaryconsole" class="formselect">
566			<option value="serial" <?php if ($pconfig['primaryconsole'] == "serial") echo "selected=\"selected\"";?>>Serial Console</option>
567			<option value="video" <?php if ($pconfig['primaryconsole'] == "video") echo "selected=\"selected\"";?>>VGA Console</option>
568			</select>
569	8cd558b6	ayvis	<br /><?=gettext("Select the preferred console if multiple consoles are present. The preferred console will show pfSense boot script output. All consoles display OS boot messages, console messages, and the console menu."); ?>
570	bf4e62ac	jim-p	</td>
571			</tr>
572			<?php endif; ?>
573	ab3c8553	Matthew Grooms	<tr>
574			<td colspan="2" class="list" height="12"> </td>
575			</tr>
576			<tr>
577	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Console Options"); ?></td>
578	ab3c8553	Matthew Grooms	</tr>
579			<tr>
580	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Console menu"); ?></td>
581	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
582	3c119b78	Colin Fleming	<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked=\"checked\""; ?> />
583	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("Password protect the console menu"); ?></strong>
584	8cd558b6	ayvis	<br />
585	1eacdc8a	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Changes to this option will take effect after a reboot."); ?></span>
586	ab3c8553	Matthew Grooms	</td>
587			</tr>
588			<tr>
589	306f082a	Scott Ullrich	<td colspan="2" class="list" height="12"> </td>
590			</tr>
591			<tr>
592	ab3c8553	Matthew Grooms	<td width="22%" valign="top"> </td>
593	bca12a76	Vinicius Coque	<td width="78%"><input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /></td>
594	ab3c8553	Matthew Grooms	</tr>
595			<tr>
596			<td colspan="2" class="list" height="12"> </td>
597			</tr>
598			</table>
599			</div>
600			</td>
601			</tr>
602			</table>
603			</form>
604	3c119b78	Colin Fleming	<script type="text/javascript">
605			//<![CDATA[
606	fb1266d3	Matthew Grooms	prot_change();
607	3c119b78	Colin Fleming	//]]>
608	fb1266d3	Matthew Grooms	</script>
609	df81417f	Matthew Grooms
610			<?php include("fend.inc"); ?>
611	fb1266d3	Matthew Grooms	<?php
612			if ($restart_webgui)
613	3c119b78	Colin Fleming	echo "<meta http-equiv=\"refresh\" content=\"20;url={$url}\" />";
614	fb1266d3	Matthew Grooms	?>
615	df81417f	Matthew Grooms	</body>
616			</html>
617
618			<?php
619	fb1266d3	Matthew Grooms	if ($restart_sshd) {
620	df81417f	Matthew Grooms
621	56c91631	Ermal	killbyname("sshd");
622	1eacdc8a	Carlos Eduardo Ramos	log_error(gettext("secure shell configuration has changed. Stopping sshd."));
623	fb1266d3	Matthew Grooms
624			if ($config['system']['enablesshd']) {
625	1eacdc8a	Carlos Eduardo Ramos	log_error(gettext("secure shell configuration has changed. Restarting sshd."));
626	0ae6daf8	Ermal	send_event("service restart sshd");
627	df81417f	Matthew Grooms	}
628			}
629	fb1266d3	Matthew Grooms	if ($restart_webgui) {
630			ob_flush();
631			flush();
632	1eacdc8a	Carlos Eduardo Ramos	log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator."));
633	fbd5fc52	Ermal	send_event("service restart webgui");
634	fb1266d3	Matthew Grooms	}
635	1d333258	Scott Ullrich
636	42c7b553	Carlos Eduardo Ramos	?>

Project

General

Profile

pfSense