###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
use strict;
use IPC::Open2;
use IO::Handle;
+
+my $redirectors;
+
require '/var/ipfire/general-functions.pl';
my %proxysettings=();
+$proxysettings{'ENABLE_FILTER'} = 'off';
+$proxysettings{'ENABLE_CLAMAV'} = 'off';
+$proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
# define here your redirectors (use a comma sperated list)
-my @redirectors = "";
-if ( $proxysettings{'ENABLE_FILTER'} eq 'on' && -e '/usr/bin/squidGuard' ){push(@redirectors,"/usr/bin/squidGuard"); }
-if ( $proxysettings{'ENABLE_CLAMAV'} eq 'on' && -e '/usr/bin/squidclamav' ){ push(@redirectors,"/usr/bin/squidclamav"); }
-if ( $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' && -e '/usr/sbin/updxlrator' ) { push(@redirectors,"/usr/sbin/updxlrator"); }
-
-#my $redirectors = [ '/usr/bin/squidclamav', '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];
+if ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/bin/squidGuard', '/usr/bin/squidclamav', '/usr/sbin/updxlrator' ];}
+elsif ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'off' ){$redirectors = [ '/usr/bin/squidGuard', '/usr/bin/squidclamav' ];}
+elsif ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'off' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];}
+elsif ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'off' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'off' ){$redirectors = [ '/usr/bin/squidGuard' ];}
+elsif ( $proxysettings{'ENABLE_FILTER'} eq 'off' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/bin/squidclamav', '/usr/sbin/updxlrator' ];}
+elsif ( $proxysettings{'ENABLE_FILTER'} eq 'off' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'off' ){$redirectors = [ '/usr/bin/squidclamav' ];}
+elsif ( $proxysettings{'ENABLE_FILTER'} eq 'off' && $proxysettings{'ENABLE_CLAMAV'} eq 'off' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/sbin/updxlrator' ];}
+else { $redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];}
# Attention: keep in mind that the order of your redirectors is important.
# It doesn't make sense to scan for viruses on pages you restrict access to...
# So place first your tools which restrict access, then the tools which do the
# content filtering!
-#print "Anzahl ".$#redirectors."\n";
-
##### no need to change anything below this line #####
# init
my $line;
my $return;
my $i;
+my $debug=0; # enable only for debugging
+
+if ( -e "/var/ipfire/proxy/enable_redirector_debug" ){
+ $debug = 1;
+ writetolog("Urlfilter = ".$proxysettings{'ENABLE_FILTER'}." Clamav = ".$proxysettings{'ENABLE_CLAMAV'}." Updxlrator = ".$proxysettings{'ENABLE_UPDXLRATOR'});
+ }
# open progamms
my $pidlist = [];
my $rlist = [];
my $wlist = [];
-for($i = 1; $i <= $#redirectors; $i++) {
- #print "i=".$i." redirector ".$redirectors[$i]."\n";
- $pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors[$i] );
-}
+
+for($i = 0; $i < @$redirectors; $i++) {
+ $pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors->[$i]);
+ if ($debug){
+ writetolog("Current redirector is ".$redirectors->[$i]." number ".$i." PID ".$pidlist->[$i]);
+ }
+ }
# wait for data...
while($line = <>) {
- for($i = 1; $i <= $#redirectors; $i++) {
- $wlist->[$i]->print($line);
- $return = $rlist->[$i]->getline;
- last if($return ne "\n" and $return ne $line);
- # break if redirector changes data
- }
- print $return;
-}
+ $return = "";
+
+ for($i = 0; $i < @$redirectors; $i++) {
+ $wlist->[$i]->print($line);
+ $return = $rlist->[$i]->getline;
+
+ if ( $return eq "Processing file and database" ){
+ system("logger -t ipfire 'Emergency - squidGuard not initialised please run squidGuard -C all'");
+ }
+
+ if ($debug){
+ my $dline = $line;my $dreturn = $return;chomp $dline;chomp $dreturn;
+ if ( $return eq $line or $return eq "\n" or $return eq "" ){
+ writetolog("Request equals result by ".$redirectors->[$i]." ".$dline);
+ }
+ else {
+ writetolog($redirectors->[$i]." answers ".$dreturn."\n Querried ".$dline);
+ }
+ }
+
+ # break if redirector changes data
+ if($return ne "\n" and $return ne $line ){
+ if ( $redirectors->[$i] ne "/usr/sbin/updxlrator"){
+ if ($debug){
+ writetolog($redirectors->[$i]." is stopping querry because block was found.");
+ }
+ $i = @$redirectors;
+ }
+ }
+ }
+ print $return;
+ }
+
exit 0;
+
+sub writetolog {
+ open(DATEI, ">>/var/log/squid/redirector_debug") || die "Unable to acces file /var/log/squid/redirector_debug";
+ my $log = shift;
+ print DATEI $log."\n";
+ close(DATEI);
+ }