diff options
author | D. V. Serg <dvserg@pfsense.org> | 2008-02-20 14:29:45 +0000 |
---|---|---|
committer | D. V. Serg <dvserg@pfsense.org> | 2008-02-20 14:29:45 +0000 |
commit | 70505906ccee8e7875839a43a330433c83265d2e (patch) | |
tree | a6930ba653b0567cfede8f4bcf150112eb7a142c /packages | |
parent | 128d0473c3475e564744ef1e453e1284385ff318 (diff) | |
download | pfsense-packages-70505906ccee8e7875839a43a330433c83265d2e.tar.gz pfsense-packages-70505906ccee8e7875839a43a330433c83265d2e.tar.bz2 pfsense-packages-70505906ccee8e7875839a43a330433c83265d2e.zip |
Deleted time option from 'Default'. Relise 'pass' ordering. Fixed big's.
Diffstat (limited to 'packages')
-rw-r--r-- | packages/squidGuard/squidguard.inc | 72 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_acl.xml | 15 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_configurator.inc | 128 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_default.xml | 32 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_src.xml | 160 |
5 files changed, 131 insertions, 276 deletions
diff --git a/packages/squidGuard/squidguard.inc b/packages/squidGuard/squidguard.inc index 0c63603d..d31e7cad 100644 --- a/packages/squidGuard/squidguard.inc +++ b/packages/squidGuard/squidguard.inc @@ -523,7 +523,7 @@ function squidguard_before_form($pkg) { // ----------------------------------------------------------------------------- // squidguard_before_form_acl // ----------------------------------------------------------------------------- -function squidguard_before_form_acl($pkg) { +function squidguard_before_form_acl($pkg, $is_acl=true) { global $config; global $g; $current_id = ''; @@ -639,7 +639,7 @@ function squidguard_before_form_acl($pkg) { foreach($pkg['fields']['field'] as $field) { if (($field['fieldname'] == 'dest')/* || ($field['fieldname'] == 'overdest')*/) { $fld = &$pkg['fields']['field'][$i]; - $fld['description'] .= make_grid_controls('checkbox', $dest_items); // insert to description custom controls + $fld['description'] .= make_grid_controls('checkbox', $dest_items, $is_acl); // insert to description custom controls } $i++; } @@ -866,7 +866,7 @@ function make_grid_blacklist() { // ----------------------------------------------------------------------------- // make_grid_controls // ----------------------------------------------------------------------------- -function make_grid_controls($type, $items) { +function make_grid_controls($type, $items, $enable_overtime = true) { $res = ''; $tbl = ''; $color = ''; @@ -900,25 +900,42 @@ function make_grid_controls($type, $items) { if ($ovt_val == 'deny') $ovt_deny = 'CHECKED'; $tbl .= "<tr>"; + // uptime table $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_UPTIME . "$name\" $upt_on></td>"; - $tbl .= "<td width=\"35%\" $color >$description [$name]</td>"; + $tbl .= "<td $color>$description [$name]</td>"; $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_UPTIME_DENY . "$name\" $upt_deny></td>"; $tbl .= "<td $color>deny access</td>"; + // overtime table + if ($enable_overtime) { + $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_OVERTIME . "$name\" $ovt_on></td>"; + $tbl .= "<td $color>$description [$name]</td>"; + $tbl .= "<td $color><input type='$type' name=\"" . PREFLD_OVERTIME_DENY . "$name\" $ovt_deny></td>"; + $tbl .= "<td $color>deny access</td>"; + } else { - $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_OVERTIME . "$name\" $ovt_on></td>"; - $tbl .= "<td $color width=\"35%\" >$description [$name]</td>"; - $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_OVERTIME_DENY . "$name\" $ovt_deny></td>"; - $tbl .= "<td $color>deny access</td>"; + } $tbl .= "</tr>"; } if (!empty($tbl)) { - $tbl = "<th/><th>Destinations in uptime</th><th/><th/><th/><th>Destinations in overtime</th><th/><th/>" . - "<tr><td/><td>Select destinations for uptime rule</td><td/><td/> - <td/><td>Select destination for overtime rule.<br>If time not defined, this part must be ignored</td><td/><td/></tr>" - . $tbl; + $thdr = ''; + if ($enable_overtime) { + $thdr = "<tr>" . + "<th colspan='4' align=middle>Destinations in uptime</th>" . + "<th colspan='4' align=middle>Destinations in overtime</th></tr><tr>" . + "<td colspan='4' align=middle>Select destinations for uptime rule</td>" . + "<td colspan='4' align=middle>Select destination for overtime rule.<br>" . + "If time not defined, this part must be ignored</td></tr>"; + // formatting + $thdr .= "<tr><td/><td width='35%'/><td/><td/><td/><td width='35%'/><td/><td/></tr>"; + } else { + $thdr = "<tr><th colspan='4' align=middle>Destinations in uptime</th></tr>" . + "<tr><td colspan='4' align=middle>Select destinations for uptime rule</td></tr>"; + // formatting + $thdr .= "<tr><td width='5%'/><td/><td width='5%'/><td width='10%'/></tr>"; + } - $res .= "<table cellspacing='0'>" . $tbl . "</table>"; + $res .= "<table cellspacing='0' width='100%'> $thdr $tbl </table>"; } return $res; } @@ -1239,7 +1256,7 @@ function convert_pfxml_to_sgxml_source($pfconfig) { $sgx[FLD_NAME] = $pfx['name']; $sgx[FLD_IP] = $pfx['iplist']; $sgx[FLD_DOMAINS] = $pfx[FLD_DOMAINS]; - $sgx[FLD_LOG] = $pfx['enablelog']; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; $sgx[FLD_DESCRIPTION] = $pfx['description']; $sgxml[FLD_ITEM][] = $sgx; } @@ -1264,7 +1281,7 @@ function convert_pfxml_to_sgxml_destination($pfconfig) { $sgx[FLD_EXPRESSIONS] = $pfx['expressions']; $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; $sgx[FLD_DESCRIPTION] = $pfx['description']; - $sgx[FLD_LOG] = $pfx['enablelog']; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; $sgxml[FLD_ITEM][] = $sgx; } } @@ -1282,9 +1299,9 @@ function convert_pfxml_to_sgxml_rewrite($pfconfig) { if (is_array($pfxml)) { foreach($pfxml as $pfx) { $sgx = array(); - $sgx[FLD_NAME] = $pfx['name']; + $sgx[FLD_NAME] = $pfx['name']; $sgx[FLD_DESCRIPTION] = $pfx['description']; - $sgx[FLD_LOG] = $pfx['enablelog']; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; foreach($pfx['row'] as $pfx_row) { $sgx_row = array(); @@ -1340,13 +1357,14 @@ function convert_pfxml_to_sgxml_acl($pfconfig) { if (is_array($pfxml)) { foreach($pfxml as $pfx) { $sgx = array(); -# $sgx[FLD_NAME] = $pfx[FLD_SOURCE]; // [04-01-2008] previous ver - this field will removed $sgx[FLD_NAME] = $pfx[FLD_NAME]; // [04-01-2008] new ver $sgx[FLD_DESCRIPTION] = $pfx[FLD_DESCRIPTION]; $sgx[FLD_DISABLED] = $pfx[FLD_DISABLED]; $sgx[FLD_TIMENAME] = $pfx[FLD_TIME]; $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; $sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE]; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; + $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP]; // for overtime $sgx[FLD_OVERREDIRECT] = $pfx[FLD_OVERREDIRECT]; @@ -1388,24 +1406,16 @@ function convert_pfxml_to_sgxml_default($pfconfig) { $sgx[FLD_TIMENAME] = $pfx[FLD_TIME]; $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; $sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE]; - // for overtime - $sgx[FLD_OVERREDIRECT] = $pfx[FLD_OVERREDIRECT]; - $sgx[FLD_OVERREWRITENAME] = $pfx[FLD_OVERREWRITE]; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; + $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP]; // destinations - if (strpos($pfx['dest'], '[') === false) { - $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']); - $sgx[FLD_OVERDESTINATIONNAME] = ''; - } else { - $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); - $sgx[FLD_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') ); - $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[FLD_OVERDESTINATIONNAME]) ); - $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[FLD_OVERDESTINATIONNAME]) ); - } + if (strpos($pfx['dest'], '[') === false) + $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']); + else $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); // !ATTENTION! '!all' must be convert to 'none' $sgx[FLD_DESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]); - $sgx[FLD_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_OVERDESTINATIONNAME]); return $sgx; } diff --git a/packages/squidGuard/squidguard_acl.xml b/packages/squidGuard/squidguard_acl.xml index b3f4d2d7..3439e674 100644 --- a/packages/squidGuard/squidguard_acl.xml +++ b/packages/squidGuard/squidguard_acl.xml @@ -155,6 +155,15 @@ <size>100</size> </field> <field> + <fielddescr>Not to allow IP addresses in URL</fielddescr> + <fieldname>notallowingip</fieldname> + <description> + To make sure that people don't bypass the URL filter + by simply using the IP addresses instead of the fully qualified domain names, you can check this option. + </description> + <type>checkbox</type> + </field> + <field> <fielddescr>Redirect</fielddescr> <fieldname>redirect</fieldname> <description> @@ -199,6 +208,12 @@ <type>input</type> <size>100</size> </field> + <field> + <fielddescr>Enable log</fielddescr> + <fieldname>enablelog</fieldname> + <description>Check this for enable log.</description> + <type>checkbox</type> + </field> </fields> <custom_php_validation_command> diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc index 4e93098a..2a09fc62 100644 --- a/packages/squidGuard/squidguard_configurator.inc +++ b/packages/squidGuard/squidguard_configurator.inc @@ -60,7 +60,7 @@ define('FILES_DB_HEADER', ' # ------------------------------------------------------------------------------ '); -define('CONFIG_SG_HEADER', ' +define('CONFIG_SG_HEADER', " # ============================================================ # SquidGuard configuration file # @@ -69,7 +69,7 @@ define('CONFIG_SG_HEADER', ' # (C)2006 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ -'); +"); define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'"); @@ -148,6 +148,8 @@ define('SQUIDGUARD_LOG_LEVEL', 0); # ------------------------------------------------------------------------------ # define('FLT_DEFAULT_ALL', 'all'); +define('FLT_NOTALLOWIP', '!in-addr'); + # ------------------------------------------------------------------------------ # owner user name (squid system user - need for define rights access) # ------------------------------------------------------------------------------ @@ -229,6 +231,7 @@ define('FLD_TIMEDAYS', 'timedays'); define('FLD_DATRANGE', 'daterange'); define('FLD_TIMERANGE', 'sg_timerange'); define('FLD_REDIRECTMODE', 'redirect_mode'); // [redirect_mode] = rmod_int <base- use sgerror.php>; rmod_301; rmod_302; +define('FLD_NOTALLOWINGIP', 'notallowingip'); // not allowing ip in URL // transparent mode define('FLD_SQUID_TRANSPARENT_MODE', 'squid_transparent_mode'); @@ -842,9 +845,6 @@ function sg_build_config() { // --- Header --- $sgconf[] = CONFIG_SG_HEADER; - // redirector base url -# $redirect_base_url = sg_redirector_base_url(); - // init $sgconf[] = "logdir " . $squidguard_config[FLD_LOGDIR]; $sgconf[] = "dbhome " . $squidguard_config[FLD_DBHOME]; @@ -956,9 +956,6 @@ function sg_build_config() { if ($squidguard_config[FLD_DESTINATIONS]) { sg_addlog("sg_build_config: add destinations"); $sgconf[] = ""; -# $sgconf[] = "dest localhost { # fix localhost access problem on transparent proxy "; -# $sgconf[] = "\t ip 127.0.0.1"; -# $sgconf[] = "}"; $log_entr_added = ''; foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) { $dstname = $dst[FLD_NAME]; @@ -1016,10 +1013,11 @@ function sg_build_config() { $log_entr_added = ''; foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) { - // delete blacklist entries from 'pass' if blacklist disabled - if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') { + if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') { $tarray = explode(" ", $acl[FLD_DESTINATIONNAME]); $varray = explode(" ", $acl[FLD_OVERDESTINATIONNAME]); + + // delete blacklist entries from 'pass' if blacklist disabled foreach($entry_blacklist as $entry) { $tk = array_search($entry, $tarray); if ($tk !== false) unset ($tarray[$tk]); @@ -1033,11 +1031,22 @@ function sg_build_config() { $tk = array_search("!$entry", $varray); if ($tk !== false) unset ($varray[$tk]); } + $acl[FLD_DESTINATIONNAME] = implode (" ", $tarray); $acl[FLD_OVERDESTINATIONNAME] = implode (" ", $varray); } if (!$acl[FLD_DISABLED]) { + // not allowing IP in URL + if ($acl[FLD_NOTALLOWINGIP]) { + $acl[FLD_DESTINATIONNAME] = "!in-addr " . $acl[FLD_DESTINATIONNAME]; + $acl[FLD_OVERDESTINATIONNAME] = "!in-addr " . $acl[FLD_OVERDESTINATIONNAME]; + } + + // re-order acl pass (<allow><deny<all|none>) + $acl[FLD_DESTINATIONNAME] = sg_aclpass_reorder($acl[FLD_DESTINATIONNAME]); + $acl[FLD_OVERDESTINATIONNAME] = sg_aclpass_reorder($acl[FLD_OVERDESTINATIONNAME]); + if ($acl[FLD_DESCRIPTION]) $sgconf[] = "\t # " . $acl[FLD_DESCRIPTION]; @@ -1047,11 +1056,13 @@ function sg_build_config() { $sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME]; if ($acl[FLD_REDIRECT]) { if (is_url($acl[FLD_REDIRECT])) - $sgconf[] = "\t\t redirect " . $redirect_user_url . rawurlencode($acl[FLD_REDIRECT]); - else $sgconf[] = "\t\t redirect " . $redirect_user_url . "?msg=" . htmlspecialchars($acl[FLD_REDIRECT]); + $sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_REDIRECT]); # $redirect_user_url . rawurlencode($acl[FLD_REDIRECT]); + else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_user_url . "?msg=" . htmlspecialchars($acl[FLD_REDIRECT]); } if ($acl[FLD_REWRITENAME]) $sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME]; + if ($acl[FLD_LOG]) + $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; // overtime $sgconf[] = "\t } else {"; @@ -1060,6 +1071,8 @@ function sg_build_config() { $sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_OVERREDIRECT]); # $redirect_base_url . rawurlencode($acl[FLD_OVERREDIRECT]); if ($acl[FLD_OVERREWRITENAME]) $sgconf[] = "\t\t rewrite " . $acl[FLD_OVERREWRITENAME]; + if ($acl[FLD_LOG]) + $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; $sgconf[] = "\t }"; } else { @@ -1071,6 +1084,8 @@ function sg_build_config() { $sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($acl[FLD_REDIRECT]); if ($acl[FLD_REWRITENAME]) $sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME]; + if ($acl[FLD_LOG]) + $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; $sgconf[] = "\t }"; } @@ -1091,7 +1106,6 @@ function sg_build_config() { // delete blacklist entries from 'pass' if blacklist disabled if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') { $tarray = explode(" ", $def[FLD_DESTINATIONNAME]); - $varray = explode(" ", $def[FLD_OVERDESTINATIONNAME]); foreach($entry_blacklist as $entry) { $tk = array_search($entry , $tarray); if ($tk !== false) unset ($tarray[$tk]); @@ -1099,41 +1113,28 @@ function sg_build_config() { $tk = array_search("!$entry" , $tarray); if ($tk !== false) unset ($tarray[$tk]); - $tk = array_search($entry , $varray); - if ($tk !== false) unset ($varray[$tk]); - - $tk = array_search("!$entry" , $varray); - if ($tk !== false) unset ($varray[$tk]); } $def[FLD_DESTINATIONNAME] = implode (" ", $tarray); - $def[FLD_OVERDESTINATIONNAME] = implode (" ", $varray); } - if ($def[FLD_TIMENAME]) { - // ontime - $sgconf[] = "\t default within " . $def[FLD_TIMENAME] . " { "; - $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME]; - if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) - $sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_REDIRECT]); - else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; - // overtime - $sgconf[] = "\t } else {"; - $sgconf[] = "\t\t pass " . $def[FLD_OVERDESTINATIONNAME]; - if ($def[FLD_OVERREDIRECT] && is_url($def[FLD_OVERREDIRECT])) { - $sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_OVERREDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_OVERREDIRECT]); - } - else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; - $sgconf[] = "\t }"; - } else { - // without time - $sgconf[] = "\t default { "; - $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME]; - if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) { + // not allowing IP in URL + if ($def[FLD_NOTALLOWINGIP]) + $def[FLD_DESTINATIONNAME] = "!in-addr " . $def[FLD_DESTINATIONNAME]; + + // re-order acl pass (<allow><deny<all|none>) + $def[FLD_DESTINATIONNAME] = sg_aclpass_reorder($def[FLD_DESTINATIONNAME]); + + // 'Default' used without time + $sgconf[] = "\t default { "; + $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME]; + if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) { $sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_REDIRECT]); - } - else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; - $sgconf[] = "\t }"; } + else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; + if ($def[FLD_LOG]) + $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; + $sgconf[] = "\t }"; + } // if def else { sg_addlog("sg_build_config: error - ACL 'default' is empty, use as default 'block all'."); @@ -1148,6 +1149,30 @@ function sg_build_config() { return $sgconf; } +// ------------------------------------------------------------ +// +// ------------------------------------------------------------ +function sg_aclpass_reorder($pass) { + $ar_pass = explode(" ", $pass); + + // 'pass' order: <allow> <deny> <all|none> + if (is_array($ar_pass)) { + $pass_end = ''; + $pass_fst = array(); + $pass_lst = array(); + foreach ($ar_pass as $val) { + $tk = trim($val); + if ($tk === 'all' or $tk === 'none') + $pass_end = $val; + elseif (strpos($tk, "!") !== false) + $pass_lst[] = $val; + else $pass_fst[] = $val; + } + $ar_pass = array_merge($pass_fst, $pass_lst); + $ar_pass[] = $pass_end; + } + return implode(" ", $ar_pass); +} // ------------------------------------------------------------ // sg_check_config_data @@ -1356,25 +1381,6 @@ function sg_check_config_data () { $check_log[] = "ACL 'default' error: ontime pass list is empty."; } - // check overtime destinations - if ($time) { - if ($def[FLD_OVERDESTINATIONNAME]) { - $defoverdest = str_replace("!", "", $def[FLD_OVERDESTINATIONNAME]); - $defoverdest = explode(" ", $defoverdest); - $key_defoverdest = array_count_values($defoverdest); - foreach($defoverdest as $adest) { - // check duplicates destinations in acl - if ($key_defoverdest[$adest] > 1) - $check_log[] = "ACL 'default' error: duplicate overtime destination name '$adest'. Any destination must included once."; - // check destinations for exists - if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) - $check_log[] = "ACL 'default' error: overtime destination name '$adest' not found"; - } - } else { - $check_log[] = "ACL 'default' error: overtime pass list is empty."; - } - } - // check rewrite $rew = $def[FLD_REWRITENAME]; if ($rew and !$key_rewrites[$rew]) diff --git a/packages/squidGuard/squidguard_default.xml b/packages/squidGuard/squidguard_default.xml index 0354f1dd..3f83b267 100644 --- a/packages/squidGuard/squidguard_default.xml +++ b/packages/squidGuard/squidguard_default.xml @@ -45,12 +45,6 @@ <fields> <field> - <fielddescr>Default Time</fielddescr> - <fieldname>time</fieldname> - <description>Enter time name in current which this rule permitted.</description> - <type>select</type> - </field> - <field> <fielddescr>Default destination</fielddescr> <fieldname>dest</fieldname> <description></description> @@ -58,21 +52,17 @@ <size>100</size> </field> <field> - <fielddescr>Default Redirect</fielddescr> - <fieldname>redirect</fieldname> + <fielddescr>Not to allow IP addresses in URL</fielddescr> + <fieldname>notallowingip</fieldname> <description> - Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> - Supported URL's: 'http://myurl', 'https://myurl'. <br> - Supported tags: 'blank', 'blank_img'. <br> - Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. + To make sure that people don't bypass the URL filter + by simply using the IP addresses instead of the fully qualified domain names, you can check this option. </description> - <type>textarea</type> - <cols>65</cols> - <rows>2</rows> + <type>checkbox</type> </field> <field> - <fielddescr>Default overtime redirect</fielddescr> - <fieldname>overredirect</fieldname> + <fielddescr>Default Redirect</fielddescr> + <fieldname>redirect</fieldname> <description> Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> Supported URL's: 'http://myurl', 'https://myurl'. <br> @@ -90,12 +80,6 @@ <type>select</type> </field> <field> - <fielddescr>Default overtime rewrite</fielddescr> - <fieldname>overrewrite</fieldname> - <description>Enter rewrite condition name for this rule, or leave blank.</description> - <type>select</type> - </field> - <field> <fielddescr>Enable log</fielddescr> <fieldname>enablelog</fieldname> <description>Check this for enable log.</description> @@ -107,7 +91,7 @@ squidguard_validate_acl(&$_POST, &$input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form_acl(&$pkg); + squidguard_before_form_acl(&$pkg, false); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/packages/squidGuard/squidguard_src.xml b/packages/squidGuard/squidguard_src.xml deleted file mode 100644 index 000528db..00000000 --- a/packages/squidGuard/squidguard_src.xml +++ /dev/null @@ -1,160 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - - <name>squidguardsrc</name> - <version>none</version> - <title>Proxy Content filter SquidGuard: Sources</title> - <include_file>/usr/local/pkg/squidguard.inc</include_file> - - <delete_string>A proxy server user has been deleted.</delete_string> - <addedit_string>A proxy server user has been created/modified.</addedit_string> - - <tabs> - <tab> - <text>General settings</text> - <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> - </tab> - <tab> - <text>Default</text> - <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> - </tab> - <tab> - <text>ACL</text> - <url>/pkg.php?xml=squidguard_acl.xml</url> - </tab> - <tab> - <text>Sources</text> - <url>/pkg.php?xml=squidguard_src.xml</url> - <active/> - </tab> - <tab> - <text>Destinations</text> - <url>/pkg.php?xml=squidguard_dest.xml</url> - </tab> - <tab> - <text>Times</text> - <url>/pkg.php?xml=squidguard_time.xml</url> - </tab> - <tab> - <text>Rewrites</text> - <url>/pkg.php?xml=squidguard_rewr.xml</url> - </tab> - <tab> - <text>Log</text> - <url>/pkg_edit.php?xml=squidguard_log.xml</url> - </tab> - </tabs> - - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Order</fielddescr> - <fieldname>order</fieldname> - </columnitem> - <columnitem> - <fielddescr>Source name</fielddescr> - <fieldname>name</fieldname> - </columnitem> - <columnitem> - <fielddescr>IP list</fielddescr> - <fieldname>iplist</fieldname> - </columnitem> - <columnitem> - <fielddescr>domains list</fielddescr> - <fieldname>domains</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - </adddeleteeditpagefields> - - <fields> - <field> - <fielddescr>Source name</fielddescr> - <fieldname>name</fieldname> - <description> - You can enter name here. Name consist minimum 2 symbols, first from which letter. <br> - All other symbols is [a-Z_0-9]. Source name must be <b>unique</b> . - </description> - <type>input</type> - <required/> - <size>80</size> - </field> - <field> - <fielddescr>Order</fielddescr> - <fieldname>order</fieldname> - <description> - Order source in list. <br> - <b>Note:</b> <br> - Sources order have very high importance. Sources are evaluated on a first-match basis. <br> - If your sources have an overlaying ranges, then act will be first in list. <br> - <b>For example:</b> <br> - Wrong order: <br> - First source entry is the range 10.0.0.0/24 and second entry is 10.0.0.15 (or 10.0.0.15/32 ) <br> - Right order: <br> - First source entry is the single ip 10.0.0.15 (or 10.0.0.15/32 ) then the overlaying range 10.0.0.0/24 <br> - </description> - <type>input</type> - <size>5</size> - </field> - <field> - <fielddescr>IP addresses</fielddescr> - <fieldname>iplist</fieldname> - <description> - Enter IP addresses here with space(' ') divider. <br> - IP addresses must have format:<br> - single example: '192.168.0.1' <br> - range examples: <br> - '192.168.0.0/24', '192.168.1.0/255.255.255.0', '192.168.1.1-192.168.1.10' <br> - </description> - <type>textarea</type> - <cols>50</cols> - <rows>10</rows> - </field> - <field> - <fielddescr>Domains</fielddescr> - <fieldname>domains</fieldname> - <description> - Enter domains names here with space(' ') divider. <br> - Example: <b>'foo.bar'</b> match <b>'foo.bar'</b> or <b>'*.foo.bar'</b>. - </description> - <type>textarea</type> - <cols>50</cols> - <rows>10</rows> - </field> - <field> - <fielddescr>Enable log</fielddescr> - <fieldname>enablelog</fieldname> - <description>Check this for enable log.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description></description> - <type>input</type> - <size>80</size> - </field> - </fields> - - <custom_php_command_before_form> - squidguard_before_form_src(&$pkg); - </custom_php_command_before_form> - <custom_php_after_form_command> - squidGuard_print_javascript(); - </custom_php_after_form_command> - <custom_php_validation_command> - squidguard_validate_source($_POST, &$input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - squidguard_resync_src(); - </custom_php_resync_config_command> - <custom_delete_php_command> - squidguard_resync_src(); - </custom_delete_php_command> -</packagegui> |