From e6d38023b43c808191ed9596cfc314c99f07045d Mon Sep 17 00:00:00 2001 From: doktornotor Date: Wed, 1 Feb 2017 12:03:35 +0100 Subject: [PATCH 1/7] Hardcode to HTTP, this stone age thing doesn't do any HTTPS --- .../files/usr/local/www/darkstat_redirect.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/www/darkstat_redirect.php b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/www/darkstat_redirect.php index d5f223275f84..a40e3fbaa3f3 100644 --- a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/www/darkstat_redirect.php +++ b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/www/darkstat_redirect.php @@ -22,8 +22,7 @@ require_once("config.inc"); global $config; -// Protocol and port -$proto = $config['system']['webgui']['protocol']; +// Port if (is_array($config['installedpackages']['darkstat'])) { $darkstat_config = $config['installedpackages']['darkstat']['config'][0]; } else { @@ -41,7 +40,7 @@ } // Final redirect URL -$url = "{$proto}://{$baseurl}:{$port}"; +$url = "http://{$baseurl}:{$port}"; header("Location: {$url}"); ?> From 0f6accb256ebda034ac5b506796de83be8cb679f Mon Sep 17 00:00:00 2001 From: doktornotor Date: Wed, 1 Feb 2017 12:04:15 +0100 Subject: [PATCH 2/7] Bump again --- net-mgmt/pfSense-pkg-darkstat/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-mgmt/pfSense-pkg-darkstat/Makefile b/net-mgmt/pfSense-pkg-darkstat/Makefile index 091a247ee69a..c0e27baf0644 100644 --- a/net-mgmt/pfSense-pkg-darkstat/Makefile +++ b/net-mgmt/pfSense-pkg-darkstat/Makefile @@ -2,7 +2,7 @@ PORTNAME= pfSense-pkg-darkstat PORTVERSION= 3.1.3 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= net-mgmt MASTER_SITES= # empty DISTFILES= # empty From 927398602090b4d33a56b96c89410021e5868a70 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Wed, 1 Feb 2017 14:29:00 +0100 Subject: [PATCH 3/7] Add an option for configurable hostname to work around pfSense's HSTS header with HTTPS. --- .../files/usr/local/pkg/darkstat.xml | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.xml b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.xml index 376d69eb2b38..667d34d1e6cb 100644 --- a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.xml +++ b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.xml @@ -107,6 +107,33 @@ 5 666 + + Web Interface Hostname + host + + configured to use HTTPS for webConfigurator, it will force HTTPS via HSTS header. + That will make it impossible to use the webConfigurator FQDN to access darkstat web interface via HTTP.
+ Configure a custom hostname here for use with darkstat web interface to work around this limitation. Click Info for details. +
+ Important:
+ - You need to set up a 'Host Override' in Services > DNS Resolver + or Services > DNS Forwarder (depending on which of these you are using) + in order to make use of the 'Web Interface Hostname' configured here.
+ - If your clients are not using the DNS server on pfSense for DNS resolution, you need to set up such 'Host Override' (A record or CNAME pointing to pfSense) + on the DNS server that the clients are using, or locally on the clients (using hosts file or similar) for 'Web Interface Hostname' to work for such clients.

+ Hint:
+ As an alternative, you may want to put the darkstat web interface behind haproxy. + You can use the haproxy package for this purpose. + In that way, you can continue using HTTPS and the pfSense webConfigurator FQDN to aceess darkstat, and can even make it accessible via IPv6.
+ See the HAProxy pfSense Package Howto for usage instructions. +
+ ]]> + + input + 30 + Local Network Traffic localnetworkenable From cc8766c724188c305989f049e2b725a2acdbf470 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Wed, 1 Feb 2017 14:59:19 +0100 Subject: [PATCH 4/7] Use 'Web Interface Hostname' for redirect if configured --- .../files/usr/local/www/darkstat_redirect.php | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/www/darkstat_redirect.php b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/www/darkstat_redirect.php index a40e3fbaa3f3..c5ce2545a056 100644 --- a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/www/darkstat_redirect.php +++ b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/www/darkstat_redirect.php @@ -28,19 +28,26 @@ } else { $darkstat_config = array(); } -$port= $darkstat_config['port'] ?: '666'; +$port = $darkstat_config['port'] ?: '666'; +$host = $darkstat_config['host'] ?: ''; -// Hostname -$httphost = getenv("HTTP_HOST"); -$colonpos = strpos($httphost, ":"); -if ($colonpos) { - $baseurl = substr($httphost, 0, $colonpos); +if (empty($host)) { + // Get hostname automagically + $httphost = getenv("HTTP_HOST"); + $colonpos = strpos($httphost, ":"); + if ($colonpos) { + $baseurl = substr($httphost, 0, $colonpos); + } else { + $baseurl = $httphost; + } } else { - $baseurl = $httphost; + // Use the configured 'Web Interface Hostname' + $baseurl = $host; } // Final redirect URL $url = "http://{$baseurl}:{$port}"; header("Location: {$url}"); +exit; ?> From f0cba5c34da8d3352eb6616126ee88764983d421 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Wed, 1 Feb 2017 15:56:40 +0100 Subject: [PATCH 5/7] Put some basic validation here for web interface hostname/IP --- .../files/usr/local/pkg/darkstat.inc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.inc b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.inc index d20bb9dd4747..888bcc4eac15 100644 --- a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.inc +++ b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.inc @@ -21,6 +21,7 @@ require_once('config.inc'); require_once('interfaces.inc'); +require_once('pfsense-utils.inc'); require_once('services.inc'); require_once('service-utils.inc'); require_once('util.inc'); @@ -165,6 +166,14 @@ function validate_input_darkstat($post, &$input_errors) { $input_errors[] = gettext("The value for 'Web Interface Port' must not be the same port where pfSense WebGUI is running ($webgui_port)."); } } + /* Validate Web Interface Hostname or IP */ + if ($post['host']) { + if (!is_ipaddrv4($post['host']) && !is_hostname($post['host']) && !is_domain($post['host'])) { + $input_errors[] = gettext("The value for 'Web Interface Hostname' must be a valid IPv4 address, hostname or domain"); + } elseif (is_ipaddrv4($post['host']) && !is_ipaddr_configured($post['host'])) { + $input_errors[] = "Web Interface IP must be a valid, locally configured IPv4 address!"; + } + } /* Validate Maximum Hosts Count */ if ($post['hostsmax']) { if ($post['hostsmax'] < 1 || !is_numericint($post['hostsmax'])) { From 6434afa63d80d1fcd33776f2b532bf4ee55fdd14 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Wed, 1 Feb 2017 16:08:27 +0100 Subject: [PATCH 6/7] Add a hint here about using a local IP address instead of hostname --- .../files/usr/local/pkg/darkstat.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.xml b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.xml index 667d34d1e6cb..1d94bc6cb85f 100644 --- a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.xml +++ b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.xml @@ -108,14 +108,17 @@ 666 - Web Interface Hostname + Web Interface Hostname or IP Address (Optional) host configured to use HTTPS for webConfigurator, it will force HTTPS via HSTS header. - That will make it impossible to use the webConfigurator FQDN to access darkstat web interface via HTTP.
- Configure a custom hostname here for use with darkstat web interface to work around this limitation. Click Info for details. + That will make it impossible to use the webConfigurator FQDN to access darkstat web interface via HTTP.
+ Configure a custom hostname here for use with darkstat web interface to work around this limitation.
+ Hint: Use the IPv4 address of one of the 'Web Interface Binding' interfaces selected above + if you do not want want to deal with DNS configuration.
+ Click Info for details.
Important:
- You need to set up a 'Host Override' in Services > DNS Resolver From bb451277b733e778ebd20bfc7bd5d528fbdd0252 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Wed, 1 Feb 2017 17:53:15 +0100 Subject: [PATCH 7/7] Use gettext() consistently --- net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.inc b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.inc index 888bcc4eac15..7a1b7b6db00d 100644 --- a/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.inc +++ b/net-mgmt/pfSense-pkg-darkstat/files/usr/local/pkg/darkstat.inc @@ -171,7 +171,7 @@ function validate_input_darkstat($post, &$input_errors) { if (!is_ipaddrv4($post['host']) && !is_hostname($post['host']) && !is_domain($post['host'])) { $input_errors[] = gettext("The value for 'Web Interface Hostname' must be a valid IPv4 address, hostname or domain"); } elseif (is_ipaddrv4($post['host']) && !is_ipaddr_configured($post['host'])) { - $input_errors[] = "Web Interface IP must be a valid, locally configured IPv4 address!"; + $input_errors[] = gettext("Web Interface IP must be a valid, locally configured IPv4 address"); } } /* Validate Maximum Hosts Count */