aboutsummaryrefslogtreecommitdiffstats
path: root/config/dansguardian
diff options
context:
space:
mode:
Diffstat (limited to 'config/dansguardian')
-rwxr-xr-xconfig/dansguardian/dansguardian.conf.template3
-rwxr-xr-xconfig/dansguardian/dansguardian.inc211
-rwxr-xr-xconfig/dansguardian/dansguardian_about.php10
-rwxr-xr-xconfig/dansguardian/dansguardian_groups.xml54
-rw-r--r--config/dansguardian/dansguardian_ips_header.xml16
-rw-r--r--config/dansguardian/dansguardian_log.xml8
-rwxr-xr-xconfig/dansguardian/dansguardian_site_acl.xml2
-rwxr-xr-xconfig/dansguardian/dansguardian_url_acl.xml2
-rw-r--r--config/dansguardian/dansguardianfx.conf.template70
9 files changed, 280 insertions, 96 deletions
diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template
index 27099332..ab30527a 100755
--- a/config/dansguardian/dansguardian.conf.template
+++ b/config/dansguardian/dansguardian.conf.template
@@ -157,7 +157,8 @@ proxyport = {$proxyport}
#
# Individual filter groups can override this setting in their own configuration.
#
-accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+{$accessdeniedaddress}
# Non standard delimiter (only used with accessdeniedaddress)
# To help preserve the full banned URL, including parameters, the variables
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 56acfc5e..c897f944 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -29,9 +29,18 @@
*/
require_once("util.inc");
-require("globals.inc");
+require_once("globals.inc");
#require("guiconfig.inc");
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version > 2.0)
+ define('DANSGUARDIAN_DIR', '/usr/pbi/dansguardian-' . php_uname("m"));
+else
+ define('DANSGUARDIAN_DIR', '/usr/local');
+
+ $uname=posix_uname();
+if ($uname['machine']=='amd64')
+ ini_set('memory_limit', '250M');
function dg_text_area_decode($text){
return preg_replace('/\r\n/', "\n",base64_decode($text));
@@ -81,7 +90,7 @@ function check_ca_hashes(){
}
}
-function sync_package_dansguardian() {
+function sync_package_dansguardian($via_rpc=false) {
global $config,$g;
# detect boot process
@@ -92,6 +101,9 @@ function sync_package_dansguardian() {
$boot_process="on";
}
+ if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc==false)
+ return;
+
#assign xml arrays
if (!is_array($config['installedpackages']['dansguardian']))
$config['installedpackages']['dansguardian']['config'][0]=array('interface'=>'lo0',
@@ -126,14 +138,22 @@ function sync_package_dansguardian() {
$filterport=($dansguardian['filterports']?$dansguardian['filterports']:"8080");
$softrestart=(preg_match('/softrestart/',$dansguardian['daemon_options'])?"yes":"no");
$nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"off");
- if (preg_match("/\d+\/\d+/",$dansguardian['children']))
- list($minchildren,$maxchildren) = split ("/", $dansguardian['children'], 2);
- else
- list($minchildren,$maxchildren) = split ("/", "8/120", 2);
- if (preg_match("/\d+\/\d+/",$dansguardian['sparechildren']))
- list($minsparechildren,$maxsparechildren) = split ("/", $dansguardian['sparechildren'], 2);
- else
- list($minsparechildren,$maxsparechildren) = split ("/", "8/64", 2);
+ if (preg_match("/(\d+)\/(\d+)/",$dansguardian['children'],$matches)){
+ $minchildren=$matches[1];
+ $maxchildren=$matches[2];
+ }
+ else{
+ $minchildren=8;
+ $maxchildren=120;
+ }
+ if (preg_match("/(\d+)\/(\d+)/",$dansguardian['sparechildren'],$matches)){
+ $minsparechildren=$matches[1];
+ $maxsparechildren=$matches[2];
+ }
+ else{
+ $minsparechildren=8;
+ $maxsparechildren=64;
+ }
$maxagechildren=($dansguardian['maxagechildren']?$dansguardian['maxagechildren']:"500");
$maxips=($dansguardian['maxips']?$dansguardian['maxips']:"0");
$preforkchildren=($dansguardian['preforkchildren']?$dansguardian['preforkchildren']:"10");
@@ -181,6 +201,16 @@ function sync_package_dansguardian() {
#report and log
$reportlevel=($dansguardian_log['report_level']?$dansguardian_log['report_level']:"3");
+ if ($reportlevel == 1 || $reportlevel== 2){
+ if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_log['reportingcgi'],$cgimatches)){
+ $accessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'";
+ }
+ else{
+ log_error("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url");
+ file_notice("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url","");
+ }
+ }
+ $accessdenied=($dansguardian_log['reportingcgi']?$dansguardian_log['report_level']:"3");
$reportlanguage=($dansguardian_log['report_language']?$dansguardian_log['report_language']:"ukenglish");
$showweightedfound=(preg_match('/showweightedfound/',$dansguardian_log['report_options'])?"on":"off");
$usecustombannedflash=(preg_match('/usecustombannedflash/',$dansguardian_log['report_options'])?"on":"off");
@@ -236,10 +266,10 @@ function sync_package_dansguardian() {
"/lists/contentscanners/exceptionvirusmimetypelist",
"/lists/contentscanners/exceptionvirussitelist",
"/lists/contentscanners/exceptionvirusurllist",
+ "/lists/exceptioniplist",
"/lists/pics");
-
- $dansguardian_dir="/usr/local/etc/dansguardian";
+ $dansguardian_dir= DANSGUARDIAN_DIR . "/etc/dansguardian";
foreach ($files as $file)
if (! file_exists($dansguardian_dir.$file.'.sample')){
$new_file="";
@@ -303,12 +333,12 @@ function sync_package_dansguardian() {
#phrase ACL
#create a default setup if not exists
if (!is_array($config['installedpackages']['dansguardianphraseacl']['config'])){
- $banned_file=file("/usr/local/etc/dansguardian/lists/bannedphraselist");
+ $banned_file=file(DANSGUARDIAN_DIR . "/etc/dansguardian/lists/bannedphraselist");
foreach($banned_file as $file_line)
if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches))
$banned_includes .= $matches[1].",";
- $weighted_file=file("/usr/local/etc/dansguardian/lists/weightedphraselist");
+ $weighted_file=file(DANSGUARDIAN_DIR . "/etc/dansguardian/lists/weightedphraselist");
foreach($weighted_file as $file_line)
if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches))
$weighted_includes .= $matches[1].",";
@@ -399,7 +429,7 @@ function sync_package_dansguardian() {
file_put_contents($dansguardian_dir."/lists/logsitelist.".$dansguardian_site['name'],($dansguardian_site['urlsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']):""),LOCK_EX);
$count++;
}
-
+
#URL ACL
#create a default setup if not exists
if (!is_array($config['installedpackages']['dansguardianurlacl']['config']))
@@ -647,7 +677,7 @@ function sync_package_dansguardian() {
if($dansguardian_antivirus['extension_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')){
$config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample'));
$load_samples++;
- }
+ }
file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusextensionlist",($dansguardian_antivirus['extension_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']):""),LOCK_EX);
#log report
@@ -657,7 +687,17 @@ function sync_package_dansguardian() {
$config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file);
$dansguardian_log['report_file']=base64_encode($report_file);
$load_samples++;
- }
+ }
+
+ #exception ip list
+ #create a default setup if not exists
+ if (!is_array($config['installedpackages']['dansguardianips']['config']))
+ $config['installedpackages']['dansguardianips']['config'][0]=array("exceptioniplist" => "");
+ if($config['installedpackages']['dansguardianips']['config'][0]['exceptioniplist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptioniplist.sample')){
+ $config['installedpackages']['dansguardianips']['config'][0]['exceptioniplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptioniplist.sample'));
+ $load_samples++;
+ }
+ file_put_contents($dansguardian_dir."/lists/exceptioniplist",dg_text_area_decode($config['installedpackages']['dansguardianips']['config'][0]['exceptioniplist']),LOCK_EX);
if($load_samples > 0)
write_config();
@@ -676,7 +716,8 @@ function sync_package_dansguardian() {
'urlacl'=> "Default",
'group_options' => "scancleancache,infectionbypasserrorsonly",
'reportinglevel'=>'3',
- 'mode'=> "1");
+ 'mode'=> "1",
+ 'report_level'=>"global");
$groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm");
#loop on array
@@ -695,8 +736,87 @@ function sync_package_dansguardian() {
$dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0");
$dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0");
$dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da");
+ switch ($dansguardian_groups['reportinglevel']){
+ case "1":
+ case "2":
+ $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel'];
+ if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_groups['reportingcgi'],$cgimatches)){
+ $groupaccessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'";
+ }
+ else{
+ log_error('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.');
+ file_notice('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.',"");
+ }
+ break;
+ case "-1":
+ case "0":
+ case "3":
+ $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel'];
+ $groupaccessdeniedaddress="";
+ break;
+ default:
+ $groupreportinglevel="";
+ $groupaccessdeniedaddress="";
+ }
+
foreach ($groups as $group)
$dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off");
+ #create group list files
+ $lists=array("phraseacl" => array("bannedphrase","weightedphrase","exceptionphrase"),
+ "siteacl" => array("bannedsite","greysite","exceptionsite","exceptionfilesite","logsite"),
+ "urlacl" => array("bannedurl","greyurl","exceptionurl","exceptionregexpurl","bannedregexpurl","urlregexp","exceptionfileurl","logurl","logregexpurl"),
+ "contentacl" => array("contentregexp"),
+ "extensionacl"=> array("exceptionextension","exceptionmimetype","bannedextension","bannedmimetype"),
+ "headeracl" => array("headerregexp","bannedregexpheader"),
+ "searchacl" => array("searchengineregexp","bannedsearchterm","weightedsearchterm","exceptionsearchterm")
+ );
+ foreach ($lists as $list_key => $list_array){
+ foreach ($list_array as $list_value){
+ #read all access lists applied tho this group option
+ foreach (explode(",",$dansguardian_groups[$list_key]) as $dacl){
+ if (! is_array(${$list_value}))
+ ${$list_value}=array();
+ $file_temp=file_get_contents(DANSGUARDIAN_DIR . "/etc/dansguardian/lists/{$list_value}list.{$dacl}")."\n";
+ ${$list_value}=array_merge(explode("\n",$file_temp),${$list_value});
+ }
+ #add a package warning
+ array_unshift(${$list_value},"#Do not edit this file.","#It's created by dansguardian package and overwrited every config save.");
+ #save group file and unset array
+ file_put_contents(DANSGUARDIAN_DIR . "/etc/dansguardian/lists/{$list_value}list.g_{$dansguardian_groups['name']}",implode("\n",array_unique(${$list_value}))."\n",LOCK_EX);
+ unset(${$list_value});
+ }
+ }
+ /*
+ bannedphraselist = '/usr/local/etc/dansguardian/lists/bannedphraselist.{$dansguardian_groups['phraseacl']}'
+ weightedphraselist = '/usr/local/etc/dansguardian/lists/weightedphraselist.{$dansguardian_groups['phraseacl']}'
+ exceptionphraselist = '/usr/local/etc/dansguardian/lists/exceptionphraselist.{$dansguardian_groups['phraseacl']}'
+ bannedsitelist = '/usr/local/etc/dansguardian/lists/bannedsitelist.{$dansguardian_groups['siteacl']}'
+ greysitelist = '/usr/local/etc/dansguardian/lists/greysitelist.{$dansguardian_groups['siteacl']}'
+ exceptionsitelist = '/usr/local/etc/dansguardian/lists/exceptionsitelist.{$dansguardian_groups['siteacl']}'
+ bannedurllist = '/usr/local/etc/dansguardian/lists/bannedurllist.{$dansguardian_groups['urlacl']}'
+ greyurllist = '/usr/local/etc/dansguardian/lists/greyurllist.{$dansguardian_groups['urlacl']}'
+ exceptionurllist = '/usr/local/etc/dansguardian/lists/exceptionurllist.{$dansguardian_groups['urlacl']}'
+ exceptionregexpurllist = '/usr/local/etc/dansguardian/lists/exceptionregexpurllist.{$dansguardian_groups['urlacl']}'
+ bannedregexpurllist = '/usr/local/etc/dansguardian/lists/bannedregexpurllist.{$dansguardian_groups['urlacl']}'
+ contentregexplist = '/usr/local/etc/dansguardian/lists/contentregexplist.{$dansguardian_groups['contentacl']}'
+ urlregexplist = '/usr/local/etc/dansguardian/lists/urlregexplist.{$dansguardian_groups['urlacl']}'
+ exceptionextensionlist = '/usr/local/etc/dansguardian/lists/exceptionextensionlist.{$dansguardian_groups['extensionacl']}'
+ exceptionmimetypelist = '/usr/local/etc/dansguardian/lists/exceptionmimetypelist.{$dansguardian_groups['extensionacl']}'
+ bannedextensionlist = '/usr/local/etc/dansguardian/lists/bannedextensionlist.{$dansguardian_groups['extensionacl']}'
+ bannedmimetypelist = '/usr/local/etc/dansguardian/lists/bannedmimetypelist.{$dansguardian_groups['extensionacl']}'
+ exceptionfilesitelist = '/usr/local/etc/dansguardian/lists/exceptionfilesitelist.{$dansguardian_groups['siteacl']}'
+ exceptionfileurllist = '/usr/local/etc/dansguardian/lists/exceptionfileurllist.{$dansguardian_groups['urlacl']}'
+ logsitelist = '/usr/local/etc/dansguardian/lists/logsitelist.{$dansguardian_groups['siteacl']}'
+ logurllist = '/usr/local/etc/dansguardian/lists/logurllist.{$dansguardian_groups['urlacl']}'
+ logregexpurllist = '/usr/local/etc/dansguardian/lists/logregexpurllist.{$dansguardian_groups['urlacl']}'
+ headerregexplist = '/usr/local/etc/dansguardian/lists/headerregexplist.{$dansguardian_groups['headeracl']}'
+ bannedregexpheaderlist = '/usr/local/etc/dansguardian/lists/bannedregexpheaderlist.{$dansguardian_groups['headeracl']}'
+ searchengineregexplist = '/usr/local/etc/dansguardian/lists/searchengineregexplist.{$dansguardian_groups['searchacl']}'
+ bannedsearchtermlist = '/usr/local/etc/dansguardian/lists/bannedsearchtermlist.{$dansguardian_groups['searchacl']}'
+ weightedsearchtermlist = '/usr/local/etc/dansguardian/lists/weightedsearchtermlist.{$dansguardian_groups['searchacl']}'
+ exceptionsearchtermlist = '/usr/local/etc/dansguardian/lists/exceptionsearchtermlist.{$dansguardian_groups['searchacl']}'
+ */
+ $dg_dir=DANSGUARDIAN_DIR;
include("/usr/local/pkg/dansguardianfx.conf.template");
file_put_contents($dansguardian_dir."/dansguardianf".$count.".conf", $dgf, LOCK_EX);
@@ -769,7 +889,7 @@ EOF;
<fielddescr>Users</fielddescr>
<fieldname>info_checkbox</fieldname>
<type>checkbox</type>
- <description><![CDATA[Dansguardian users are required only when you have more then one group.<br>All unauthenticated users or unlisted uses will match first filter group.]]></description>
+ <description><![CDATA[Dansguardian users are required only when you have more then one group.<br>All unauthenticated users or unlisted users will match first filter group.]]></description>
</field>
EOF;
}
@@ -986,7 +1106,7 @@ EOF;
$replace[0]='YES';
#clamdscan.conf dansguardian file
- $cconf="/usr/local/etc/dansguardian/contentscanners/clamdscan.conf";
+ $cconf=DANSGUARDIAN_DIR . "/etc/dansguardian/contentscanners/clamdscan.conf";
$cconf_file=file_get_contents($cconf);
if (preg_match('/#clamdudsfile/',$cconf_file)){
$cconf_file=preg_replace('/#clamdudsfile/','clamdudsfile',$cconf_file);
@@ -1013,7 +1133,7 @@ EOF;
}
file_put_contents($script, $new_clamav_startup, LOCK_EX);
chmod ($script,0755);
- if (file_exists('/var/run/dansguardian.pid') && is_process_running('clamd') && !isset($boot_process)){
+ if (file_exists('/var/run/dansguardian.pid') && is_process_running('clamd')){
log_error('Stopping clamav-clamd');
mwexec("$script stop");
}
@@ -1028,17 +1148,14 @@ EOF;
#check certificate hashed
- $script='/usr/local/etc/rc.d/dansguardian';
-
- if($config['installedpackages']['dansguardian']['config'][0]['enable']){
- copy('/usr/local/pkg/dansguardian_rc.template','/usr/local/etc/rc.d/dansguardian');
+ $script='/usr/local/etc/rc.d/dansguardian.sh';
+ unlink_if_exists('/usr/local/etc/rc.d/dansguardian');
+ if($config['installedpackages']['dansguardian']['config'][0]['enable']=="on"){
+ copy('/usr/local/pkg/dansguardian_rc.template',$script);
chmod ($script,0755);
if (is_process_running('dansguardian')){
- #prevent multiple reloads during boot process
- if (!isset($boot_process)){
- log_error('Reloading Dansguardian');
- exec("/usr/local/sbin/dansguardian -r");
- }
+ log_error('Reloading Dansguardian');
+ exec("/usr/local/sbin/dansguardian -r");
}
else{
log_error('Starting Dansguardian');
@@ -1047,15 +1164,15 @@ EOF;
}
else{
if (is_process_running('dansguardian')){
- log_error('Stopping Dansguardian');
+ log_error('Dansguardian is disabled, stopping process...');
mwexec("$script stop");
}
if (file_exists($script))
chmod ($script,444);
}
- if (!file_exists('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8'))
- file_put_contents('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX);
+ if (!file_exists(DANSGUARDIAN_DIR . '/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8'))
+ file_put_contents(DANSGUARDIAN_DIR . '/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX);
#check ca certs hashes
check_ca_hashes();
@@ -1103,11 +1220,17 @@ function dansguardian_php_install_command() {
function dansguardian_php_deinstall_command() {
global $config,$g;
- mwexec("/usr/local/etc/rc.d/dansguardian stop");
- sleep(1);
- conf_mount_rw();
- chmod ("/usr/local/etc/rc.d/dansguardian",0444);
- conf_mount_ro();
+ if(is_process_running('dansguardian')){
+ log_error("stopping dansguardian..");
+ mwexec("/usr/local/etc/rc.d/dansguardian.sh stop");
+ sleep(1);
+ }
+
+ if (file_exists("/usr/local/etc/rc.d/dansguardian.sh")){
+ conf_mount_rw();
+ chmod ("/usr/local/etc/rc.d/dansguardian.sh",0444);
+ conf_mount_ro();
+ }
}
function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
@@ -1174,15 +1297,15 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
$cli->setCredentials('admin', $password);
if($g['debug'])
$cli->setDebug(1);
- /* send our XMLRPC message and timeout after 250 seconds */
- $resp = $cli->send($msg, "250");
+ /* send our XMLRPC message and timeout after 30 seconds */
+ $resp = $cli->send($msg, "30");
if(!$resp) {
$error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port}.";
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, "30");
$error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
@@ -1193,7 +1316,7 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
/* tell dansguardian to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/dansguardian.inc');\n";
- $execcmd .= "sync_package_dansguardian();";
+ $execcmd .= "sync_package_dansguardian(true);";
/* assemble xmlrpc payload */
$params = array(
@@ -1205,14 +1328,14 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials('admin', $password);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, "30");
if(!$resp) {
$error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, "30");
$error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
diff --git a/config/dansguardian/dansguardian_about.php b/config/dansguardian/dansguardian_about.php
index 49359472..07b5768e 100755
--- a/config/dansguardian/dansguardian_about.php
+++ b/config/dansguardian/dansguardian_about.php
@@ -1,6 +1,6 @@
<?php
/*
- mailscanner_about.php
+ dansguardian_about.php
part of pfSense (http://www.pfsense.com/)
Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com>
All rights reserved.
@@ -27,7 +27,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-require("guiconfig.inc");
+require_once("guiconfig.inc");
$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
if(strstr($pfSversion, "1.2"))
@@ -96,9 +96,9 @@ include("head.inc");
<td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td>
- <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br>
- If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td>
+ <td width="22%" valign="top" class="vncell"><?=gettext("Donations ");?></td>
+ <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br><br>
+ If you want your donation to go to this package developer, make a note on the donation forwarding it to me.<br><br>");?></td>
</tr>
</table>
diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml
index baa9b44a..9498ef4c 100755
--- a/config/dansguardian/dansguardian_groups.xml
+++ b/config/dansguardian/dansguardian_groups.xml
@@ -105,7 +105,10 @@
<fielddescr>Group mode</fielddescr>
<fieldname>mode</fieldname>
</columnitem>
-
+ <columnitem>
+ <fielddescr>Reporting level</fielddescr>
+ <fieldname>reportinglevel</fieldname>
+ </columnitem>
<columnitem>
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
@@ -160,6 +163,8 @@
<source><![CDATA[$config['installedpackages']['dansguardianpicsacl']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
+ <multiple/>
+ <size>5</size>
</field>
<field>
<fielddescr>Phrase</fielddescr>
@@ -169,60 +174,74 @@
<source><![CDATA[$config['installedpackages']['dansguardianphraseacl']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
+ <multiple/>
+ <size>5</size>
</field>
<field>
<fielddescr>Site</fielddescr>
<fieldname>siteacl</fieldname>
- <description><![CDATA[Select Site Access List to apply on this group.]]></description>
+ <description><![CDATA[Select Site Access Lists to apply on this group.]]></description>
<type>select_source</type>
<source><![CDATA[$config['installedpackages']['dansguardiansiteacl']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
+ <multiple/>
+ <size>5</size>
</field>
<field>
<fielddescr>URL</fielddescr>
<fieldname>urlacl</fieldname>
- <description><![CDATA[Select URL Access List to apply on this group.]]></description>
+ <description><![CDATA[Select URL Access Lists to apply on this group.]]></description>
<type>select_source</type>
<source><![CDATA[$config['installedpackages']['dansguardianurlacl']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
+ <multiple/>
+ <size>5</size>
</field>
<field>
<fielddescr>Extension</fielddescr>
<fieldname>extensionacl</fieldname>
- <description><![CDATA[Select Extension Access List to apply on this group.]]></description>
+ <description><![CDATA[Select Extension Access Lists to apply on this group.]]></description>
<type>select_source</type>
<source><![CDATA[$config['installedpackages']['dansguardianfileacl']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
+ <multiple/>
+ <size>5</size>
</field>
<field>
<fielddescr>Header</fielddescr>
<fieldname>headeracl</fieldname>
- <description><![CDATA[Select Header Access List to apply on this group.]]></description>
+ <description><![CDATA[Select Header Access Lists to apply on this group.]]></description>
<type>select_source</type>
<source><![CDATA[$config['installedpackages']['dansguardianheaderacl']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
+ <multiple/>
+ <size>5</size>
</field>
<field>
<fielddescr>Content</fielddescr>
<fieldname>contentacl</fieldname>
- <description><![CDATA[Select Content Access List to apply on this group.]]></description>
+ <description><![CDATA[Select Content Access Lists to apply on this group.]]></description>
<type>select_source</type>
<source><![CDATA[$config['installedpackages']['dansguardiancontentacl']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
+ <multiple/>
+ <size>5</size>
</field>
<field>
<fielddescr>Search</fielddescr>
<fieldname>searchacl</fieldname>
- <description><![CDATA[Select Search Access list to apply on this group.]]></description>
+ <description><![CDATA[Select Search Access lists to apply on this group.]]></description>
<type>select_source</type>
<source><![CDATA[$config['installedpackages']['dansguardiansearchacl']['config']]]></source>
<source_name>name</source_name>
<source_value>name</source_value>
+ <multiple/>
+ <size>5</size>
</field>
<field>
<name>Values</name>
@@ -247,7 +266,8 @@
If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]></description>
<type>select</type>
<options>
- <option><name>Use HTML template file (accessdeniedaddress ignored) - recommended</name><value>3</value></option>
+ <option><name>Use General log option selected on Report and log - recommended</name><value>global</value></option>
+ <option><name>Use HTML template file (accessdeniedaddress ignored)</name><value>3</value></option>
<option><name>Report fully</name><value>2</value></option>
<option><name>Report why but not what denied phrase</name><value>1</value></option>
<option><name>Just say 'Access Denied'</name><value>0</value></option>
@@ -255,6 +275,15 @@
</options>
</field>
<field>
+ <fielddescr>Access Denied cgi</fielddescr>
+ <fieldname>reportingcgi</fieldname>
+ <description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script
+ ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description>
+ <type>input</type>
+ <size>70</size>
+ </field>
+
+ <field>
<fielddescr>Weighted phrase mode</fielddescr>
<fieldname>weightedphrasemode</fieldname>
<description><![CDATA[IMPORTANT: Note that setting this to "0" turns off all features which extract phrases from page content,
@@ -321,6 +350,15 @@
<type>input</type>
<size>10</size>
</field>
+ <field>
+ <fielddescr>Temporary Denied Page Bypass Secret Key</fielddescr>
+ <fieldname>bypasskey</fieldname>
+ <description><![CDATA[If not empty, rather than generating a random key you can specify one. It must be more than 8 chars.<br>
+ Ex1:Mary had a little lamb.<br>
+ Ex2:76b42abc1cd0fdcaf6e943dcbc93b826]]></description>
+ <type>input</type>
+ <size>70</size>
+ </field>
<field>
<fielddescr>Infection/Scan Error Bypass</fielddescr>
<fieldname>infectionbypass</fieldname>
diff --git a/config/dansguardian/dansguardian_ips_header.xml b/config/dansguardian/dansguardian_ips_header.xml
index 33e50332..c15e31da 100644
--- a/config/dansguardian/dansguardian_ips_header.xml
+++ b/config/dansguardian/dansguardian_ips_header.xml
@@ -97,4 +97,18 @@
</tab>
</tabs>
<fields>
- \ No newline at end of file
+ <field>
+ <name>Exception IP list</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fieldname>exceptioniplist</fieldname>
+ <fielddescr>Exception Ip List</fielddescr>
+ <description><![CDATA[Include ip addresses and or ipadresses/netmask of computers from which web access should not be filtered.<br>
+ Leave empty to load dansguardian defaults.]]></description>
+ <type>textarea</type>
+ <cols>80</cols>
+ <rows>12</rows>
+ <encoding>base64</encoding>
+ </field>
+ \ No newline at end of file
diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml
index a3448d44..a9b9d0e9 100644
--- a/config/dansguardian/dansguardian_log.xml
+++ b/config/dansguardian/dansguardian_log.xml
@@ -114,6 +114,14 @@
<option><name>Just say 'Access Denied'</name><value>0</value></option>
<option><name>Log but do not block - Stealth mode</name><value>-1</value></option>
</options>
+ </field>
+ <field>
+ <fielddescr>Access Denied cgi</fielddescr>
+ <fieldname>reportingcgi</fieldname>
+ <description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script
+ ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description>
+ <type>input</type>
+ <size>70</size>
</field>
<field>
<fielddescr>Report Language</fielddescr>
diff --git a/config/dansguardian/dansguardian_site_acl.xml b/config/dansguardian/dansguardian_site_acl.xml
index 163c94c9..fcddfea6 100755
--- a/config/dansguardian/dansguardian_site_acl.xml
+++ b/config/dansguardian/dansguardian_site_acl.xml
@@ -161,7 +161,7 @@
</field>
<field>
<fielddescr>Enable</fielddescr>
- <fieldname>greysite_enable</fieldname>
+ <fieldname>greysite_enabled</fieldname>
<type>checkbox</type>
<description></description>
</field>
diff --git a/config/dansguardian/dansguardian_url_acl.xml b/config/dansguardian/dansguardian_url_acl.xml
index 28497e57..556e0bab 100755
--- a/config/dansguardian/dansguardian_url_acl.xml
+++ b/config/dansguardian/dansguardian_url_acl.xml
@@ -77,7 +77,7 @@
</tab>
<tab>
<text>Content</text>
- <url>/pkg.php?xml=dansguardian_file_acl.xml</url>
+ <url>/pkg.php?xml=dansguardian_content_acl.xml</url>
</tab>
<tab>
<text>Header</text>
diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template
index ccc24f19..cfc9645e 100644
--- a/config/dansguardian/dansguardianfx.conf.template
+++ b/config/dansguardian/dansguardianfx.conf.template
@@ -56,20 +56,20 @@ groupmode = {$dansguardian_groups['mode']}
groupname = '{$dansguardian_groups['name']}'
# Content filtering files location
-bannedphraselist = '/usr/local/etc/dansguardian/lists/weightedphraselist.{$dansguardian_groups['phraseacl']}'
-weightedphraselist = '/usr/local/etc/dansguardian/lists/weightedphraselist.{$dansguardian_groups['phraseacl']}'
-exceptionphraselist = '/usr/local/etc/dansguardian/lists/exceptionphraselist.{$dansguardian_groups['phraseacl']}'
-bannedsitelist = '/usr/local/etc/dansguardian/lists/bannedsitelist.{$dansguardian_groups['siteacl']}'
-greysitelist = '/usr/local/etc/dansguardian/lists/greysitelist.{$dansguardian_groups['siteacl']}'
-exceptionsitelist = '/usr/local/etc/dansguardian/lists/exceptionsitelist.{$dansguardian_groups['siteacl']}'
-bannedurllist = '/usr/local/etc/dansguardian/lists/bannedurllist.{$dansguardian_groups['urlacl']}'
-greyurllist = '/usr/local/etc/dansguardian/lists/greyurllist.{$dansguardian_groups['urlacl']}'
-exceptionurllist = '/usr/local/etc/dansguardian/lists/exceptionurllist.{$dansguardian_groups['urlacl']}'
-exceptionregexpurllist = '/usr/local/etc/dansguardian/lists/exceptionregexpurllist.{$dansguardian_groups['urlacl']}'
-bannedregexpurllist = '/usr/local/etc/dansguardian/lists/bannedregexpurllist.{$dansguardian_groups['urlacl']}'
-picsfile = '/usr/local/etc/dansguardian/lists/{$dansguardian_groups['picsacl']}'
-contentregexplist = '/usr/local/etc/dansguardian/lists/contentregexplist.{$dansguardian_groups['contentacl']}'
-urlregexplist = '/usr/local/etc/dansguardian/lists/urlregexplist.{$dansguardian_groups['urlacl']}'
+bannedphraselist = '{$dg_dir}/etc/dansguardian/lists/bannedphraselist.g_{$dansguardian_groups['name']}'
+weightedphraselist = '{$dg_dir}/etc/dansguardian/lists/weightedphraselist.g_{$dansguardian_groups['name']}'
+exceptionphraselist = '{$dg_dir}/etc/dansguardian/lists/exceptionphraselist.g_{$dansguardian_groups['name']}'
+bannedsitelist = '{$dg_dir}/etc/dansguardian/lists/bannedsitelist.g_{$dansguardian_groups['name']}'
+greysitelist = '{$dg_dir}/etc/dansguardian/lists/greysitelist.g_{$dansguardian_groups['name']}'
+exceptionsitelist = '{$dg_dir}/etc/dansguardian/lists/exceptionsitelist.g_{$dansguardian_groups['name']}'
+bannedurllist = '{$dg_dir}/etc/dansguardian/lists/bannedurllist.g_{$dansguardian_groups['name']}'
+greyurllist = '{$dg_dir}/etc/dansguardian/lists/greyurllist.g_{$dansguardian_groups['name']}'
+exceptionurllist = '{$dg_dir}/etc/dansguardian/lists/exceptionurllist.g_{$dansguardian_groups['name']}'
+exceptionregexpurllist = '{$dg_dir}/etc/dansguardian/lists/exceptionregexpurllist.g_{$dansguardian_groups['name']}'
+bannedregexpurllist = '{$dg_dir}/etc/dansguardian/lists/bannedregexpurllist.g_{$dansguardian_groups['name']}'
+picsfile = '{$dg_dir}/etc/dansguardian/lists/g_{$dansguardian_groups['name']}'
+contentregexplist = '{$dg_dir}/etc/dansguardian/lists/contentregexplist.g_{$dansguardian_groups['name']}'
+urlregexplist = '{$dg_dir}/etc/dansguardian/lists/urlregexplist.g_{$dansguardian_groups['name']}'
# Filetype filtering
#
@@ -83,28 +83,28 @@ urlregexplist = '/usr/local/etc/dansguardian/lists/urlregexplist.{$dansguardian_
# (on | off)
#
blockdownloads = {$dansguardian_groups['blockdownloads']}
-exceptionextensionlist = '/usr/local/etc/dansguardian/lists/exceptionextensionlist.{$dansguardian_groups['extensionacl']}'
-exceptionmimetypelist = '/usr/local/etc/dansguardian/lists/exceptionmimetypelist.{$dansguardian_groups['extensionacl']}'
+exceptionextensionlist = '{$dg_dir}/etc/dansguardian/lists/exceptionextensionlist.g_{$dansguardian_groups['name']}'
+exceptionmimetypelist = '{$dg_dir}/etc/dansguardian/lists/exceptionmimetypelist.g_{$dansguardian_groups['name']}'
#
# Use the following lists to block specific kinds of file downloads.
# The two exception lists above can be used to override these.
#
-bannedextensionlist = '/usr/local/etc/dansguardian/lists/bannedextensionlist.{$dansguardian_groups['extensionacl']}'
-bannedmimetypelist = '/usr/local/etc/dansguardian/lists/bannedmimetypelist.{$dansguardian_groups['extensionacl']}'
+bannedextensionlist = '{$dg_dir}/etc/dansguardian/lists/bannedextensionlist.g_{$dansguardian_groups['name']}'
+bannedmimetypelist = '{$dg_dir}/etc/dansguardian/lists/bannedmimetypelist.g_{$dansguardian_groups['name']}'
#
# In either file filtering mode, the following list can be used to override
# MIME type & extension blocks for particular domains & URLs (trusted download sites).
#
-exceptionfilesitelist = '/usr/local/etc/dansguardian/lists/exceptionfilesitelist.{$dansguardian_groups['siteacl']}'
-exceptionfileurllist = '/usr/local/etc/dansguardian/lists/exceptionfileurllist.{$dansguardian_groups['urlacl']}'
+exceptionfilesitelist = '{$dg_dir}/etc/dansguardian/lists/exceptionfilesitelist.g_{$dansguardian_groups['name']}'
+exceptionfileurllist = '{$dg_dir}/etc/dansguardian/lists/exceptionfileurllist.g_{$dansguardian_groups['name']}'
# Categorise without blocking:
# Supply categorised lists here and the category string shall be logged against
# matching requests, but matching these lists does not perform any filtering
# action.
-logsitelist = '/usr/local/etc/dansguardian/lists/logsitelist.{$dansguardian_groups['siteacl']}'
-logurllist = '/usr/local/etc/dansguardian/lists/logurllist.{$dansguardian_groups['urlacl']}'
-logregexpurllist = '/usr/local/etc/dansguardian/lists/logregexpurllist.{$dansguardian_groups['urlacl']}'
+logsitelist = '{$dg_dir}/etc/dansguardian/lists/logsitelist.g_{$dansguardian_groups['name']}'
+logurllist = '{$dg_dir}/etc/dansguardian/lists/logurllist.g_{$dansguardian_groups['name']}'
+logregexpurllist = '{$dg_dir}/etc/dansguardian/lists/logregexpurllist.g_{$dansguardian_groups['name']}'
# Outgoing HTTP header rules:
# Optional lists for blocking based on, and modification of, outgoing HTTP
@@ -115,8 +115,8 @@ logregexpurllist = '/usr/local/etc/dansguardian/lists/logregexpurllist.{$dansgua
# Headers are matched/replaced on a line-by-line basis, not as a contiguous
# block.
# Use for example, to remove cookies or prevent certain user-agents.
-headerregexplist = '/usr/local/etc/dansguardian/lists/headerregexplist.{$dansguardian_groups['headeracl']}'
-bannedregexpheaderlist = '/usr/local/etc/dansguardian/lists/bannedregexpheaderlist.{$dansguardian_groups['headeracl']}'
+headerregexplist = '{$dg_dir}/etc/dansguardian/lists/headerregexplist.g_{$dansguardian_groups['name']}'
+bannedregexpheaderlist = '{$dg_dir}/etc/dansguardian/lists/bannedregexpheaderlist.g_{$dansguardian_groups['name']}'
# Weighted phrase mode
# Optional; overrides the weightedphrasemode option in dansguardian.conf
@@ -143,7 +143,7 @@ naughtynesslimit = {$dansguardian_groups['naughtynesslimit']}
# List of regular expressions for matching search engine URLs. It is assumed
# that the search terms themselves will be contained within the first submatch
# of each expression.
-searchengineregexplist = '/usr/local/etc/dansguardian/lists/searchengineregexplist.{$dansguardian_groups['searchacl']}'
+searchengineregexplist = '{$dg_dir}/etc/dansguardian/lists/searchengineregexplist.g_{$dansguardian_groups['name']}'
#
# Search term limit
# The limit over which requests will be blocked for containing search terms
@@ -165,9 +165,9 @@ searchtermlimit = {$dansguardian_groups['searchtermlimit']}
# of text.
# Please note that all or none of the below should be uncommented, not a
# mixture.
-bannedsearchtermlist = '/usr/local/etc/dansguardian/lists/bannedsearchtermlist.{$dansguardian_groups['searchacl']}'
-weightedsearchtermlist = '/usr/local/etc/dansguardian/lists/weightedsearchtermlist.{$dansguardian_groups['searchacl']}'
-exceptionsearchtermlist = '/usr/local/etc/dansguardian/lists/exceptionsearchtermlist.{$dansguardian_groups['searchacl']}'
+bannedsearchtermlist = '{$dg_dir}/etc/dansguardian/lists/bannedsearchtermlist.g_{$dansguardian_groups['name']}'
+weightedsearchtermlist = '{$dg_dir}/etc/dansguardian/lists/weightedsearchtermlist.g_{$dansguardian_groups['name']}'
+exceptionsearchtermlist = '{$dg_dir}/etc/dansguardian/lists/exceptionsearchtermlist.g_{$dansguardian_groups['name']}'
# Category display threshold
# This option only applies to pages blocked by weighted phrase filtering.
@@ -268,8 +268,8 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']}
#
# If defined, this overrides the global setting in dansguardian.conf for
# members of this filter group.
-#
-#reportinglevel = {$dansguardian_groups['reportinglevel']}
+# reportinglevel = 3
+{$groupreportinglevel}
# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied. Only used in reporting levels
@@ -284,8 +284,8 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']}
#
# If defined, this overrides the global setting in dansguardian.conf for
# members of this filter group.
-#
-#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+# accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+{$groupaccessdeniedaddress}
# HTML Template override
# If defined, this specifies a custom HTML template file for members of this
@@ -293,12 +293,12 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']}
# only used in reporting level 3.
#
# The default template file path is <languagedir>/<language>/template.html
-# e.g. /usr/local/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish'
+# e.g. {$dg_dir}/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish'
# language.
#
# This option generates a file path of the form:
# <languagedir>/<language>/<htmltemplate>
-# e.g. /usr/local/share/dansguardian/languages/ukenglish/custom.html
+# e.g. {$dg_dir}/share/dansguardian/languages/ukenglish/custom.html
#
#htmltemplate = 'custom.html'
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 19:32:38 +0000