From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 8 Jan 2019 14:54:56 +0000 (+0100)
Subject: proxy: Drop web browser check
X-Git-Tag: v2.21-core127~50
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=d68e150e865c86f8a8f784da242701215325abad

proxy: Drop web browser check

This is neither reliable nor up to date and is therefore removed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/cfgroot/useragents b/config/cfgroot/useragents
deleted file mode 100644
index d5164fd635..0000000000
--- a/config/cfgroot/useragents
+++ /dev/null
@@ -1,25 +0,0 @@
-APTGET,apt-get,(APT\-HTTP)
-AOL,AOL,(AOL)
-AVANT,AvantBrowser,(avantbrowser)
-CHROME,Chrome,(Chrome)
-FIREFOX,Firefox,(Firefox)
-FRONTPAGE,FrontPage,(FrontPage)
-GEARTH,Google Earth,(kh_lt\/LT)
-GECKO,Gecko compatible,(Gecko)
-GETRIGHT,GetRight,(GetRight)
-GOZILLA,Go!Zilla,(Go!Zilla)
-GOOGLE,Google Toolbar,(Google\sToolbar)
-JAVA,Java,(Java)
-KONQUEROR,Konqueror,(Konqueror)
-LIBWWWPERL,libwww-perl,(libwww-perl)
-LYNX,Lynx,(Lynx)
-MSIE,Internet Explorer,(MSIE.*[)]$)
-NETSCAPE,Netscape,(^Mozilla\/4.[7|8])|(Netscape)
-OPERA,Opera,(Opera)
-SAFARI,Safari,(Safari)
-SYMLU,Symantec LiveUpdate,(Symantec\sLiveUpdate)
-THUNDERBIRD,Thunderbird,(Thunderbird)
-WGA,WGA,(LegitCheck)
-WGET,Wget,(Wget)
-WINUPD,Windows Update,(Industry\sUpdate\sControl)|(Windows\sUpdate)|(Service\sPack\sSetup)|(Progressive\sDownload)|(Windows\-Update\-Agent)|(Microsoft\sBITS)
-WMP,Media Player,(Windows\-Media\-Player)|(NSPlayer)
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index 6f5d2fe2f8..fa18a0525f 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -151,7 +151,6 @@ var/ipfire/proxy
 #var/ipfire/proxy/advanced/cre
 #var/ipfire/proxy/advanced/cre/enable
 #var/ipfire/proxy/advanced/settings
-#var/ipfire/proxy/advanced/useragents
 #var/ipfire/proxy/calamaris
 #var/ipfire/proxy/calamaris/bin
 #var/ipfire/proxy/settings
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index e21cfac910..7b442e1043 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -64,9 +64,6 @@ my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|ogg|qt|ra?m|ts|vob";
 my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n";
 my $def_ports_ssl="443 # https\n563 # snews\n";
 
-my @useragent=();
-my @useragentlist=();
-
 my $hintcolour='#FFFFCC';
 my $ncsa_buttontext='';
 my $language='';
@@ -98,7 +95,6 @@ my $stdgrp = "$ncsadir/standard.grp";
 my $extgrp = "$ncsadir/extended.grp";
 my $disgrp = "$ncsadir/disabled.grp";
 
-my $browserdb = "${General::swroot}/proxy/advanced/useragents";
 my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes";
 my $throttled_urls = "${General::swroot}/proxy/advanced/throttle";
 
@@ -168,15 +164,10 @@ unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); }
 unless (-e $acl_ports_ssl)  { system("touch $acl_ports_ssl"); }
 unless (-e $acl_include) { system("touch $acl_include"); }
 
-unless (-e $browserdb) { system("touch $browserdb"); }
 unless (-e $mimetypes) { system("touch $mimetypes"); }
 
 my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
 
-open FILE, $browserdb;
-@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
-close(FILE);
-
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
 
@@ -243,7 +234,6 @@ $proxysettings{'THROTTLE_BINARY'} = 'off';
 $proxysettings{'THROTTLE_DSKIMG'} = 'off';
 $proxysettings{'THROTTLE_MMEDIA'} = 'off';
 $proxysettings{'ENABLE_MIME_FILTER'} = 'off';
-$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off';
 $proxysettings{'FAKE_USERAGENT'} = '';
 $proxysettings{'FAKE_REFERER'} = '';
 $proxysettings{'AUTH_METHOD'} = 'none';
@@ -433,22 +423,6 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 		$errormessage = $Lang::tr{'invalid maximum incoming size'};
 		goto ERROR;
 	}
-	if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on')
-	{
-		$browser_regexp = '';
-		foreach (@useragentlist)
-		{
-			chomp;
-			@useragent = split(/,/);
-			if ($proxysettings{'UA_'.$useragent[0]} eq 'on') { $browser_regexp .= "$useragent[2]|"; }
-		}
-		chop($browser_regexp);
-		if (!$browser_regexp)
-		{
-			$errormessage = $Lang::tr{'advproxy errmsg no browser'};
-			goto ERROR;
-		}
-	}
 	if (!($proxysettings{'AUTH_METHOD'} eq 'none'))
 	{
 		unless (($proxysettings{'AUTH_METHOD'} eq 'ident') &&
@@ -807,17 +781,6 @@ $checked{'ENABLE_MIME_FILTER'}{'off'} = '';
 $checked{'ENABLE_MIME_FILTER'}{'on'} = '';
 $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'";
 
-$checked{'ENABLE_BROWSER_CHECK'}{'off'} = '';
-$checked{'ENABLE_BROWSER_CHECK'}{'on'} = '';
-$checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'";
-
-foreach (@useragentlist) {
-	@useragent = split(/,/);
-	$checked{'UA_'.$useragent[0]}{'off'} = '';
-	$checked{'UA_'.$useragent[0]}{'on'} = '';
-	$checked{'UA_'.$useragent[0]}{$proxysettings{'UA_'.$useragent[0]}} = "checked='checked'";
-}
-
 $checked{'AUTH_METHOD'}{'none'} = '';
 $checked{'AUTH_METHOD'}{'ncsa'} = '';
 $checked{'AUTH_METHOD'}{'ident'} = '';
@@ -1594,42 +1557,7 @@ print <<END
 </table>
 
 <hr size='1'>
-<table width='100%'>
-<tr>
-	<td colspan='4'><b>$Lang::tr{'advproxy web browser'}</b> $Lang::tr{'advproxy UA enable filter'}:<input type='checkbox' name='ENABLE_BROWSER_CHECK' $checked{'ENABLE_BROWSER_CHECK'}{'on'} /></td>
-</tr>
-END
-;
-if ( $proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on' ){
-print <<END
-<tr>
-	<td colspan='4'><i>
-END
-;
-if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; }
-print <<END
-</i></td>
-</tr>
-</table>
-<table width='100%'>
-END
-;
 
-for ($n=0; $n<=@useragentlist; $n = $n + $i) {
-	for ($i=0; $i<=3; $i++) {
-		if ($i eq 0) { print "<tr>\n"; }
-		if (($n+$i) < @useragentlist) {
-			@useragent = split(/,/,@useragentlist[$n+$i]);
-			print "<td width='15%'>$useragent[1]:<\/td>\n";
-			print "<td width='10%'><input type='checkbox' name='UA_$useragent[0]' $checked{'UA_'.$useragent[0]}{'on'} /></td>\n";
-		}
-		if ($i eq 3) { print "<\/tr>\n"; }
-	}
-}
-}
-print <<END
-</table>
-<hr size='1'>
 <table width='100%'>
 <tr>
 	<td><b>$Lang::tr{'advproxy privacy'}</b></td>
@@ -3321,8 +3249,6 @@ END
 
 	if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
 
-	if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
-
 	print FILE "acl within_timeframe time ";
 	if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
 	if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
@@ -3573,7 +3499,6 @@ END
 				print FILE " !within_timeframe";
 			} else {
 				print FILE " within_timeframe"; }
-			if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
 			print FILE " to_ipaddr_without_auth\n";
 		}
 		if (!-z $acl_dst_noauth_dom)
@@ -3583,7 +3508,6 @@ END
 				print FILE " !within_timeframe";
 			} else {
 				print FILE " within_timeframe"; }
-			if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
 			print FILE " to_domains_without_auth\n";
 		}
 		if (!-z $acl_dst_noauth_url)
@@ -3593,7 +3517,6 @@ END
 				print FILE " !within_timeframe";
 			} else {
 				print FILE " within_timeframe"; }
-			if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
 			print FILE " to_hosts_without_auth\n";
 		}
 	}
@@ -3715,7 +3638,6 @@ END
 			print FILE " !within_timeframe";
 		} else {
 			print FILE " within_timeframe"; }
-		if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
 		print FILE " !on_ident_aware_hosts\n";
 	}
 
@@ -3750,7 +3672,6 @@ END
 		print FILE " !within_timeframe";
 	} else {
 		print FILE " within_timeframe"; }
-	if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE " with_allowed_useragents"; }
 	print FILE "\n";
 
 	print FILE "http_access deny  all\n\n";
diff --git a/lfs/configroot b/lfs/configroot
index c66dcdedb2..3cdd780fc7 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -98,7 +98,6 @@ $(TARGET) :
 	cp $(DIR_SRC)/config/cfgroot/ssh-settings		$(CONFIG_ROOT)/remote/settings
 	cp $(DIR_SRC)/config/cfgroot/time-settings		$(CONFIG_ROOT)/time/settings
 	cp $(DIR_SRC)/config/cfgroot/logging-settings	$(CONFIG_ROOT)/logging/settings
-	cp $(DIR_SRC)/config/cfgroot/useragents			$(CONFIG_ROOT)/proxy/advanced
 	cp $(DIR_SRC)/config/cfgroot/ethernet-vlans		$(CONFIG_ROOT)/ethernet/vlans
 	cp $(DIR_SRC)/langs/list						$(CONFIG_ROOT)/langs/
 	cp $(DIR_SRC)/config/firewall/convert-xtaccess	/usr/sbin/convert-xtaccess