jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 00:05:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

884
roles/squid/files/URLblocked.cgi Executable file
View File

@@ -0,0 +1,884 @@
#!/usr/bin/perl -wT
#
# URLblocked.cgi - explain to the user that the URL is blocked and by which rule set.
#
# Currently the error messages supports
# en (English),
# de (German),
# pl (Polish)
# sv (Swedisk)
# it (Italian)
# pt (Portuguese)
# fr (French)
# tr (Turkish)
# nl (Dutch).
# You can add a language yourself: search for all occurences of "NEWLANGUAGE"
# and add your language text.
use strict;
use Socket;
# This CGI script uses fastcgi and also requires Fcgid configured in Apache.
# Comment out the next line and the line with "while (new CGI::Fast)" (approximately at line 423)
# to revert this script to a regular CGI script.
### use CGI::Fast;
use constant {
CT_IMAGE => 1,
CT_JAVA => 2,
CT_HTML => 3,
CT_XML => 4,
CT_CSS => 5,
CT_TEXT => 6,
CT_JSON => 7,
CT_STREAM => 8,
CT_204 => 9
};
use vars qw( $admin $clientaddr $clientname $clientuser $clientgroup $category $targetgroup );
use vars qw( $color $size $mode $textcolor $bgcolor $titlesize $textsize $httpcode $url $origurl );
use vars qw( $ufdbhost $ufdbscripturi $ufdbredirscripturi $ufdbsni $ufdbservername $ufdbrequesturi $ufdbrefurl );
use vars qw( $escaped_ufdbrequesturi $escaped_url );
use vars qw( @day @month @languages $lang $protocol $address $port $path );
local $admin;
local $clientaddr;
local $clientname;
local $clientuser;
local $clientgroup;
local $targetgroup;
local $color;
local $size;
local $mode;
local $textcolor;
local $bgcolor;
local $titlesize;
local $textsize;
local $httpcode;
local $url;
local $origurl;
local $ufdbhost;
local $ufdbscripturi;
local $ufdbredirscripturi;
local $ufdbsni;
local $ufdbservername;
local $ufdbrequesturi;
local $ufdbrefurl;
local $lang;
local $protocol;
local $address;
local $port;
local $path;
local @day = ("Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday");
local @month = ("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec");
local @languages = (
"de (German),",
"nl (Dutch),",
"pl (Polish),",
"sv (Swedish),",
"es (Spanish),",
"it (Italian),",
"pt (Portuguese),",
"fr (French),",
"tr (Turkish),",
"NEW (NEWLANGUAGE),",
"en (English),",
);
my $html_comment = "<!--
generated by URLblocked.cgi :\n
this is a very long comment to signal
to MSIE and other browsers not to display their own 'user-friendly'
error message, but to display the one that is produced by this
program.\n
The rest of this message is bogus to make it longer
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -->\n";
sub init();
sub session_reinit();
sub getPreferedLanguage(@);
sub parseURL($);
sub parseQuery($);
sub session_reinit ()
{
$admin = 'unknown';
$clientaddr = 'unknown';
$clientname = 'unknown';
$clientuser = 'unknown';
$clientgroup = 'unknown';
$targetgroup = 'unknown';
$color = 'orange';
$size = 'normal';
$mode = 'default';
$httpcode = '200';
$url = 'unknown';
$origurl = 'unknown';
$lang = 'unknown';
$ufdbrequesturi = '';
}
sub init ()
{
$lang = getPreferedLanguage( @languages );
( $httpcode, $admin, $clientaddr, $clientname, $clientuser, $clientgroup, $category, $url ) =
parseQuery( $ENV{"QUERY_STRING"} );
}
#
# Find the first supported language of the client.
#
sub getPreferedLanguage (@)
{
my @supported = @_;
my @clientLanguages = split(/\s*,\s*/,$ENV{"HTTP_ACCEPT_LANGUAGE"}) if(defined($ENV{"HTTP_ACCEPT_LANGUAGE"}));
my $lang;
my $supp;
### NO! push(@clientLanguages,$supported[0]);
for $lang (@clientLanguages)
{
$lang =~ s/\s.*//;
$lang =~ s/-.*//;
for $supp (@supported)
{
$supp =~ s/\s.*//;
return($lang) if ($lang eq $supp);
}
}
return 'en'; # default language is 'en'
}
sub parseQuery ($)
{
my $query = shift;
my $admin = 'The system administrator.';
my $clientaddr = '';
my $clientname = '';
my $clientuser = '';
my $clientgroup = '';
my $category = '';
my $httpcode = '200';
my $url = 'undefined';
my $therequest = '';
my $dummy;
$ufdbservername = '';
$ufdbhost = '';
$ufdbrequesturi = '';
if (defined($query))
{
while ($query =~ /^\&?([^\&=]+)=\"([^\"]*)\"(.*)/ ||
$query =~ /^\&?([^\&=]+)=([^\&=]*)(.*)/)
{
my $key = $1;
my $value = $2;
$value = '??' unless(defined($value) && $value && $value ne '??');
$query = $3;
if ($key =~ /^(admin|clientaddr|clientname|clientuser|clientident|clientgroup|category|targetgroup|color|size|source|srcclass|targetclass|mode|httpcode|ufdbhost|ufdbscripturi|ufdbredirscripturi|ufdbsni|ufdbservername|ufdbrequesturi|ufdbrefurl|url)$/)
{
$escaped_ufdbrequesturi = $value if ($key eq 'ufdbrequesturi');
$escaped_url = $value if ($key eq 'url');
$value =~ s/%20/ /g;
$value =~ s/%22/"/g;
$value =~ s/%23/#/g;
$value =~ s/%24/\$/g;
$value =~ s/%26/\&/g;
$value =~ s/%27/\?/g;
$value =~ s/%2B/\+/ig;
$value =~ s/%2C/,/ig;
$value =~ s/%2F/\//ig;
$value =~ s/%3A/:/ig;
$value =~ s/%3B/;/ig;
$value =~ s/%3C/</ig;
$value =~ s/%3D/=/ig;
$value =~ s/%3E/>/ig;
$value =~ s/%3F/?/ig;
$value =~ s/%40/\@/ig;
$value =~ s/%5C/\\/ig;
$value =~ s/%25/%/g; # must be last
$key = 'clientgroup' if ($key eq 'source' || $key eq 'srcclass');
$key = 'clientuser' if ($key eq 'clientident');
$key = 'category' if ($key eq 'targetgroup' || $key eq 'targetclass');
eval "\$$key = \$value";
}
if ($query =~ /^url=(.*)/)
{
$url = $1;
last;
}
}
}
$dummy = $ENV{'HTTP_X_BLOCKED_URL'};
$url = $dummy if defined $dummy;
$dummy = $ENV{'HTTP_X_BLOCKED_CATEGORY'};
$targetgroup = $dummy if defined $dummy;
if ($url eq 'undefined')
{
if ($ufdbservername ne '')
{
$url = 'https://' . $ufdbservername;
}
elsif ($ufdbhost ne '')
{
$url = 'https://' . $ufdbhost;
}
if ($url ne 'undefined' && $ufdbrequesturi ne '')
{
$ufdbrequesturi =~ s/\?.*//;
$url .= $ufdbrequesturi;
}
}
$origurl = $url;
$url = substr( $url, 0, 120 ) . '...' if (length($url) > 120);
$ufdbrefurl = $ENV{'HTTP_REFERER'};
if (1)
{
my $dbgf = '/tmp/debug-cgibin-cgi'; # '/local/websites/logs/cgidebug';
open DEBUG, ">> $dbgf";
print DEBUG "\n\nurl = $url\n";
print DEBUG "lang = $lang\n";
foreach my $key ('HTTP_HOST', 'HTTP_REFERER', 'HTTP_USER_AGENT', 'REMOTE_ADDR', 'REQUEST_METHOD',
'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_CONTENT_TYPE', 'QUERY_STRING') {
my $value = $ENV{$key};
$value = 'undefined' if !defined($value);
print DEBUG "$key = $value\n";
}
if (0)
{
print DEBUG ":\n";
foreach my $key (sort(keys(%ENV))) {
print DEBUG "$key = $ENV{$key}\n";
}
close DEBUG;
}
}
return ( $httpcode, $admin, $clientaddr, $clientname, $clientuser, $clientgroup, $category, $url );
}
sub parseURL ($)
{
my $url = shift;
my $protocol = "";
my $address = "";
my $port = "";
my $path = "";
$url =~ /^([^\/:]+):\/\/([^\/:]+)(:\d*)?(.*)/;
$protocol = $1 if(defined($1));
$address = $2 if(defined($2));
$port = $3 if(defined($3));
$path = $4 if(defined($4));
return ( $protocol, $address, $port, $path );
}
sub getContentType( $ )
{
my $url = shift;
my $suffix;
my $path;
$url =~ s/[;\?\&].*//;
$url =~ s/^(ftp|http|https):\/\///;
$path = $url;
$path =~ s/^[^\/]*//;
$suffix = $path;
$suffix =~ s/.*\././;
return CT_IMAGE if ($suffix =~ /\.(bmp|gif|ico|jpg|jpeg|jpe|png|webp|tiff)$/i);
return CT_CSS if ($suffix =~ /\.css$/i);
return CT_JSON if ($suffix =~ /\.json$/i);
return CT_JAVA if ($suffix =~ /\.(js|jar)$/i);
return CT_TEXT if ($suffix =~ /\.(csv|txt)$/i);
return CT_HTML if ($suffix =~ /\.(htm|html|dhtml|shtml)$/i);
return CT_XML if ($suffix =~ /\.(xml|sxml|rss)$/i);
return CT_STREAM if ($suffix =~ /\.(bin|bz2|cab|class|dat|doc|gz|h264|mp3|mpg|mpeg|msi|mst|ppt|pdf|rar|tar|ttf|xls|zip|ogv|divx|xvid|qt|ra|ram|rv|wmv|avi|mov|swf|mp4|mv4|flv)$/i);
# no suffix found, now we start with the guesswork
return CT_HTML if ($path eq '/' || $path eq '');
return CT_IMAGE if ($url =~ /^googleadservices\.com\/pagead\/conversion\// );
return CT_TEXT if ($url =~ /^googleads\.g\.doubleclick\.net\/pagead\/ads\// );
return CT_JAVA if ($url =~ /^pubads\.g\.doubleclick\.net\/pagead\/ads\// );
return CT_JAVA if ($url eq 'a.analytics.yahoo.com/fpc.pl' );
return CT_IMAGE if ($url eq 'a.analytics.yahoo.com/p.pl' );
return CT_IMAGE if ($url eq 'ping.chartbeat.net/ping' );
if ($url =~ '^www\.youtube\.com')
{
return CT_STREAM if ($path =~ /^\/cp\// || $path =~ /^\/p\// ||
$path =~ /^\/v\// || $path =~ /^\/videoplayback/ );
}
return CT_204 if ($url =~ /^s\.youtube\.com\/api\/stats\//);
return CT_IMAGE if ($url =~ /^b\.scorecardresearch\.com\// );
return CT_JAVA if ($url =~ /\.doubleclick\.net\/adj\// ||
$url =~ /\.doubleclick\.net\/pfadj\// );
return CT_IMAGE if ($url =~ /\.doubleclick\.net\/imp/ );
return CT_IMAGE if ($url =~ /\.tradedoubler\.com\/imp/ );
if ($url =~ /^view\.atdmt\.com\//)
{
return CT_IMAGE if ($path =~ /^\/action\// );
return CT_JAVA if ($path =~ /^\/jview\// );
}
return CT_JAVA if ($url eq 'static.ak.connect.facebook.com/connect.php' );
return CT_IMAGE if ($url eq 'secure-us.imrworldwide.com/cgi-bin/m' );
return CT_IMAGE if ($url =~ /ftjcfx\.com\/image-/ );
return CT_IMAGE if ($url =~ /lduhtrp\.net\/image-/ );
return CT_IMAGE if ($url =~ /img\.pheedo\.com\/img\.phdo/ );
if ($path =~ /\/realmedia\/ads\//i )
{
return CT_JAVA if ($path =~ /\/adstream_jx/ || $path =~ /\/adstream_mjx/ );
return CT_IMAGE if ($path =~ /\/adstream_lx/ || $path =~ /\/adstream_nx/ );
return CT_IMAGE if ($path =~ /\/ads\/cap\.cgi/ );
}
return CT_JAVA if ($url =~ /overture\.com\/ls_js_/ );
return CT_IMAGE if ($path =~ /\/scripts\/beacon\.dll/ || $path =~ /\/scripts\/beacon2\.dll/ );
return CT_IMAGE if ($url eq 'rtd.tubemogul.com/upi/');
return CT_JAVA if ($path =~ /\/javascript\// || $path =~ /\/ajaxpro\// );
return CT_JAVA if ($path =~ /\/js\.php$/ || $path =~ /\/javascript\.php$/ );
return CT_CSS if ($path =~ /\/css\.php$/ );
return CT_IMAGE if ($path =~ /\/image\.php$/ || $path =~ /\/image\.php\// );
return CT_JAVA if ($path =~ /\/js\.ng\// || $path =~ /\/js\// );
return CT_JAVA if ($path =~ /\/scripts\// || $path =~ /\/script\// );
return CT_XML if ($url =~ /^xml\./ );
if ($path =~ /\/b\/ss\// )
{
return CT_IMAGE if ($path =~ /\/FAS/i || $path =~ /\/H\./i || $path =~ /\/G\./i );
}
return CT_JAVA if ($url =~ /\.channel\.facebook\.com\/x\// );
return CT_TEXT if ($url =~ /\.channel\.facebook\.com\/p/ );
return CT_IMAGE if ($url eq 'www.facebook.com/fr/u.php' );
return CT_IMAGE if ($url eq 'pixel.mathtag.com/event/img' );
return CT_JAVA if ($url eq 'pixel.mathtag.com/event/js' );
return CT_IMAGE if ($url eq 'x.bidswitch.net/ul_cb/sync' );
return CT_XML if ($path =~ /\/xml-rpc/ );
return CT_STREAM if ($path eq 'open/1');
return CT_IMAGE if ($url =~ /^pixel\./ || $path =~ /\/pixel$/ );
return CT_TEXT if ($url =~ /heatmap/ );
return CT_204 if ($url eq 'analytics.livestream.com/track');
return CT_HTML;
}
# comment out the next line if fastcgi is not configured
### while (new CGI::Fast)
{
my $time = time;
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst);
my $root;
my $buffer;
session_reinit();
init();
# the default is english
my $forbidden = 'no access';
my $title = $forbidden;
my $explanation_prefix = 'URL blocked because it is';
my $explanation_suffix = '';
my $go_back = 'back';
my $more_info = 'More information about ufdbGuard is <a href="https://www.urlfilterdb.com">here</a>.';
my $contentType = getContentType( $origurl );
$contentType = CT_204 if ($httpcode eq '204');
if ($contentType == CT_IMAGE)
{
print "Content-Type: image/png\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
print "\n";
my $imgfile;
if ($category eq 'ads')
{
$imgfile = "transparent.png";
$imgfile = "no-ads.png" if ($mode eq 'noads');
$imgfile = "smallcross.png" if ($mode eq 'cross');
$imgfile = "square.png" if ($mode eq 'square');
}
else
{
if ($mode eq 'cross') {
$imgfile = "smallcross.png" if ($mode eq 'cross');
}
elsif ($mode eq 'square') {
$imgfile = "square.png" if ($mode eq 'square');
}
elsif ($mode eq 'simple-red' || $mode eq 'transparent' || $mode eq 'transparant') {
$imgfile = "transparent.png";
}
else {
$imgfile = "forbidden-normal-" . $lang . ".png";
}
}
$root = $ENV{'DOCUMENT_ROOT'};
open( BLOCKEDPNG, "$root/images/$imgfile" ) || print "failed to open $root/images/$imgfile\n";
print $buffer while (read (BLOCKEDPNG,$buffer,8192));
close( BLOCKEDPNG );
}
elsif ($contentType == CT_204)
{
print "Status: 204 No Content\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
print "Content-Type: text/plain\n";
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
printf "X-blocked-category: %s\n", $category;
printf "X-blocked-URL: %s\n", $url;
print "\n";
}
elsif ($contentType == CT_STREAM)
{
if (1)
{
print "Status: 204 no content\n";
print "Content-Type: text/plain\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
printf "X-blocked-category: %s\n", $category;
printf "X-blocked-URL: %s\n", $url;
}
else
{
print "Content-Type: application/octet-stream\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
}
print "\n";
}
elsif ($contentType == CT_JAVA)
{
print "Content-Type: application/x-javascript\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
print "\n";
print "\n";
}
elsif ($contentType == CT_JSON)
{
print "Content-Type: application/json\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
print "\n";
print "\n";
}
elsif ($contentType == CT_CSS)
{
print "Content-Type: text/css\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
print "\n";
print "\n";
}
elsif ($contentType == CT_TEXT)
{
print "Content-Type: text/plain\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
print "\n";
print "\n";
}
elsif ($contentType == CT_XML)
{
print "Content-Type: text/xml\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
print "\n";
print "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
print "<cross-domain-policy>\n";
print " <allow-access-from domain=\"*\" />\n";
print "</cross-domain-policy>\n";
}
else # CT_HTML
{
if ($category eq 'fatal-error')
{
print "Content-Type: text/html\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
print "Content-Language: $lang\n";
print "\n";
print "<html lang=\"$lang\">\n";
print "<head>\n";
print " <title>The URL filter has a fatal error</title>\n";
print " <meta name=\"description\" content=\"All URLs are blocked because the URL filter has a fatal error\" />\n";
print "</head>\n";
print "<body bgcolor=\"#e0e0e0\">\n";
print "<center>\n";
print "<font color=red><b>\n" .
"Access to the internet is blocked because<br>\n" .
"the URL filter has a fatal error. <br>\n" .
"Ask your helpdesk or web proxy administrator for assistance." .
"</b></font>\n";
print "</center>\n";
print "$html_comment";
print "</body>\n";
print "</html>\n";
}
elsif ($category eq 'loading-database')
{
print "Content-Type: text/html\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
print "Content-Language: $lang\n";
print "\n";
print "<html lang=\"$lang\">\n";
print "<head>\n";
print " <title>a new URL database is being loaded</title>\n";
print " <meta name=\"description\" content=\"All URLs are blocked because the URL filter is loading a fresh database\" />\n";
print "</head>\n";
print "<body bgcolor=\"#e0e0e0\">\n";
print "<center>\n";
print "<font color=red><b>\n" .
"Access to the internet is temporarily blocked because<br>\n" .
"a new URL database is being loaded by the URL filter. <br>\n" .
"Wait one minute and try again." .
"</b></font>\n";
print "</center>\n";
print "$html_comment";
print "</body>\n";
print "</html>\n";
}
else
{
if ($lang eq 'de') {
$forbidden = 'Verboten';
$title = "zugriff verweigert ($category)";
$explanation_prefix = 'Zugriff verweigert weil die URL die Klassifizierung';
$explanation_suffix = 'hat.';
$more_info = 'Mehr Informationen &uuml;ber ufdbGuard ist <a href="https://www.urlfilterdb.com/blocking/">hier</a>.';
$go_back = 'Klicken Sie hier um zur&uuml;ck zu gehen.';
}
elsif ($lang eq 'pl') {
$forbidden = 'Pobranie tej strony jest zabronione!';
$title = "Cenzura, zakaz pobrania ($category)";
$explanation_prefix = 'Nie otworzysz tej strony bo jest ona sklasyfikowana jako';
$explanation_suffix = 'przez program kontroli ufdbGuard';
$more_info = 'Informacja (po angielsku) o tym programie kontroli jest na <a href="https://www.urlfilterdb.com/blocking/">stronie</a>.';
$go_back = 'Wycofaj do poprzedniej strony';
}
elsif ($lang eq 'sv') {
$forbidden = 'Sidan stoppad enligt landstingets riktlinjer';
$title = "F&ouml;rbjuden ($category)";
$explanation_prefix = 'Access till denna sida &auml;r stoppad:';
$explanation_suffix = '';
$more_info = 'Mer information om ufdbGuard &auml;r <a href="https://www.urlfilterdb.com/blocking/">h&auml;r</a>.';
$go_back = 'Klicka h&auml;r f&ouml;r att komma tillbaks';
}
elsif ($lang eq 'nl') {
$forbidden = 'Geen Toegang';
$title = "geen toegang ($category)";
$explanation_prefix = 'De toegang is geblokkeerd omdat de URL in de categorie';
$explanation_suffix = 'valt.';
$more_info = 'Meer informatie over ufdbGuard is <a href="https://www.urlfilterdb.com/blocking/">hier</a>.';
$go_back = 'Klik hier om terug te gaan';
}
elsif ($lang eq 'es') {
$forbidden = 'Ning&uacute;n acceso';
$title = "ning&uacute;n acceso ($category)";
$explanation_prefix = 'Se bloquea el acceso puesto que el URL se considera ser';
$explanation_suffix = '';
$more_info = 'M&aacute;s informaci&oacute;n sobre ufdbGuard est&aacute; <a href="https://www.urlfilterdb.com/blocking/">aqu&iacute;</a>.';
$go_back = 'ir detr&aacute;s';
}
elsif ($lang eq 'it') {
$forbidden = 'Accesso negato';
$title = "accesso negato ($category)";
$explanation_prefix = "L'accesso &egrave; negato poich&eacute; l'URL appartiene a none";
$explanation_suffix = '';
$more_info = 'Maggiori informazioni su ufdbGuard sono disponibili <a href="https://www.urlfilterdb.com/blocking">qui</a>.';
$go_back = 'tornare indietro';
}
elsif ($lang eq 'pt') {
$forbidden = 'Proibido';
$title = "Proibido ($category)";
$explanation_prefix = "O acesso a este site foi bloqueado porque o conte&uacute;do est&aacute;";
$explanation_suffix = '';
$more_info = 'Mais informa&ccedil;&atilde;o sobre ufdbGuard est&aacute; <a href="https://www.urlfilterdb.com/blocking">aqui</a>.';
$go_back = 'volte';
}
elsif ($lang eq 'fr') {
$forbidden = 'Interdit';
$title = "Accès Interdit ($category)";
$explanation_prefix = "L'accès est inderdit parce que le site est dans la catégorie ";
$explanation_suffix = '';
$more_info = "Pour plus d'information sur ufdbGuard cliquez <a href=\"https://www.urlfilterdb.com/blocking\">ici</a>.";
$go_back = 'retour';
}
elsif ($lang eq 'tr') {
$forbidden = 'Eri&#351;im engellendi';
$title = "Eri&#351;im engellendi ($category)";
$explanation_prefix = "Ula&#351;mak istedi&#287;iniz sayfaya eri&#351;im kapal&#305;d&#305;r. S&#305;n&#305;f&#305;:";
$explanation_suffix = '';
$more_info = "ufdbGuard hakk&#305;nda bilgi i&ccedil;in <a href=\"https://www.urlfilterdb.com/blocking\">t&#305;klay&#305;n&#305;z</a>.";
$go_back = '&Ouml;nceki sayfa';
}
elsif ($lang eq 'NEWLANGUAGE') {
$forbidden = 'Forbidden';
$title = "Forbidden ($category)";
$explanation_prefix = 'Access is blocked since the URL is considered to be';
$explanation_suffix = '';
$more_info = 'More information about ufdbGuard is <a href="https://www.urlfilterdb.com/blocking">here</a>.';
$go_back = 'Click here to go back';
}
else { # default (matches 'en')
$forbidden = 'Forbidden';
$title = "Forbidden ($category)";
$explanation_prefix = 'Access is blocked since the URL is considered to be';
$explanation_suffix = '';
$more_info = 'More information about ufdbGuard is <a href="https://www.urlfilterdb.com/blocking">here</a>.';
$go_back = 'Click here to go back';
$lang = 'en';
}
if ($color eq 'orange')
{
$textcolor = 'white';
$bgcolor = '#ee8811';
}
elsif ($color eq 'white')
{
$textcolor = '#3f003f';
$bgcolor = 'white';
}
elsif ($color eq 'black')
{
$textcolor = '#f0f0f0';
$bgcolor = 'black';
}
elsif ($color eq 'red')
{
$textcolor = '#f0f0f0';
$bgcolor = 'red';
}
elsif ($color eq 'grey' || $color eq 'gray')
{
$textcolor = '#111111';
$bgcolor = '#c2c2c2';
}
else # default color: orange
{
$textcolor = 'white';
$bgcolor = '#ee8811';
}
if ($size eq 'normal')
{
$titlesize = '+2';
$textsize = '+0';
}
elsif ($size eq 'small')
{
$titlesize = '+1';
$textsize = '-1';
}
elsif ($size eq 'large')
{
$titlesize = '+3';
$textsize = '+1';
}
else # default size: normal
{
$titlesize = '+2';
$textsize = '+0';
$size = 'normal';
}
$url =~ s/[?;&].*//;
print "Content-Type: text/html\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime( $time + 180 );
printf "Expires: %s, %02d %s %04d %02d:%02d:%02d GMT\n",
$day[$wday], $mday, $month[$mon], $year+1900, $hour, $min, $sec;
print "Content-Language: $lang\n";
print "\n";
if ($url eq 'https://blockedhttps.urlfilterdb.com')
{
print "<html lang=\"$lang\">\n";
print "<head>\n";
print " <title>$title</title>\n";
print " <meta name=\"description\" content=\"$title\" />\n";
print "</head>\n";
print "<body bgcolor=\"ffcccc\" link=\"red\" alink=\"red\" vlink=\"red\" text=\"red\">\n";
print "<p align=center>\n";
print "https://blockedhttps.urlfilterdb.com is used by ufdbGuard<br>\n";
print "to display messages about blocked URLs.<br>\n";
print "</p>\n";
print "$html_comment";
print "</body>\n";
print "</html>\n";
}
elsif ($category eq 'ads')
{
my $text;
$text = " "; # transparent
$text = " no ads " if $mode eq 'noads';
$text = " [] " if $mode eq 'square';
$text = " x " if $mode eq 'cross';
$text = "<font color=red><i>ads</i></font>" if $mode eq 'simple-red';
print "<html lang=\"$lang\">\n";
print "<head>\n";
print " <title>$title</title>\n";
print " <meta name=\"description\" content=\"The ad is blocked by the URL filter.\nURL: $ufdbhost$ufdbrequesturi\" />\n";
print "</head>\n";
print "<body>\n";
print "<font size=\"$textsize\">$text</font>\n";
print "$html_comment";
print "</body>\n";
print "</html>\n";
}
else # no ads
{
if ($mode eq 'simple-red')
{
my $whyblocked = "$explanation_prefix $category $explanation_suffix. URL = $url";
print "<html lang=\"$lang\">\n";
print "<head>\n";
print " <title>$title</title>\n";
print " <meta name=\"description\" content=\"The URL is blocked by the URL filter ($ufdbhost$escaped_ufdbrequesturi)\" />\n";
print "</head>\n";
print "<body bgcolor=\"ffe6e6\" link=\"blue\" alink=\"red\" vlink=\"black\" text=\"red\">\n";
print "<p align=center>\n";
print "<a title=\"$whyblocked\">$forbidden<br><i>$category</i></a>\n";
print "<a href=\"/cgi-bin/show_url_details.cgi?mode=$mode&url=$ufdbhost$escaped_ufdbrequesturi\">why is this URL blocked?</a>\n";
print "</p>\n";
print "$html_comment";
print "</body>\n";
print "</html>\n";
}
elsif ($category eq 'social-bdg' || $category eq 'socbadges' || $category eq 'social-badges' || $category eq 'social_badges')
{
print "<html lang=\"$lang\">\n";
print "<head>\n";
print " <title>block social networking badge</title>\n";
print " <meta name=\"description\" content=\"social networking badge is blocked by the URL filter\" />\n";
print "</head>\n";
# print "<body width=30 height=30 bgcolor=\"transparent\">\n";
print "<body bgcolor=#fafafa>\n";
print "<center>\n";
print "<font size=\"-1\" color=\"#1f1f1f\">\n" .
"<a title=\"The social networking badge is blocked.\"> B </a>\n" .
"</font>\n";
print "</center>\n";
print "$html_comment";
print "</body>\n";
print "</html>\n";
}
else
{
print "<html lang=\"$lang\">\n";
print "<head>\n";
print " <title>$title</title>\n";
print " <meta name=\"description\" content=\"The URL is blocked by the URL filter\" />\n";
print "</head>\n";
print "<body bgcolor=\"$bgcolor\" text=\"$textcolor\">\n";
print "<font size=\"$titlesize\">$forbidden</font> <br>\n";
print "<font size=\"$textsize\">\n";
print "$explanation_prefix <i>$category</i> $explanation_suffix <br>\n";
print "URL: $url <br>\n";
print "<p>\n";
print "<a href=\"javascript:history.go(-1);\">$go_back</a>. <br>\n";
print "$admin\n";
print "<p>\n";
print "$more_info\n";
print "<br>\n&nbsp;<p />\n";
print "</font>\n";
print "<font size=\"-3\">";
print "user=$clientuser &nbsp; " if (defined($clientuser) && length($clientuser)>0);
print "client=$clientaddr &nbsp; " if (defined($clientaddr) && length($clientaddr)>0);
print "group=$clientgroup &nbsp; " if (defined($clientgroup) && length($clientgroup)>0);
print "source=$clientname &nbsp; " if (defined($clientname) && length($clientname)>0);
print "</font>\n";
print "$html_comment";
print "<!-- color:$color size:$size mode:$mode lang:$lang category:$category -->\n";
print "</body>\n";
print "</html>\n";
}
}
}
}
}
exit 0;

3
roles/squid/files/acl/service_fws.domains Normal file
View File

@@ -0,0 +1,3 @@
.firewall-services.com
.fws.fr
iptek.biz

7
roles/squid/files/acl/service_various.domains Normal file
View File

@@ -0,0 +1,7 @@
.letsencrypt.org
.lencr.org
apps.identrust.com
dns.api.gandi.net
api.gandi.net
monip.org

11
roles/squid/files/acl/software_almalinux.domains Normal file
View File

@@ -0,0 +1,11 @@
mirrors.almalinux.org
repo.almalinux.org
mirror.crexio.com
mirror.almalinux.ikoula.com
almalinux.li
almalinux.mirrors.itworxx.de
almalinux.mirror.liteserver.nl
almalinux.uib.no
almalinux.slaskdatacenter.com
almalinux.mirror.katapult.io
alma.mirror.ate.info

15
roles/squid/files/acl/software_centos.domains Normal file
View File

@@ -0,0 +1,15 @@
www.centos.org
mirror.centos.org
debuginfo.centos.org
vault.centos.org
mirrorlist.centos.org
centos.mirrors.ovh.net
distrib-coffee.ipsl.jussieu.fr
centos.crazyfrogs.org
mirror.plusserver.com
mirrors.atosworldline.com
fr2.rpmfind.net
centos.mirror.fr.planethoster.net
miroir.univ-paris13.fr
centos.mirrors.proxad.net
mirrors.standaloneinstaller.com

1
roles/squid/files/acl/software_codeit.urls Normal file
View File

@@ -0,0 +1 @@
^https://repo.codeit.guru/packages/centos/

13
roles/squid/files/acl/software_debian.domains Normal file
View File

@@ -0,0 +1,13 @@
httpredir.debian.org
ftp.fr.debian.org
cdn-fastly.deb.debian.org
security.debian.org
ftp.debian.org
security-cdn.debian.org
cdimage.debian.org
deb.debian.org
# Ubuntu
ppa.launchpad.net
archive.ubuntu.com
security.ubuntu.com

12
roles/squid/files/acl/software_epel.domains Normal file
View File

@@ -0,0 +1,12 @@
mirrors.fedoraproject.org
download.fedoraproject.org
dl.fedoraproject.org
download.fedora.redhat.com
src.fedoraproject.org
mir01.syntis.net
mirrors.ircam.fr
mirror.in2p3.fr
mirror.speedpartner.de
ftp.uma.es
mirror.bytemark.co.uk
mirror.imt-systems.com

2
roles/squid/files/acl/software_fws.domains Normal file
View File

@@ -0,0 +1,2 @@
repo.firewall-services.com
rpms.fws.fr

2
roles/squid/files/acl/software_remi.domains Normal file
View File

@@ -0,0 +1,2 @@
rpms.remirepo.net
cdn.remirepo.net

19
roles/squid/files/acl/software_smeserver.domains Normal file
View File

@@ -0,0 +1,19 @@
mirrorlist.contribs.org
mirrorlist.koozali.org
mirror.canada.pialasse.com
smeserver.bhs.mirrors.ovh.net
mirror.mab974.re
ibsgaarden.dk
smeserver.de-labrusse.fr
mirror.pialasse.com
sme-mirror.firewall-services.com
mirrors.rbx.opencare.nl
smeserver.hkisl.net
smeserver.mirror.garr.it
ftp.nluug.nl
ftp.surfnet.nl
mirror.hakkers.com
www.mirrorservice.org
distro.ibiblio.org
sme-mirror.tw.co.nz

365
roles/squid/files/acl/software_various.domains Normal file
View File

@@ -0,0 +1,365 @@
# Dokuwiki
download.dokuwiki.org
# various
.github.com
raw.githubusercontent.com
objects.githubusercontent.com
github-releases.githubusercontent.com
packagecloud.io
.cloudfront.net
packagist.org
downloads.sourceforge.net
dl.bintray.com
publicsuffix.org
www.internic.net
tzurl.org
gitlab.com
.lapiole.org
archive.apache.org
ftp.gnu.org
# GLPI
github-production-release-asset-2e65be.s3.amazonaws.com
# phpMyAdmin
files.phpmyadmin.net
# Framasoft git server
git.framasoft.org
framagit.org
# Python
www.python.org
pypi.python.org
pypi.org
files.pythonhosted.org
# Ruby
api.rubygems.org
# Seadrive
download.seadrive.org
rpm.seadrive.org
linux-clients.seafile.com
s3.eu-central-1.amazonaws.com
# GLPI
forge.glpi-project.org
# Chrome on Linux
dl.google.com
# Hosts several things, including the Zabbix datasource for Grafana
.storage.googleapis.com
# And kubernetes packages
packages.cloud.google.com
# Grafana repo
grafanarel.s3.amazonaws.com
packages.grafana.com
grafana.com
# Lemonldap::NG repo
lemonldap-ng.org
# NodeJS
rpm.nodesource.com
deb.nodesource.com
nodejs.org
# Jenkins
updates.jenkins.io
get.jenkins.io
updates.jenkins-ci.org
mirrors.jenkins-ci.org
mirrors.tuna.tsinghua.edu.cn
ftp.yz.yamagata-u.ac.jp
mirror.esuni.jp
mirror.serverion.com
mirror.xmission.com
archives.jenkins-ci.org
ftp-chi.osuosl.org
ftp-nyc.osuosl.org
insights.cloudbees.com
mirror.gruenehoelle.nl
ftp.halifax.rwth-aachen.de
download.cypress.io
cdn.cypress.io
ftp.belnet.be
# nux dextop
li.nux.ro
mirror.li.nux.ro
# Onlyoffice
download.onlyoffice.com
# ClamAV
database.clamav.net
db.local.clamav.net
# SOGo
packages.inverse.ca
# spamassassin
spamassassin.apache.org
sa-update.spamassassin.org
sa-update.dnswl.org
sa-update.fossies.org
sa-update.secnap.net
sa-update.razx.cloud
sa-update.bitwell.fi
www.sa-update.pccc.com
sa-update.verein-clean.net
data.phishtank.com
cdn.phishtank.com
openphish.com
# Odoo
nightly.odoo.com
# Matomo
builds.matomo.org
# PostgreSQL
download.postgresql.org
ftp.postgresql.org
apt.postgresql.org
www.postgresql.org
# Java / Gradle / Maven
services.gradle.org
downloads.gradle.org
downloads.gradle-dn.com
plugins.gradle.org
plugins-artifacts.gradle.org
.maven.org
repo.maven.apache.org
www.ibibilio.net
mirrors.ibiblio.org
repo.exist.com
artifacts.alfresco.com
jcenter.bintray.com
repo.fusesource.com
repository.jboss.org
jcenter.bintray.com
repo.jenkins-ci.org
smslib.org
repox.sonarsource.com
oss.sonatype.org
repo.spring.io
maven.wso2.org
packages.confluent.io
maven.fabric.io
jitpack.io
miroir.univ-lorraine.fr
download.java.net
forumarchivebuilder.googlecode.com
maven.java.net
redshift-maven-repository.s3-website-us-east-1.amazonaws.com
# Unifi
www.ubnt.com
dl.ubnt.com
fw-update.ubnt.com
www.ui.com
# Perl
.plackperl.org
.metacpan.org
.cpan.org
.perl.org
# MariaDB
yum.mariadb.org
# OpenMediaVault
packages.openmediavault.org
openmediavault.github.io
# FusionInventory
debian.fusioninventory.org
# Proxmox
download.proxmox.com
enterprise.proxmox.com
# Bluemind
pkg.bluemind.net
download.bluemind.net
# TranquilIT
wapt.tranquil.it
samba.tranquil.it
# Gitea
dl.gitea.io
storage.gitea.io
# MongoDB
repo.mongodb.org
www.mongodb.org
# Elasticsearch
artifacts.elastic.co
# Graylog
packages.graylog2.org
graylog2-package-repository.s3.amazonaws.com
versioncheck.graylog.com
downloads.graylog.org
graylog-downloads.herokuapp.com
graylog2-releases.s3.amazonaws.com
graylog2-releases.s3.eu-west-1.amazonaws.com
# NPM / NodeJS
registry.npmjs.org
registry.npmjs.com
# Yarn
yarnpkg.com
registry.yarnpkg.com
classic.yarnpkg.com
dl.yarnpkg.com
# IOJS
iojs.org
# Asterisk / FreePBX
ast.tucny.com
.freepbx.org
katanafpbx.schmoozecom.com
sounds.sng7.com
# Elrepo
.elrepo.org
# Zimbra
repo.zimbra.com
files.zimbra.com
www.zimbra.com
# Zextras for Zimbra
openzal.org
update.zextras.com
download.zextras.com
# ZFS On Linux
download.zfsonlinux.org
# Funkwhale
dev.funkwhale.audio
coverartarchive.org
.archive.org
# Zabbix
repo.zabbix.com
git.zabbix.com
# Maxming GeoIP
updates.maxmind.com
# Docker
download.docker.com
apt.dockerproject.org
auth.docker.io
registry-1.docker.io
production.cloudflare.docker.com
docker.elastic.co
docker-auth.elastic.co
get.docker.com
# Artifactory (jfrog)
docker.bintray.io
akamai.bintray.com
service.jfrog.org
repo.jfrog.org
# Sonar
update.sonarsource.org
# RocketChat
marketplace.rocket.chat
releases.rocket.chat
# Openproject
dl.packager.io
# Alpine Linux
dl-cdn.alpinelinux.org
alpine-pkgs.sgerrand.com
# Psono
psono.jfrog.io
# RH UBI
cdn-ubi.redhat.com
# Various SF mirrors
.dl.sourceforge.net
# Rust lang
static.rust-lang.org
crates.io
static.crates.io
# Fontawesome
npm.fontawesome.com
dl.fontawesome.com
# Google fonts
fonts.googleapis.com
fonts.gstatic.com
# Jitsi
download.jitsi.org
# Needed to build Jitsi Meet
packages.matrix.org
gitlab.matrix.org
repository.apache.org
# Prosody
hg.prosody.im
# Wordpress
api.wordpress.org
downloads.wordpress.org
# Yubico
.yubico.com
# Openresty
openresty.org
# Tiny Tiny RSS
tt-rss.org
# RPM Fusion
rpmfusion.org
download1.rpmfusion.org
# Composer
getcomposer.org
# Sentry
downloads.sentry-cdn.com
# iTop cmd extension store
store.itophub.io
# Crowdsec
crowdsec-statics-assets.s3-eu-west-1.amazonaws.com
api.crowdsec.net
www.cloudflare.com
# Metabase
static.metabase.com
downloads.metabase.com
# Zimbra / Zextras
go.zextras.com
# Zulip
www.zulip.org
packages.groonga.org

47
roles/squid/files/acl/software_windows.domains Normal file
View File

@@ -0,0 +1,47 @@
# MS update &cie
windowsupdate.microsoft.com
.update.microsoft.com
.download.windowsupdate.com
redir.metaservices.microsoft.com
images.metaservices.microsoft.com
c.microsoft.com
wustat.windows.com
sls.microsoft.com
productactivation.one.microsoft.com
ntservicepack.microsoft.com
next-services.apps.microsoft.com
ctldl.windowsupdate.com
download.microsoft.com
www.msftncsi.com
www.msftconnecttest.com
ipv6.msftconnecttest.com
settings-win.data.microsoft.com
go.microsoft.com
dl.delivery.mp.microsoft.com
dmd.metaservices.microsoft.com
activation-v2.sls.microsoft.com
download.visualstudio.microsoft.com
activation.sls.microsoft.com
# comon CRL / OCSP
crl.microsoft.com
.digicert.com
.spice-space.org
ocsp.usertrust.com
crl.usertrust.com
ocsp.comodoca.com
crl.comodoca.com
.symcb.com
isrg.trustid.ocsp.identrust.com
crl.identrust.com
status.rapidssl.com
crl.certum.pl
ocsp.thawte.com
crl.thawte.com
ts-ocsp.ws.symantec.com
ts-crl.ws.symantec.com
ocsp.sectigo.com
# Common AV
.avast.com
.avcdn.net

BIN
roles/squid/files/ufdb.pp Normal file
View File

Binary file not shown.

15
roles/squid/files/ufdb.te Normal file
View File

@@ -0,0 +1,15 @@
module ufdb 1.2;
require {
type initrc_tmp_t;
type initrc_t;
type tmp_t;
type squid_t;
class sock_file write;
class unix_stream_socket connectto;
}
#============= squid_t ==============
allow squid_t initrc_t:unix_stream_socket connectto;
allow squid_t initrc_tmp_t:sock_file write;
allow squid_t tmp_t:sock_file write;