aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2012-05-03 13:22:49 -0300
committerMarcello Coutinho <marcellocoutinho@gmail.com>2012-05-03 13:22:49 -0300
commitd52a7fba0e525484dffa7cc8c5e286a91ac5a2e7 (patch)
tree246bfbb5c1fcb606532c7753e6a69408b0272a6e
parent01eeb96c4519178caea3b97e8e141f12338f4669 (diff)
downloadpfsense-packages-d52a7fba0e525484dffa7cc8c5e286a91ac5a2e7.tar.gz
pfsense-packages-d52a7fba0e525484dffa7cc8c5e286a91ac5a2e7.tar.bz2
pfsense-packages-d52a7fba0e525484dffa7cc8c5e286a91ac5a2e7.zip
dansguardian - include per group report options and passkey for denied pages
-rwxr-xr-xconfig/dansguardian/dansguardian.conf.template3
-rwxr-xr-xconfig/dansguardian/dansguardian.inc38
-rwxr-xr-xconfig/dansguardian/dansguardian_groups.xml26
-rw-r--r--config/dansguardian/dansguardian_log.xml8
-rw-r--r--config/dansguardian/dansguardianfx.conf.template8
-rw-r--r--pkg_config.8.xml2
-rw-r--r--pkg_config.8.xml.amd642
7 files changed, 76 insertions, 11 deletions
diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template
index 27099332..ab30527a 100755
--- a/config/dansguardian/dansguardian.conf.template
+++ b/config/dansguardian/dansguardian.conf.template
@@ -157,7 +157,8 @@ proxyport = {$proxyport}
#
# Individual filter groups can override this setting in their own configuration.
#
-accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+{$accessdeniedaddress}
# Non standard delimiter (only used with accessdeniedaddress)
# To help preserve the full banned URL, including parameters, the variables
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 56acfc5e..26e213a2 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -181,6 +181,16 @@ function sync_package_dansguardian() {
#report and log
$reportlevel=($dansguardian_log['report_level']?$dansguardian_log['report_level']:"3");
+ if ($reportlevel == 1 || $reportlevel== 2){
+ if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_log['reportingcgi'],$cgimatches)){
+ $accessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'";
+ }
+ else{
+ log_error("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url");
+ file_notice("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url","");
+ }
+ }
+ $accessdenied=($dansguardian_log['reportingcgi']?$dansguardian_log['report_level']:"3");
$reportlanguage=($dansguardian_log['report_language']?$dansguardian_log['report_language']:"ukenglish");
$showweightedfound=(preg_match('/showweightedfound/',$dansguardian_log['report_options'])?"on":"off");
$usecustombannedflash=(preg_match('/usecustombannedflash/',$dansguardian_log['report_options'])?"on":"off");
@@ -657,7 +667,7 @@ function sync_package_dansguardian() {
$config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file);
$dansguardian_log['report_file']=base64_encode($report_file);
$load_samples++;
- }
+ }
if($load_samples > 0)
write_config();
@@ -676,7 +686,8 @@ function sync_package_dansguardian() {
'urlacl'=> "Default",
'group_options' => "scancleancache,infectionbypasserrorsonly",
'reportinglevel'=>'3',
- 'mode'=> "1");
+ 'mode'=> "1",
+ 'report_level'=>"general");
$groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm");
#loop on array
@@ -695,6 +706,29 @@ function sync_package_dansguardian() {
$dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0");
$dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0");
$dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da");
+ switch ($dansguardian_groups['reportinglevel']){
+ case "1":
+ case "2":
+ $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel'];
+ if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_groups['reportingcgi'],$cgimatches)){
+ $groupaccessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'";
+ }
+ else{
+ log_error('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.');
+ file_notice('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.',"");
+ }
+ break;
+ case "-1":
+ case "0":
+ case "3":
+ $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel'];
+ $groupaccessdeniedaddress="";
+ break;
+ default:
+ $groupreportinglevel="";
+ $groupaccessdeniedaddress="";
+ }
+
foreach ($groups as $group)
$dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off");
include("/usr/local/pkg/dansguardianfx.conf.template");
diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml
index baa9b44a..063d55fa 100755
--- a/config/dansguardian/dansguardian_groups.xml
+++ b/config/dansguardian/dansguardian_groups.xml
@@ -105,7 +105,10 @@
<fielddescr>Group mode</fielddescr>
<fieldname>mode</fieldname>
</columnitem>
-
+ <columnitem>
+ <fielddescr>Reporting level</fielddescr>
+ <fieldname>reportinglevel</fieldname>
+ </columnitem>
<columnitem>
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
@@ -247,7 +250,8 @@
If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]></description>
<type>select</type>
<options>
- <option><name>Use HTML template file (accessdeniedaddress ignored) - recommended</name><value>3</value></option>
+ <option><name>Use General log option selected on Report and log - recommended</name><value>Global</value></option>
+ <option><name>Use HTML template file (accessdeniedaddress ignored)</name><value>3</value></option>
<option><name>Report fully</name><value>2</value></option>
<option><name>Report why but not what denied phrase</name><value>1</value></option>
<option><name>Just say 'Access Denied'</name><value>0</value></option>
@@ -255,6 +259,15 @@
</options>
</field>
<field>
+ <fielddescr>Access Denied cgi</fielddescr>
+ <fieldname>reportingcgi</fieldname>
+ <description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script
+ ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description>
+ <type>input</type>
+ <size>70</size>
+ </field>
+
+ <field>
<fielddescr>Weighted phrase mode</fielddescr>
<fieldname>weightedphrasemode</fieldname>
<description><![CDATA[IMPORTANT: Note that setting this to "0" turns off all features which extract phrases from page content,
@@ -321,6 +334,15 @@
<type>input</type>
<size>10</size>
</field>
+ <field>
+ <fielddescr>Temporary Denied Page Bypass Secret Key</fielddescr>
+ <fieldname>bypasskey</fieldname>
+ <description><![CDATA[If not empty, rather than generating a random key you can specify one. It must be more than 8 chars.<br>
+ Ex1:Mary had a little lamb.<br>
+ Ex2:76b42abc1cd0fdcaf6e943dcbc93b826]]></description>
+ <type>input</type>
+ <size>70</size>
+ </field>
<field>
<fielddescr>Infection/Scan Error Bypass</fielddescr>
<fieldname>infectionbypass</fieldname>
diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml
index a3448d44..a9b9d0e9 100644
--- a/config/dansguardian/dansguardian_log.xml
+++ b/config/dansguardian/dansguardian_log.xml
@@ -114,6 +114,14 @@
<option><name>Just say 'Access Denied'</name><value>0</value></option>
<option><name>Log but do not block - Stealth mode</name><value>-1</value></option>
</options>
+ </field>
+ <field>
+ <fielddescr>Access Denied cgi</fielddescr>
+ <fieldname>reportingcgi</fieldname>
+ <description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script
+ ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description>
+ <type>input</type>
+ <size>70</size>
</field>
<field>
<fielddescr>Report Language</fielddescr>
diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template
index c2d10853..c827cfe4 100644
--- a/config/dansguardian/dansguardianfx.conf.template
+++ b/config/dansguardian/dansguardianfx.conf.template
@@ -268,8 +268,8 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']}
#
# If defined, this overrides the global setting in dansguardian.conf for
# members of this filter group.
-#
-reportinglevel = {$dansguardian_groups['reportinglevel']}
+# reportinglevel = 3
+{$groupreportinglevel}
# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied. Only used in reporting levels
@@ -284,8 +284,8 @@ reportinglevel = {$dansguardian_groups['reportinglevel']}
#
# If defined, this overrides the global setting in dansguardian.conf for
# members of this filter group.
-#
-accessdeniedaddress = '{$dansguardian_groups['accessdeniedaddress']}'
+# accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+{$groupaccessdeniedaddress}
# HTML Template override
# If defined, this specifies a custom HTML template file for members of this
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index ceb3ee74..3254829b 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -449,7 +449,7 @@
<depends_on_package>dansguardian-2.12.0.0.tbz</depends_on_package>
<depends_on_package>clamav-0.97.3_1.tbz</depends_on_package>
<depends_on_package>ca_root_nss-3.13.3.tbz</depends_on_package>
- <version>2.12.0.0 pkg v.0.1.5.2</version>
+ <version>2.12.0.0 pkg v.0.1.5.3</version>
<status>beta</status>
<required_version>2.0</required_version>
<configurationfile>dansguardian.xml</configurationfile>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index b51305a3..01d6bdac 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -552,7 +552,7 @@
<depends_on_package>dansguardian-2.12.0.0.tbz</depends_on_package>
<depends_on_package>clamav-0.97.3_1.tbz</depends_on_package>
<depends_on_package>ca_root_nss-3.13.3.tbz</depends_on_package>
- <version>2.12.0.0 pkg v.0.1.5.2</version>
+ <version>2.12.0.0 pkg v.0.1.5.3</version>
<status>beta</status>
<required_version>2.0</required_version>
<configurationfile>dansguardian.xml</configurationfile>