#!/usr/bin/perl
-#
-# SmoothWall CGIs
-#
-# This code is distributed under the terms of the GPL
-#
-# (c) written from scratch
-#
-# $Id: urlfilter.cgi,v 1.7 2006/05/08 00:00:00 marco Exp $
-#
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2005-2010 IPFire Team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
use strict;
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
+my $http_port='81';
my %netsettings=();
my %mainsettings=();
my %proxysettings=();
my $uqfile = "${General::swroot}/urlfilter/userquota";
my $dbdir = "${General::swroot}/urlfilter/blacklists";
my $editdir = "${General::swroot}/urlfilter/editor";
-my $repository = "/home/httpd/html/repository";
+my $repository = "/var/urlrepo";
my $hintcolour = '#FFFFCC';
my $sourceurlfile = "${General::swroot}/urlfilter/autoupdate/autoupdate.urls";
my $updconffile = "${General::swroot}/urlfilter/autoupdate/autoupdate.conf";
my $updflagfile = "${General::swroot}/urlfilter/blacklists/.autoupdate.last";
-my $upd_cron_dly = "${General::swroot}/urlfilter/autoupdate/cron.daily";
-my $upd_cron_wly = "${General::swroot}/urlfilter/autoupdate/cron.weekly";
-my $upd_cron_mly = "${General::swroot}/urlfilter/autoupdate/cron.monthly";
my $errormessage='';
my $updatemessage='';
my @tclist=();
my @uqlist=();
my @source_urllist=();
+my @clients=();
my @temp=();
my $lastslashpos=0;
$filtersettings{'ENABLE_LOG'} = 'off';
$filtersettings{'ENABLE_USERNAME_LOG'} = 'off';
$filtersettings{'ENABLE_CATEGORY_LOG'} = 'off';
-$filtersettings{'CHILDREN'} = '5';
$filtersettings{'ENABLE_AUTOUPDATE'} = 'off';
$filtersettings{'ACTION'} = '';
($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload blacklist'}) ||
($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter backup'}) ||
($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter restore'}))
-{
- if (!($filtersettings{'CHILDREN'} =~ /^\d+$/) || ($filtersettings{'CHILDREN'} < 1))
+{
+
+ @clients = split(/\n/,$filtersettings{'UNFILTERED_CLIENTS'});
+ foreach (@clients)
{
- $errormessage = $Lang::tr{'urlfilter invalid num of children'};
- goto ERROR;
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ if (/.*-.*-.*/) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; }
+ @temp = split(/-/);
+ foreach (@temp) { unless ((&General::validipormask($_)) || (&General::validipandmask($_))) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } }
}
+ @clients = split(/\n/,$filtersettings{'BANNED_CLIENTS'});
+ foreach (@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ if (/.*-.*-.*/) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; }
+ @temp = split(/-/);
+ foreach (@temp) { unless ((&General::validipormask($_)) || (&General::validipandmask($_))) { $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; } }
+ }
+ if ($errormessage) { goto ERROR; }
if ((!($filtersettings{'REDIRECT_PAGE'} eq '')) && (!($filtersettings{'REDIRECT_PAGE'} =~ /^https?:\/\//)))
{
}
}
-
+
if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter upload blacklist'})
{
&Header::getcgihash(\%filtersettings, {'wantfile' => 1, 'filevar' => 'UPDATEFILE'});
$errormessage = $!;
goto ERROR;
}
-
+
if (!(-d "${General::swroot}/urlfilter/update")) { mkdir("${General::swroot}/urlfilter/update"); }
my $exitcode = system("/bin/tar --no-same-owner -xzf ${General::swroot}/urlfilter/blacklists.tar.gz -C ${General::swroot}/urlfilter/update");
-
+
if ($exitcode > 0)
{
$errormessage = $Lang::tr{'urlfilter tar error'};
} else {
+ if (-d "${General::swroot}/urlfilter/update/BL")
+ {
+ system("mv ${General::swroot}/urlfilter/update/BL ${General::swroot}/urlfilter/update/blacklists");
+ }
+
if (-d "${General::swroot}/urlfilter/update/category")
{
system("mv ${General::swroot}/urlfilter/update/category ${General::swroot}/urlfilter/update/blacklists");
{
$errormessage = $!;
}
-
+
my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf ${General::swroot}/urlfilter/backup.tar.gz -C ${General::swroot}/urlfilter/restore");
if ($exitcode > 0)
{
if ($filtersettings{'ACTION'} eq $Lang::tr{'urlfilter save and restart'})
{
- if (!(-e "${General::swroot}/proxy/enable"))
+ if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue")))
{
$errormessage = $Lang::tr{'urlfilter web proxy service required'};
goto ERROR;
$filtersettings{'VALID'} = 'yes';
&savesettings;
- system("chown -R nobody.nobody $dbdir");
-
- if (-e "$dbdir/custom/allowed/domains.db") { unlink("$dbdir/custom/allowed/domains.db"); }
- if (-e "$dbdir/custom/allowed/urls.db") { unlink("$dbdir/custom/allowed/urls.db"); }
- if (-e "$dbdir/custom/blocked/domains.db") { unlink("$dbdir/custom/blocked/domains.db"); }
- if (-e "$dbdir/custom/blocked/urls.db") { unlink("$dbdir/custom/blocked/urls.db"); }
-
- foreach (<$dbdir/*>)
- {
- if (-d $_){ system("chmod 644 $_/*"); }
- if (-d $_){ system("chmod 666 $_/*.db"); }
- }
- if (-d "$dbdir/custom/allowed")
- {
- system("chmod 755 $dbdir/custom/allowed");
- system("chmod 644 $dbdir/custom/allowed/*");
- }
- if (-d "$dbdir/custom/blocked")
- {
- system("chmod 755 $dbdir/custom/blocked");
- system("chmod 644 $dbdir/custom/blocked/*");
- }
-
- system('/usr/local/bin/restartsquid');
+ system('/usr/local/bin/squidctrl restart >/dev/null 2>&1');
}
-
-ERROR:
-
- if ($errormessage) { $filtersettings{'VALID'} = 'no'; }
-
}
if ($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter set time constraints'}) { $tcsettings{'TCMODE'} = 'on'}
if (!$errormessage)
{
+ # transform to pre1.8 client definitions
+ @clients = split(/\n/,$tcsettings{'SRC'});
+ undef $tcsettings{'SRC'};
+ foreach(@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ $tcsettings{'SRC'} .= "$_ ";
+ }
+ $tcsettings{'SRC'} =~ s/\s+$//;
+
if ($tcsettings{'DST'} =~ /^any/) { $tcsettings{'DST'} = 'any'; }
if ($tcsettings{'ENABLERULE'} eq 'on') { $tcsettings{'ACTIVE'} = $tcsettings{'ENABLERULE'}; } else { $tcsettings{'ACTIVE'} = 'off'}
}
}
+if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter copy rule'}) && (!$errormessage))
+{
+ $id = 0;
+ foreach $line (@tclist)
+ {
+ $id++;
+ if ($tcsettings{'ID'} eq $id)
+ {
+ chomp($line);
+ @temp = split(/\,/,$line);
+ $tcsettings{'DEFINITION'} = $temp[0];
+ $tcsettings{'MON'} = $temp[1];
+ $tcsettings{'TUE'} = $temp[2];
+ $tcsettings{'WED'} = $temp[3];
+ $tcsettings{'THU'} = $temp[4];
+ $tcsettings{'FRI'} = $temp[5];
+ $tcsettings{'SAT'} = $temp[6];
+ $tcsettings{'SUN'} = $temp[7];
+ $tcsettings{'FROM_HOUR'} = $temp[8];
+ $tcsettings{'FROM_MINUTE'} = $temp[9];
+ $tcsettings{'TO_HOUR'} = $temp[10];
+ $tcsettings{'TO_MINUTE'} = $temp[11];
+ $tcsettings{'SRC'} = $temp[12];
+ $tcsettings{'DST'} = $temp[13];
+ $tcsettings{'ACCESS'} = $temp[14];
+ $tcsettings{'ENABLERULE'} = $temp[15];
+ $tcsettings{'COMMENT'} = $temp[16];
+ }
+ }
+ $tcsettings{'TCMODE'}='on';
+}
+
if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'remove'}))
{
$id = 0;
{
$errormessage = $Lang::tr{'urlfilter not enabled'};
}
- if (!(-e "${General::swroot}/proxy/enable"))
+ if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue")))
{
$errormessage = $Lang::tr{'urlfilter web proxy service required'};
}
- if (!$errormessage) { system('/usr/local/bin/restartsquid'); }
+ if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
$tcsettings{'TCMODE'}='on';
}
$tcsettings{'TCMODE'}='on';
}
-if (!$errormessage) {
- $tcsettings{'ENABLERULE'}='on';
- $tcsettings{'TO_HOUR'}='24';
-}
-
if (($tcsettings{'MODE'} eq 'TIMECONSTRAINT') && ($tcsettings{'ACTION'} eq $Lang::tr{'edit'}) && (!$errormessage))
{
$id = 0;
$tcsettings{'TCMODE'}='on';
}
+if ((!$errormessage) && (!($tcsettings{'ACTION'} eq $Lang::tr{'urlfilter copy rule'})) && (!($tcsettings{'ACTION'} eq $Lang::tr{'edit'}))) {
+ $tcsettings{'ENABLERULE'}='on';
+ $tcsettings{'TO_HOUR'}='24';
+}
+
if ($uqsettings{'ACTION'} eq $Lang::tr{'urlfilter set user quota'}) { $uqsettings{'UQMODE'} = 'on'}
if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{'add'}))
{
$errormessage = $Lang::tr{'urlfilter not enabled'};
}
- if (!(-e "${General::swroot}/proxy/enable"))
+ if ((!(-e "${General::swroot}/proxy/enable")) && (!(-e "${General::swroot}/proxy/enable_blue")))
{
$errormessage = $Lang::tr{'urlfilter web proxy service required'};
}
- if (!$errormessage) { system('/usr/local/bin/restartsquid'); }
+ if (!$errormessage) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
$uqsettings{'UQMODE'}='on';
}
{
$errormessage = $!;
} else {
-
+
my $exitcode = system("/bin/tar --no-same-owner --preserve-permissions -xzf $editdir/blacklist.tar.gz -C $editdir");
if ($exitcode > 0)
{
&writeconfigfile;
- system('/usr/local/bin/restartsquid') unless ($besettings{'NORESTART'} eq 'on');
+ system('/usr/local/bin/squidctrl restart >/dev/null 2>&1') unless ($besettings{'NORESTART'} eq 'on');
if (-d $editdir) { system("rm -rf $editdir"); }
} else {
print FILE "CUSTOM_UPDATE_URL=$filtersettings{'CUSTOM_UPDATE_URL'}\n";
close FILE;
- if (-e $upd_cron_dly) { unlink($upd_cron_dly); }
- if (-e $upd_cron_wly) { unlink($upd_cron_wly); }
- if (-e $upd_cron_mly) { unlink($upd_cron_mly); }
if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'daily'))
{
- symlink("../bin/autoupdate.pl",$upd_cron_dly)
- } else {
- symlink("/bin/false",$upd_cron_dly)
+ system('/usr/local/bin/urlfilterctrl cron daily >/dev/null 2>&1');
}
if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'weekly'))
{
- symlink("../bin/autoupdate.pl",$upd_cron_wly)
- } else {
- symlink("/bin/false",$upd_cron_wly)
+ system('/usr/local/bin/urlfilterctrl cron weekly >/dev/null 2>&1');
}
if (($filtersettings{'ENABLE_AUTOUPDATE'} eq 'on') && ($filtersettings{'UPDATE_SCHEDULE'} eq 'monthly'))
{
- symlink("../bin/autoupdate.pl",$upd_cron_mly)
- } else {
- symlink("/bin/false",$upd_cron_mly)
+ system('/usr/local/bin/urlfilterctrl cron monthly >/dev/null 2>&1');
}
}
}
&readcustomlists;
+ERROR:
+
+if ($errormessage) { $filtersettings{'VALID'} = 'no'; }
+
$checked{'ENABLE_CUSTOM_BLACKLIST'}{'off'} = '';
$checked{'ENABLE_CUSTOM_BLACKLIST'}{'on'} = '';
$checked{'ENABLE_CUSTOM_BLACKLIST'}{$filtersettings{'ENABLE_CUSTOM_BLACKLIST'}} = "checked='checked'";
<td colspan='2'>$Lang::tr{'urlfilter blocked domains'} <img src='/blob.gif' alt='*' /></td>
<td colspan='2'>$Lang::tr{'urlfilter blocked urls'} <img src='/blob.gif' alt='*' /></td>
</tr>
+<tr>
+ <td colspan='2'>$Lang::tr{'urlfilter example'}</td>
+ <td colspan='2'>$Lang::tr{'urlfilter example ads'}</td>
+</tr>
<tr>
<td colspan='2' width='50%'><textarea name='CUSTOM_BLACK_DOMAINS' cols='32' rows='6' wrap='off'>
END
<td colspan='2'>$Lang::tr{'urlfilter allowed domains'} <img src='/blob.gif' alt='*' /></td>
<td colspan='2'>$Lang::tr{'urlfilter allowed urls'} <img src='/blob.gif' alt='*' /></td>
</tr>
+<tr>
+ <td colspan='2'>$Lang::tr{'urlfilter example'}</td>
+ <td colspan='2'>$Lang::tr{'urlfilter example ads'}</td>
+</tr>
<tr>
<td colspan='2' width='50%'><textarea name='CUSTOM_WHITE_DOMAINS' cols='32' rows='6' wrap='off'>
END
<td> </td>
</tr>
<tr>
- <td class='base'>$Lang::tr{'urlfilter unfiltered clients'}: <img src='/blob.gif' alt='*' /></td>
- <td><input type='text' name='UNFILTERED_CLIENTS' value='$filtersettings{'UNFILTERED_CLIENTS'}' size='30' /></td>
- <td class='base'>$Lang::tr{'urlfilter banned clients'}: <img src='/blob.gif' alt='*' /></td>
- <td><input type='text' name='BANNED_CLIENTS' value='$filtersettings{'BANNED_CLIENTS'}' size='30' /></td>
+ <td colspan='2'>$Lang::tr{'urlfilter unfiltered clients'} <img src='/blob.gif' alt='*' /></td>
+ <td colspan='2'>$Lang::tr{'urlfilter banned clients'} <img src='/blob.gif' alt='*' /></td>
+</tr>
+<tr>
+ <td colspan='2' width='50%'><textarea name='UNFILTERED_CLIENTS' cols='32' rows='6' wrap='off'>
+END
+;
+
+# transform from pre1.8 client definitions
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/^\s+//g;
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+$//g;
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+-\s+/-/g;
+$filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+/ /g;
+
+@clients = split(/ /,$filtersettings{'UNFILTERED_CLIENTS'});
+undef $filtersettings{'UNFILTERED_CLIENTS'};
+foreach (@clients) { $filtersettings{'UNFILTERED_CLIENTS'} .= "$_\n"; }
+
+print $filtersettings{'UNFILTERED_CLIENTS'};
+
+print <<END
+</textarea></td>
+ <td colspan='2' width='50%'><textarea name='BANNED_CLIENTS' cols='32' rows='6' wrap='off'>
+END
+;
+
+# transform from pre1.8 client definitions
+$filtersettings{'BANNED_CLIENTS'} =~ s/^\s+//g;
+$filtersettings{'BANNED_CLIENTS'} =~ s/\s+$//g;
+$filtersettings{'BANNED_CLIENTS'} =~ s/\s+-\s+/-/g;
+$filtersettings{'BANNED_CLIENTS'} =~ s/\s+/ /g;
+
+@clients = split(/ /,$filtersettings{'BANNED_CLIENTS'});
+undef $filtersettings{'BANNED_CLIENTS'};
+foreach (@clients) { $filtersettings{'BANNED_CLIENTS'} .= "$_\n"; }
+
+print $filtersettings{'BANNED_CLIENTS'};
+
+print <<END
+</textarea></td>
</tr>
</table>
<hr size='1'>
<td class='base'>$Lang::tr{'urlfilter msg text 3'}: <img src='/blob.gif' alt='*' /></td>
<td><input type='text' name='MSG_TEXT_3' value='$filtersettings{'MSG_TEXT_3'}' size='40' /></td>
</tr>
-<tr>
- <td class='base'>$Lang::tr{'urlfilter enable jpeg'}:</td>
- <td><input type='checkbox' name='ENABLE_JPEG' $checked{'ENABLE_JPEG'}{'on'} /></td>
- <td> </td>
- <td> </td>
-</tr>
</table>
<hr size='1'>
<table width='100%'>
<tr>
<td class='base'>$Lang::tr{'urlfilter block ip'}:</td>
<td><input type='checkbox' name='BLOCK_IP_ADDR' $checked{'BLOCK_IP_ADDR'}{'on'} /></td>
- <td class='base'>$Lang::tr{'urlfilter children'}:</td>
- <td><input type='text' name='CHILDREN' value='$filtersettings{'CHILDREN'}' size='5' /></td>
</tr>
<tr>
<td class='base'>$Lang::tr{'urlfilter block all'}:</td>
<font class='base'>$Lang::tr{'this field may be blank'}</font>
</td>
<td align='right'>
-</td>
+ </td>
</tr>
</table>
<table width='100%'>
<td> </td>
</tr>
<tr>
- <td valign='top'><input type='text' name='SRC' value='$tcsettings{'SRC'}' size='32' /></td>
+ <td rowspan='2'><textarea name='SRC' cols='28' rows='5' wrap='off'>
+END
+;
+
+# transform from pre1.8 client definitions
+$tcsettings{'SRC'} =~ s/^\s+//g;
+$tcsettings{'SRC'} =~ s/\s+$//g;
+$tcsettings{'SRC'} =~ s/\s+-\s+/-/g;
+$tcsettings{'SRC'} =~ s/\s+/ /g;
+
+@clients = split(/ /,$tcsettings{'SRC'});
+undef $tcsettings{'SRC'};
+foreach (@clients) { $tcsettings{'SRC'} .= "$_\n"; }
+
+print $tcsettings{'SRC'};
+
+print <<END
+</textarea></td>
+
<td> </td>
- <td class='base' rowspan='3' valign='top'>
- <select name='DST' size='4' multiple>
+ <td class='base' rowspan='2' valign='top'>
+ <select name='DST' size='6' multiple>
<option value='any' $selected{'DST'}{'any'} = "selected='selected'">$Lang::tr{'urlfilter category all'}</option>
<option value='in-addr' $selected{'DST'}{'in-addr'} = "selected='selected'">in-addr</option>
END
</td>
<td> </td>
</tr>
+ <tr>
+ <td> </td>
+ <td> </td>
+ <td> </td>
+ <td> </td>
+ </tr>
<tr>
<td>$Lang::tr{'remark'} <img src='/blob.gif' alt='*'></td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
+ <td> </td>
</tr>
<tr>
<td><input type='text' name='COMMENT' value='$tcsettings{'COMMENT'}' size='32' /></td>
<td> </td>
<td> </td>
<td> </td>
+ <td> </td>
</tr>
</table>
<td width='10%' class='boldbase' align='center'><b>$Lang::tr{'urlfilter time space'}</b></td>
<td width='15%' class='boldbase' align='center'><b>$Lang::tr{'urlfilter src'}</b></td>
<td width='5%' class='boldbase' align='center'><b>$Lang::tr{'urlfilter dst'}</b></td>
- <td width='10%' class='boldbase' colspan='4' align='center'> </td>
+ <td width='10%' class='boldbase' colspan='5' align='center'> </td>
</tr>
END
;
<td align='center'>
<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'urlfilter copy rule'}' src='/images/urlfilter/copy.gif' title='$Lang::tr{'urlfilter copy rule'}' alt='$Lang::tr{'urlfilter copy rule'}' />
+ <input type='hidden' name='MODE' value='TIMECONSTRAINT' />
+ <input type='hidden' name='ID' value='$id' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'urlfilter copy rule'}' />
+ </form>
+ </td>
+
+ <td align='center'>
+ <form method='post' name='frmd$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
<input type='hidden' name='MODE' value='TIMECONSTRAINT' />
<input type='hidden' name='ID' value='$id' />
print <<END
<td align='center' colspan='4'>$temp[16]
</td>
- <td align='center' colspan='4'>
+ <td align='center' colspan='5'>
</td>
</tr>
END
<td class='base'>$Lang::tr{'click to enable'}</td>
<td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
<td class='base'>$Lang::tr{'edit'}</td>
+ <td> <img src='/images/urlfilter/copy.gif' alt='$Lang::tr{'urlfilter copy rule'}' /></td>
+ <td class='base'>$Lang::tr{'urlfilter copy rule'}</td>
<td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
</tr>
sub savesettings
{
+ # transform to pre1.8 client definitions
+ @clients = split(/\n/,$filtersettings{'UNFILTERED_CLIENTS'});
+ undef $filtersettings{'UNFILTERED_CLIENTS'};
+ foreach(@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ $filtersettings{'UNFILTERED_CLIENTS'} .= "$_ ";
+ }
+ $filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+$//;
+
+ # transform to pre1.8 client definitions
+ @clients = split(/\n/,$filtersettings{'BANNED_CLIENTS'});
+ undef $filtersettings{'BANNED_CLIENTS'};
+ foreach(@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ $filtersettings{'BANNED_CLIENTS'} .= "$_ ";
+ }
+ $filtersettings{'BANNED_CLIENTS'} =~ s/\s+$//;
+
&writeconfigfile;
delete $filtersettings{'CUSTOM_BLACK_DOMAINS'};
delete $filtersettings{'BACKGROUND'};
delete $filtersettings{'UPDATEFILE'};
+ system("chown -R nobody.nobody $dbdir");
+ system('/usr/bin/squidGuard -C custom/allowed/domains >/dev/null 2>&1');
+ system('/usr/bin/squidGuard -C custom/allowed/urls >/dev/null 2>&1');
+ system('/usr/bin/squidGuard -C custom/blocked/domains >/dev/null 2>&1');
+ system('/usr/bin/squidGuard -C custom/blocked/urls >/dev/null 2>&1 ');
+ &setpermissions ($dbdir);
+
&General::writehash("${General::swroot}/urlfilter/settings", \%filtersettings);
}
sub readblockcategories
{
undef(@categories);
- foreach $blacklist (<$dbdir/*>) {
- if (-d $blacklist) {
- $lastslashpos = rindex($blacklist,"/");
- if ($lastslashpos > -1) {
- $section = substr($blacklist,$lastslashpos+1);
- } else {
- $section = $blacklist;
- }
- if (!($section eq 'custom')) { push(@categories,$section) };
- }
- }
+
+ &getblockcategory ($dbdir);
+
+ foreach (@categories) { $_ = substr($_,length($dbdir)+1); }
@filtergroups = @categories;
+
foreach (@filtergroups) {
+ s/\//_/g;
tr/a-z/A-Z/;
$_ = "FILTER_".$_;
}
# -------------------------------------------------------------------
+sub getblockcategory
+{
+ foreach $category (<$_[0]/*>)
+ {
+ if (-d $category)
+ {
+ if ((-e "$category/domains") || (-e "$category/urls"))
+ {
+ unless ($category =~ /\bcustom\b/) { push(@categories,$category); }
+ }
+ &getblockcategory ($category);
+ }
+ }
+}
+
+# -------------------------------------------------------------------
+
sub readcustomlists
{
if (-e "$dbdir/custom/blocked/domains") {
foreach (@new)
{
@tmp2 = split(/\,/);
- if ($tmp2[15] eq 'on')
+ if (($tmp1[15] eq 'on') && ($tmp2[15] eq 'on'))
{
if (($tmp1[0] eq $tmp2[0]) && ($tmp1[12] eq $tmp2[12]) && ($tmp1[13] eq $tmp2[13]) && ($tmp1[14] eq $tmp2[14]))
{
# -------------------------------------------------------------------
+sub setpermissions
+{
+ my $bldir = $_[0];
+
+ foreach $category (<$bldir/*>)
+ {
+ if (-d $category){
+ system("chmod 755 $category &> /dev/null");
+ foreach $blacklist (<$category/*>)
+ {
+ if (-f $blacklist) { system("chmod 644 $blacklist &> /dev/null"); }
+ if (-d $blacklist) { system("chmod 755 $blacklist &> /dev/null"); }
+ }
+ system("chmod 666 $category/*.db &> /dev/null");
+ &setpermissions ($category);
+ }
+ }
+}
+
+# -------------------------------------------------------------------
+
sub writeconfigfile
{
my $executables = "\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
- my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv\)\$";
+ my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
my $archives = "\\.\(bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
my $ident = " anonymous";
if ($filtersettings{'SHOW_URL'} eq 'on') { $redirect .= "&url=%u"; }
if ($filtersettings{'SHOW_IP'} eq 'on') { $redirect .= "&ip=%a"; }
$redirect =~ s/^&/?/;
- $redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi".$redirect;
+ $redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi".$redirect;
} else {
- $redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi";
+ $redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi";
}
} else { $redirect=$filtersettings{'REDIRECT_PAGE'}; }
$defaultrule .= "any";
}
+ $defaultrule =~ s/\//_/g;
+
open(FILE, ">${General::swroot}/urlfilter/squidGuard.conf") or die "Unable to write squidGuard.conf file";
flock(FILE, 2);
if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
{
- print FILE "rewrite rew-rule-0 {\n";
+ print FILE "rewrite rew-rule-1 {\n";
if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
{
print FILE " # rewrite localfiles\n";
foreach (@repositoryfiles)
{
- print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n";
+ print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
}
}
print FILE "}\n\n";
if ((!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) && ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) {
- print FILE "rewrite rew-rule-1 {\n";
+ print FILE "rewrite rew-rule-2 {\n";
if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
{
print FILE " # rewrite localfiles\n";
foreach (@repositoryfiles)
{
- print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n";
+ print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
}
} else {
print FILE " # rewrite nothing\n";
}
}
+ if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
+ print FILE "src unfiltered {\n";
+ print FILE " ip $filtersettings{'UNFILTERED_CLIENTS'}\n";
+ print FILE "}\n\n";
+ }
+ if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
+ print FILE "src banned {\n";
+ print FILE " ip $filtersettings{'BANNED_CLIENTS'}\n";
+ if ($filtersettings{'ENABLE_LOG'} eq 'on')
+ {
+ if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on')
+ {
+ print FILE " logfile ".$ident." banned.log\n";
+ } else {
+ print FILE " logfile ".$ident." urlfilter.log\n";
+ }
+ }
+ print FILE "}\n\n";
+ }
+
if (-e $uqfile)
{
open(UQ, $uqfile);
{
$idx++;
print FILE "src network-$idx {\n";
- print FILE " ip $tc[12]\n";
+ @clients = split(/ /,$tc[12]);
+ @temp = split(/-/,$clients[0]);
+ if ( (&General::validipormask($temp[0])) || (&General::validipandmask($temp[0])))
+ {
+ print FILE " ip $tc[12]\n";
+ } else {
+ print FILE " user";
+ @clients = split(/ /,$tc[12]);
+ foreach $line (@clients)
+ {
+ $line =~ s/(^\w+)\\(\w+$)/$1%5c$2/;
+ print FILE " $line";
+ }
+ print FILE "\n";
+ }
+ if (($filtersettings{'ENABLE_LOG'} eq 'on') && ($tc[14] eq 'block') && ($tc[13] eq 'any'))
+ {
+ if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on')
+ {
+ print FILE " logfile ".$ident." timeconst.log\n";
+ } else {
+ print FILE " logfile ".$ident." urlfilter.log\n";
+ }
+ }
print FILE "}\n\n";
}
}
}
}
- if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
- print FILE "src unfiltered {\n";
- print FILE " ip $filtersettings{'UNFILTERED_CLIENTS'}\n";
- print FILE "}\n\n";
- }
- if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
- print FILE "src banned {\n";
- print FILE " ip $filtersettings{'BANNED_CLIENTS'}\n";
- print FILE "}\n\n";
- }
-
foreach $category (@categories) {
+ $blacklist = $category;
+ $category =~ s/\//_/g;
+
+ if ( $filtersettings{"FILTER_".uc($category)} ne "on" ){
+ my $constraintrule = "false";
+
+ foreach (@tclist){
+ chomp;
+ @tc = split(/\,/);
+ $tc[13] =~ s/\//_/g;
+ if ($tc[15] eq 'on' && $tc[13] =~ $category){
+ $constraintrule = "true";
+ }
+ }
+
+ if ( $constraintrule eq "false"){
+ next;
+ }
+ }
+
print FILE "dest $category {\n";
- if (-e "$dbdir/$category/domains") {
- print FILE " domainlist $category\/domains\n";
+ if (-e "$dbdir/$blacklist/domains") {
+ print FILE " domainlist $blacklist\/domains\n";
}
- if (-e "$dbdir/$category/urls") {
- print FILE " urllist $category\/urls\n";
+ if (-e "$dbdir/$blacklist/urls") {
+ print FILE " urllist $blacklist\/urls\n";
}
- if ((-e "$dbdir/$category/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) {
- print FILE " expressionlist $category\/expressions\n";
+ if ((-e "$dbdir/$blacklist/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) {
+ print FILE " expressionlist $blacklist\/expressions\n";
}
- if (($category eq 'ads') && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on'))
+ if ((($category eq 'ads') || ($category eq 'adv')) && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on'))
{
- print FILE " redirect http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/images/urlfilter/1x1.gif\n";
+ print FILE " redirect http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/images/urlfilter/1x1.gif\n";
}
if ($filtersettings{'ENABLE_LOG'} eq 'on')
{
}
}
print FILE "}\n\n";
+ $category = $blacklist;
}
-
+
print FILE "dest files {\n";
print FILE " expressionlist custom\/blocked\/files\n";
if ($filtersettings{'ENABLE_LOG'} eq 'on')
print FILE " pass all\n";
if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
{
- print FILE " rewrite rew-rule-1\n";
+ print FILE " rewrite rew-rule-2\n";
}
print FILE " }\n\n";
}
chomp;
@tc = split(/\,/);
@ec = split(/\|/,$tc[13]);
+ foreach (@ec) { s/\//_/g; }
if ($tc[15] eq 'on')
{
$idx++;
print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any'));
} else {
$tcrule = $defaultrule;
- foreach (@ec)
+ if ((@ec == 1) && ($ec[0] eq 'any'))
{
- $tcrule =~ s/!$_ //;
- print FILE "$_ " if ($_ eq 'any');
+ print FILE "any";
+ } else {
+ foreach (@ec)
+ {
+ $tcrule = "$_ ".$tcrule unless (index($defaultrule,"!".$_." ") ge 0);
+ $tcrule =~ s/!$_ //;
+ }
+ print FILE $tcrule;
}
- print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any'));
}
}
}
if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
{
- print FILE " rewrite rew-rule-0\n";
+ print FILE " rewrite rew-rule-1\n";
}
print FILE " redirect $redirect\n";
print FILE " }\n";