aboutsummaryrefslogtreecommitdiffstats
path: root/packages/squidGuard
diff options
context:
space:
mode:
authorD. V. Serg <dvserg@pfsense.org>2008-02-20 14:29:45 +0000
committerD. V. Serg <dvserg@pfsense.org>2008-02-20 14:29:45 +0000
commit70505906ccee8e7875839a43a330433c83265d2e (patch)
treea6930ba653b0567cfede8f4bcf150112eb7a142c /packages/squidGuard
parent128d0473c3475e564744ef1e453e1284385ff318 (diff)
downloadpfsense-packages-70505906ccee8e7875839a43a330433c83265d2e.tar.gz
pfsense-packages-70505906ccee8e7875839a43a330433c83265d2e.tar.bz2
pfsense-packages-70505906ccee8e7875839a43a330433c83265d2e.zip
Deleted time option from 'Default'. Relise 'pass' ordering. Fixed big's.
Diffstat (limited to 'packages/squidGuard')
-rw-r--r--packages/squidGuard/squidguard.inc72
-rw-r--r--packages/squidGuard/squidguard_acl.xml15
-rw-r--r--packages/squidGuard/squidguard_configurator.inc128
-rw-r--r--packages/squidGuard/squidguard_default.xml32
-rw-r--r--packages/squidGuard/squidguard_src.xml160
5 files changed, 131 insertions, 276 deletions
diff --git a/packages/squidGuard/squidguard.inc b/packages/squidGuard/squidguard.inc
index 0c63603d..d31e7cad 100644
--- a/packages/squidGuard/squidguard.inc
+++ b/packages/squidGuard/squidguard.inc
@@ -523,7 +523,7 @@ function squidguard_before_form($pkg) {
// -----------------------------------------------------------------------------
// squidguard_before_form_acl
// -----------------------------------------------------------------------------
-function squidguard_before_form_acl($pkg) {
+function squidguard_before_form_acl($pkg, $is_acl=true) {
global $config;
global $g;
$current_id = '';
@@ -639,7 +639,7 @@ function squidguard_before_form_acl($pkg) {
foreach($pkg['fields']['field'] as $field) {
if (($field['fieldname'] == 'dest')/* || ($field['fieldname'] == 'overdest')*/) {
$fld = &$pkg['fields']['field'][$i];
- $fld['description'] .= make_grid_controls('checkbox', $dest_items); // insert to description custom controls
+ $fld['description'] .= make_grid_controls('checkbox', $dest_items, $is_acl); // insert to description custom controls
}
$i++;
}
@@ -866,7 +866,7 @@ function make_grid_blacklist() {
// -----------------------------------------------------------------------------
// make_grid_controls
// -----------------------------------------------------------------------------
-function make_grid_controls($type, $items) {
+function make_grid_controls($type, $items, $enable_overtime = true) {
$res = '';
$tbl = '';
$color = '';
@@ -900,25 +900,42 @@ function make_grid_controls($type, $items) {
if ($ovt_val == 'deny') $ovt_deny = 'CHECKED';
$tbl .= "<tr>";
+ // uptime table
$tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_UPTIME . "$name\" $upt_on></td>";
- $tbl .= "<td width=\"35%\" $color >$description [$name]</td>";
+ $tbl .= "<td $color>$description [$name]</td>";
$tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_UPTIME_DENY . "$name\" $upt_deny></td>";
$tbl .= "<td $color>deny access</td>";
+ // overtime table
+ if ($enable_overtime) {
+ $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_OVERTIME . "$name\" $ovt_on></td>";
+ $tbl .= "<td $color>$description [$name]</td>";
+ $tbl .= "<td $color><input type='$type' name=\"" . PREFLD_OVERTIME_DENY . "$name\" $ovt_deny></td>";
+ $tbl .= "<td $color>deny access</td>";
+ } else {
- $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_OVERTIME . "$name\" $ovt_on></td>";
- $tbl .= "<td $color width=\"35%\" >$description [$name]</td>";
- $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_OVERTIME_DENY . "$name\" $ovt_deny></td>";
- $tbl .= "<td $color>deny access</td>";
+ }
$tbl .= "</tr>";
}
if (!empty($tbl)) {
- $tbl = "<th/><th>Destinations in uptime</th><th/><th/><th/><th>Destinations in overtime</th><th/><th/>" .
- "<tr><td/><td>Select destinations for uptime rule</td><td/><td/>
- <td/><td>Select destination for overtime rule.<br>If time not defined, this part must be ignored</td><td/><td/></tr>"
- . $tbl;
+ $thdr = '';
+ if ($enable_overtime) {
+ $thdr = "<tr>" .
+ "<th colspan='4' align=middle>Destinations in uptime</th>" .
+ "<th colspan='4' align=middle>Destinations in overtime</th></tr><tr>" .
+ "<td colspan='4' align=middle>Select destinations for uptime rule</td>" .
+ "<td colspan='4' align=middle>Select destination for overtime rule.<br>" .
+ "If time not defined, this part must be ignored</td></tr>";
+ // formatting
+ $thdr .= "<tr><td/><td width='35%'/><td/><td/><td/><td width='35%'/><td/><td/></tr>";
+ } else {
+ $thdr = "<tr><th colspan='4' align=middle>Destinations in uptime</th></tr>" .
+ "<tr><td colspan='4' align=middle>Select destinations for uptime rule</td></tr>";
+ // formatting
+ $thdr .= "<tr><td width='5%'/><td/><td width='5%'/><td width='10%'/></tr>";
+ }
- $res .= "<table cellspacing='0'>" . $tbl . "</table>";
+ $res .= "<table cellspacing='0' width='100%'> $thdr $tbl </table>";
}
return $res;
}
@@ -1239,7 +1256,7 @@ function convert_pfxml_to_sgxml_source($pfconfig) {
$sgx[FLD_NAME] = $pfx['name'];
$sgx[FLD_IP] = $pfx['iplist'];
$sgx[FLD_DOMAINS] = $pfx[FLD_DOMAINS];
- $sgx[FLD_LOG] = $pfx['enablelog'];
+ $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG];
$sgx[FLD_DESCRIPTION] = $pfx['description'];
$sgxml[FLD_ITEM][] = $sgx;
}
@@ -1264,7 +1281,7 @@ function convert_pfxml_to_sgxml_destination($pfconfig) {
$sgx[FLD_EXPRESSIONS] = $pfx['expressions'];
$sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT];
$sgx[FLD_DESCRIPTION] = $pfx['description'];
- $sgx[FLD_LOG] = $pfx['enablelog'];
+ $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG];
$sgxml[FLD_ITEM][] = $sgx;
}
}
@@ -1282,9 +1299,9 @@ function convert_pfxml_to_sgxml_rewrite($pfconfig) {
if (is_array($pfxml)) {
foreach($pfxml as $pfx) {
$sgx = array();
- $sgx[FLD_NAME] = $pfx['name'];
+ $sgx[FLD_NAME] = $pfx['name'];
$sgx[FLD_DESCRIPTION] = $pfx['description'];
- $sgx[FLD_LOG] = $pfx['enablelog'];
+ $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG];
foreach($pfx['row'] as $pfx_row) {
$sgx_row = array();
@@ -1340,13 +1357,14 @@ function convert_pfxml_to_sgxml_acl($pfconfig) {
if (is_array($pfxml)) {
foreach($pfxml as $pfx) {
$sgx = array();
-# $sgx[FLD_NAME] = $pfx[FLD_SOURCE]; // [04-01-2008] previous ver - this field will removed
$sgx[FLD_NAME] = $pfx[FLD_NAME]; // [04-01-2008] new ver
$sgx[FLD_DESCRIPTION] = $pfx[FLD_DESCRIPTION];
$sgx[FLD_DISABLED] = $pfx[FLD_DISABLED];
$sgx[FLD_TIMENAME] = $pfx[FLD_TIME];
$sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT];
$sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE];
+ $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG];
+ $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP];
// for overtime
$sgx[FLD_OVERREDIRECT] = $pfx[FLD_OVERREDIRECT];
@@ -1388,24 +1406,16 @@ function convert_pfxml_to_sgxml_default($pfconfig) {
$sgx[FLD_TIMENAME] = $pfx[FLD_TIME];
$sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT];
$sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE];
- // for overtime
- $sgx[FLD_OVERREDIRECT] = $pfx[FLD_OVERREDIRECT];
- $sgx[FLD_OVERREWRITENAME] = $pfx[FLD_OVERREWRITE];
+ $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG];
+ $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP];
// destinations
- if (strpos($pfx['dest'], '[') === false) {
- $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']);
- $sgx[FLD_OVERDESTINATIONNAME] = '';
- } else {
- $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) );
- $sgx[FLD_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') );
- $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[FLD_OVERDESTINATIONNAME]) );
- $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[FLD_OVERDESTINATIONNAME]) );
- }
+ if (strpos($pfx['dest'], '[') === false)
+ $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']);
+ else $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) );
// !ATTENTION! '!all' must be convert to 'none'
$sgx[FLD_DESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]);
- $sgx[FLD_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_OVERDESTINATIONNAME]);
return $sgx;
}
diff --git a/packages/squidGuard/squidguard_acl.xml b/packages/squidGuard/squidguard_acl.xml
index b3f4d2d7..3439e674 100644
--- a/packages/squidGuard/squidguard_acl.xml
+++ b/packages/squidGuard/squidguard_acl.xml
@@ -155,6 +155,15 @@
<size>100</size>
</field>
<field>
+ <fielddescr>Not to allow IP addresses in URL</fielddescr>
+ <fieldname>notallowingip</fieldname>
+ <description>
+ To make sure that people don't bypass the URL filter
+ by simply using the IP addresses instead of the fully qualified domain names, you can check this option.
+ </description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Redirect</fielddescr>
<fieldname>redirect</fieldname>
<description>
@@ -199,6 +208,12 @@
<type>input</type>
<size>100</size>
</field>
+ <field>
+ <fielddescr>Enable log</fielddescr>
+ <fieldname>enablelog</fieldname>
+ <description>Check this for enable log.</description>
+ <type>checkbox</type>
+ </field>
</fields>
<custom_php_validation_command>
diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc
index 4e93098a..2a09fc62 100644
--- a/packages/squidGuard/squidguard_configurator.inc
+++ b/packages/squidGuard/squidguard_configurator.inc
@@ -60,7 +60,7 @@ define('FILES_DB_HEADER', '
# ------------------------------------------------------------------------------
');
-define('CONFIG_SG_HEADER', '
+define('CONFIG_SG_HEADER', "
# ============================================================
# SquidGuard configuration file
#
@@ -69,7 +69,7 @@ define('CONFIG_SG_HEADER', '
# (C)2006 Serg Dvoriancev
# email: dv_serg@mail.ru
# ============================================================
-');
+");
define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'");
@@ -148,6 +148,8 @@ define('SQUIDGUARD_LOG_LEVEL', 0);
# ------------------------------------------------------------------------------
#
define('FLT_DEFAULT_ALL', 'all');
+define('FLT_NOTALLOWIP', '!in-addr');
+
# ------------------------------------------------------------------------------
# owner user name (squid system user - need for define rights access)
# ------------------------------------------------------------------------------
@@ -229,6 +231,7 @@ define('FLD_TIMEDAYS', 'timedays');
define('FLD_DATRANGE', 'daterange');
define('FLD_TIMERANGE', 'sg_timerange');
define('FLD_REDIRECTMODE', 'redirect_mode'); // [redirect_mode] = rmod_int <base- use sgerror.php>; rmod_301; rmod_302;
+define('FLD_NOTALLOWINGIP', 'notallowingip'); // not allowing ip in URL
// transparent mode
define('FLD_SQUID_TRANSPARENT_MODE', 'squid_transparent_mode');
@@ -842,9 +845,6 @@ function sg_build_config() {
// --- Header ---
$sgconf[] = CONFIG_SG_HEADER;
- // redirector base url
-# $redirect_base_url = sg_redirector_base_url();
-
// init
$sgconf[] = "logdir " . $squidguard_config[FLD_LOGDIR];
$sgconf[] = "dbhome " . $squidguard_config[FLD_DBHOME];
@@ -956,9 +956,6 @@ function sg_build_config() {
if ($squidguard_config[FLD_DESTINATIONS]) {
sg_addlog("sg_build_config: add destinations");
$sgconf[] = "";
-# $sgconf[] = "dest localhost { # fix localhost access problem on transparent proxy ";
-# $sgconf[] = "\t ip 127.0.0.1";
-# $sgconf[] = "}";
$log_entr_added = '';
foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) {
$dstname = $dst[FLD_NAME];
@@ -1016,10 +1013,11 @@ function sg_build_config() {
$log_entr_added = '';
foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) {
- // delete blacklist entries from 'pass' if blacklist disabled
- if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') {
+ if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') {
$tarray = explode(" ", $acl[FLD_DESTINATIONNAME]);
$varray = explode(" ", $acl[FLD_OVERDESTINATIONNAME]);
+
+ // delete blacklist entries from 'pass' if blacklist disabled
foreach($entry_blacklist as $entry) {
$tk = array_search($entry, $tarray);
if ($tk !== false) unset ($tarray[$tk]);
@@ -1033,11 +1031,22 @@ function sg_build_config() {
$tk = array_search("!$entry", $varray);
if ($tk !== false) unset ($varray[$tk]);
}
+
$acl[FLD_DESTINATIONNAME] = implode (" ", $tarray);
$acl[FLD_OVERDESTINATIONNAME] = implode (" ", $varray);
}
if (!$acl[FLD_DISABLED]) {
+ // not allowing IP in URL
+ if ($acl[FLD_NOTALLOWINGIP]) {
+ $acl[FLD_DESTINATIONNAME] = "!in-addr " . $acl[FLD_DESTINATIONNAME];
+ $acl[FLD_OVERDESTINATIONNAME] = "!in-addr " . $acl[FLD_OVERDESTINATIONNAME];
+ }
+
+ // re-order acl pass (<allow><deny<all|none>)
+ $acl[FLD_DESTINATIONNAME] = sg_aclpass_reorder($acl[FLD_DESTINATIONNAME]);
+ $acl[FLD_OVERDESTINATIONNAME] = sg_aclpass_reorder($acl[FLD_OVERDESTINATIONNAME]);
+
if ($acl[FLD_DESCRIPTION])
$sgconf[] = "\t # " . $acl[FLD_DESCRIPTION];
@@ -1047,11 +1056,13 @@ function sg_build_config() {
$sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME];
if ($acl[FLD_REDIRECT]) {
if (is_url($acl[FLD_REDIRECT]))
- $sgconf[] = "\t\t redirect " . $redirect_user_url . rawurlencode($acl[FLD_REDIRECT]);
- else $sgconf[] = "\t\t redirect " . $redirect_user_url . "?msg=" . htmlspecialchars($acl[FLD_REDIRECT]);
+ $sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_REDIRECT]); # $redirect_user_url . rawurlencode($acl[FLD_REDIRECT]);
+ else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_user_url . "?msg=" . htmlspecialchars($acl[FLD_REDIRECT]);
}
if ($acl[FLD_REWRITENAME])
$sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME];
+ if ($acl[FLD_LOG])
+ $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE;
// overtime
$sgconf[] = "\t } else {";
@@ -1060,6 +1071,8 @@ function sg_build_config() {
$sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_OVERREDIRECT]); # $redirect_base_url . rawurlencode($acl[FLD_OVERREDIRECT]);
if ($acl[FLD_OVERREWRITENAME])
$sgconf[] = "\t\t rewrite " . $acl[FLD_OVERREWRITENAME];
+ if ($acl[FLD_LOG])
+ $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE;
$sgconf[] = "\t }";
} else {
@@ -1071,6 +1084,8 @@ function sg_build_config() {
$sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($acl[FLD_REDIRECT]);
if ($acl[FLD_REWRITENAME])
$sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME];
+ if ($acl[FLD_LOG])
+ $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE;
$sgconf[] = "\t }";
}
@@ -1091,7 +1106,6 @@ function sg_build_config() {
// delete blacklist entries from 'pass' if blacklist disabled
if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') {
$tarray = explode(" ", $def[FLD_DESTINATIONNAME]);
- $varray = explode(" ", $def[FLD_OVERDESTINATIONNAME]);
foreach($entry_blacklist as $entry) {
$tk = array_search($entry , $tarray);
if ($tk !== false) unset ($tarray[$tk]);
@@ -1099,41 +1113,28 @@ function sg_build_config() {
$tk = array_search("!$entry" , $tarray);
if ($tk !== false) unset ($tarray[$tk]);
- $tk = array_search($entry , $varray);
- if ($tk !== false) unset ($varray[$tk]);
-
- $tk = array_search("!$entry" , $varray);
- if ($tk !== false) unset ($varray[$tk]);
}
$def[FLD_DESTINATIONNAME] = implode (" ", $tarray);
- $def[FLD_OVERDESTINATIONNAME] = implode (" ", $varray);
}
- if ($def[FLD_TIMENAME]) {
- // ontime
- $sgconf[] = "\t default within " . $def[FLD_TIMENAME] . " { ";
- $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME];
- if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT]))
- $sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_REDIRECT]);
- else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url;
- // overtime
- $sgconf[] = "\t } else {";
- $sgconf[] = "\t\t pass " . $def[FLD_OVERDESTINATIONNAME];
- if ($def[FLD_OVERREDIRECT] && is_url($def[FLD_OVERREDIRECT])) {
- $sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_OVERREDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_OVERREDIRECT]);
- }
- else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url;
- $sgconf[] = "\t }";
- } else {
- // without time
- $sgconf[] = "\t default { ";
- $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME];
- if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) {
+ // not allowing IP in URL
+ if ($def[FLD_NOTALLOWINGIP])
+ $def[FLD_DESTINATIONNAME] = "!in-addr " . $def[FLD_DESTINATIONNAME];
+
+ // re-order acl pass (<allow><deny<all|none>)
+ $def[FLD_DESTINATIONNAME] = sg_aclpass_reorder($def[FLD_DESTINATIONNAME]);
+
+ // 'Default' used without time
+ $sgconf[] = "\t default { ";
+ $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME];
+ if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) {
$sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_REDIRECT]);
- }
- else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url;
- $sgconf[] = "\t }";
}
+ else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url;
+ if ($def[FLD_LOG])
+ $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE;
+ $sgconf[] = "\t }";
+
} // if def
else {
sg_addlog("sg_build_config: error - ACL 'default' is empty, use as default 'block all'.");
@@ -1148,6 +1149,30 @@ function sg_build_config() {
return $sgconf;
}
+// ------------------------------------------------------------
+//
+// ------------------------------------------------------------
+function sg_aclpass_reorder($pass) {
+ $ar_pass = explode(" ", $pass);
+
+ // 'pass' order: <allow> <deny> <all|none>
+ if (is_array($ar_pass)) {
+ $pass_end = '';
+ $pass_fst = array();
+ $pass_lst = array();
+ foreach ($ar_pass as $val) {
+ $tk = trim($val);
+ if ($tk === 'all' or $tk === 'none')
+ $pass_end = $val;
+ elseif (strpos($tk, "!") !== false)
+ $pass_lst[] = $val;
+ else $pass_fst[] = $val;
+ }
+ $ar_pass = array_merge($pass_fst, $pass_lst);
+ $ar_pass[] = $pass_end;
+ }
+ return implode(" ", $ar_pass);
+}
// ------------------------------------------------------------
// sg_check_config_data
@@ -1356,25 +1381,6 @@ function sg_check_config_data () {
$check_log[] = "ACL 'default' error: ontime pass list is empty.";
}
- // check overtime destinations
- if ($time) {
- if ($def[FLD_OVERDESTINATIONNAME]) {
- $defoverdest = str_replace("!", "", $def[FLD_OVERDESTINATIONNAME]);
- $defoverdest = explode(" ", $defoverdest);
- $key_defoverdest = array_count_values($defoverdest);
- foreach($defoverdest as $adest) {
- // check duplicates destinations in acl
- if ($key_defoverdest[$adest] > 1)
- $check_log[] = "ACL 'default' error: duplicate overtime destination name '$adest'. Any destination must included once.";
- // check destinations for exists
- if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest])
- $check_log[] = "ACL 'default' error: overtime destination name '$adest' not found";
- }
- } else {
- $check_log[] = "ACL 'default' error: overtime pass list is empty.";
- }
- }
-
// check rewrite
$rew = $def[FLD_REWRITENAME];
if ($rew and !$key_rewrites[$rew])
diff --git a/packages/squidGuard/squidguard_default.xml b/packages/squidGuard/squidguard_default.xml
index 0354f1dd..3f83b267 100644
--- a/packages/squidGuard/squidguard_default.xml
+++ b/packages/squidGuard/squidguard_default.xml
@@ -45,12 +45,6 @@
<fields>
<field>
- <fielddescr>Default Time</fielddescr>
- <fieldname>time</fieldname>
- <description>Enter time name in current which this rule permitted.</description>
- <type>select</type>
- </field>
- <field>
<fielddescr>Default destination</fielddescr>
<fieldname>dest</fieldname>
<description></description>
@@ -58,21 +52,17 @@
<size>100</size>
</field>
<field>
- <fielddescr>Default Redirect</fielddescr>
- <fieldname>redirect</fieldname>
+ <fielddescr>Not to allow IP addresses in URL</fielddescr>
+ <fieldname>notallowingip</fieldname>
<description>
- Enter redirection URL, Tag or Error page code for this rule, or leave blank. &lt;br&gt;
- Supported URL's: 'http://myurl', 'https://myurl'. &lt;br&gt;
- Supported tags: 'blank', 'blank_img'. &lt;br&gt;
- Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'.
+ To make sure that people don't bypass the URL filter
+ by simply using the IP addresses instead of the fully qualified domain names, you can check this option.
</description>
- <type>textarea</type>
- <cols>65</cols>
- <rows>2</rows>
+ <type>checkbox</type>
</field>
<field>
- <fielddescr>Default overtime redirect</fielddescr>
- <fieldname>overredirect</fieldname>
+ <fielddescr>Default Redirect</fielddescr>
+ <fieldname>redirect</fieldname>
<description>
Enter redirection URL, Tag or Error page code for this rule, or leave blank. &lt;br&gt;
Supported URL's: 'http://myurl', 'https://myurl'. &lt;br&gt;
@@ -90,12 +80,6 @@
<type>select</type>
</field>
<field>
- <fielddescr>Default overtime rewrite</fielddescr>
- <fieldname>overrewrite</fieldname>
- <description>Enter rewrite condition name for this rule, or leave blank.</description>
- <type>select</type>
- </field>
- <field>
<fielddescr>Enable log</fielddescr>
<fieldname>enablelog</fieldname>
<description>Check this for enable log.</description>
@@ -107,7 +91,7 @@
squidguard_validate_acl(&amp;$_POST, &amp;$input_errors);
</custom_php_validation_command>
<custom_php_command_before_form>
- squidguard_before_form_acl(&amp;$pkg);
+ squidguard_before_form_acl(&amp;$pkg, false);
</custom_php_command_before_form>
<custom_php_after_form_command>
squidGuard_print_javascript();
diff --git a/packages/squidGuard/squidguard_src.xml b/packages/squidGuard/squidguard_src.xml
deleted file mode 100644
index 000528db..00000000
--- a/packages/squidGuard/squidguard_src.xml
+++ /dev/null
@@ -1,160 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
-<packagegui>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
-
- <name>squidguardsrc</name>
- <version>none</version>
- <title>Proxy Content filter SquidGuard: Sources</title>
- <include_file>/usr/local/pkg/squidguard.inc</include_file>
-
- <delete_string>A proxy server user has been deleted.</delete_string>
- <addedit_string>A proxy server user has been created/modified.</addedit_string>
-
- <tabs>
- <tab>
- <text>General settings</text>
- <url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Default</text>
- <url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>ACL</text>
- <url>/pkg.php?xml=squidguard_acl.xml</url>
- </tab>
- <tab>
- <text>Sources</text>
- <url>/pkg.php?xml=squidguard_src.xml</url>
- <active/>
- </tab>
- <tab>
- <text>Destinations</text>
- <url>/pkg.php?xml=squidguard_dest.xml</url>
- </tab>
- <tab>
- <text>Times</text>
- <url>/pkg.php?xml=squidguard_time.xml</url>
- </tab>
- <tab>
- <text>Rewrites</text>
- <url>/pkg.php?xml=squidguard_rewr.xml</url>
- </tab>
- <tab>
- <text>Log</text>
- <url>/pkg_edit.php?xml=squidguard_log.xml</url>
- </tab>
- </tabs>
-
- <adddeleteeditpagefields>
- <columnitem>
- <fielddescr>Order</fielddescr>
- <fieldname>order</fieldname>
- </columnitem>
- <columnitem>
- <fielddescr>Source name</fielddescr>
- <fieldname>name</fieldname>
- </columnitem>
- <columnitem>
- <fielddescr>IP list</fielddescr>
- <fieldname>iplist</fieldname>
- </columnitem>
- <columnitem>
- <fielddescr>domains list</fielddescr>
- <fieldname>domains</fieldname>
- </columnitem>
- <columnitem>
- <fielddescr>Description</fielddescr>
- <fieldname>description</fieldname>
- </columnitem>
- </adddeleteeditpagefields>
-
- <fields>
- <field>
- <fielddescr>Source name</fielddescr>
- <fieldname>name</fieldname>
- <description>
- You can enter name here. Name consist minimum 2 symbols, first from which letter. &lt;br&gt;
- All other symbols is [a-Z_0-9]. Source name must be &lt;b&gt;unique&lt;/b&gt; .
- </description>
- <type>input</type>
- <required/>
- <size>80</size>
- </field>
- <field>
- <fielddescr>Order</fielddescr>
- <fieldname>order</fieldname>
- <description>
- Order source in list. &lt;br&gt;
- &lt;b&gt;Note:&lt;/b&gt; &lt;br&gt;
- Sources order have very high importance. Sources are evaluated on a first-match basis. &lt;br&gt;
- If your sources have an overlaying ranges, then act will be first in list. &lt;br&gt;
- &lt;b&gt;For example:&lt;/b&gt; &lt;br&gt;
- Wrong order: &lt;br&gt;
- First source entry is the range 10.0.0.0/24 and second entry is 10.0.0.15 (or 10.0.0.15/32 ) &lt;br&gt;
- Right order: &lt;br&gt;
- First source entry is the single ip 10.0.0.15 (or 10.0.0.15/32 ) then the overlaying range 10.0.0.0/24 &lt;br&gt;
- </description>
- <type>input</type>
- <size>5</size>
- </field>
- <field>
- <fielddescr>IP addresses</fielddescr>
- <fieldname>iplist</fieldname>
- <description>
- Enter IP addresses here with space(' ') divider. &lt;br&gt;
- IP addresses must have format:&lt;br&gt;
- single example: '192.168.0.1' &lt;br&gt;
- range examples: &lt;br&gt;
- '192.168.0.0/24', '192.168.1.0/255.255.255.0', '192.168.1.1-192.168.1.10' &lt;br&gt;
- </description>
- <type>textarea</type>
- <cols>50</cols>
- <rows>10</rows>
- </field>
- <field>
- <fielddescr>Domains</fielddescr>
- <fieldname>domains</fieldname>
- <description>
- Enter domains names here with space(' ') divider. &lt;br&gt;
- Example: &lt;b&gt;'foo.bar'&lt;/b&gt; match &lt;b&gt;'foo.bar'&lt;/b&gt; or &lt;b&gt;'*.foo.bar'&lt;/b&gt;.
- </description>
- <type>textarea</type>
- <cols>50</cols>
- <rows>10</rows>
- </field>
- <field>
- <fielddescr>Enable log</fielddescr>
- <fieldname>enablelog</fieldname>
- <description>Check this for enable log.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Description</fielddescr>
- <fieldname>description</fieldname>
- <description></description>
- <type>input</type>
- <size>80</size>
- </field>
- </fields>
-
- <custom_php_command_before_form>
- squidguard_before_form_src(&amp;$pkg);
- </custom_php_command_before_form>
- <custom_php_after_form_command>
- squidGuard_print_javascript();
- </custom_php_after_form_command>
- <custom_php_validation_command>
- squidguard_validate_source($_POST, &amp;$input_errors);
- </custom_php_validation_command>
- <custom_php_resync_config_command>
- squidguard_resync_src();
- </custom_php_resync_config_command>
- <custom_delete_php_command>
- squidguard_resync_src();
- </custom_delete_php_command>
-</packagegui>