Hallo,
ich habe seit ein paar Tagen einen Fehler bei der Generierung der squid.conf. Ich habe mit die config.xml mehrmals komplett durchgelesen, Backups wiederhergestellt und versucht Schritt für Schritt durch die Python-Skripte zu schauen. Ich habe keinerlei Doku über Debug-Möglichkeiten gefunden. Habt ihr Tipps?
Hier der Fehler:
configd.py: [f0e70ff1-4291-4b9d-812d-96375f43fb9e] Inline action failed with OPNsense/Proxy OPNsense/Proxy/squid.conf 'int' object has no attribute 'lstrip' at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 509, in execute return ph_inline_actions.execute(self, inline_act_parameters) File "/usr/local/opnsense/service/modules/ph_inline_actions.py", line 51, in execute filenames = tmpl.generate(parameters) File "/usr/local/opnsense/service/modules/template.py", line 338, in generate raise render_exception Exception: OPNsense/Proxy OPNsense/Proxy/squid.conf 'int' object has no attribute 'lstrip'
Und hier der config.xml-Teil:
<proxy version="1.0.3">
<general>
<enabled>1</enabled>
<icpPort/>
<logging>
<enable>
<accessLog>1</accessLog>
<storeLog>0</storeLog>
</enable>
<ignoreLogACL/>
<target/>
</logging>
<alternateDNSservers>192.168.100.1,192.168.200.254</alternateDNSservers>
<dnsV4First>1</dnsV4First>
<forwardedForHandling>off</forwardedForHandling>
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
<useViaHeader>1</useViaHeader>
<suppressVersion>1</suppressVersion>
<VisibleEmail>xxx@yyy.de</VisibleEmail>
<VisibleHostname>opn.intra.xxx</VisibleHostname>
<cache>
<local>
<enabled>1</enabled>
<directory>/var/squid/cache</directory>
<cache_mem>6144</cache_mem>
<maximum_object_size>10</maximum_object_size>
<size>4096</size>
<l1>16</l1>
<l2>256</l2>
<cache_linux_packages>1</cache_linux_packages>
<cache_windows_updates>0</cache_windows_updates>
</local>
</cache>
<traffic>
<enabled>0</enabled>
<maxDownloadSize>2048</maxDownloadSize>
<maxUploadSize>1024</maxUploadSize>
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
<perHostTrotteling>256</perHostTrotteling>
</traffic>
<parentproxy>
<enabled>0</enabled>
<host/>
<enableauth>0</enableauth>
<user>username</user>
<password>password</password>
<port/>
<localdomains/>
<localips/>
</parentproxy>
</general>
<forward>
<interfaces>lan,opt1,opt3,opt2,opt4</interfaces>
<port>8080</port>
<sslbumpport>8083</sslbumpport>
<sslbump>1</sslbump>
<sslurlonly>0</sslurlonly>
<sslcertificate>5cef89dc61bc8</sslcertificate>
<sslnobumpsites>.risse-it.de,.stormdesignz5.de</sslnobumpsites>
<ssl_crtd_storage_max_size>48</ssl_crtd_storage_max_size>
<sslcrtd_children>10</sslcrtd_children>
<snmp_enable>1</snmp_enable>
<snmp_port>3401</snmp_port>
<snmp_password>public</snmp_password>
<ftpInterfaces>lan,opt1,opt3,opt2,opt4</ftpInterfaces>
<ftpPort>2121</ftpPort>
<ftpTransparentMode>1</ftpTransparentMode>
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
<transparentMode>1</transparentMode>
<acl>
<allowedSubnets>192.168.0.0/16</allowedSubnets>
<unrestricted>127.0.0.1</unrestricted>
<bannedHosts/>
<whiteList>.paypal.com,.risse-it.de</whiteList>
<blackList/>
<browser/>
<mimeType/>
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http,81:http,82:http</safePorts>
<sslPorts>443:https,8443:https</sslPorts>
<remoteACLs>
<blacklists>
<blacklist uuid="d60cc68f-cae0-4e58-805a-b27feb0f2594">
<enabled>1</enabled>
<filename>Crypto</filename>
<url>ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/cryptojacking.tar.gz</url>
<username/>
<password/>
<filter/>
<sslNoVerify>0</sslNoVerify>
<description>Crypto Blackist</description>
</blacklist>
<blacklist uuid="e78b82b7-62cb-4ce7-a0cf-65fc8463451d">
<enabled>1</enabled>
<filename>Publicite</filename>
<url>ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/publicite.tar.gz</url>
<username/>
<password/>
<filter/>
<sslNoVerify>0</sslNoVerify>
<description>Publicite Blackist</description>
</blacklist>
<blacklist uuid="7ad40fae-a844-4852-b58b-248fde605cbc">
<enabled>1</enabled>
<filename>Phishing</filename>
<url>ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/phishing.tar.gz</url>
<username/>
<password/>
<filter/>
<sslNoVerify>0</sslNoVerify>
<description>Phishing Blackist</description>
</blacklist>
<blacklist uuid="578922c9-4cf7-4c36-8245-8b6602d2b55e">
<enabled>1</enabled>
<filename>ads.acl</filename>
<url>https://www.squidblacklist.org/downloads/squid-ads.acl</url>
<username/>
<password/>
<filter/>
<sslNoVerify>1</sslNoVerify>
<description>ads</description>
</blacklist>
<blacklist uuid="b9e4a695-87bf-4bf3-a66e-8a1912c196c6">
<enabled>1</enabled>
<filename>malicious.acl</filename>
<url>https://www.squidblacklist.org/downloads/squid-malicious.acl</url>
<username/>
<password/>
<filter/>
<sslNoVerify>1</sslNoVerify>
<description>malicious</description>
</blacklist>
<blacklist uuid="0071e5d2-b20a-4f83-926a-750d003f7f20">
<enabled>1</enabled>
<filename>Shalla.lst</filename>
<url>http://www.shallalist.de/Downloads/shallalist.tar.gz</url>
<username/>
<password/>
<filter>adv,aggressive,alcohol,costtraps,dynamic,ringtones,spyware,tracker,warez,webphone,webtv</filter>
<sslNoVerify>0</sslNoVerify>
<description>shalla</description>
</blacklist>
<blacklist uuid="8397c0c7-9e82-4198-82db-8d87ef494bd8">
<enabled>1</enabled>
<filename>yoyo</filename>
<url>http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml</url>
<username/>
<password/>
<filter/>
<sslNoVerify>1</sslNoVerify>
<description>yoyo</description>
</blacklist>
</blacklists>
<UpdateCron>6d4ca1ff-5b12-43d7-a070-5d41b1a8d7d9</UpdateCron>
</remoteACLs>
</acl>
<icap>
<enable>1</enable>
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
<SendClientIP>1</SendClientIP>
<SendUsername>0</SendUsername>
<EncodeUsername>0</EncodeUsername>
<UsernameHeader>X-Username</UsernameHeader>
<EnablePreview>1</EnablePreview>
<PreviewSize>1024</PreviewSize>
<OptionsTTL>60</OptionsTTL>
<exclude/>
</icap>
<authentication>
<method/>
<realm>OPNsense proxy authentication</realm>
<credentialsttl>2</credentialsttl>
<children>5</children>
</authentication>
</forward>
<pac/>
</proxy>
</OPNsense>