@@ -1187,8 +1219,12 @@ print <
- $Lang::tr{'urlfilter blocked domains'} |
- $Lang::tr{'urlfilter blocked urls'} |
+ $Lang::tr{'urlfilter blocked domains'} |
+ $Lang::tr{'urlfilter blocked urls'} |
+
+
+ $Lang::tr{'urlfilter example'} |
+ $Lang::tr{'urlfilter example ads'} |
|
- $Lang::tr{'urlfilter allowed domains'} |
- $Lang::tr{'urlfilter allowed urls'} |
+ $Lang::tr{'urlfilter allowed domains'} |
+ $Lang::tr{'urlfilter allowed urls'} |
+
+
+ $Lang::tr{'urlfilter example'} |
+ $Lang::tr{'urlfilter example ads'} |
|
- $Lang::tr{'urlfilter blocked expressions'} |
+ $Lang::tr{'urlfilter blocked expressions'} |
|
- $Lang::tr{'urlfilter unfiltered clients'}: |
- |
- $Lang::tr{'urlfilter banned clients'}: |
- |
+ $Lang::tr{'urlfilter unfiltered clients'} |
+ $Lang::tr{'urlfilter banned clients'} |
+
+
+ |
+ |
@@ -1348,47 +1424,48 @@ print <
$Lang::tr{'urlfilter block settings'} |
+
+ $Lang::tr{'urlfilter redirect template'} |
+
+ |
+
$Lang::tr{'urlfilter show category'}: |
|
- $Lang::tr{'urlfilter redirectpage'}: |
+ $Lang::tr{'urlfilter redirectpage'}: |
|
$Lang::tr{'urlfilter show url'}: |
|
- $Lang::tr{'urlfilter msg text 1'}: |
+ $Lang::tr{'urlfilter msg text 1'}: |
|
$Lang::tr{'urlfilter show ip'}: |
|
- $Lang::tr{'urlfilter msg text 2'}: |
+ $Lang::tr{'urlfilter msg text 2'}: |
|
$Lang::tr{'urlfilter show dnserror'}: |
|
- $Lang::tr{'urlfilter msg text 3'}: |
+ $Lang::tr{'urlfilter msg text 3'}: |
|
-
- $Lang::tr{'urlfilter enable jpeg'}: |
- |
- |
- |
-
-
-
@@ -1913,7 +2006,7 @@ print <$Lang::tr{'urlfilter time space'}
$Lang::tr{'urlfilter src'} |
$Lang::tr{'urlfilter dst'} |
- |
+ |
END
;
@@ -1982,6 +2075,15 @@ print <
+
+
+
+ |
-
+ |
|
END
@@ -2027,6 +2129,8 @@ print <$Lang::tr{'click to enable'}
|
$Lang::tr{'edit'} |
+ |
+ $Lang::tr{'urlfilter copy rule'} |
|
$Lang::tr{'remove'} |
@@ -2061,7 +2165,7 @@ print < | | |
- $Lang::tr{'urlfilter user time quota'}: |
+ $Lang::tr{'urlfilter user time quota'}: |
|
@@ -2277,7 +2381,7 @@ print < | | | |
- $Lang::tr{'urlfilter edit domains urls expressions'} |
+ $Lang::tr{'urlfilter edit domains urls expressions'} |
$Lang::tr{'urlfilter domains'} |
@@ -2408,6 +2512,26 @@ print "\n";
sub savesettings
{
+ # transform to pre1.8 client definitions
+ @clients = split(/\n/,$filtersettings{'UNFILTERED_CLIENTS'});
+ undef $filtersettings{'UNFILTERED_CLIENTS'};
+ foreach(@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ $filtersettings{'UNFILTERED_CLIENTS'} .= "$_ ";
+ }
+ $filtersettings{'UNFILTERED_CLIENTS'} =~ s/\s+$//;
+
+ # transform to pre1.8 client definitions
+ @clients = split(/\n/,$filtersettings{'BANNED_CLIENTS'});
+ undef $filtersettings{'BANNED_CLIENTS'};
+ foreach(@clients)
+ {
+ s/^\s+//g; s/\s+$//g; s/\s+-\s+/-/g; s/\s+/ /g; s/\n//g;
+ $filtersettings{'BANNED_CLIENTS'} .= "$_ ";
+ }
+ $filtersettings{'BANNED_CLIENTS'} =~ s/\s+$//;
+
&writeconfigfile;
delete $filtersettings{'CUSTOM_BLACK_DOMAINS'};
@@ -2418,6 +2542,13 @@ sub savesettings
delete $filtersettings{'BACKGROUND'};
delete $filtersettings{'UPDATEFILE'};
+ &General::system("chown", "-R", "nobody.nobody", "$dbdir");
+ &General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/domains');
+ &General::system('/usr/bin/squidGuard', '-C', 'custom/allowed/urls');
+ &General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/domains');
+ &General::system('/usr/bin/squidGuard', '-C', 'custom/blocked/urls');
+ &setpermissions ($dbdir);
+
&General::writehash("${General::swroot}/urlfilter/settings", \%filtersettings);
}
@@ -2426,20 +2557,15 @@ sub savesettings
sub readblockcategories
{
undef(@categories);
- foreach $blacklist (<$dbdir/*>) {
- if (-d $blacklist) {
- $lastslashpos = rindex($blacklist,"/");
- if ($lastslashpos > -1) {
- $section = substr($blacklist,$lastslashpos+1);
- } else {
- $section = $blacklist;
- }
- if (!($section eq 'custom')) { push(@categories,$section) };
- }
- }
+
+ &getblockcategory ($dbdir);
+
+ foreach (@categories) { $_ = substr($_,length($dbdir)+1); }
@filtergroups = @categories;
+
foreach (@filtergroups) {
+ s/\//_/g;
tr/a-z/A-Z/;
$_ = "FILTER_".$_;
}
@@ -2447,6 +2573,23 @@ sub readblockcategories
# -------------------------------------------------------------------
+sub getblockcategory
+{
+ foreach $category (<$_[0]/*>)
+ {
+ if (-d $category)
+ {
+ if ((-e "$category/domains") || (-e "$category/urls"))
+ {
+ unless ($category =~ /\bcustom\b/) { push(@categories,$category); }
+ }
+ &getblockcategory ($category);
+ }
+ }
+}
+
+# -------------------------------------------------------------------
+
sub readcustomlists
{
if (-e "$dbdir/custom/blocked/domains") {
@@ -2511,7 +2654,7 @@ sub aggregatedconstraints
foreach (@new)
{
@tmp2 = split(/\,/);
- if ($tmp2[15] eq 'on')
+ if (($tmp1[15] eq 'on') && ($tmp2[15] eq 'on'))
{
if (($tmp1[0] eq $tmp2[0]) && ($tmp1[12] eq $tmp2[12]) && ($tmp1[13] eq $tmp2[13]) && ($tmp1[14] eq $tmp2[14]))
{
@@ -2553,11 +2696,33 @@ sub aggregatedconstraints
# -------------------------------------------------------------------
+sub setpermissions
+{
+ my $bldir = $_[0];
+
+ foreach $category (<$bldir/*>)
+ {
+ if (-d $category){
+ &General::system("chmod", "755", "$category");
+ foreach $blacklist (<$category/*>)
+ {
+ if (-f $blacklist) { &General::system("chmod", "644", "$blacklist"); }
+ if (-d $blacklist) { &General::system("chmod", "755", "$blacklist"); }
+ }
+ # XXX uses globbing
+ system("chmod 666 $category/*.db &> /dev/null");
+ &setpermissions ($category);
+ }
+ }
+}
+
+# -------------------------------------------------------------------
+
sub writeconfigfile
{
- my $executables = "\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
- my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv\)\$";
- my $archives = "\\.\(bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
+ my $executables = "/[^/]*\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
+ my $audiovideo = "/[^/]*\\.\(aiff|asf|avi|dif|divx|flv|mkv|mov|movie|mp3|mp4|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
+ my $archives = "/[^/]*\\.\(7z|bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
my $ident = " anonymous";
@@ -2606,9 +2771,9 @@ sub writeconfigfile
if ($filtersettings{'SHOW_URL'} eq 'on') { $redirect .= "&url=%u"; }
if ($filtersettings{'SHOW_IP'} eq 'on') { $redirect .= "&ip=%a"; }
$redirect =~ s/^&/?/;
- $redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi".$redirect;
+ $redirect = "http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi".$redirect;
} else {
- $redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/redirect.cgi";
+ $redirect="http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/redirect.cgi";
}
} else { $redirect=$filtersettings{'REDIRECT_PAGE'}; }
@@ -2653,6 +2818,8 @@ sub writeconfigfile
$defaultrule .= "any";
}
+ $defaultrule =~ s/\//_/g;
+
open(FILE, ">${General::swroot}/urlfilter/squidGuard.conf") or die "Unable to write squidGuard.conf file";
flock(FILE, 2);
@@ -2669,45 +2836,35 @@ sub writeconfigfile
}
}
- if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
- {
- print FILE "rewrite rew-rule-0 {\n";
+ if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) {
+ print FILE "rewrite rew-rule-1 {\n";
- if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
+ print FILE " # rewrite localfiles\n";
+ foreach (@repositoryfiles)
{
- print FILE " # rewrite localfiles\n";
- foreach (@repositoryfiles)
- {
- print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n";
- }
+ print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
}
-
- if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
- {
- print FILE " # rewrite safesearch\n";
- print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|frghp|froogle)\\?)(.*)(\\bsafe=\\w+)(.*)\@\\1\\3safe=strict\\5\@i\n";
- print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|frghp|froogle)\\?)(.*)\@\\1safe=strict\\\&\\3\@i\n";
- print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W)(.*)(\\bvm=\\w+)(.*)\@\\1\\2vm=r\\4\@i\n";
- print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W.*)\@\\1\\\&vm=r\@i\n";
- print FILE " s@(.*\\Walltheweb\\.com/customize\\?)(.*)(\\bcopt_offensive=\\w+)(.*)\@\\1\\2copt_offensive=on\\4\@i\n";
- }
-
print FILE "}\n\n";
+ }
- if ((!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) && ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) {
- print FILE "rewrite rew-rule-1 {\n";
- if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
+ if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
+ print FILE "src unfiltered {\n";
+ print FILE " ip $filtersettings{'UNFILTERED_CLIENTS'}\n";
+ print FILE "}\n\n";
+ }
+ if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
+ print FILE "src banned {\n";
+ print FILE " ip $filtersettings{'BANNED_CLIENTS'}\n";
+ if ($filtersettings{'ENABLE_LOG'} eq 'on')
+ {
+ if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on')
{
- print FILE " # rewrite localfiles\n";
- foreach (@repositoryfiles)
- {
- print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:81/repository/$_\@i\n";
- }
+ print FILE " logfile ".$ident." banned.log\n";
} else {
- print FILE " # rewrite nothing\n";
+ print FILE " logfile ".$ident." urlfilter.log\n";
}
- print FILE "}\n\n";
}
+ print FILE "}\n\n";
}
if (-e $uqfile)
@@ -2756,7 +2913,30 @@ sub writeconfigfile
{
$idx++;
print FILE "src network-$idx {\n";
- print FILE " ip $tc[12]\n";
+ @clients = split(/ /,$tc[12]);
+ @temp = split(/-/,$clients[0]);
+ if ( (&General::validipormask($temp[0])) || (&General::validipandmask($temp[0])))
+ {
+ print FILE " ip $tc[12]\n";
+ } else {
+ print FILE " user";
+ @clients = split(/ /,$tc[12]);
+ foreach $line (@clients)
+ {
+ $line =~ s/(^\w+)\\(\w+$)/$1%5c$2/;
+ print FILE " $line";
+ }
+ print FILE "\n";
+ }
+ if (($filtersettings{'ENABLE_LOG'} eq 'on') && ($tc[14] eq 'block') && ($tc[13] eq 'any'))
+ {
+ if ($filtersettings{'ENABLE_CATEGORY_LOG'} eq 'on')
+ {
+ print FILE " logfile ".$ident." timeconst.log\n";
+ } else {
+ print FILE " logfile ".$ident." urlfilter.log\n";
+ }
+ }
print FILE "}\n\n";
}
}
@@ -2776,31 +2956,40 @@ sub writeconfigfile
}
}
- if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
- print FILE "src unfiltered {\n";
- print FILE " ip $filtersettings{'UNFILTERED_CLIENTS'}\n";
- print FILE "}\n\n";
- }
- if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
- print FILE "src banned {\n";
- print FILE " ip $filtersettings{'BANNED_CLIENTS'}\n";
- print FILE "}\n\n";
- }
-
foreach $category (@categories) {
+ $blacklist = $category;
+ $category =~ s/\//_/g;
+
+ if ( $filtersettings{"FILTER_".uc($category)} ne "on" ){
+ my $constraintrule = "false";
+
+ foreach (@tclist){
+ chomp;
+ @tc = split(/\,/);
+ $tc[13] =~ s/\//_/g;
+ if ($tc[15] eq 'on' && $tc[13] =~ $category){
+ $constraintrule = "true";
+ }
+ }
+
+ if ( $constraintrule eq "false"){
+ next;
+ }
+ }
+
print FILE "dest $category {\n";
- if (-e "$dbdir/$category/domains") {
- print FILE " domainlist $category\/domains\n";
+ if (-e "$dbdir/$blacklist/domains") {
+ print FILE " domainlist $blacklist\/domains\n";
}
- if (-e "$dbdir/$category/urls") {
- print FILE " urllist $category\/urls\n";
+ if (-e "$dbdir/$blacklist/urls") {
+ print FILE " urllist $blacklist\/urls\n";
}
- if ((-e "$dbdir/$category/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) {
- print FILE " expressionlist $category\/expressions\n";
+ if ((-e "$dbdir/$blacklist/expressions") && ($filtersettings{'ENABLE_EXPR_LISTS'} eq 'on')) {
+ print FILE " expressionlist $blacklist\/expressions\n";
}
- if (($category eq 'ads') && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on'))
+ if ((($category eq 'ads') || ($category eq 'adv')) && ($filtersettings{'ENABLE_EMPTY_ADS'} eq 'on'))
{
- print FILE " redirect http:\/\/$netsettings{'GREEN_ADDRESS'}:81\/images/urlfilter/1x1.gif\n";
+ print FILE " redirect http:\/\/$netsettings{'GREEN_ADDRESS'}:$http_port\/images/urlfilter/1x1.gif\n";
}
if ($filtersettings{'ENABLE_LOG'} eq 'on')
{
@@ -2812,8 +3001,9 @@ sub writeconfigfile
}
}
print FILE "}\n\n";
+ $category = $blacklist;
}
-
+
print FILE "dest files {\n";
print FILE " expressionlist custom\/blocked\/files\n";
if ($filtersettings{'ENABLE_LOG'} eq 'on')
@@ -2863,10 +3053,6 @@ sub writeconfigfile
if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
print FILE " unfiltered {\n";
print FILE " pass all\n";
- if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
- {
- print FILE " rewrite rew-rule-1\n";
- }
print FILE " }\n\n";
}
if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
@@ -2917,6 +3103,7 @@ sub writeconfigfile
chomp;
@tc = split(/\,/);
@ec = split(/\|/,$tc[13]);
+ foreach (@ec) { s/\//_/g; }
if ($tc[15] eq 'on')
{
$idx++;
@@ -2962,12 +3149,17 @@ sub writeconfigfile
print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any'));
} else {
$tcrule = $defaultrule;
- foreach (@ec)
+ if ((@ec == 1) && ($ec[0] eq 'any'))
{
- $tcrule =~ s/!$_ //;
- print FILE "$_ " if ($_ eq 'any');
+ print FILE "any";
+ } else {
+ foreach (@ec)
+ {
+ $tcrule = "$_ ".$tcrule unless (index($defaultrule,"!".$_." ") ge 0);
+ $tcrule =~ s/!$_ //;
+ }
+ print FILE $tcrule;
}
- print FILE $tcrule unless ((@ec == 1) && ($ec[0] eq 'any'));
}
}
@@ -2989,9 +3181,9 @@ sub writeconfigfile
print FILE " logfile".$ident." urlfilter.log\n";
}
}
- if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
+ if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
{
- print FILE " rewrite rew-rule-0\n";
+ print FILE " rewrite rew-rule-1\n";
}
print FILE " redirect $redirect\n";
print FILE " }\n";