<pre style='margin:0'>
Frank Schima (mf2k) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/677dc5d2a1cfed239e5a0c95af0a8a5e882667a6">https://github.com/macports/macports-ports/commit/677dc5d2a1cfed239e5a0c95af0a8a5e882667a6</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 677dc5d2a1c macos-fortress: Add Apple Enterprise Network Exceptions and minor fixes
</span>677dc5d2a1c is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 677dc5d2a1cfed239e5a0c95af0a8a5e882667a6
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Wed Jun 17 22:45:54 2020 -0400
<span style='display:block; white-space:pre;color:#404040;'> macos-fortress: Add Apple Enterprise Network Exceptions and minor fixes
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Add Apple Enterprise Network Exceptions from https://support.apple.com/en-us/HT210060
</span><span style='display:block; white-space:pre;color:#404040;'> * Update easylist-pac-privoxy
</span><span style='display:block; white-space:pre;color:#404040;'> * Logic fix to script macosfortress_setup_check.sh
</span><span style='display:block; white-space:pre;color:#404040;'> * Update User-Agent string forges
</span>---
net/macos-fortress/Portfile | 12 +-
.../files/macosfortress_setup_check.sh | 4 +-
.../files/privoxy-match-all.action.macports | 2 +-
.../files/privoxy-match-all.action.patch | 2 +-
net/macos-fortress/files/squid-squid.conf.patch | 152 ++++++++++++++-------
net/macos-fortress/files/squid.conf.macports | 77 +++++++++--
6 files changed, 182 insertions(+), 67 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/Portfile b/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index fa4badaad24..a4e52d6b183 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3,7 +3,7 @@
</span> PortSystem 1.0
name macos-fortress
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 2020.05.09
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 2020.06.18
</span> revision 0
categories net security
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -621,8 +621,8 @@ subport ${name}-proxy {
</span> subport ${name}-easylistpac {
PortGroup github 1.0
<span style='display:block; white-space:pre;background:#ffe0e0;'>- github.setup essandess easylist-pac-privoxy 3a2651f
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- version 2020.04.03
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ github.setup essandess easylist-pac-privoxy 429e49f
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ version 2020.06.18
</span> revision 0
description EasyList Tracker and Adblocks to Proxy Auto Configuration (PAC) File
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -638,9 +638,9 @@ subport ${name}-easylistpac {
</span>
homepage https://github.com/essandess/easylist-pac-privoxy
<span style='display:block; white-space:pre;background:#ffe0e0;'>- checksums rmd160 e5420fd181bd33a82ee8ecf5e8bae679c82b2ffe \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 f953009707fcc83d77a1b1bfa2d2c9d080fbe2305aa2cd37fbf23b3c5a403ad1 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- size 81942
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ checksums rmd160 9e03160b116e082bc247d4c700738bb6840933f8 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 8ba9d856bbb383e755b04ed5f9d185e3b055f5ce781be47a5a2a97b8f471085f \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 82898
</span>
depends_lib-append \
port:adblock2privoxy \
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/macosfortress_setup_check.sh b/net/macos-fortress/files/macosfortress_setup_check.sh
</span><span style='display:block; white-space:pre;color:#808080;'>index 2128e53c640..a3d443480d4 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/macosfortress_setup_check.sh
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/macosfortress_setup_check.sh
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -28,7 +28,7 @@ CURL=/usr/bin/curl
</span> AWK=/usr/bin/awk
HOSTNAME=/bin/hostname
<span style='display:block; white-space:pre;background:#ffe0e0;'>-JSC=/System/Library/Frameworks/JavaScriptCore.framework/Versions/A/Resources/jsc
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+JSC=/System/Library/Frameworks/JavaScriptCore.framework/Versions/A/Helpers/jsc
</span>
PROXY_HOSTNAME="${PROXY_HOSTNAME:-@PROXY_HOSTNAME@}"
LAUNCHDAEMONS=/Library/LaunchDaemons
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -247,7 +247,7 @@ EOF
</span> fi
# Privoxy configuration http://p.p/ via proxy server
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if ! [[ `( http_proxy=http://${PROXY_HOSTNAME}:3128; "${CURL}" -s --head http://p.p/ | "${HEAD}" -n 1 | "${GREP}" "HTTP/1.\d [23]\d\d" )` ]]; then
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if [[ `( http_proxy=http://${PROXY_HOSTNAME}:3128; "${CURL}" -s --head http://p.p/ | "${HEAD}" -n 1 | "${GREP}" "HTTP/1.\d [23]\d\d" )` ]]; then
</span> echo "[✅] Privoxy config http://p.p/ via http://${PROXY_HOSTNAME}:3128 is running properly"
else
"${CAT}" <<EOF
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/privoxy-match-all.action.macports b/net/macos-fortress/files/privoxy-match-all.action.macports
</span><span style='display:block; white-space:pre;color:#808080;'>index 1e1eed537a6..d9815a35f03 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/privoxy-match-all.action.macports
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/privoxy-match-all.action.macports
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -34,6 +34,6 @@
</span> # See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
{ \
+hide-referrer{conditional-forge} \
<span style='display:block; white-space:pre;background:#ffe0e0;'>-+hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15} \
</span> }
/ # Match all URLs
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/privoxy-match-all.action.patch b/net/macos-fortress/files/privoxy-match-all.action.patch
</span><span style='display:block; white-space:pre;color:#808080;'>index 6724e6963b9..a5b9a378047 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/privoxy-match-all.action.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/privoxy-match-all.action.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -35,6 +35,6 @@
</span> +# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
+{ \
++hide-referrer{conditional-forge} \
<span style='display:block; white-space:pre;background:#ffe0e0;'>-++hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+++hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15} \
</span> +}
+/ # Match all URLs
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/squid-squid.conf.patch b/net/macos-fortress/files/squid-squid.conf.patch
</span><span style='display:block; white-space:pre;color:#808080;'>index 10ad65d789a..c80bb807e6f 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/squid-squid.conf.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/squid-squid.conf.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,7 +1,5 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- ./squid.con
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-f 2020-04-03 08:11:57.000000000 -0400
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ ./squid.con
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-f 2020-04-03 10:13:27.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./squid.conf 2020-06-17 22:53:48.000000000 -0400
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./squid.conf 2020-06-17 23:04:19.000000000 -0400
</span> @@ -798,6 +798,7 @@
# user="J. \"Bob\" Smith"
#Default:
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -106,25 +104,19 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: cache_dir
# Format:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -3702,6 +3721,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -3702,9 +3721,10 @@
</span> #Default:
# No disk cache. Store cache ojects only in memory.
#
+cache_dir ufs @PREFIX@/var/squid/cache 256 16 256
# Uncomment and adjust the following to add a disk cache directory.
<span style='display:block; white-space:pre;background:#ffe0e0;'>- #cache_dir ufs @PREFIX@/var/squid/cache 100 16 256
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -4332,7 +4352,8 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Default:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # access_log daemon:@PREFIX@/var/squid/logs/access.log squid
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #Default:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--# access_log daemon:@PREFIX@/var/squid/logs/access.log squid
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+access_log daemon:@PREFIX@/var/squid/logs/access.log squid
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#access_log daemon:@PREFIX@/var/squid/logs/access.log squid_ua
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#cache_dir ufs @PREFIX@/var/squid/cache 100 16 256
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#cache_dir ufs @PREFIX@/var/squid/cache 100 16 256
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # TAG: icap_log
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # ICAP log files record ICAP transaction summaries, one line per
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -4533,8 +4554,11 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TAG: store_dir_select_algorithm
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # How Squid selects which cache_dir to use when the response
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4533,8 +4553,11 @@
</span> # in the habit of using 'squid -k rotate' instead of 'kill -USR1
# <pid>'.
#
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -136,7 +128,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: mime_table
# Path to Squid's icon configuration file.
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -4590,6 +4614,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4590,6 +4613,7 @@
</span> # Currently honored by 'daemon' and 'tcp' access_log modules only.
#Default:
# buffered_logs off
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -144,15 +136,19 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: netdb_filename
# Note: This option is only available if Squid is rebuilt with the
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -4639,6 +4664,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -4639,9 +4663,10 @@
</span> #Default:
# Use the directory from where Squid was started.
#
+cache_dir ufs @PREFIX@/var/squid/cache 256 16 256
# Leave coredumps in the first cache dir
<span style='display:block; white-space:pre;background:#ffe0e0;'>- coredump_dir @PREFIX@/var/squid/cache
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -5351,15 +5377,25 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-coredump_dir @PREFIX@/var/squid/cache
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++coredump_dir @PREFIX@/var/squid/cache
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # OPTIONS FOR FTP GATEWAYING
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -----------------------------------------------------------------------------
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -5351,15 +5376,25 @@
</span> refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -179,7 +175,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: quick_abort_pct (percent)
# The cache by default continues downloading aborted requests
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -5577,6 +5613,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -5577,6 +5612,7 @@
</span> # replies as required by RFC2616.
#Default:
# via on
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -187,7 +183,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: vary_ignore_expire on|off
# Many HTTP servers supporting Vary gives such objects
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -5669,6 +5706,67 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -5669,6 +5705,130 @@
</span> #Default:
# No limits.
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -249,13 +245,76 @@ f 2020-04-03 10:13:27.000000000 -0400
</span> +request_header_access X_MTI_EMAIL deny all
+request_header_access X_MTI_EMPID deny all
+
<span style='display:block; white-space:pre;background:#e0ffe0;'>++# Don't forge headers to Apple to avoid breaking Apple services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# https://support.apple.com/en-us/HT210060
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Convert these IP ranges to CIDR:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# whois `nslookup phobos.apple.com | grep Address | tail -1 | perl -ane 'chomp; s/Address: //; print $_'`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# whois `nslookup p32-keyvalueservice-current.edge.icloud.apple-dns.net | grep Address | tail -1 | perl -ane 'chomp; s/Address: //; print $_'`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# whois 23.63.98.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# whois `nslookup www-cdn.icloud.com.akadns.net | grep Address | tail -1 | perl -ane 'chomp; s/Address: //; print $_'`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# acl apple-subnet dst 17.0.0.0/8
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++acl apple-enterprise-network-domains dstdomain \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ albert.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ captive.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ gs.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ humb.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ static.ips.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ tbsc.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ time-ios.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ time.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ time-macos.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ .push.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ gdmf.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ deviceenrollment.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ deviceservices-external.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ identity.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ iprofiles.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ mdmenrollment.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ setup.icloud.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ appldnld.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ gg.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ gnf-mdn.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ gnf-mr.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ gs.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ig.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ mesu.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ oscdn.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ osrecovery.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ skl.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ swcdn.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ swdist.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ swdownload.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ swpost.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ swscan.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ updates-http.cdn-apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ updates.cdn-apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ xp.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ .itunes.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ .apps.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ .mzstatic.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ppq.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ lcdn-registration.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ crl.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ crl.entrust.net \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ crl3.digicert.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ crl4.digicert.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ocsp.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ocsp.digicert.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ocsp.entrust.net \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ocsp.verisign.net
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++acl apple-appservices-and-akamai-subnets dst \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ 17.248.128.0/18 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ 17.250.64.0/18 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ 17.248.192.0/19
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span> +request_header_access User-Agent deny all
<span style='display:block; white-space:pre;background:#ffe0e0;'>-+request_header_replace User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++request_header_replace User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15
</span> +
# TAG: reply_header_access
# Usage: reply_header_access header_name allow|deny [!]aclname ...
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -6036,6 +6134,10 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -6036,6 +6196,10 @@
</span> # seconds will receive a 'timeout' message.
#Default:
# shutdown_lifetime 30 seconds
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -266,7 +325,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -6104,6 +6206,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -6104,6 +6268,7 @@
</span> # names with this setting.
#Default:
# Automatically detect the system host name
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -274,7 +333,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: unique_hostname
# If you want to have multiple machines with the same
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -6832,6 +6935,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -6832,6 +6997,7 @@
</span> # up or to simplify log analysis.
#Default:
# log_icp_queries on
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -282,20 +341,10 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: udp_incoming_address
# udp_incoming_address is used for UDP packets received from other
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -7329,6 +7433,46 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -7329,6 +7495,41 @@
</span> #Default:
# Prevent any cache_peer being used for this request.
<span style='display:block; white-space:pre;background:#ffe0e0;'>-+# Do not send Zoom https://*.zoom.us through Privoxy
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+acl zoom-us-domain dstdomain .zoom.us
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+always_direct allow CONNECT zoom-us-domain
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+# Do not send AWS requests through Privoxy
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+acl aws-domains dstdomain \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ .aws.amazon.com \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ .cloudfront.net
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+always_direct allow aws-domains
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span> +# See http://www.privoxy.org/user-manual/config.html
+# Define ACL for protocol FTP
+acl ftp proto FTP
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -305,8 +354,13 @@ f 2020-04-03 10:13:27.000000000 -0400
</span> +#acl mydomainname dstdomain .mydomainname.com
+#always_direct allow mydomainname
+
<span style='display:block; white-space:pre;background:#ffe0e0;'>-+# Do not forward SSL requests to Privoxy
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#always_direct allow SSL_ports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Do not forward Apple services through Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++always_direct allow apple-appservices-and-akamai-subnets
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++always_direct allow apple-enterprise-network-domains
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# Do not send Zoom https://*.zoom.us through Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++acl zoom-us-domain dstdomain .zoom.us
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++always_direct allow CONNECT zoom-us-domain
</span> +
+# Do not send AWS requests through Privoxy
+acl aws-domains dstdomain \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -329,7 +383,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span> # TAG: never_direct
# Usage: never_direct allow|deny [!]aclname ...
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -7358,6 +7502,14 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -7358,6 +7559,14 @@
</span> #Default:
# Allow DNS results to be used for this request.
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -344,7 +398,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span> # ADVANCED NETWORKING OPTIONS
# -----------------------------------------------------------------------------
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8198,6 +8350,12 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8198,6 +8407,12 @@
</span> #Default:
# Use operating system definitions
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -357,7 +411,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span> # TAG: hosts_file
# Location of the host-local IP name-address associations
# database. Most Operating Systems have such a file on different
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8223,6 +8381,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8223,6 +8438,7 @@
</span> # definitions.
#Default:
# hosts_file /etc/hosts
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -365,7 +419,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: append_domain
# Appends local domain name to hostnames without any dots in
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8265,6 +8424,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8265,6 +8481,7 @@
</span> # Maximum number of DNS IP cache entries.
#Default:
# ipcache_size 1024
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -373,7 +427,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: ipcache_low (percent)
#Default:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8279,6 +8439,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8279,6 +8496,7 @@
</span> # Maximum number of FQDN cache entries.
#Default:
# fqdncache_size 1024
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -381,7 +435,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# MISCELLANEOUS
# -----------------------------------------------------------------------------
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8299,6 +8460,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8299,6 +8517,7 @@
</span> # routines, disable this.
#Default:
# memory_pools on
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -389,7 +443,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: memory_pools_limit (bytes)
# Used only with memory_pools on:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8345,6 +8507,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8345,6 +8564,7 @@
</span> # X-Forwarded-For entries, and place the client IP as the sole entry.
#Default:
# forwarded_for on
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -397,7 +451,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: cachemgr_passwd
# Specify passwords for cachemgr operations.
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8412,6 +8575,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8412,6 +8632,7 @@
</span> # turn off client_db here.
#Default:
# client_db on
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -405,7 +459,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: refresh_all_ims on|off
# When you enable this option, squid will always check
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8542,6 +8706,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8542,6 +8763,7 @@
</span> # WARNING: pipelining breaks NTLM and Negotiate/Kerberos authentication.
#Default:
# Do not pre-parse pipelined requests.
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -413,7 +467,7 @@ f 2020-04-03 10:13:27.000000000 -0400
</span>
# TAG: high_response_time_warning (msec)
# If the one-minute median response time exceeds this value,
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8599,6 +8764,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -8599,6 +8821,7 @@
</span> # Whether to lookup the EUI or MAC address of a connected client.
#Default:
# eui_lookup on
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/files/squid.conf.macports b/net/macos-fortress/files/squid.conf.macports
</span><span style='display:block; white-space:pre;color:#808080;'>index 08b60fa76b3..5669c53daa4 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/files/squid.conf.macports
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/files/squid.conf.macports
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -5764,6 +5764,72 @@ request_header_access X_MTI_USERNAME deny all
</span> request_header_access X_MTI_EMAIL deny all
request_header_access X_MTI_EMPID deny all
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# Don't forge headers to Apple to avoid breaking Apple services
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# https://support.apple.com/en-us/HT210060
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Convert these IP ranges to CIDR:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# whois `nslookup phobos.apple.com | grep Address | tail -1 | perl -ane 'chomp; s/Address: //; print $_'`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# whois `nslookup p32-keyvalueservice-current.edge.icloud.apple-dns.net | grep Address | tail -1 | perl -ane 'chomp; s/Address: //; print $_'`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# whois 23.63.98.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# whois `nslookup www-cdn.icloud.com.akadns.net | grep Address | tail -1 | perl -ane 'chomp; s/Address: //; print $_'`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# acl apple-subnet dst 17.0.0.0/8
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+acl apple-enterprise-network-domains dstdomain \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ albert.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ captive.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gs.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ humb.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ static.ips.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ tbsc.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ time-ios.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ time.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ time-macos.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ .push.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gdmf.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ deviceenrollment.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ deviceservices-external.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ identity.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ iprofiles.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ mdmenrollment.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ setup.icloud.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ appldnld.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gg.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gnf-mdn.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gnf-mr.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gs.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ig.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ mesu.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ oscdn.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ osrecovery.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ skl.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ swcdn.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ swdist.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ swdownload.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ swpost.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ swscan.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ updates-http.cdn-apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ updates.cdn-apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xp.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ .itunes.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ .apps.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ .mzstatic.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ppq.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lcdn-registration.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ crl.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ crl.entrust.net \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ crl3.digicert.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ crl4.digicert.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ocsp.apple.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ocsp.digicert.com \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ocsp.entrust.net \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ocsp.verisign.net
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+acl apple-appservices-and-akamai-subnets dst \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 17.248.128.0/18 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 17.250.64.0/18 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 17.248.192.0/19
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+request_header_access User-Agent allow apple-enterprise-network-domains
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+request_header_access User-Agent allow apple-appservices-and-akamai-subnets
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> request_header_access User-Agent deny all
request_header_replace User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -7433,12 +7499,6 @@ log_icp_queries off
</span> #Default:
# Prevent any cache_peer being used for this request.
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Do not send AWS requests through Privoxy
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-acl aws-domains dstdomain \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .aws.amazon.com \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .cloudfront.net
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-always_direct allow aws-domains
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> # See http://www.privoxy.org/user-manual/config.html
# Define ACL for protocol FTP
acl ftp proto FTP
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -7448,8 +7508,9 @@ always_direct allow ftp
</span> #acl mydomainname dstdomain .mydomainname.com
#always_direct allow mydomainname
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# Do not forward SSL requests to Privoxy
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#always_direct allow SSL_ports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Do not forward Apple services through Privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+always_direct allow apple-appservices-and-akamai-subnets
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+always_direct allow apple-enterprise-network-domains
</span>
# Do not send AWS requests through Privoxy
acl aws-domains dstdomain \
</pre><pre style='margin:0'>
</pre>