/usr/local/www/system_advanced_admin.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_advanced_admin.php @ a73ba11b

1	df81417f	Matthew Grooms	<?php
2			/* $Id$ */
3			/*
4			system_advanced_admin.php
5			part of pfSense
6	4fe9c2dc	Scott Ullrich	Copyright (C) 2005-2010 Scott Ullrich
7	df81417f	Matthew Grooms
8			Copyright (C) 2008 Shrew Soft Inc
9
10			originally part of m0n0wall (http://m0n0.ch/wall)
11			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
12			All rights reserved.
13
14			Redistribution and use in source and binary forms, with or without
15			modification, are permitted provided that the following conditions are met:
16
17			1. Redistributions of source code must retain the above copyright notice,
18			this list of conditions and the following disclaimer.
19
20			2. Redistributions in binary form must reproduce the above copyright
21			notice, this list of conditions and the following disclaimer in the
22			documentation and/or other materials provided with the distribution.
23
24			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
26			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
28			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33			POSSIBILITY OF SUCH DAMAGE.
34			*/
35	1d333258	Scott Ullrich	/*
36			pfSense_BUILDER_BINARIES: /usr/bin/killall
37			pfSense_MODULE: system
38			*/
39	df81417f	Matthew Grooms
40			##\|+PRIV
41			##\|*IDENT=page-system-advanced-admin
42			##\|*NAME=System: Advanced: Admin Access Page
43			##\|*DESCR=Allow access to the 'System: Advanced: Admin Access' page.
44			##\|MATCH=system_advanced_admin.php
45			##\|-PRIV
46
47			require("guiconfig.inc");
48	7a927e67	Scott Ullrich	require_once("functions.inc");
49			require_once("filter.inc");
50			require_once("shaper.inc");
51	df81417f	Matthew Grooms
52	fb1266d3	Matthew Grooms	$pconfig['webguiproto'] = $config['system']['webgui']['protocol'];
53			$pconfig['webguiport'] = $config['system']['webgui']['port'];
54	c41602e1	jim-p	$pconfig['max_procs'] = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
55	fb1266d3	Matthew Grooms	$pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
56	36f83f68	Chris Buechler	$pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']);
57	df81417f	Matthew Grooms	$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
58			$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
59	14eab6fb	jim-p	$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']);
60	4fe9c2dc	Scott Ullrich	$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']);
61	30adceda	jim-p	$pconfig['beast_protection'] = isset($config['system']['webgui']['beast_protection']);
62	1031c9ea	jim-p	$pconfig['noautocomplete'] = isset($config['system']['webgui']['noautocomplete']);
63	86b21903	jim-p	$pconfig['althostnames'] = $config['system']['webgui']['althostnames'];
64	df81417f	Matthew Grooms	$pconfig['enableserial'] = $config['system']['enableserial'];
65	c1becc31	jim-p	$pconfig['serialspeed'] = $config['system']['serialspeed'];
66	01c15762	jim-p	$pconfig['primaryconsole'] = $config['system']['primaryconsole'];
67	df81417f	Matthew Grooms	$pconfig['enablesshd'] = $config['system']['enablesshd'];
68			$pconfig['sshport'] = $config['system']['ssh']['port'];
69	561d5162	Ermal Luçi	$pconfig['sshdkeyonly'] = isset($config['system']['ssh']['sshdkeyonly']);
70	bb3c6562	smos	$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']);
71	fb1266d3	Matthew Grooms
72	b4e6524c	jim-p	$a_cert =& $config['cert'];
73	fb1266d3	Matthew Grooms
74			$certs_available = false;
75			if (is_array($a_cert) && count($a_cert))
76			$certs_available = true;
77
78			if (!$pconfig['webguiproto'] \|\| !$certs_available)
79			$pconfig['webguiproto'] = "http";
80	df81417f	Matthew Grooms
81			if ($_POST) {
82
83			unset($input_errors);
84			$pconfig = $_POST;
85
86			/* input validation */
87	fb1266d3	Matthew Grooms	if ($_POST['webguiport'])
88			if(!is_port($_POST['webguiport']))
89	1eacdc8a	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify a valid webConfigurator port number");
90	df81417f	Matthew Grooms
91	c41602e1	jim-p	if ($_POST['max_procs'])
92			if(!is_numeric($_POST['max_procs']) \|\| ($_POST['max_procs'] < 1) \|\| ($_POST['max_procs'] > 500))
93			$input_errors[] = gettext("Max Processes must be a number 1 or greater");
94
95	86b21903	jim-p	if ($_POST['althostnames']) {
96			$althosts = explode(" ", $_POST['althostnames']);
97			foreach ($althosts as $ah)
98			if (!is_hostname($ah))
99	d1d0a1ad	Vinicius Coque	$input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."),htmlspecialchars($ah));
100	86b21903	jim-p	}
101
102	df81417f	Matthew Grooms	if ($_POST['sshport'])
103			if(!is_port($_POST['sshport']))
104	1eacdc8a	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify a valid port number");
105	df81417f	Matthew Grooms
106			if($_POST['sshdkeyonly'] == "yes")
107			$config['system']['ssh']['sshdkeyonly'] = "enabled";
108	f51f3989	Ermal Luçi	else if (isset($config['system']['ssh']['sshdkeyonly']))
109	df81417f	Matthew Grooms	unset($config['system']['ssh']['sshdkeyonly']);
110
111			ob_flush();
112			flush();
113
114			if (!$input_errors) {
115
116	fb1266d3	Matthew Grooms	if (update_if_changed("webgui protocol", $config['system']['webgui']['protocol'], $_POST['webguiproto']))
117			$restart_webgui = true;
118			if (update_if_changed("webgui port", $config['system']['webgui']['port'], $_POST['webguiport']))
119			$restart_webgui = true;
120			if (update_if_changed("webgui certificate", $config['system']['webgui']['ssl-certref'], $_POST['ssl-certref']))
121			$restart_webgui = true;
122	c41602e1	jim-p	if (update_if_changed("webgui max processes", $config['system']['webgui']['max_procs'], $_POST['max_procs']))
123			$restart_webgui = true;
124	df81417f	Matthew Grooms
125	f37caa93	Ermal	if ($_POST['disablehttpredirect'] == "yes") {
126	36f83f68	Chris Buechler	$config['system']['webgui']['disablehttpredirect'] = true;
127	f37caa93	Ermal	$restart_webgui = true;
128			} else {
129	36f83f68	Chris Buechler	unset($config['system']['webgui']['disablehttpredirect']);
130	f37caa93	Ermal	$restart_webgui = true;
131			}
132	bb3c6562	smos	if ($_POST['quietlogin'] == "yes") {
133			$config['system']['webgui']['quietlogin'] = true;
134			} else {
135			unset($config['system']['webgui']['quietlogin']);
136			}
137	f37caa93	Ermal
138	df81417f	Matthew Grooms	if($_POST['disableconsolemenu'] == "yes") {
139			$config['system']['disableconsolemenu'] = true;
140	a46e450c	Ermal Lu?i	auto_login();
141	df81417f	Matthew Grooms	} else {
142			unset($config['system']['disableconsolemenu']);
143	a46e450c	Ermal Lu?i	auto_login();
144	df81417f	Matthew Grooms	}
145
146			if ($_POST['noantilockout'] == "yes")
147			$config['system']['webgui']['noantilockout'] = true;
148			else
149			unset($config['system']['webgui']['noantilockout']);
150
151	9525f7a6	jim-p	if ($_POST['enableserial'] == "yes" \|\| $g['enableserial_force'])
152	df81417f	Matthew Grooms	$config['system']['enableserial'] = true;
153			else
154			unset($config['system']['enableserial']);
155
156	c1becc31	jim-p	if (is_numeric($_POST['serialspeed']))
157			$config['system']['serialspeed'] = $_POST['serialspeed'];
158			else
159			unset($config['system']['serialspeed']);
160
161	01c15762	jim-p	if ($_POST['primaryconsole'])
162			$config['system']['primaryconsole'] = $_POST['primaryconsole'];
163			else
164			unset($config['system']['primaryconsole']);
165
166	14eab6fb	jim-p	if ($_POST['nodnsrebindcheck'] == "yes")
167			$config['system']['webgui']['nodnsrebindcheck'] = true;
168			else
169			unset($config['system']['webgui']['nodnsrebindcheck']);
170
171	4fe9c2dc	Scott Ullrich	if ($_POST['nohttpreferercheck'] == "yes")
172			$config['system']['webgui']['nohttpreferercheck'] = true;
173			else
174			unset($config['system']['webgui']['nohttpreferercheck']);
175
176	30adceda	jim-p	if ($_POST['beast_protection'] == "yes")
177			$config['system']['webgui']['beast_protection'] = true;
178			else
179			unset($config['system']['webgui']['beast_protection']);
180
181	1031c9ea	jim-p	if ($_POST['noautocomplete'] == "yes")
182			$config['system']['webgui']['noautocomplete'] = true;
183			else
184			unset($config['system']['webgui']['noautocomplete']);
185
186	86b21903	jim-p	if ($_POST['althostnames'])
187			$config['system']['webgui']['althostnames'] = $_POST['althostnames'];
188			else
189			unset($config['system']['webgui']['althostnames']);
190
191	fb1266d3	Matthew Grooms	$sshd_enabled = $config['system']['enablesshd'];
192			if($_POST['enablesshd'])
193	df81417f	Matthew Grooms	$config['system']['enablesshd'] = "enabled";
194	fb1266d3	Matthew Grooms	else
195	df81417f	Matthew Grooms	unset($config['system']['enablesshd']);
196
197	09ba7f74	jim-p	$sshd_keyonly = isset($config['system']['sshdkeyonly']);
198	fb1266d3	Matthew Grooms	if ($_POST['sshdkeyonly'])
199	df81417f	Matthew Grooms	$config['system']['sshdkeyonly'] = true;
200	fb1266d3	Matthew Grooms	else
201	df81417f	Matthew Grooms	unset($config['system']['sshdkeyonly']);
202
203	fb1266d3	Matthew Grooms	$sshd_port = $config['system']['ssh']['port'];
204			if ($_POST['sshport'])
205			$config['system']['ssh']['port'] = $_POST['sshport'];
206	e09a935c	Ermal Luçi	else if (isset($config['system']['ssh']['port']))
207	fb1266d3	Matthew Grooms	unset($config['system']['ssh']['port']);
208
209			if (($sshd_enabled != $config['system']['enablesshd']) \|\|
210			($sshd_keyonly != $config['system']['sshdkeyonly']) \|\|
211			($sshd_port != $config['system']['ssh']['port']))
212			$restart_sshd = true;
213
214			if ($restart_webgui) {
215			global $_SERVER;
216	ac005767	smos	$http_host_port = explode("]", $_SERVER['HTTP_HOST']);
217			/* IPv6 address check */
218			if(strstr($_SERVER['HTTP_HOST'], "]")) {
219			if(count($http_host_port) > 1) {
220			array_pop($http_host_port);
221			$host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
222			$host = "[{$host}]";
223			} else {
224			$host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
225			$host = "[{$host}]";
226			}
227			} else {
228			list($host) = explode(":", $_SERVER['HTTP_HOST']);
229			}
230	fb1266d3	Matthew Grooms	$prot = $config['system']['webgui']['protocol'];
231			$port = $config['system']['webgui']['port'];
232			if ($port)
233			$url = "{$prot}://{$host}:{$port}/system_advanced_admin.php";
234			else
235	b11bd589	jim-p	$url = "{$prot}://{$host}/system_advanced_admin.php";
236	fb1266d3	Matthew Grooms	}
237	df81417f	Matthew Grooms
238			write_config();
239
240			$retval = filter_configure();
241	fb1266d3	Matthew Grooms	$savemsg = get_std_save_message($retval);
242	0027de0a	Ermal Lu?i
243	fb1266d3	Matthew Grooms	if ($restart_webgui)
244	f0d1af93	Carlos Eduardo Ramos	$savemsg .= sprintf("<br />" . gettext("One moment...redirecting to %s in 20 seconds."),$url);
245	fb1266d3	Matthew Grooms
246	df81417f	Matthew Grooms	conf_mount_rw();
247			setup_serial_port();
248	1b94e73b	Scott Ullrich	// Restart dnsmasq in case dns rebinding toggled
249			services_dnsmasq_configure();
250	df81417f	Matthew Grooms	conf_mount_ro();
251			}
252			}
253
254	30adceda	jim-p	unset($hwcrypto);
255			$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");
256			if ($fd) {
257			while (!feof($fd)) {
258			$dmesgl = fgets($fd);
259			if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches)) {
260			unset($pconfig['beast_protection']);
261			$disable_beast_option = "disabled";
262			$hwcrypto = $matches[1];
263			break;
264			}
265			}
266			fclose($fd);
267			}
268
269	bca12a76	Vinicius Coque	$pgtitle = array(gettext("System"),gettext("Advanced: Admin Access"));
270	df81417f	Matthew Grooms	include("head.inc");
271
272			?>
273
274			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
275	fb1266d3	Matthew Grooms	<?php include("fbegin.inc"); ?>
276	3c119b78	Colin Fleming	<script type="text/javascript">
277			//<![CDATA[
278	fb1266d3	Matthew Grooms
279			function prot_change() {
280
281			if (document.iform.https_proto.checked)
282			document.getElementById("ssl_opts").style.display="";
283			else
284			document.getElementById("ssl_opts").style.display="none";
285			}
286
287	3c119b78	Colin Fleming	//]]>
288	fb1266d3	Matthew Grooms	</script>
289	df81417f	Matthew Grooms	<?php
290			if ($input_errors)
291			print_input_errors($input_errors);
292			if ($savemsg)
293			print_info_box($savemsg);
294			?>
295	ab3c8553	Matthew Grooms	<form action="system_advanced_admin.php" method="post" name="iform" id="iform">
296	3c119b78	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="system advanced admin">
297	ab3c8553	Matthew Grooms	<tr>
298			<td>
299			<?php
300			$tab_array = array();
301	bca12a76	Vinicius Coque	$tab_array[] = array(gettext("Admin Access"), true, "system_advanced_admin.php");
302			$tab_array[] = array(gettext("Firewall / NAT"), false, "system_advanced_firewall.php");
303			$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
304			$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
305			$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
306			$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
307	ab3c8553	Matthew Grooms	display_top_tabs($tab_array);
308			?>
309			</td>
310			</tr>
311			<tr>
312	2ff19bfd	Matthew Grooms	<td id="mainarea">
313			<div class="tabcont">
314			<span class="vexpl">
315			<span class="red">
316	3c119b78	Colin Fleming	<strong><?=gettext("NOTE:"); ?> </strong>
317	2ff19bfd	Matthew Grooms	</span>
318	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("The options on this page are intended for use by advanced users only."); ?>
319	2ff19bfd	Matthew Grooms	<br/>
320			</span>
321			<br/>
322	3c119b78	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
323	ab3c8553	Matthew Grooms	<tr>
324	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("webConfigurator"); ?></td>
325	ab3c8553	Matthew Grooms	</tr>
326			<tr>
327	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Protocol"); ?></td>
328	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
329	fb1266d3	Matthew Grooms	<?php
330	ab3c8553	Matthew Grooms	if ($pconfig['webguiproto'] == "http")
331	3c119b78	Colin Fleming	$http_chk = "checked=\"checked\"";
332	ab3c8553	Matthew Grooms	if ($pconfig['webguiproto'] == "https")
333	3c119b78	Colin Fleming	$https_chk = "checked=\"checked\"";
334	ab3c8553	Matthew Grooms	if (!$certs_available)
335	3c119b78	Colin Fleming	$https_disabled = "disabled=\"disabled\"";
336	fb1266d3	Matthew Grooms	?>
337	3c119b78	Colin Fleming	<input name="webguiproto" id="http_proto" type="radio" value="http" <?=$http_chk;?> onclick="prot_change()" />
338	42c7b553	Carlos Eduardo Ramos	<?=gettext("HTTP"); ?>
339	ab3c8553	Matthew Grooms
340	3c119b78	Colin Fleming	<input name="webguiproto" id="https_proto" type="radio" value="https" <?=$https_chk;?> <?=$https_disabled;?> onclick="prot_change()" />
341	42c7b553	Carlos Eduardo Ramos	<?=gettext("HTTPS"); ?>
342	ab3c8553	Matthew Grooms	<?php if (!$certs_available): ?>
343			<br/>
344	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("No Certificates have been defined. You must"); ?>
345			<a href="system_certmanager.php"><?=gettext("Create or Import"); ?></a>
346			<?=gettext("a Certificate before SSL can be enabled."); ?>
347	ab3c8553	Matthew Grooms	<?php endif; ?>
348			</td>
349			</tr>
350			<tr id="ssl_opts">
351	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("SSL Certificate"); ?></td>
352	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
353			<select name="ssl-certref" id="ssl-certref" class="formselect">
354			<?php
355			foreach($a_cert as $cert):
356			$selected = "";
357			if ($pconfig['ssl-certref'] == $cert['refid'])
358	3c119b78	Colin Fleming	$selected = "selected=\"selected\"";
359	ab3c8553	Matthew Grooms	?>
360	f2a86ca9	jim-p	<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'];?></option>
361	ab3c8553	Matthew Grooms	<?php endforeach; ?>
362			</select>
363			</td>
364			</tr>
365			<tr>
366	1eacdc8a	Carlos Eduardo Ramos	<td valign="top" class="vncell"><?=gettext("TCP port"); ?></td>
367	ab3c8553	Matthew Grooms	<td class="vtable">
368	3c119b78	Colin Fleming	<input name="webguiport" type="text" class="formfld unknown" id="webguiport" size="5" value="<?=htmlspecialchars($config['system']['webgui']['port']);?>" />
369			<br />
370	ab3c8553	Matthew Grooms	<span class="vexpl">
371	f0d1af93	Carlos Eduardo Ramos	<?=gettext("Enter a custom port number for the webConfigurator " .
372			"above if you want to override the default (80 for HTTP, 443 " .
373			"for HTTPS). Changes will take effect immediately after save."); ?>
374	ab3c8553	Matthew Grooms	</span>
375			</td>
376			</tr>
377	c41602e1	jim-p	<tr>
378			<td valign="top" class="vncell"><?=gettext("Max Processes"); ?></td>
379			<td class="vtable">
380	3c119b78	Colin Fleming	<input name="max_procs" type="text" class="formfld unknown" id="max_procs" size="5" value="<?=htmlspecialchars($pconfig['max_procs']);?>" />
381			<br />
382	c41602e1	jim-p	<span class="vexpl">
383			<?=gettext("Enter the number of webConfigurator processes you " .
384			"want to run. This defaults to 2. Increasing this will allow more " .
385			"users/browsers to access the GUI concurrently."); ?>
386			</span>
387			</td>
388			</tr>
389	f37caa93	Ermal	<tr>
390			<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI redirect"); ?></td>
391			<td width="78%" class="vtable">
392	3c119b78	Colin Fleming	<input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked=\"checked\""; ?> />
393	f37caa93	Ermal	<strong><?=gettext("Disable webConfigurator redirect rule"); ?></strong>
394			<br/>
395	bb3c6562	smos	<?php echo gettext("When this is unchecked, access to the webConfigurator " .
396	1031c9ea	jim-p	"is always permitted even on port 80, regardless of the listening port configured. " .
397	f37caa93	Ermal	"Check this box to disable this automatically added redirect rule. ");
398			?>
399			</td>
400			</tr>
401	1031c9ea	jim-p	<tr>
402			<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI Login Autocomplete"); ?></td>
403			<td width="78%" class="vtable">
404	3c119b78	Colin Fleming	<input name="noautocomplete" type="checkbox" id="noautocomplete" value="yes" <?php if ($pconfig['noautocomplete']) echo "checked=\"checked\""; ?> />
405	1031c9ea	jim-p	<strong><?=gettext("Disable webConfigurator login autocomplete"); ?></strong>
406			<br/>
407			<?php echo gettext("When this is unchecked, login credentials for the webConfigurator " .
408			"may be saved by the browser. While convenient, some security standards require this to be disabled. " .
409			"Check this box to disable autocomplete on the login form so that browsers will not prompt to save credentials (NOTE: Some browsers do not respect this option). ");
410			?>
411			</td>
412			</tr>
413	ab3c8553	Matthew Grooms	<tr>
414	bb3c6562	smos	<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI login messages"); ?></td>
415			<td width="78%" class="vtable">
416	3c119b78	Colin Fleming	<input name="quietlogin" type="checkbox" id="quietlogin" value="yes" <?php if ($pconfig['quietlogin']) echo "checked=\"checked\""; ?> />
417	78544d4a	Chris Buechler	<strong><?=gettext("Disable logging of webConfigurator successful logins"); ?></strong>
418	bb3c6562	smos	<br/>
419			<?php echo gettext("When this is checked, successful logins to the webConfigurator " .
420			"will not be logged.");
421			?>
422			</td>
423			</tr>
424			<tr>
425	ca72c3f5	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Anti-lockout"); ?></td>
426	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
427			<?php
428			if($config['interfaces']['lan'])
429			$lockout_interface = "LAN";
430			else
431			$lockout_interface = "WAN";
432			?>
433	3c119b78	Colin Fleming	<input name="noantilockout" type="checkbox" id="noantilockout" value="yes" <?php if ($pconfig['noantilockout']) echo "checked=\"checked\""; ?> />
434	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("Disable webConfigurator anti-lockout rule"); ?></strong>
435	ab3c8553	Matthew Grooms	<br/>
436	3a3fb8ea	Erik Fonnesbeck	<?php printf(gettext("When this is unchecked, access to the webConfigurator " .
437	f49a012c	Renato Botelho	"on the %s interface is always permitted, regardless of the user-defined firewall " .
438			"rule set. Check this box to disable this automatically added rule, so access " .
439			"to the webConfigurator is controlled by the user-defined firewall rules " .
440			"(ensure you have a firewall rule in place that allows you in, or you will " .
441			"lock yourself out!)"), $lockout_interface); ?>
442			<em> <?=gettext("Hint: the "Set interface(s) IP address" option in the console menu resets this setting as well."); ?> </em>
443	ab3c8553	Matthew Grooms	</td>
444			</tr>
445	14eab6fb	jim-p	<tr>
446			<td width="22%" valign="top" class="vncell"><?=gettext("DNS Rebind Check"); ?></td>
447			<td width="78%" class="vtable">
448	3c119b78	Colin Fleming	<input name="nodnsrebindcheck" type="checkbox" id="nodnsrebindcheck" value="yes" <?php if ($pconfig['nodnsrebindcheck']) echo "checked=\"checked\""; ?> />
449	ff998f10	Chris Buechler	<strong><?=gettext("Disable DNS Rebinding Checks"); ?></strong>
450	14eab6fb	jim-p	<br/>
451	ff998f10	Chris Buechler	<?php echo gettext("When this is unchecked, your system " .
452	14eab6fb	jim-p	"is protected against <a href=\"http://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding attacks</a>. " .
453	ff998f10	Chris Buechler	"This blocks private IP responses from your configured DNS servers. Check this box to disable this protection if it interferes with " .
454			"webConfigurator access or name resolution in your environment. "); ?>
455	14eab6fb	jim-p	</td>
456			</tr>
457	86b21903	jim-p	<tr>
458			<td width="22%" valign="top" class="vncell"><?=gettext("Alternate Hostnames"); ?></td>
459			<td width="78%" class="vtable">
460			<input name="althostnames" type="text" class="formfld unknown" id="althostnames" size="75" value="<?=htmlspecialchars($pconfig['althostnames']);?>"/>
461			<br/>
462	612fa572	Scott Ullrich	<strong><?=gettext("Alternate Hostnames for DNS Rebinding and HTTP_REFERER Checks"); ?></strong>
463	86b21903	jim-p	<br/>
464			<?php echo gettext("Here you can specify alternate hostnames by which the router may be queried, to " .
465			"bypass the DNS Rebinding Attack checks. Separate hostnames with spaces."); ?>
466			</td>
467			</tr>
468	4fe9c2dc	Scott Ullrich	<tr>
469			<td width="22%" valign="top" class="vncell"><?=gettext("Browser HTTP_REFERER enforcement"); ?></td>
470			<td width="78%" class="vtable">
471	3c119b78	Colin Fleming	<input name="nohttpreferercheck" type="checkbox" id="nohttpreferercheck" value="yes" <?php if ($pconfig['nohttpreferercheck']) echo "checked=\"checked\""; ?> />
472	4fe9c2dc	Scott Ullrich	<strong><?=gettext("Disable HTTP_REFERER enforcement check"); ?></strong>
473			<br/>
474			<?php echo gettext("When this is unchecked, access to the webConfigurator " .
475			"is protected against HTTP_REFERER redirection attempts. " .
476			"Check this box to disable this protection if you find that it interferes with " .
477	3c119b78	Colin Fleming	"webConfigurator access in certain corner cases such as using external scripts to interact with this system. More information on HTTP_REFERER is available from <a target='_blank' href='http://en.wikipedia.org/wiki/HTTP_referrer'>Wikipedia</a>."); ?>
478	4fe9c2dc	Scott Ullrich	</td>
479			</tr>
480	30adceda	jim-p	<tr>
481			<td width="22%" valign="top" class="vncell"><?=gettext("BEAST Attack Protection"); ?></td>
482			<td width="78%" class="vtable">
483			<input name="beast_protection" type="checkbox" id="beast_protection" value="yes" <?php if ($pconfig['beast_protection']) echo "checked=\"checked\""; ?> <?= $disable_beast_option ?>/>
484			<strong><?=gettext("Mitigate the BEAST SSL Attack"); ?></strong>
485			<br/>
486			<?php echo gettext("When this is checked, the webConfigurator can mitigate BEAST SSL attacks. ") ?>
487			<br/>
488			<?php if ($disable_beast_option) {
489			echo "<br/>" . sprintf(gettext("This option has been automatically disabled because a conflicting cryptographic accelerator card has been detected (%s)."), $hwcrypto) . "<br/><br/>";
490			} ?>
491			<?php echo gettext("This option is off by default because Hifn accelerators do NOT work with this option, and the GUI will not function. " .
492			"It is possible that other accelerators have a similar problem that is not yet known/documented. " .
493			"More information on BEAST is available from <a target='_blank' href='https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack'>Wikipedia</a>."); ?>
494			</td>
495			</tr>
496	ab3c8553	Matthew Grooms	<tr>
497			<td colspan="2" class="list" height="12"> </td>
498			</tr>
499			<tr>
500	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Secure Shell"); ?></td>
501	ab3c8553	Matthew Grooms	</tr>
502			<tr>
503	ca72c3f5	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Secure Shell Server"); ?></td>
504	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
505	3c119b78	Colin Fleming	<input name="enablesshd" type="checkbox" id="enablesshd" value="yes" <?php if (isset($pconfig['enablesshd'])) echo "checked=\"checked\""; ?> />
506	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("Enable Secure Shell"); ?></strong>
507	ab3c8553	Matthew Grooms	</td>
508			</tr>
509			<tr>
510	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Authentication Method"); ?></td>
511	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
512	3c119b78	Colin Fleming	<input name="sshdkeyonly" type="checkbox" id="sshdkeyonly" value="yes" <?php if ($pconfig['sshdkeyonly']) echo "checked=\"checked\""; ?> />
513	60879d14	jim-p	<strong><?=gettext("Disable password login for Secure Shell (RSA/DSA key only)"); ?></strong>
514	ab3c8553	Matthew Grooms	<br/>
515	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("When enabled, authorized keys need to be configured for each"); ?>
516	c395a830	Carlos Eduardo Ramos	<a href="system_usermanager.php"><?=gettext("user"); ?></a>
517	1eacdc8a	Carlos Eduardo Ramos	<?=gettext("that has been granted secure shell access."); ?>
518	ab3c8553	Matthew Grooms	</td>
519			</tr>
520			<tr>
521	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("SSH port"); ?></td>
522	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
523			<input name="sshport" type="text" id="sshport" value="<?php echo $pconfig['sshport']; ?>" />
524			<br/>
525	22a11a58	Larry Gilbert	<span class="vexpl"><?=gettext("Note: Leave this blank for the default of 22."); ?></span>
526	ab3c8553	Matthew Grooms	</td>
527			</tr>
528			<tr>
529			<td colspan="2" class="list" height="12"> </td>
530			</tr>
531			<tr>
532	fd828c9c	N0YB	<td colspan="2" valign="top" class="listtopic"><?=gettext("Serial Communications"); ?></td>
533	ab3c8553	Matthew Grooms	</tr>
534	9525f7a6	jim-p	<?php if (!$g['enableserial_force'] && ($g['platform'] == "pfSense" \|\| $g['platform'] == "cdrom" \|\| file_exists("/etc/nano_use_vga.txt"))): ?>
535	ab3c8553	Matthew Grooms	<tr>
536	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Serial Terminal"); ?></td>
537	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
538	3c119b78	Colin Fleming	<input name="enableserial" type="checkbox" id="enableserial" value="yes" <?php if (isset($pconfig['enableserial'])) echo "checked=\"checked\""; ?> />
539	c1becc31	jim-p	<strong><?=gettext("Enables the first serial port with 9600/8/N/1 by default, or another speed selectable below."); ?></strong>
540	5a05633a	jim-p	<span class="vexpl"><?=gettext("Note: This will redirect the console output and messages to the serial port. You can still access the console menu from the internal video card/keyboard. A <b>null modem</b> serial cable or adapter is required to use the serial console."); ?></span>
541	ab3c8553	Matthew Grooms	</td>
542			</tr>
543	9d99eb95	jim-p	<?php endif; ?>
544	c1becc31	jim-p	<tr>
545			<td width="22%" valign="top" class="vncell"><?=gettext("Serial Speed")?></td>
546			<td width="78%" class="vtable">
547			<select name="serialspeed" id="serialspeed" class="formselect">
548	3c119b78	Colin Fleming	<option value="9600" <?php if ($pconfig['serialspeed'] == "9600") echo "selected=\"selected\"";?>>9600</option>
549			<option value="14400" <?php if ($pconfig['serialspeed'] == "14400") echo "selected=\"selected\"";?>>14400</option>
550			<option value="19200" <?php if ($pconfig['serialspeed'] == "19200") echo "selected=\"selected\"";?>>19200</option>
551			<option value="38400" <?php if ($pconfig['serialspeed'] == "38400") echo "selected=\"selected\"";?>>38400</option>
552			<option value="57600" <?php if ($pconfig['serialspeed'] == "57600") echo "selected=\"selected\"";?>>57600</option>
553			<option value="115200" <?php if ($pconfig['serialspeed'] == "115200") echo "selected=\"selected\"";?>>115200</option>
554	c1becc31	jim-p	</select> bps
555	9d99eb95	jim-p	<br/><?=gettext("Allows selection of different speeds for the serial console port."); ?>
556	c1becc31	jim-p	</td>
557			</tr>
558	01c15762	jim-p	<?php if (!$g['primaryconsole_force'] && ($g['platform'] == "pfSense" \|\| $g['platform'] == "cdrom" \|\| file_exists("/etc/nano_use_vga.txt"))): ?>
559			<tr>
560			<td width="22%" valign="top" class="vncell"><?=gettext("Primary Console")?></td>
561			<td width="78%" class="vtable">
562			<select name="primaryconsole" id="primaryconsole" class="formselect">
563			<option value="serial" <?php if ($pconfig['primaryconsole'] == "serial") echo "selected=\"selected\"";?>>Serial Console</option>
564			<option value="video" <?php if ($pconfig['primaryconsole'] == "video") echo "selected=\"selected\"";?>>VGA Console</option>
565			</select>
566			<br/><?=gettext("Select the preferred console if multiple consoles are present. The preferred console will show pfSense boot script output. All consoles display OS boot messages, console messages, and the console menu."); ?>
567			</td>
568			</tr>
569			<?php endif; ?>
570	ab3c8553	Matthew Grooms	<tr>
571			<td colspan="2" class="list" height="12"> </td>
572			</tr>
573			<tr>
574	1eacdc8a	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Console Options"); ?></td>
575	ab3c8553	Matthew Grooms	</tr>
576			<tr>
577	1eacdc8a	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Console menu"); ?></td>
578	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
579	3c119b78	Colin Fleming	<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked=\"checked\""; ?> />
580	1eacdc8a	Carlos Eduardo Ramos	<strong><?=gettext("Password protect the console menu"); ?></strong>
581	ab3c8553	Matthew Grooms	<br/>
582	1eacdc8a	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Changes to this option will take effect after a reboot."); ?></span>
583	ab3c8553	Matthew Grooms	</td>
584			</tr>
585			<tr>
586	306f082a	Scott Ullrich	<td colspan="2" class="list" height="12"> </td>
587			</tr>
588			<tr>
589	ab3c8553	Matthew Grooms	<td width="22%" valign="top"> </td>
590	bca12a76	Vinicius Coque	<td width="78%"><input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /></td>
591	ab3c8553	Matthew Grooms	</tr>
592			<tr>
593			<td colspan="2" class="list" height="12"> </td>
594			</tr>
595			</table>
596			</div>
597			</td>
598			</tr>
599			</table>
600			</form>
601	3c119b78	Colin Fleming	<script type="text/javascript">
602			//<![CDATA[
603	fb1266d3	Matthew Grooms	prot_change();
604	3c119b78	Colin Fleming	//]]>
605	fb1266d3	Matthew Grooms	</script>
606	df81417f	Matthew Grooms
607			<?php include("fend.inc"); ?>
608	fb1266d3	Matthew Grooms	<?php
609			if ($restart_webgui)
610	3c119b78	Colin Fleming	echo "<meta http-equiv=\"refresh\" content=\"20;url={$url}\" />";
611	fb1266d3	Matthew Grooms	?>
612	df81417f	Matthew Grooms	</body>
613			</html>
614
615			<?php
616	fb1266d3	Matthew Grooms	if ($restart_sshd) {
617	df81417f	Matthew Grooms
618	56c91631	Ermal	killbyname("sshd");
619	1eacdc8a	Carlos Eduardo Ramos	log_error(gettext("secure shell configuration has changed. Stopping sshd."));
620	fb1266d3	Matthew Grooms
621			if ($config['system']['enablesshd']) {
622	1eacdc8a	Carlos Eduardo Ramos	log_error(gettext("secure shell configuration has changed. Restarting sshd."));
623	0ae6daf8	Ermal	send_event("service restart sshd");
624	df81417f	Matthew Grooms	}
625			}
626	fb1266d3	Matthew Grooms	if ($restart_webgui) {
627			ob_flush();
628			flush();
629	1eacdc8a	Carlos Eduardo Ramos	log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator."));
630	fbd5fc52	Ermal	send_event("service restart webgui");
631	fb1266d3	Matthew Grooms	}
632	1d333258	Scott Ullrich
633	42c7b553	Carlos Eduardo Ramos	?>

Project

General

Profile

pfSense