PiBa-NL

Windows has problems with files containing special characters so some files cannot be checked out.
To work around most of the problems with this a sparse checkout can be done.
This does asume you dont need to patch those specific files as that wont work this way...

Enable sparse-checkout:
git config core.sparsecheckout true

Make a file .git\info\sparse-checkout with the folowing content: 
!japanese/prn
!*:*

PiBa-NL

<?php

// Add this file as:  /usr/local/pkg/CUSTOM_rules.inc
// pfSense will automatically add the rules defined here into the rules it loads in pf

require_once("util.inc");

function CUSTOM_rules_generate_rules($type) {
	// called by filter.inc when pfSense rules generation happens
	$rules = "";

PiBa-NL

<?php

require_once("config.inc");

/*
 a check should be added to avoid duplicate items..
*/
/*
$menu = array();
$menu['name'] = "NEW MENU ITEM";

PiBa-NL

# HAProxy config below allows my browser to access: http://192.168.0.120/#q=test
# note that im using the tld 'nl' for the host header which is what google alway defaults to for me anyway..

global
	maxconn			1000
	stats socket /tmp/haproxy.socket level admin
	daemon

listen HAProxyLocalStats

PiBa-NL

<?php
/*
	easyenable.php
	Copyright (C) 2015 PiBa-NL
	Copy and use it as you like.
*/
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
require_once("config.inc");

PiBa-NL

<?php

require_once("auth.inc");
require_once("config.inc");
require_once("certs.inc");
require_once("authgui.inc");// this ensures user is authenticated in pfSense.


$a_cert = $config['cert'];
$a_cacert = $config['ca'];

PiBa-NL

To send the ip addres of the client/webbrowser to the server/webserver behind it there are a few options:
 1- option forwardfor
 2- send-proxy
 3- source 0.0.0.0 usesrc clientip

1- option forwardfor
This is an easy option to configure in haproxy, it does require that http layer7 processing is used 'mode http' and the webserver/ webapplication that wants to log or use the ip of the client must use the http-header 'X-Forwarded-For' to read the clientip.

2- send-proxy / send-proxy-v2 / send-proxy-*
This is can be used both with mode tcp and http, it does however require that the server also understands the proxyprotocol. Some applications have added support for this protocol which adds a few bytes with ip information before the actual request. 

PiBa-NL

<?php
global $static_output;
$static_output = "";

print "Updating\n";
include_once('config.inc');
include_once('haproxy.inc');
haproxy_custom_php_install_command();
print "Updating Done\n";

PiBa-NL

Code to change a request from / to /app1/
  reqirep  ^([^\ :]*)\ /(.*) \1\ /app1/\2

If urls in the response contain absolute urls it might be required to use this:
  acl    no_redir url_beg   /app1/
  reqirep  ^([^\ :]*)\ /(.*) \1\ /app1/\2 if !no_redir

The code makes sure that the method and url-path behind the / stays the same. Which method you need exactly might depend on the application thats running.
For readability of the above how change a request from /app1/ to /app1/app1redir/
  reqirep  ^([^\ :]*)\ /app1/(.*) \1\ /app1/app1redir/\2

PiBa-NL

<?
// target: pfSense
// script to create VIPs of type ipalias from a alias list of ip addresses on 
// fill the 3 variables below
include_once("config.inc");

$aliasToConvert = "MyHostAliasList";
$interfaceToSet = "wan";
$subnetsize = 24;