diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-05-03 13:22:49 -0300 |
---|---|---|
committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-05-03 13:22:49 -0300 |
commit | d52a7fba0e525484dffa7cc8c5e286a91ac5a2e7 (patch) | |
tree | 246bfbb5c1fcb606532c7753e6a69408b0272a6e /config | |
parent | 01eeb96c4519178caea3b97e8e141f12338f4669 (diff) | |
download | pfsense-packages-d52a7fba0e525484dffa7cc8c5e286a91ac5a2e7.tar.gz pfsense-packages-d52a7fba0e525484dffa7cc8c5e286a91ac5a2e7.tar.bz2 pfsense-packages-d52a7fba0e525484dffa7cc8c5e286a91ac5a2e7.zip |
dansguardian - include per group report options and passkey for denied pages
Diffstat (limited to 'config')
-rwxr-xr-x | config/dansguardian/dansguardian.conf.template | 3 | ||||
-rwxr-xr-x | config/dansguardian/dansguardian.inc | 38 | ||||
-rwxr-xr-x | config/dansguardian/dansguardian_groups.xml | 26 | ||||
-rw-r--r-- | config/dansguardian/dansguardian_log.xml | 8 | ||||
-rw-r--r-- | config/dansguardian/dansguardianfx.conf.template | 8 |
5 files changed, 74 insertions, 9 deletions
diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template index 27099332..ab30527a 100755 --- a/config/dansguardian/dansguardian.conf.template +++ b/config/dansguardian/dansguardian.conf.template @@ -157,7 +157,8 @@ proxyport = {$proxyport} # # Individual filter groups can override this setting in their own configuration. # -accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +{$accessdeniedaddress} # Non standard delimiter (only used with accessdeniedaddress) # To help preserve the full banned URL, including parameters, the variables diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index 56acfc5e..26e213a2 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -181,6 +181,16 @@ function sync_package_dansguardian() { #report and log $reportlevel=($dansguardian_log['report_level']?$dansguardian_log['report_level']:"3"); + if ($reportlevel == 1 || $reportlevel== 2){ + if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_log['reportingcgi'],$cgimatches)){ + $accessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'"; + } + else{ + log_error("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url"); + file_notice("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url",""); + } + } + $accessdenied=($dansguardian_log['reportingcgi']?$dansguardian_log['report_level']:"3"); $reportlanguage=($dansguardian_log['report_language']?$dansguardian_log['report_language']:"ukenglish"); $showweightedfound=(preg_match('/showweightedfound/',$dansguardian_log['report_options'])?"on":"off"); $usecustombannedflash=(preg_match('/usecustombannedflash/',$dansguardian_log['report_options'])?"on":"off"); @@ -657,7 +667,7 @@ function sync_package_dansguardian() { $config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file); $dansguardian_log['report_file']=base64_encode($report_file); $load_samples++; - } + } if($load_samples > 0) write_config(); @@ -676,7 +686,8 @@ function sync_package_dansguardian() { 'urlacl'=> "Default", 'group_options' => "scancleancache,infectionbypasserrorsonly", 'reportinglevel'=>'3', - 'mode'=> "1"); + 'mode'=> "1", + 'report_level'=>"general"); $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm"); #loop on array @@ -695,6 +706,29 @@ function sync_package_dansguardian() { $dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0"); $dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0"); $dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da"); + switch ($dansguardian_groups['reportinglevel']){ + case "1": + case "2": + $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel']; + if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_groups['reportingcgi'],$cgimatches)){ + $groupaccessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'"; + } + else{ + log_error('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.'); + file_notice('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.',""); + } + break; + case "-1": + case "0": + case "3": + $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel']; + $groupaccessdeniedaddress=""; + break; + default: + $groupreportinglevel=""; + $groupaccessdeniedaddress=""; + } + foreach ($groups as $group) $dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off"); include("/usr/local/pkg/dansguardianfx.conf.template"); diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml index baa9b44a..063d55fa 100755 --- a/config/dansguardian/dansguardian_groups.xml +++ b/config/dansguardian/dansguardian_groups.xml @@ -105,7 +105,10 @@ <fielddescr>Group mode</fielddescr> <fieldname>mode</fieldname> </columnitem> - + <columnitem> + <fielddescr>Reporting level</fielddescr> + <fieldname>reportinglevel</fieldname> + </columnitem> <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> @@ -247,7 +250,8 @@ If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]></description> <type>select</type> <options> - <option><name>Use HTML template file (accessdeniedaddress ignored) - recommended</name><value>3</value></option> + <option><name>Use General log option selected on Report and log - recommended</name><value>Global</value></option> + <option><name>Use HTML template file (accessdeniedaddress ignored)</name><value>3</value></option> <option><name>Report fully</name><value>2</value></option> <option><name>Report why but not what denied phrase</name><value>1</value></option> <option><name>Just say 'Access Denied'</name><value>0</value></option> @@ -255,6 +259,15 @@ </options> </field> <field> + <fielddescr>Access Denied cgi</fielddescr> + <fieldname>reportingcgi</fieldname> + <description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script + ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description> + <type>input</type> + <size>70</size> + </field> + + <field> <fielddescr>Weighted phrase mode</fielddescr> <fieldname>weightedphrasemode</fieldname> <description><![CDATA[IMPORTANT: Note that setting this to "0" turns off all features which extract phrases from page content, @@ -321,6 +334,15 @@ <type>input</type> <size>10</size> </field> + <field> + <fielddescr>Temporary Denied Page Bypass Secret Key</fielddescr> + <fieldname>bypasskey</fieldname> + <description><![CDATA[If not empty, rather than generating a random key you can specify one. It must be more than 8 chars.<br> + Ex1:Mary had a little lamb.<br> + Ex2:76b42abc1cd0fdcaf6e943dcbc93b826]]></description> + <type>input</type> + <size>70</size> + </field> <field> <fielddescr>Infection/Scan Error Bypass</fielddescr> <fieldname>infectionbypass</fieldname> diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml index a3448d44..a9b9d0e9 100644 --- a/config/dansguardian/dansguardian_log.xml +++ b/config/dansguardian/dansguardian_log.xml @@ -114,6 +114,14 @@ <option><name>Just say 'Access Denied'</name><value>0</value></option> <option><name>Log but do not block - Stealth mode</name><value>-1</value></option> </options> + </field> + <field> + <fielddescr>Access Denied cgi</fielddescr> + <fieldname>reportingcgi</fieldname> + <description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script + ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description> + <type>input</type> + <size>70</size> </field> <field> <fielddescr>Report Language</fielddescr> diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template index c2d10853..c827cfe4 100644 --- a/config/dansguardian/dansguardianfx.conf.template +++ b/config/dansguardian/dansguardianfx.conf.template @@ -268,8 +268,8 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']} # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. -# -reportinglevel = {$dansguardian_groups['reportinglevel']} +# reportinglevel = 3 +{$groupreportinglevel} # accessdeniedaddress is the address of your web server to which the cgi # dansguardian reporting script was copied. Only used in reporting levels @@ -284,8 +284,8 @@ reportinglevel = {$dansguardian_groups['reportinglevel']} # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. -# -accessdeniedaddress = '{$dansguardian_groups['accessdeniedaddress']}' +# accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +{$groupaccessdeniedaddress} # HTML Template override # If defined, this specifies a custom HTML template file for members of this |