diff options
Diffstat (limited to 'packages/squidGuard')
-rw-r--r-- | packages/squidGuard/sgerror.php | 241 | ||||
-rw-r--r-- | packages/squidGuard/squidguard.inc | 150 | ||||
-rw-r--r-- | packages/squidGuard/squidguard.xml | 12 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_acl.xml | 157 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_configurator.inc | 95 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_default.xml | 29 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_dest.xml | 16 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_log.xml | 6 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_rewr.xml | 6 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_time.xml | 6 |
10 files changed, 551 insertions, 167 deletions
diff --git a/packages/squidGuard/sgerror.php b/packages/squidGuard/sgerror.php index 302126fb..7e3b5c6c 100644 --- a/packages/squidGuard/sgerror.php +++ b/packages/squidGuard/sgerror.php @@ -1,51 +1,240 @@ <?php +$page_info = <<<EOD # ---------------------------------------------------------------------------------------------------------------------- -# Error page generator +# SquidGuard error page generator # (C)2006-2007 Serg Dvoriancev # ---------------------------------------------------------------------------------------------------------------------- -# .php?url='redirect url' +# This programm processed redirection to specified URL or generated error page for standart HTTP error code. +# Redirection supported http and https protocols. # ---------------------------------------------------------------------------------------------------------------------- -# Forbidden 403 -# Not found 404 -# 410 -# Internal Error 500 -# Moved 301 -# Found 302 +# Format: +# sgerror.php?url=[http://myurl]or[https://myurl]or[error_code[space_code]output-message][incoming SquidGuard variables] +# Incoming SquidGuard variables: +# a=client_address +# n=client_name +# i=client_user +# s=client_group +# t=target_group +# u=client_url +# Example: +# sgerror.php?url=http://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. +# sgerror.php?url=https://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. +# sgerror.php?url=404%20output-message&a=..&n=..&i=..&s=..&t=..&u=.. # ---------------------------------------------------------------------------------------------------------------------- +# Tags: +# myurl and output messages can include Tags +# [a] - client address +# [n] - client name +# [i] - client user +# [s] - client group +# [t] - target group +# [u] - client url +# Example: +# sgerror.php?url=401 Unauthorized access to URL [u] for client [n] +# sgerror.php?url=http://my_error_page.php?cladr=%5Ba%5D&clname=%5Bn%5D // %5b=[ %d=] +# ---------------------------------------------------------------------------------------------------------------------- +# Special Tags: +# blank - get blank page +# blank_img - get one-pixel transparent image (for replace banners and etc.) +# Example: +# sgerror.php?url=blank +# sgerror.php?url=blank_img +# ---------------------------------------------------------------------------------------------------------------------- +EOD; define('ACTION_URL', 'url'); define('ACTION_RES', 'res'); define('ACTION_MSG', 'msg'); -header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 +define('TAG_BLANK', 'blank'); +define('TAG_BLANK_IMG', 'blank_img'); + +# ---------------------------------------------------------------------------------------------------------------------- +# ?url=EMPTY_IMG +# Use this options for replace baners/ads to transparent picture. Thisbetter for viewing. +# ---------------------------------------------------------------------------------------------------------------------- +# NULL GIF file +# HEX: 47 49 46 38 39 61 - - - +# SYM: G I F 8 9 a 01 00 | 01 00 80 00 00 FF FF FF | 00 00 00 2C 00 00 00 00 | 01 00 01 00 00 02 02 44 | 01 00 3B +# ---------------------------------------------------------------------------------------------------------------------- +define(GIF_BODY, "GIF89a\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"); $url = ''; $msg = ''; +$cl = Array(); // squidGuard variables: %a %n %i %s %t %u +$err_code = array(); + +$err_code[301] = "301 Moved Permanently"; +$err_code[302] = "302 Found"; +$err_code[303] = "303 See Other"; +$err_code[305] = "305 Use Proxy"; + +$err_code[400] = "400 Bad Request"; +$err_code[401] = "401 Unauthorized"; +$err_code[402] = "402 Payment Required"; +$err_code[403] = "403 Forbidden"; +$err_code[404] = "404 Not Found"; +$err_code[405] = "405 Method Not Allowed"; +$err_code[406] = "406 Not Acceptable"; +$err_code[407] = "407 Proxy Authentication Required"; +$err_code[408] = "408 Request Time-out"; +$err_code[409] = "409 Conflict"; +$err_code[410] = "410 Gone"; +$err_code[411] = "411 Length Required"; +$err_code[412] = "412 Precondition Failed"; +$err_code[413] = "413 Request Entity Too Large"; +$err_code[414] = "414 Request-URI Too Large"; +$err_code[415] = "415 Unsupported Media Type"; +$err_code[416] = "416 Requested range not satisfiable"; +$err_code[417] = "417 Expectation Failed"; + +$err_code[500] = "500 Internal Server Error"; +$err_code[501] = "501 Not Implemented"; +$err_code[502] = "502 Bad Gateway"; +$err_code[503] = "503 Service Unavailable"; +$err_code[504] = "504 Gateway Time-out"; +$err_code[505] = "505 HTTP Version not supported"; + +# ---------------------------------------------------------------------------------------------------------------------- +# check arg's +# ---------------------------------------------------------------------------------------------------------------------- + if (count($_POST)) { - $url = $_POST['url']; + $url = trim($_POST['url']); $msg = $_POST['msg']; -} else { - $url = $_GET['url']; + $cl['a'] = $_POST['a']; + $cl['n'] = $_POST['n']; + $cl['i'] = $_POST['i']; + $cl['s'] = $_POST['s']; + $cl['t'] = $_POST['t']; + $cl['u'] = $_POST['u']; +} +elseif (count($_GET)) { + $url = trim($_GET['url']); $msg = $_GET['msg']; + $cl['a'] = $_GET['a']; + $cl['n'] = $_GET['n']; + $cl['i'] = $_GET['i']; + $cl['s'] = $_GET['s']; + $cl['t'] = $_GET['t']; + $cl['u'] = $_GET['u']; +} +else { + # Show 'About page' + echo get_page(get_about()); + exit(); } +# ---------------------------------------------------------------------------------------------------------------------- +# url's +# ---------------------------------------------------------------------------------------------------------------------- if ($url) { - if (strstr($url, "301")) header("HTTP/1.0 301"); - elseif (strstr($url, "302")) header("HTTP/1.0 302"); - elseif (strstr($url, "403")) header("HTTP/1.0 403"); - elseif (strstr($url, "404")) header("HTTP/1.0 404"); - elseif (strstr($url, "410")) header("HTTP/1.0 410"); -# elseif (strstr($url, "410")) header("HTTP/1.0 500"); - else { - # + $err_id = 0; + + // check error code + foreach ($err_code as $key => $val) { + if (strpos(strtolower($url), strval($key)) === 0) { + $err_id = $key; + break; + } + } + + # blank page + if ($url === 'blank') { + echo get_page(''); + } + # blank image + elseif ($url === TAG_BLANK_IMG) { + # -------------------------------------------------------------- + # return blank image + # -------------------------------------------------------------- + header("Content-Type: image/gif;"); // charset=windows-1251"); + echo GIF_BODY; + } + # error code + elseif ($err_id !== 0) { + $er_msg = strstr($_GET['url'], ' '); + echo get_error_page($err_id, $er_msg); + } + # redirect url + elseif ((strpos(strtolower($url), "http://") === 0) or (strpos(strtolower($url), "https://") === 0)) { + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # redirect to specified url - # + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ header("HTTP/1.0"); - header("Location: $url", '', 301); + header("Location: $url", '', 302); } - exit(); -} else { - header("HTTP/1.0 410"); - exit(); + // error arguments + else { + echo get_page("sgerror: error arguments $url"); + } +} +else { + echo get_page($_SERVER['QUERY_STRING']); //$url . implode(" ", $_GET)); +# echo get_error_page(500); +} + +# ~~~~~~~~~~ +# Exit +# ~~~~~~~~~~ +exit(); + +# ---------------------------------------------------------------------------------------------------------------------- +# functions +# ---------------------------------------------------------------------------------------------------------------------- +function get_page($body) { + $str = Array(); + $str[] = '<html>'; + $str[] = "<body>\n$body\n</body>"; + $str[] = '</html>'; + return implode("\n", $str); +} + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# IE displayed self-page, if them size > 1024 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +function get_error_page($er_code_id, $err_msg='') { + global $err_code; + global $cl; + $str = Array(); + + header("HTTP/1.1 " . $err_code[$er_code_id]); + + $str[] = '<html>'; + $str[] = '<body>'; + $str[] = '<h3>Request denied by pfSense proxy: ' . $err_code[$er_code_id] . '</h3>'; + if ($err_msg) $str[] = "<b> Reason: </b> $err_msg"; + $str[] = '<hr size="1" noshade>'; + if ($cl['a']) $str[] = "<b> Client address: </b> {$cl['a']} <br>"; + if ($cl['n']) $str[] = "<b> Client name: </b> {$cl['n']} <br>"; + if ($cl['i']) $str[] = "<b> Client user: </b> {$cl['i']} <br>"; + if ($cl['s']) $str[] = "<b> Client group: </b> {$cl['s']} <br>"; + if ($cl['t']) $str[] = "<b> Target group: </b> {$cl['t']} <br>"; + if ($cl['u']) $str[] = "<b> URL: </b> {$cl['u']} <br>"; + $str[] = '<hr size="1" noshade>'; + $str[] = "</body>"; + $str[] = "</html>"; + + return implode("\n", $str); +} + +function get_about() { + global $err_code; + global $page_info; + $str = Array(); + + // about info + $s = str_replace("\n", "<br>", $page_info); + $str[] = $s; + $str[] = "<br>"; + + $str[] = '<table>'; + $str[] = ' <b>HTTP error codes (ERROR_CODE):</th></tr>'; + foreach($err_code as $val) { + $str []= "<tr><td>$val"; + } + $str[] = '</table>'; + + return implode("\n", $str); } ?>
\ No newline at end of file diff --git a/packages/squidGuard/squidguard.inc b/packages/squidGuard/squidguard.inc index a5b61644..e3918042 100644 --- a/packages/squidGuard/squidguard.inc +++ b/packages/squidGuard/squidguard.inc @@ -1,4 +1,5 @@ <?php + # ------------------------------------------------------------------------------ # squidguard.inc # (C)2006, 2007 Serg Dvoriancev @@ -130,6 +131,18 @@ function squidguard_validate_acl($post, $input_errors) { $deny_over = array(); $pass_over_val = ''; + // check name ('source') + $name = trim($post[FLD_NAME]); + if(!empty($name)) { + $err = check_name($name); // validate name content + if (!empty($err)) + $input_errors[] = $err; + + // check unique name + if (!check_unique_name(MODULE_ACL, $name)) + $input_errors[] = "Name '$name' already exists"; + } + // store destinations to 'dest' value foreach ($post as $key => $val) { if (substr_count($key, PREFLD_UPTIME) != 0) { @@ -166,7 +179,7 @@ function squidguard_validate_acl($post, $input_errors) { else $pass_over_val .= " $key"; } - // !ATTENTION! on pfSense XML config must be must(shall) be '!all' instead of 'none' - it is a must for correct work GUI + // !ATTENTION! on pfSense XML config must be must(shell) be '!all' instead of 'none' - it is a must for correct work GUI // if not exists key 'all', then add 'none' - default 'deny all' if ((substr_count($pass_up_val, 'all') == 0)) { @@ -311,6 +324,57 @@ function squidguard_resync() { } // ----------------------------------------------------------------------------- +// squidguard_resync_acl +// ----------------------------------------------------------------------------- +function squidguard_resync_acl() { + global $config; + $conf = $config['installedpackages'][MODULE_ACL]['config']; + $id = $_GET['id']; + if (!$id) + $id = $_POST['id']; + + // --- sources --- + // move current id by order + if (($id != '') and is_array($conf) and ($id !== intval($conf[$id]['order']))) { + // copy current item to temp and remove it's from list + $src_new = array(); + $src_cur = $conf[$id]; + unset ($conf[$id]); + + // rebuild list and insert current item by order + $i=0; + foreach($conf as $src) { + if (intval($src_cur['order']) === $i) { + $src_new[] = $src_cur; + unset($src_cur); + $i++; + } + $src_new[] = $src; + $i++; + } + // if current item not inserted - insert him to the end + if (isset($src_cur)) { + $src_new[] = $src_cur; + unset($src_cur); + } + + // renew order values + foreach($src_new as $key => $src) { + $src_new[$key]['order'] = $key; + } + + unset ($config['installedpackages'][MODULE_ACL]['config']); + $config['installedpackages'][MODULE_ACL]['config'] = $src_new; + write_config('Update squidguardacl config'); + } else if (($_GET['act'] === 'del') or ($_POST['act'] === 'del')) { + // update order on delete item + foreach($config['installedpackages'][MODULE_ACL]['config'] as $key => $src) + $config['installedpackages'][MODULE_ACL]['config'][$key]['order'] = $key; + write_config('Update squidguardsrc config'); + } +} + +// ----------------------------------------------------------------------------- // squidguard_resync_src // ----------------------------------------------------------------------------- function squidguard_resync_src() { @@ -381,7 +445,7 @@ function get_pkg_items_list($pkg_gui_name, $fieldname) { # ============================================================================== // ----------------------------------------------------------------------------- -// squidguard_before_form_src +// squidguard_before_form_src -- ### will deleted ### // ----------------------------------------------------------------------------- function squidguard_before_form_src($pkg) { global $config; @@ -394,7 +458,7 @@ function squidguard_before_form_src($pkg) { title='move up' width='17' height='17' border='0' onclick='on_moveup()'>"; $img_down = "<img src='./themes/{$g['theme']}/images/icons/icon_down.gif' title='move down' width='17' height='17' border='0' onclick='on_movedown()'>"; - $s = "<b>Move to:</b> $img_up $img_down <br>" . $fld['description']; + $s = "$img_up $img_down <br> <b>Move to:</b> " . $fld['description']; $fld['description'] = $s; } $i++; @@ -461,6 +525,7 @@ function squidguard_before_form($pkg) { // ----------------------------------------------------------------------------- function squidguard_before_form_acl($pkg) { global $config; + global $g; $current_id = ''; $sources = ''; @@ -480,6 +545,22 @@ function squidguard_before_form_acl($pkg) { if ($current_id == '') $current_id = 0; + // 'source' part of 'acl' page + $i=0; + foreach($pkg['fields']['field'] as $field) { + if ($field['fieldname'] == 'order') { + $fld = &$pkg['fields']['field'][$i]; + $img_up = "<img src='./themes/{$g['theme']}/images/icons/icon_up.gif' + title='move up' width='17' height='17' border='0' onclick='on_moveup()'>"; + $img_down = "<img src='./themes/{$g['theme']}/images/icons/icon_down.gif' + title='move down' width='17' height='17' border='0' onclick='on_movedown()'>"; + $s = "<b>Move to:</b> $img_up $img_down <br>" . $fld['description']; + $fld['description'] = $s; + } + $i++; + } + unset ($i); + // sources $sources = $config['installedpackages']['squidguardsrc']['config']; if (is_array($sources)) { @@ -615,7 +696,7 @@ function squidguard_before_form_log($pkg) { $i=0; $move_pos = 0; $move_step = 50; - +return; foreach($pkg['fields']['field'] as $field) { if ($field['fieldname'] == 'logtype') { $slog = ''; @@ -748,7 +829,7 @@ function make_grid_general_items($id = '') if ($config['installedpackages']['squidguardgeneral']['config'][0]['view_gui_log'] == 'on') { $log_content = sg_getlog(50); $log_content = str_replace("\n","<br>", $log_content); - $res .= "<tr bgcolor='#dddddd'><td><font size='-1'><b>Web GUI log (Last 50)</b></font></td></tr>"; + $res .= "<tr bgcolor='#dddddd'><td><font size='-1'><b>Web GUI log (Latest 50)</b></font></td></tr>"; $res .= "<tr bgcolor='#dddddd'><td vAlign=top width='100%'><font size='-2'>$log_content</font></td></tr>"; } } @@ -999,6 +1080,31 @@ function squidGuard_print_javascript() { $javascript .= "\n<script language='JavaScript'>"; $javascript .= "\n<!--"; $javascript .= "\n document.iform.dest.disabled=1;"; + // source JS part + $javascript .= "\n function on_updatecontrols() {"; + $javascript .= "\n document.iform.elements['order'].disabled = 0;"; + $javascript .= "\n document.iform.elements['order'].onfocus = on_orderfocus;"; + $javascript .= "\n }"; + $javascript .= "\n function on_orderfocus() {"; + $javascript .= "\n document.iform.elements['order'].blur();"; + $javascript .= "\n }"; + $javascript .= "\n function on_moveup() {"; + $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; + $javascript .= "\n if (order > 0)"; + $javascript .= "\n order = order - 1;"; + $javascript .= "\n else order = 0;"; + $javascript .= "\n document.iform.elements['order'].value = order;"; + $javascript .= "\n }"; + $javascript .= "\n function on_movedown() {"; + $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; + $javascript .= "\n if (order >= 0)"; + $javascript .= "\n order = order + 1;"; + $javascript .= "\n else order = 0;"; + $javascript .= "\n document.iform.elements['order'].value = order;"; + $javascript .= "\n }"; + $javascript .= "\n on_updatecontrols();"; + $javascript .= "\n "; + // end source JS part $javascript .= "\n//-->"; $javascript .= "\n</script>"; @@ -1029,7 +1135,7 @@ function squidGuard_print_javascript() { $javascript .= "\n</script>"; } - if ($xml == "squidguard_src.xml") { + if ($xml == "squidguard_src.xml") { ### will deleted ### $javascript .= "\n<script language='JavaScript'>"; $javascript .= "\n<!--"; $javascript .= "\n function on_updatecontrols() {"; @@ -1059,7 +1165,7 @@ function squidGuard_print_javascript() { $javascript .= "\n</script>"; } - print($javascript); + print($javascript); } # ============================================================================== @@ -1092,11 +1198,18 @@ function convert_pfxml_to_sgxml() { $squidxml = $config['installedpackages']['squid']['config'][0]; if(isset($squidxml['transparent_proxy'])) { $lanip = $config['interfaces']['lan']['ipaddr']; + $guiport = $config['system']['webgui']['port']; + $guiprotocol = $config['system']['webgui']['protocol']; + $sgxml[FLD_SQUID_TRANSPARENT_MODE] = 'on'; $sgxml[FLD_CURRENT_LAN_IP] = $lanip; + $sgxml[FLD_CURRENT_GUI_PORT] = $guiport; + $sgxml[FLD_CURRENT_GUI_PROTO] = $guiprotocol; } else { unset($sgxml[FLD_SQUID_TRANSPARENT_MODE]); unset($sgxml[FLD_CURRENT_LAN_IP]); + unset($sgxml[FLD_CURRENT_GUI_PORT]); + unset($sgxml[FLD_CURRENT_GUI_PROTO]); } // store cfg cache @@ -1110,9 +1223,14 @@ function convert_pfxml_to_sgxml() { // convert_pfxml_to_sgxml_source // sgxml_source: [name][ip][desc][log] // ----------------------------------------------------------------- +# Changes 04-01-2008 : +# Source fields moved to ACL page. Source page - will remove +# But in XML internal config nothing to change +# function convert_pfxml_to_sgxml_source($pfconfig) { $sgxml = array(); - +/* +# --- previous ver --- $pfxml = $pfconfig['installedpackages']['squidguardsrc']['config']; if (is_array($pfxml)) { foreach($pfxml as $pfx) { @@ -1125,6 +1243,19 @@ function convert_pfxml_to_sgxml_source($pfconfig) { $sgxml[FLD_ITEM][] = $sgx; } } +*/ + $pfxml = $pfconfig['installedpackages']['squidguardacl']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx['name']; + $sgx[FLD_IP] = $pfx['iplist']; + $sgx[FLD_DOMAINS] = $pfx[FLD_DOMAINS]; + $sgx[FLD_LOG] = $pfx['enablelog']; + $sgx[FLD_DESCRIPTION] = $pfx['description']; + $sgxml[FLD_ITEM][] = $sgx; + } + } return $sgxml; } @@ -1221,7 +1352,8 @@ function convert_pfxml_to_sgxml_acl($pfconfig) { if (is_array($pfxml)) { foreach($pfxml as $pfx) { $sgx = array(); - $sgx[FLD_NAME] = $pfx[FLD_SOURCE]; +# $sgx[FLD_NAME] = $pfx[FLD_SOURCE]; // [04-01-2008] previous ver - this field will removed + $sgx[FLD_NAME] = $pfx[FLD_NAME]; // [04-01-2008] new ver $sgx[FLD_DESCRIPTION] = $pfx[FLD_DESCRIPTION]; $sgx[FLD_DISABLED] = $pfx[FLD_DISABLED]; $sgx[FLD_TIMENAME] = $pfx[FLD_TIME]; diff --git a/packages/squidGuard/squidguard.xml b/packages/squidGuard/squidguard.xml index 895b4fdf..26644e0c 100644 --- a/packages/squidGuard/squidguard.xml +++ b/packages/squidGuard/squidguard.xml @@ -34,10 +34,6 @@ <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Sources</text> - <url>/pkg.php?xml=squidguard_src.xml</url> - </tab> - <tab> <text>Destinations</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> @@ -67,12 +63,6 @@ <additional_files_needed> <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_configurator.inc</item> </additional_files_needed> - -<!-- Now commented, may be deleted later. - <additional_files_needed> - <item>http://www.pfsense.org/packages/config/squidGuard/upload.inc</item> - </additional_files_needed> ---> <additional_files_needed> <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_acl.xml</item> </additional_files_needed> @@ -85,9 +75,11 @@ <additional_files_needed> <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_rewr.xml</item> </additional_files_needed> +<!-- <additional_files_needed> <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_src.xml</item> </additional_files_needed> +--> <additional_files_needed> <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_time.xml</item> </additional_files_needed> diff --git a/packages/squidGuard/squidguard_acl.xml b/packages/squidGuard/squidguard_acl.xml index aa3349cd..d9ba4981 100644 --- a/packages/squidGuard/squidguard_acl.xml +++ b/packages/squidGuard/squidguard_acl.xml @@ -14,51 +14,49 @@ <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> - <tabs> - <tab> - <text>General settings</text> - <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> - </tab> - <tab> - <text>Default</text> - <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> - </tab> - <tab> - <text>ACL</text> - <url>/pkg.php?xml=squidguard_acl.xml</url> - <active/> - </tab> - <tab> - <text>Sources</text> - <url>/pkg.php?xml=squidguard_src.xml</url> - </tab> - <tab> - <text>Destinations</text> - <url>/pkg.php?xml=squidguard_dest.xml</url> - </tab> - <tab> - <text>Times</text> - <url>/pkg.php?xml=squidguard_time.xml</url> - </tab> - <tab> - <text>Rewrites</text> - <url>/pkg.php?xml=squidguard_rewr.xml</url> - </tab> - <tab> - <text>Log</text> - <url>/pkg_edit.php?xml=squidguard_log.xml</url> - </tab> - </tabs> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </tab> + <tab> + <text>Default</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + </tab> + <tab> + <text>ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + <active/> + </tab> + <tab> + <text>Destinations</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Log</text> + <url>/pkg_edit.php?xml=squidguard_log.xml</url> + </tab> + </tabs> <adddeleteeditpagefields> <columnitem> <fielddescr>Disable</fielddescr> <fieldname>disabled</fieldname> </columnitem> +<!-- <columnitem> <fielddescr>Source</fielddescr> <fieldname>source</fieldname> </columnitem> +--> <columnitem> <fielddescr>Destinations</fielddescr> <fieldname>dest</fieldname> @@ -88,6 +86,7 @@ <description>Check this for disable this ACL rule.</description> <type>checkbox</type> </field> +<!-- <field> <fielddescr>Source name</fielddescr> <fieldname>source</fieldname> @@ -95,6 +94,59 @@ <required/> <type>select</type> </field> +--> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description> + You can enter name here. Name consist minimum 2 symbols, first from which letter. <br> + All other symbols is [a-Z_0-9]. Source name must be <b>unique</b> . + </description> + <type>input</type> + <required/> + <size>100</size> + </field> + <field> + <fielddescr>Order</fielddescr> + <fieldname>order</fieldname> + <description> + Order source in list. <br> + <b>Note:</b> <br> + Sources order have very high importance. Sources are evaluated on a first-match basis. <br> + If your sources have an overlaying ranges, then act will be first in list. <br> + <b>For example:</b> <br> + Wrong order: + First source entry is the range 10.0.0.0/24 and second entry is 10.0.0.15 (or 10.0.0.15/32 ) <br> + Right order: + First source entry is the single ip 10.0.0.15 (or 10.0.0.15/32 ) then the overlaying range 10.0.0.0/24 <br> + </description> + <type>input</type> + <size>5</size> + </field> + <field> + <fielddescr>Source IP addresses</fielddescr> + <fieldname>iplist</fieldname> + <description> + Enter source IP addresses here with space(' ') divider. + IP addresses must have format:<br> + single example: '192.168.0.1' <br> + range examples: '192.168.0.0/24', '192.168.1.0/255.255.255.0', '192.168.1.1-192.168.1.10' + </description> + <type>textarea</type> + <cols>65</cols> + <rows>3</rows> + </field> + <field> + <fielddescr>Source Domains</fielddescr> + <fieldname>domains</fieldname> + <description> + Enter source domains names here with space(' ') divider. + Example: <b>'foo.bar'</b> match <b>'foo.bar'</b> or <b>'*.foo.bar'</b>. + </description> + <type>textarea</type> + <cols>65</cols> + <rows>3</rows> + </field> <field> <fielddescr>Time</fielddescr> <fieldname>time</fieldname> @@ -106,29 +158,33 @@ <fieldname>dest</fieldname> <description></description> <type>input</type> - <size>114</size> + <size>100</size> </field> <field> <fielddescr>Redirect</fielddescr> <fieldname>redirect</fieldname> <description> - Enter redirection URL or Error page code for this rule, or leave blank. - Supported error page codes: 403, 404, 410. - </description> + Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> + Supported URL's: 'http://myurl', 'https://myurl'. <br> + Supported tags: 'blank', 'blank_img'. <br> + Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. + </description> <type>textarea</type> - <cols>70</cols> - <rows>5</rows> + <cols>65</cols> + <rows>2</rows> </field> <field> <fielddescr>Overtime redirect</fielddescr> <fieldname>overredirect</fieldname> <description> - Enter redirection URL or Error page code for this rule, or leave blank. - Supported error page codes: 403, 404, 410. - </description> + Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> + Supported URL's: 'http://myurl', 'https://myurl'. <br> + Supported tags: 'blank', 'blank_img'. <br> + Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. + </description> <type>textarea</type> - <cols>70</cols> - <rows>5</rows> + <cols>65</cols> + <rows>2</rows> </field> <field> <fielddescr>Rewrite</fielddescr> @@ -147,7 +203,7 @@ <fieldname>description</fieldname> <description>You may enter a description here for your reference (not parsed).</description> <type>input</type> - <size>114</size> + <size>100</size> </field> </fields> @@ -158,11 +214,14 @@ squidguard_before_form_acl(&$pkg); </custom_php_command_before_form> <custom_php_after_form_command> - squidGuard_print_javascript(); + squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_resync_config_command> -// squidguard_resync_time(); + squidguard_resync_acl(); </custom_php_resync_config_command> + <custom_delete_php_command> + squidguard_resync_acl(); + </custom_delete_php_command> <custom_add_php_command> </custom_add_php_command> <custom_add_php_command_late> diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc index e32169a1..db751a95 100644 --- a/packages/squidGuard/squidguard_configurator.inc +++ b/packages/squidGuard/squidguard_configurator.inc @@ -196,10 +196,9 @@ define('REDIRECTOR_PROCESS_COUNT', '3'); # define default redirection url (redirector get this url for all blocked url's) # * !ATTENTION! this url must be exists; IF url not exist, redirector will't block # (returned to squid some url, what blocked) -# this may use '301:' or '302:' value (only) -#define('REDIRECT_BASE_URL', '302:'); -define('REDIRECT_BASE_URL', 'http://127.0.0.1/sgerror.php'); -define('REDIRECT_TRANSPARENT_BASE_URL', '/sgerror.php'); +# ------------------------------------------------------------------------------ +define('REDIRECT_BASE_URL', '/sgerror.php'); +define('REDIRECT_URL_ARGS', '&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u'); # ------------------------------------------------------------------------------ # squidguard system defines @@ -338,6 +337,8 @@ define('FLD_TIMERANGE', 'sg_timerange'); // transparent mode define('FLD_SQUID_TRANSPARENT_MODE', 'squid_transparent_mode'); define('FLD_CURRENT_LAN_IP', 'current_lan_ip'); +define('FLD_CURRENT_GUI_PORT', 'current_gui_port'); +define('FLD_CURRENT_GUI_PROTO', 'current_gui_protocol'); # ------------------------------------------------------------------------------ # sg_init @@ -553,12 +554,13 @@ function sg_reconfigure_user_db() { $path = "$dbhome/" . $dst[FLD_NAME]; $dst_names[] = $path; - // 1. check destination catalog + // 1. check destination catalog and create them, if need if (!file_exists($path)) { if (!mkdir ($path, 0755)) { sg_addlog("sg_reconfigure_user_db: error create dir $path"); return; - } else sg_addlog("Create dir $path"); + } + else sg_addlog("Create dir $path"); } // 2. build domains file @@ -780,9 +782,7 @@ function sg_getlog($last_entries_count) { function sg_build_default_config() { global $squidguard_config; $sgconf = array(); - $redirect_base_url = REDIRECT_BASE_URL; - -// TODO: need fix for transparentproxy +# $redirect_base_url = sg_redirector_base_url(); // header $sgconf[] = CONFIG_SG_HEADER; @@ -795,7 +795,7 @@ function sg_build_default_config() { $sgconf[] = "acl {"; $sgconf[] = "\t default {"; $sgconf[] = "\t\t pass none"; - $sgconf[] = "\t\t redirect " . $redirect_base_url; + $sgconf[] = "\t\t redirect " . sg_redirector_base_url('404 Check proxy filter settings on errors.'); # $redirect_base_url $sgconf[] = "\t }"; $sgconf[] = "}"; @@ -804,12 +804,42 @@ function sg_build_default_config() { } // ------------------------------------------------------------ +// sg_redirector_base_url +// ------------------------------------------------------------ +function sg_redirector_base_url($url) { + global $squidguard_config; + $rdr_path = REDIRECT_BASE_URL; + + // check GUI port settings + if (isset($squidguard_config[FLD_CURRENT_GUI_PORT]) and !empty($squidguard_config[FLD_CURRENT_GUI_PORT])) { + $rdr_path = ":" . $squidguard_config[FLD_CURRENT_GUI_PORT] . $rdr_path; + } + + // check Lan IP port settings + $rdr_path = $squidguard_config[FLD_CURRENT_LAN_IP] . $rdr_path; + + // check GUI protocol settings + if ($squidguard_config[FLD_CURRENT_GUI_PROTO] === "https") + $rdr_path = "https://" . $rdr_path; + else $rdr_path = "http://" . $rdr_path; + + // arguments + // Attention: + // order arg's must be: first-URL, last-SG variables + // SG have bug, what broke data after his var's + $rdr_path = $rdr_path . "?url=" . rawurlencode($url) . REDIRECT_URL_ARGS; + + sg_addlog("sg_redirector_base_url: select redirector base url ($rdr_path)"); + return $rdr_path; +} + +// ------------------------------------------------------------ // sg_build_config // ------------------------------------------------------------ function sg_build_config() { global $squidguard_config; $sgconf = array(); - $redirect_base_url = REDIRECT_BASE_URL; +# $redirect_base_url = REDIRECT_BASE_URL; sg_addlog("sg_build_config: create squidGuard config"); if(!is_array($squidguard_config)) { @@ -830,13 +860,8 @@ function sg_build_config() { // --- Header --- $sgconf[] = CONFIG_SG_HEADER; - // Transparent redirector base url - if (isset($squidguard_config[FLD_SQUID_TRANSPARENT_MODE]) and - isset($squidguard_config[FLD_CURRENT_LAN_IP])) { - $redirect_base_url = "http://" . $squidguard_config[FLD_CURRENT_LAN_IP] . REDIRECT_TRANSPARENT_BASE_URL; - sg_addlog("sg_build_config: select LAN redirector base url ($redirect_base_url)"); - } else - sg_addlog("sg_build_config: select localhost redirector base url ($redirect_base_url)"); + // redirector base url +# $redirect_base_url = sg_redirector_base_url(); // init $sgconf[] = "logdir " . $squidguard_config[FLD_LOGDIR]; @@ -955,7 +980,7 @@ function sg_build_config() { if ($dst[FLD_URLS]) $sgconf[] = "\t urllist $dstname/urls"; if ($dst[FLD_REDIRECT] && is_url($dst[FLD_REDIRECT])) - $sgconf[] = "\t redirect " . $redirect_base_url . "?url={$dst[FLD_REDIRECT]}"; + $sgconf[] = "\t redirect " . sg_redirector_base_url($dst[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($dst[FLD_REDIRECT]); if ($dst[FLD_LOG]) $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; $sgconf[] = "}"; @@ -969,7 +994,7 @@ function sg_build_config() { $sgconf[] = ""; $sgconf[] = "rew " . $rew[FLD_NAME] . " {"; foreach ($rew[FLD_ITEM] as $rw) - $sgconf[] = "\t s@." . $rw[FLD_TARGETURL] . "@" . $rw[FLD_REPLACETO]."@"; + $sgconf[] = "\t s@." . $rw[FLD_TARGETURL] . "@" . $rw[FLD_REPLACETO]."@r"; if ($rew[FLD_LOG]) $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; $sgconf[] = "}"; @@ -1017,7 +1042,7 @@ function sg_build_config() { $sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME]; if ($acl[FLD_REDIRECT]) { if (is_url($acl[FLD_REDIRECT])) - $sgconf[] = "\t\t redirect " . $redirect_user_url . "?url={$acl[FLD_REDIRECT]}"; + $sgconf[] = "\t\t redirect " . $redirect_user_url . rawurlencode($acl[FLD_REDIRECT]); else $sgconf[] = "\t\t redirect " . $redirect_user_url . "?msg=" . htmlspecialchars($acl[FLD_REDIRECT]); } if ($acl[FLD_REWRITENAME]) @@ -1027,7 +1052,7 @@ function sg_build_config() { $sgconf[] = "\t } else {"; $sgconf[] = "\t\t pass " . $acl[FLD_OVERDESTINATIONNAME]; if ($acl[FLD_OVERREDIRECT] && is_url($acl[FLD_OVERREDIRECT])) - $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$acl[FLD_OVERREDIRECT]}"; + $sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_OVERREDIRECT]); # $redirect_base_url . rawurlencode($acl[FLD_OVERREDIRECT]); if ($acl[FLD_OVERREWRITENAME]) $sgconf[] = "\t\t rewrite " . $acl[FLD_OVERREWRITENAME]; @@ -1038,7 +1063,7 @@ function sg_build_config() { $sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME]; if ($acl[FLD_REDIRECT] && is_url($acl[FLD_REDIRECT])) - $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$acl[FLD_REDIRECT]}"; + $sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($acl[FLD_REDIRECT]); if ($acl[FLD_REWRITENAME]) $sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME]; @@ -1079,24 +1104,24 @@ function sg_build_config() { $sgconf[] = "\t default within " . $def[FLD_TIMENAME] . " { "; $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME]; if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) - $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$def[FLD_REDIRECT]}"; - else $sgconf[] = "\t\t redirect " . $redirect_base_url; + $sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_REDIRECT]); + else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; // overtime $sgconf[] = "\t } else {"; $sgconf[] = "\t\t pass " . $def[FLD_OVERDESTINATIONNAME]; if ($def[FLD_OVERREDIRECT] && is_url($def[FLD_OVERREDIRECT])) { - $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$def[FLD_OVERREDIRECT]}"; + $sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_OVERREDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_OVERREDIRECT]); } - else $sgconf[] = "\t\t redirect " . $redirect_base_url; + else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; $sgconf[] = "\t }"; } else { // without time $sgconf[] = "\t default { "; $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME]; if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) { - $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$def[FLD_REDIRECT]}"; + $sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_REDIRECT]); } - else $sgconf[] = "\t\t redirect " . $redirect_base_url; + else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; $sgconf[] = "\t }"; } } // if def @@ -1104,7 +1129,7 @@ function sg_build_config() { sg_addlog("sg_build_config: error - ACL 'default' is empty, use as default 'block all'."); $sgconf[] = "\t default { "; $sgconf[] = "\t\t pass none"; - $sgconf[] = "\t\t redirect " . $redirect_base_url; + $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; $sgconf[] = "\t }"; } @@ -1561,10 +1586,12 @@ function scan_dir($dir) { # is_url - build files listing for $dir # ------------------------------------------------------------------------------ function is_url($url) { - if (empty($url)) return false; - if (eregi("^http://", $url)) return true; - if (eregi("^https://", $url)) return true; - if (eregi("^([0-9]{3})", $url)) return true; // http error code 403, 404, 410, 500, + if (empty($url)) return false; + if (eregi("^http://", $url)) return true; + if (eregi("^https://", $url)) return true; + if (strstr("blank", $url)) return true; + if (strstr("blank_img", $url)) return true; + if (eregi("^([0-9]{3})", $url)) return true; // http error code 403, 404, 410, etc. return false; } # ------------------------------------------------------------------------------ diff --git a/packages/squidGuard/squidguard_default.xml b/packages/squidGuard/squidguard_default.xml index 122206ab..b6209c76 100644 --- a/packages/squidGuard/squidguard_default.xml +++ b/packages/squidGuard/squidguard_default.xml @@ -26,10 +26,6 @@ <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Sources</text> - <url>/pkg.php?xml=squidguard_src.xml</url> - </tab> - <tab> <text>Destinations</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> @@ -59,29 +55,32 @@ <fieldname>dest</fieldname> <description></description> <type>input</type> - <size>115</size> + <size>100</size> </field> <field> <fielddescr>Default Redirect</fielddescr> <fieldname>redirect</fieldname> <description> - Enter redirection URL or Error page code for this rule, or leave blank. - Supported error page codes: 403, 404, 410. - </description> + Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> + Supported URL's: 'http://myurl', 'https://myurl'. <br> + Supported tags: 'blank', 'blank_img'. <br> + Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. <type>textarea</type> - <cols>70</cols> - <rows>5</rows> + <cols>65</cols> + <rows>2</rows> </field> <field> <fielddescr>Default overtime redirect</fielddescr> <fieldname>overredirect</fieldname> <description> - Enter redirection URL or Error page code for this rule, or leave blank. - Supported error page codes: 403, 404, 410. - </description> + Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> + Supported URL's: 'http://myurl', 'https://myurl'. <br> + Supported tags: 'blank', 'blank_img'. <br> + Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. + </description> <type>textarea</type> - <cols>70</cols> - <rows>5</rows> + <cols>65</cols> + <rows>2</rows> </field> <field> <fielddescr>Default Rewrite</fielddescr> diff --git a/packages/squidGuard/squidguard_dest.xml b/packages/squidGuard/squidguard_dest.xml index 0643c08f..ab705ae2 100644 --- a/packages/squidGuard/squidguard_dest.xml +++ b/packages/squidGuard/squidguard_dest.xml @@ -28,10 +28,6 @@ <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Sources</text> - <url>/pkg.php?xml=squidguard_src.xml</url> - </tab> - <tab> <text>Destinations</text> <url>/pkg.php?xml=squidguard_dest.xml</url> <active/> @@ -128,12 +124,14 @@ <fielddescr>Redirect</fielddescr> <fieldname>redirect</fieldname> <description> - Enter redirection URL or Error page code for this rule, or leave blank. - Supported error page codes: 403, 404, 410. - </description> + Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> + Supported URL's: 'http://myurl', 'https://myurl'. <br> + Supported tags: 'blank', 'blank_img'. <br> + Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. + </description> <type>textarea</type> <cols>60</cols> - <rows>5</rows> + <rows>2</rows> </field> <field> <fielddescr>Enable log</fielddescr> @@ -158,6 +156,6 @@ // squidguard_resync_time(); </custom_php_resync_config_command> <custom_php_after_form_command> - squidGuard_print_javascript(); + squidGuard_print_javascript(); </custom_php_after_form_command> </packagegui> diff --git a/packages/squidGuard/squidguard_log.xml b/packages/squidGuard/squidguard_log.xml index c201e9f3..ae781562 100644 --- a/packages/squidGuard/squidguard_log.xml +++ b/packages/squidGuard/squidguard_log.xml @@ -28,10 +28,6 @@ <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Sources</text> - <url>/pkg.php?xml=squidguard_src.xml</url> - </tab> - <tab> <text>Destinations</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> @@ -58,7 +54,7 @@ <type>select</type> <value>access_log</value> <options> - <option><name>Blocked URL's log</name><value>block_log</value></option> + <option><name>Blocked URL's log</name><value>block_log</value></option> <option><name>Configurator log</name><value>configurator_log</value></option> <option><name>squidGuard log</name><value>squidguard_log</value></option> <option><name>squid config</name><value>squid_config</value></option> diff --git a/packages/squidGuard/squidguard_rewr.xml b/packages/squidGuard/squidguard_rewr.xml index 0de007ac..5d2e6ac3 100644 --- a/packages/squidGuard/squidguard_rewr.xml +++ b/packages/squidGuard/squidguard_rewr.xml @@ -25,10 +25,6 @@ <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Sources</text> - <url>/pkg.php?xml=squidguard_src.xml</url> - </tab> - <tab> <text>Destinations</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> @@ -128,7 +124,7 @@ </fields> <custom_php_after_form_command> - squidGuard_print_javascript(); + squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> squidguard_validate_rewrite($_POST, &$input_errors); diff --git a/packages/squidGuard/squidguard_time.xml b/packages/squidGuard/squidguard_time.xml index 360a2930..76b781ab 100644 --- a/packages/squidGuard/squidguard_time.xml +++ b/packages/squidGuard/squidguard_time.xml @@ -28,10 +28,6 @@ <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Sources</text> - <url>/pkg.php?xml=squidguard_src.xml</url> - </tab> - <tab> <text>Destinations</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> @@ -131,7 +127,7 @@ </fields> <custom_php_after_form_command> - squidGuard_print_javascript(); + squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> squidguard_validate_times(&$_POST, &$input_errors); |