From d52a7fba0e525484dffa7cc8c5e286a91ac5a2e7 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Thu, 3 May 2012 13:22:49 -0300 Subject: dansguardian - include per group report options and passkey for denied pages --- config/dansguardian/dansguardian.conf.template | 3 +- config/dansguardian/dansguardian.inc | 38 ++++++++++++++++++++++-- config/dansguardian/dansguardian_groups.xml | 26 ++++++++++++++-- config/dansguardian/dansguardian_log.xml | 8 +++++ config/dansguardian/dansguardianfx.conf.template | 8 ++--- 5 files changed, 74 insertions(+), 9 deletions(-) (limited to 'config/dansguardian') diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template index 27099332..ab30527a 100755 --- a/config/dansguardian/dansguardian.conf.template +++ b/config/dansguardian/dansguardian.conf.template @@ -157,7 +157,8 @@ proxyport = {$proxyport} # # Individual filter groups can override this setting in their own configuration. # -accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +{$accessdeniedaddress} # Non standard delimiter (only used with accessdeniedaddress) # To help preserve the full banned URL, including parameters, the variables diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index 56acfc5e..26e213a2 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -181,6 +181,16 @@ function sync_package_dansguardian() { #report and log $reportlevel=($dansguardian_log['report_level']?$dansguardian_log['report_level']:"3"); + if ($reportlevel == 1 || $reportlevel== 2){ + if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_log['reportingcgi'],$cgimatches)){ + $accessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'"; + } + else{ + log_error("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url"); + file_notice("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url",""); + } + } + $accessdenied=($dansguardian_log['reportingcgi']?$dansguardian_log['report_level']:"3"); $reportlanguage=($dansguardian_log['report_language']?$dansguardian_log['report_language']:"ukenglish"); $showweightedfound=(preg_match('/showweightedfound/',$dansguardian_log['report_options'])?"on":"off"); $usecustombannedflash=(preg_match('/usecustombannedflash/',$dansguardian_log['report_options'])?"on":"off"); @@ -657,7 +667,7 @@ function sync_package_dansguardian() { $config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file); $dansguardian_log['report_file']=base64_encode($report_file); $load_samples++; - } + } if($load_samples > 0) write_config(); @@ -676,7 +686,8 @@ function sync_package_dansguardian() { 'urlacl'=> "Default", 'group_options' => "scancleancache,infectionbypasserrorsonly", 'reportinglevel'=>'3', - 'mode'=> "1"); + 'mode'=> "1", + 'report_level'=>"general"); $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm"); #loop on array @@ -695,6 +706,29 @@ function sync_package_dansguardian() { $dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0"); $dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0"); $dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da"); + switch ($dansguardian_groups['reportinglevel']){ + case "1": + case "2": + $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel']; + if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_groups['reportingcgi'],$cgimatches)){ + $groupaccessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'"; + } + else{ + log_error('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.'); + file_notice('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.',""); + } + break; + case "-1": + case "0": + case "3": + $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel']; + $groupaccessdeniedaddress=""; + break; + default: + $groupreportinglevel=""; + $groupaccessdeniedaddress=""; + } + foreach ($groups as $group) $dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off"); include("/usr/local/pkg/dansguardianfx.conf.template"); diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml index baa9b44a..063d55fa 100755 --- a/config/dansguardian/dansguardian_groups.xml +++ b/config/dansguardian/dansguardian_groups.xml @@ -105,7 +105,10 @@ Group mode mode - + + Reporting level + reportinglevel + Description description @@ -247,13 +250,23 @@ If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]> select - + + + + Access Denied cgi + reportingcgi + + input + 70 + + Weighted phrase mode weightedphrasemode @@ -320,6 +333,15 @@ 0 = disable ( defaults to 0 )]]> input 10 + + + Temporary Denied Page Bypass Secret Key + bypasskey + + Ex1:Mary had a little lamb.
+ Ex2:76b42abc1cd0fdcaf6e943dcbc93b826]]>
+ input + 70
Infection/Scan Error Bypass diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml index a3448d44..a9b9d0e9 100644 --- a/config/dansguardian/dansguardian_log.xml +++ b/config/dansguardian/dansguardian_log.xml @@ -114,6 +114,14 @@ + + + Access Denied cgi + reportingcgi + + input + 70 Report Language diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template index c2d10853..c827cfe4 100644 --- a/config/dansguardian/dansguardianfx.conf.template +++ b/config/dansguardian/dansguardianfx.conf.template @@ -268,8 +268,8 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']} # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. -# -reportinglevel = {$dansguardian_groups['reportinglevel']} +# reportinglevel = 3 +{$groupreportinglevel} # accessdeniedaddress is the address of your web server to which the cgi # dansguardian reporting script was copied. Only used in reporting levels @@ -284,8 +284,8 @@ reportinglevel = {$dansguardian_groups['reportinglevel']} # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. -# -accessdeniedaddress = '{$dansguardian_groups['accessdeniedaddress']}' +# accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +{$groupaccessdeniedaddress} # HTML Template override # If defined, this specifies a custom HTML template file for members of this -- cgit v1.2.3