smecontribs/smeserver-webfilter
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for smeserver-webfilter on Sat Sep 7 16:44:31 AEST 2024

Browse Source
This commit is contained in:
Trevor Batley
2024-09-07 16:44:31 +10:00
parent d8b207fd9e
commit 4e92e4ef80
87 changed files with 9052 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

223
root/usr/bin/squid-db-logd Normal file
View File

@@ -0,0 +1,223 @@
#!/usr/bin/perl -w
use File::Tail;
use DBI;
use URI;
use Getopt::Long;
use threads;
use threads::shared;
use strict;
our %opts = ();
# Set default options
$opts{squidlog} = '/var/log/squid/access.log';
$opts{squidguardlog} = '/var/log/squidGuard/deny.log';
$opts{squid} = 1;
$opts{squidguard} = 0;
$opts{debug} = 0;
$opts{dbhost} = 'localhost';
$opts{dbname} = 'squid_log';
$opts{dbuser} = 'squid';
$opts{dbpass} = 'squid';
# get command line arguments
GetOptions(
"debug=i" => \$opts{debug},
"squidlog=s" => \$opts{squidlog},
"squidguardlog=s" => \$opts{squidguardlog},
"squid!" => \$opts{squid},
"squidguard!" => \$opts{squidguard},
"dbhost=s" => \$opts{dbhost},
"dbname=s" => \$opts{dbname},
"dbuser=s" => \$opts{dbuser},
"dbpass=s" => \$opts{dbpass}
);
# Disable output buffering
select(STDOUT);
$| = 1;
select(STDERR);
$| = 1;
open STDERR, '>&STDOUT';
# Set process name
$0 = 'squid-db-logd';
# Get hostname
our $host = `hostname`;
chomp($host);
### Subroutines
# Print messages on stderr
# for debuging purpose
sub printlog {
my $msg = shift;
print "$msg\n";
return;
}
# Connect to the database
sub db_connect {
my $dbh = DBI->connect("DBI:mysql:database=$opts{dbname};host=$opts{dbhost}",
$opts{dbuser}, $opts{dbpass}, {RaiseError => 1});
die "Couldn't connect to database\n" unless ($dbh);
return $dbh;
}
# escape chars for MySQL queries
sub mysql_escape {
my $string = shift;
$string =~ s|'|\\'|g;
return $string;
}
# log squid access
# prepare squid insert query
sub squid_prepare {
my $dbh = shift;
my $q = "INSERT INTO access_log (proxy_host, timestamp, response_time, ".
"client_ip, squid_status, http_status, reply_size, request_method, ".
"url, domain, username, squid_connect, server_ip, mime_type) ".
"VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
my $qh = $dbh->prepare($q);
return $qh;
}
# prepare squidGuard insert query
sub squidguard_prepare {
my $dbh = shift;
my $q = "INSERT INTO deny_log (proxy_host, date_day, date_time, ".
"category, client_ip, url, domain, username) ".
"VALUES(?,?,?,?,?,?,?,?)";
my $qh = $dbh->prepare($q);
return $qh;
}
sub squid_log {
my $logfile = shift;
printlog("squid_log thread connecting to database") if ($opts{debug} ge 1);
my $dbh = db_connect;
my $qh = squid_prepare($dbh);
# Open log file
printlog("opening squid log file") if ($opts{debug} ge 1);
my $tail = File::Tail->new(name=>$logfile, maxinterval=>15);
while (defined(my $line=$tail->read)){
my ($timestamp, $response_time, $client_ip, $status, $reply_size,
$request_method, $url, $username, $server, $mime_type) = split /\s+/, $line;
my ($squid_status, $http_status) = split /\//, $status;
my ($squid_connect, $server_ip) = split /\//, $server;
# Skip stats requested by squidclient
next if ($url =~ m/^cache_object:/);
my $domain;
if ($request_method eq 'CONNECT'){
($domain,undef) = split /:/, $url;
}
elsif ($url =~ m/^error:/){
(undef,$domain) = split /:/, $url;
}
else{
my $uri = URI->new($url);
$domain = $uri->host;
}
# MySQL escape
# Shouldn't be needed, but just in case logs contains junk
$timestamp = mysql_escape($timestamp);
$response_time = mysql_escape($response_time);
$client_ip = mysql_escape($client_ip);
$squid_status = mysql_escape($squid_status);
$http_status = mysql_escape($http_status);
$reply_size = mysql_escape($reply_size);
$request_method = mysql_escape($request_method);
$url = mysql_escape($url);
$domain = mysql_escape($domain);
$username = mysql_escape($username);
$squid_connect = mysql_escape($squid_connect);
$server_ip = mysql_escape($server_ip);
$mime_type = mysql_escape($mime_type);
printlog("New access_log entry:\ntimestamp: $timestamp\nresponse_time: $response_time\n".
"client_ip: $client_ip\nsquid_status: $squid_status\nhttp_status: $http_status\n".
"reply_size: $reply_size\nrequest_method: $request_method\nurl: $url\n".
"username: $username\nsquid_connect: $squid_connect\n".
"server_ip: $server_ip\nmime_type: $mime_type\n\n") if ($opts{debug} ge 2);
$qh->execute($host, $timestamp,$response_time,$client_ip,$squid_status,
$http_status,$reply_size,$request_method,$url,$domain,
$username,$squid_connect,$server_ip,$mime_type) || die "Database error: ".$qh->errstr;
}
}
# log squid access
sub squidguard_log {
my $logfile = shift;
printlog("squidguard_log thread connecting to database") if ($opts{debug} ge 1);
my $dbh = db_connect;
my $qh = squidguard_prepare($dbh);
# Open log file
printlog("opening squidGuard log file") if ($opts{debug} ge 1);
my $tail = File::Tail->new(name=>$logfile, maxinterval=>15);
while (defined(my $line=$tail->read)){
my ($date_day, $date_time, undef, $category, $url, $client_ip, $username) = split /\s+/, $line;
# Clean some values
$category =~ m/default\/(\w+)/;
$category = $1;
$client_ip =~ s/\/\-$//;
my $domain;
# Use the URI parser if possible
if ($url =~ m/^https?:\/\//){
my $uri = URI->new($url);
$domain = $uri->host;
}
# Else, it's a CONNECT method like www.domain.tld:443
else {
($domain,undef) = split /:/, $url;
}
$domain = mysql_escape($domain);
# MySQL escape
$date_day = mysql_escape($date_day);
$date_time = mysql_escape($date_time);
$category = mysql_escape($category);
$url = mysql_escape($url);
$client_ip = mysql_escape($client_ip);
$username = mysql_escape($username);
printlog("New deny_log entry:\ndate: $date_day\ntime: $date_time\ncategory: $category\n".
"client_ip: $client_ip\nurl: $url\nusername: $username\n\n") if ($opts{debug} ge 2);
$qh->execute($host,$date_day,$date_time,$category,$client_ip,$url,$domain,$username) ||
die "Database error: ".$qh->errstr;
}
}
printlog("Starting log monitoring threads") if ($opts{debug} ge 1);
my $thr1 = threads->create('squid_log', $opts{squidlog}) if ($opts{squid});
my $thr = 1;
if ($opts{squidguard}){
my $thr2 = threads->create('squidguard_log', $opts{squidguardlog}) if ($opts{squidguard});
$thr++;
}
while (scalar(threads->list(threads::running)) ge $thr){
sleep(5);
}
die "At least one thread died\n";

190
root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/webfilter.pm Normal file
View File

@@ -0,0 +1,190 @@
#!/usr/bin/perl -w
package esmith::FormMagick::Panel::webfilter;
use strict;
use esmith::FormMagick;
use esmith::ConfigDB;
use esmith::cgi;
use Exporter;
use Carp;
our @ISA = qw(esmith::FormMagick);
our $db = esmith::ConfigDB->open() || die "Couldn't open config db";
sub new {
shift;
my $self = esmith::FormMagick->new();
$self->{calling_package} = (caller)[0];
bless $self;
return $self;
}
sub get_prop{
my ($self,$entrie,$prop) = @_;
return $db->get_prop($entrie, $prop) || '';
}
sub get_list{
my ($self,$entrie,$prop) = @_;
my $values = get_prop($self,$entrie,$prop);
$values =~ s/[;,]/\n/g;
return $values;
}
sub get_wbl{
my ($self,$bl) = @_;
open FILE, "</var/squidGuard/blacklists/$bl/domains" || die "Couldn't open file /var/squidGuard/blacklists/$bl/domains: $!\n";
my $content = '';
while (<FILE>){
$content .= $_;
}
close FILE;
open FILE, "</var/squidGuard/blacklists/$bl/urls" || die "Couldn't open file /var/squidGuard/blacklists/$bl/urls: $!\n";
while (<FILE>){
$content .= $_;
}
close FILE;
return $content;
}
sub print_section_bar{
my ($fm) = @_;
print " <tr>\n <td colspan='2'>\n";
print "<hr class=\"sectionbar\"/>\n";
return undef;
}
sub print_categories{
my ($fm) = @_;
my $q = $fm->{cgi};
my @blockedCategories = split(/[,;]/, (get_prop($fm, 'squidguard', 'BlockedCategories')));
print "<tr><td class=\"sme-noborders-label\">",
$fm->localise('BLOCKED_CATEGORIES'),
"</td><td>\n";
print $q->start_table({-class => "sme-border"}),"\n";
print $q->Tr(
esmith::cgi::genSmallCell($q, $fm->localise('BLOCKED_OR_NOT'),"header"),
esmith::cgi::genSmallCell($q, $fm->localise('CATEGORY'),"header"),
esmith::cgi::genSmallCell($q, $fm->localise('DESCRIPTION'),"header")
);
my @categories = ();
my @hide = split(/[;,]/, (get_prop($fm, 'squidguard', 'DisabledCategories')));
opendir BL, '/var/squidGuard/blacklists' || die "Couldn't open blacklists directory\n";
while (my $cat = readdir(BL)){
next if (!-d "/var/squidGuard/blacklists/$cat" ||
$cat =~ /^\./ ||
$cat eq 'black' ||
$cat eq 'white' ||
grep { $_ eq $cat } @hide);
push @categories, $cat;
}
closedir BL;
foreach my $c (sort @categories){
my $checked = '';
if (grep { $_ eq $c } @blockedCategories) {
$checked = 'checked';
}
print $q->Tr(
$q->td(
"<input type=\"checkbox\""
. " name=\"blockedCategories\""
. " $checked value=\"$c\">"
),
esmith::cgi::genSmallCell($q, $c,"normal"),
esmith::cgi::genSmallCell( $q, $fm->localise($c),"normal")
);
}
print "</table></td></tr>\n";
return undef;
}
sub change_settings {
my $fm = shift;
my $q = $fm->{'cgi'};
$db->set_prop('squidguard', 'status', $q->param('url_filter_status'));
$db->set_prop('squidclamav', 'status', $q->param('av_filter_status'));
my $squid = $db->get('squid') || die "Couldn't find squid service in configuration DB\n";
my $squidstatus = $squid->prop('status') || 'disabled';
# If either squidguard or havp is enabled, squid needs to be enabled too
if ((($q->param('url_filter_status') eq 'enabled') || ($q->param('av_filter_status') eq 'enabled')) &&
($squidstatus ne 'enabled')){
$db->set_prop('squid', 'status', 'enabled');
$fm->error('ERROR') unless (system ("/sbin/e-smith/signal-event proxy-update") == 0 );
}
$db->set_prop('squidguard', 'BlockedCategories', join(',', $q->param('blockedCategories')));
my $ip = $q->param('unrestricted');
$ip =~ s/\r?\n/,/g;
$db->set_prop('squidguard', 'UnrestrictedIP', $ip);
# Split domains and URL
# as squidguard wants them in their own file
my %list;
$list{black_domains} = [ grep {$_ !~ m|/|} split(/\r?\n/, $q->param('black')) ];
$list{black_urls} = [ grep {$_ =~ m|/|} split(/\r?\n/, $q->param('black')) ];
$list{white_domains} = [ grep {$_ !~ m|/|} split(/\r?\n/, $q->param('white')) ];
$list{white_urls} = [ grep {$_ =~ m|/|} split(/\r?\n/, $q->param('white')) ];
foreach (qw{black_domains black_urls white_domains white_urls}){
my $file = $_;
my $bl = $file;
$file =~ s!_!/!;
open FILE, ">/var/squidGuard/blacklists/$file" || die "Couldn't open $file: $!\n";
foreach (@{$list{$bl}}){
$_ =~ s|https?://||g;
print FILE $_."\n";
}
close FILE;
}
# Write whitelist for squidclamav
open FILE, ">/etc/squid/clamav_whitelist" || die "Couldn't open /etc/squid/clamav_whitelist: $!\n";
foreach (@{$list{white_domains}},@{$list{white_urls}}){
$_ =~ s|https?://||g;
$_ =~ s|^(.*)|whitelist\ \.$1|g;
$_ =~ s|\.|\\\.|g;
print FILE $_."\n";
}
close FILE;
unless (system ("/sbin/e-smith/signal-event http-proxy-update") == 0 ){
$fm->error('ERROR');
}
$fm->success('SUCCESS');
}
sub valid_ip_list{
my ($fm,$text) = @_;
foreach (split /\r?\n/, $text){
return $fm->localise('NOT_A_VALID_IP_LIST') unless
(valid_ip_or_range($fm,$_) eq 'OK' or $_ eq '');
}
return 'OK'
}
sub valid_ip_or_range{
my ($fm,$entry) = @_;
if ($entry =~ m/^\d+\.\d+\.\d+\.\d+$/){
return CGI::FormMagick::Validator::ip_number($fm, $entry)
}
elsif ($entry =~ m/^(\d+\.\d+\.\d+\.\d+)[\/\-](\d+\.\d+\.\d+\.\d+)$/){
return 'OK' if (CGI::FormMagick::Validator::ip_number($fm, $1) eq 'OK' &&
CGI::FormMagick::Validator::ip_number($fm, $2) eq 'OK');
}
elsif ($entry =~ m/^(\d+\.\d+\.\d+\.\d+)\/(\d{1,2})$/){
return 'OK' if (CGI::FormMagick::Validator::ip_number($fm, $1) eq 'OK' &&
$2 < 32 &&
$2 > 1);
}
return $fm->localise('NOT_A_VALID_IP_OR_RANGE');
}
1;

390
root/usr/share/squidGuard/cgi-bin/blocked.cgi Executable file
View File

@@ -0,0 +1,390 @@
#! /usr/bin/perl
#
# Explain to the user that the URL is blocked and by which rule set
#
# Original by P<>l Baltzersen 1999 (pal.baltzersen@ost.eltele.no)
# French texts thanks to Fabrice Prigent (fabrice.prigent@univ-tlse1.fr)
# Dutch texts thanks to Anneke Sicherer-Roetman (sicherer@sichemsoft.nl)
# German texts thanks to Buergernetz Pfaffenhofen (http://www.bn-paf.de/filter/)
# Spanish texts thanks to Samuel García).
# Rewrite by Christine Kronberg, 2008, to enable an easier integration of
# other languages.
#
# By accepting this notice, you agree to be bound by the following
# agreements:
#
# This software product, squidGuard, is copyrighted (C) 1998-2008
# by Christine Kronberg, Shalla Secure Services. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License (version 2) as
# published by the Free Software Foundation. It is distributed in the
# hope that it will be useful, but WITHOUT ANY WARRANTY; without even
# the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License (GPL) for more details.
#
# You should have received a copy of the GNU General Public License
# (GPL) along with this program.
use strict;
use Socket;
#
# GLOBAL VALUES:
#
my ($clientaddr,$clientname,$clientuser,$clientgroup,$targetgroup,$url);
my @supported;
my $lang="en";
my (%msgconf,%title,%logo,%msg,%tab,%word);
my ($protocol,$address,$port,$path,$refererhost,$referer);
my %Babel = ();
my $rechts="";
my $links="";
my $dummy="";
sub getpreferedlang(@);
sub parsequery($);
sub status($);
sub redirect($);
sub content($);
sub expires($);
sub msg($$);
sub gethostnames($);
sub spliturl($);
sub showhtml($);
sub showimage($$$);
sub showinaddr($$$$$);
#
# CONFIGURABLE OPTIONS:
#
# (Currently: "en", "fr", "de", "es", "nl", "no")
@supported = (
"en (English), ",
"fr (Fran&ccedil;ais), ",
"de (Deutsch), ",
"es (Espa&ntilde;ol), ",
"nl (Nederlands), ",
"no (Norsk)."
);
# Read external conf file
open CONF, '../conf.txt' || die "Couldn't open conf file\n";
my %conf;
while (<CONF>){
next if ($_ =~ m/^#/ or $_ !~ /=/);
chomp;
my ($key,$value) = split(/\s*=\s*/,$_);
$conf{$key} = $value;
}
close CONF;
########################################################################################
#
# SUBROUTINES:
#
#
# RETURN THE FIRST SUPPORTED LANGUAGE OF THE BROWSERS PREFERRED OR THE
# DEFAULT:
#
sub getpreferedlang(@) {
my @supported = @_;
my @languages = split(/\s*,\s*/,$ENV{"HTTP_ACCEPT_LANGUAGE"}) if(defined($ENV{"HTTP_ACCEPT_LANGUAGE"}));
my $lang;
my $supp;
push(@languages,$supported[0]);
for $lang (@languages) {
$lang =~ s/\s.*//;
$lang = substr($lang,0,2);
for $supp (@supported) {
$supp =~ s/\s.*//;
return($lang) if ($lang eq $supp);
}
}
}
#
# PARSE THE QUERY_STRING FOR KNOWN KEYS:
#
sub parsequery($) {
my $query = shift;
my $clientaddr = "$Babel{Unknown}";
my $clientname = "$Babel{Unknown}";
my $clientuser = "$Babel{Unknown}";
my $clientgroup = "$Babel{Unknown}";
my $targetgroup = "$Babel{Unknown}";
my $url = "$Babel{Unknown}";
my $virus = "$Babel{Unknown}";
my $user = "$Babel{Unknown}";
my $source = "$Babel{Unknown}";
if (defined($query)) {
while ($query =~ /^\&?([^\&=]+)=\"([^\"]*)\"(.*)/ || $query =~ /^\&?([^\&=]+)=([^\&=]*)(.*)/) {
my $key = $1;
my $value = $2;
$value = "$Babel{Unknown}" unless(defined($value) && $value && $value ne "unknown");
$query = $3;
if ($key =~ /^(clientaddr|clientname|clientuser|clientgroup|targetgroup|url|virus|source|user)$/) {
eval "\$$key = \$value";
}
if ($query =~ /^url=(.*)/) {
$url = $1;
last;
}
}
}
$source =~ s/\/\-$//;
$virus =~ s/\+/\ /g;
$virus =~ s/FOUND//;
$virus =~ s/stream/virus/;
$clientaddr = $source if ($source ne $Babel{Unknown});
$targetgroup = $virus if ($virus ne $Babel{Unknown});
$clientuser = $user if ($user ne $Babel{Unknown});
return($clientaddr,$clientname,$clientuser,$clientgroup,$targetgroup,$url);
}
#
# PRINT HTTP STATUS HEARER:
#
sub status($) {
my $status = shift;
print "Status: $status\n";
}
#
# PRINT HTTP LOCATION HEARER:
#
sub redirect($) {
my $location = shift;
print "Location: $location\n";
}
#
# PRINT HTTP CONTENT-TYPE HEARER:
#
sub content($) {
my $contenttype = shift;
print "Content-Type: $contenttype\n";
}
#
# PRINT HTTP LAST-MODIFIED AND EXPIRES HEARER:
#
sub expires($) {
my $ttl = shift;
my $time = time;
my @day = ("Sun","Mon","Tue","Wed","Thu","Fri","Sat");
my @month = ("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec");
my ($sec,$min,$hour,$mday,$mon,$year,$wday) = gmtime($time);
printf "Last-Modified: %s, %d %s %d", $day[$wday],$mday,$month[$mon],$year+1900;
printf " %02d:%02d:%02d GMT\n", $hour,$min,$sec;
($sec,$min,$hour,$mday,$mon,$year,$wday) = gmtime($time+$ttl);
printf "Expires: %s, %d %s %d", $day[$wday],$mday,$month[$mon],$year+1900;
printf " %02d:%02d:%02d GMT\n", $hour,$min,$sec;
}
#
# REVERSE LOOKUP AND RETURN NAMES:
#
sub gethostnames($) {
my $address = shift;
my ($name,$aliases) = gethostbyaddr(inet_aton($address), AF_INET);
my @names;
if (defined($name)) {
push(@names,$name);
if (defined($aliases) && $aliases) {
for(split(/\s+/,$aliases)) {
next unless(/\./);
push(@names,$_);
}
}
}
return(@names);
}
#
# SPLIT AN URL INTO PROTOCOL, ADDRESS, PORT AND PATH:
#
sub spliturl($) {
my $url = shift;
my $protocol = "";
my $address = "";
my $port = "";
my $path = "";
$url =~ /^([^\/:]+):\/\/([^\/:]+)(:\d*)?(.*)/;
$protocol = $1 if(defined($1));
$address = $2 if(defined($2));
$port = $3 if(defined($3));
$path = $4 if(defined($4));
return($protocol,$address,$port,$path);
}
#
# SEND OUT AN IMAGE:
#
sub showimage($$$) {
my ($type,$file,$redirect) = @_;
content("image/$type");
expires(300);
redirect($redirect) if($redirect);
print "\n";
open(GIF, "$file");
print <GIF>;
close(GIF)
}
#
# SHOW THE INADDR ALERNATIVES WITH OPTIONAL ATOREDIRECT:
#
sub showinaddr($$$$$) {
my ($targetgroup,$protocol,$address,$port,$path) = @_;
my $msgid = $targetgroup;
my @names = gethostnames($address);
if($conf{autoinaddr} == 2 && @names || $conf{autoinaddr} && @names==1) {
status("301 Moved Permanently");
redirect("$protocol://$names[0]$port$path");
} elsif (@names>1) {
status("300 Multiple Choices");
} elsif (@names) {
status("301 Moved Permanently");
} else {
status("404 Not Found");
}
if (@names) {
print "Content-type: text/html\n\n";
print "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n";
print "<html><head>\n";
print "<title>$Babel{Title}</title>\n";
print "</head>\n";
print "<body bgcolor=#E6E6FA> \n";
expires(0);
$msgid = "in-addr" unless(defined($msgconf{$msgid}));
if (defined($msgconf{$msgid})) {
print " <!-- showinaddr(\"$msgid\") -->\n";
for (@{$msgconf{$msgid}}) {
my @config = split(/:/);
my $type = shift(@config);
if ($type eq "msg") {
msg($config[0],$config[1]);
} elsif ($type eq "tab") {
table(shift(@config),shift(@config),@config);
} elsif ($type eq "alternatives") {
print " <TABLE BORDER=0 ALIGN=CENTER>\n";
for (@names) {
print " <TR>\n <TH ALIGN=LEFT>\n <FONT SIZE=+1>";
href("$protocol://$_$port$path");
print "\n </FONT>\n </TH>\n </TR>\n";
}
print " </TABLE>\n\n";
if (defined($ENV{"HTTP_REFERER"}) && $ENV{"HTTP_REFERER"} =~ /:\/\/([^\/:]+)/) {
$refererhost = $1;
$referer = $ENV{"HTTP_REFERER"};
msg("H4","referermaster");
}
}
}
}
}
return;
}
########################################################################################
#
# MAIN PROGRAM
#
# To change the messages in the blocked page please refer to the corresponding babel file.
#
$lang = getpreferedlang(@supported);
open (BABEL, "../lang/babel.$lang") || warn "Unable to open language file: $!\n";
flock (BABEL, 2);
while (<BABEL>) {
chomp $_ ;
($links, $rechts) = split (/=/, $_);
$Babel{$links} = $rechts;
}
flock (BABEL, 8);
close (BABEL);
($clientaddr,$clientname,$clientuser,$clientgroup,$targetgroup,$url) = parsequery($ENV{"QUERY_STRING"});
($protocol,$address,$port,$path) = spliturl($url);
if ($url =~ /\.(gif|jpg|jpeg|png|mp3|mpg|mpeg|avi|mov)$/i) {
status("403 Forbidden");
showimage("gif",$conf{image},$conf{redirect});
exit 0;
}
if ($targetgroup eq "in-addr") {
showinaddr($targetgroup,$protocol,$address,$port,$path);
}
status("403 Forbidden");
expires(0);
print "Content-type: text/html\n\n";
print "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">\n";
print "<html><head>\n";
print "<title>$Babel{Title}</title>\n";
print "</head>\n";
print "<body bgcolor=#E6E6FA> \n";
print "\n";
print "<a href=$conf{company}>\n";
print "<img align=left border=0 alt=\"\" src=$conf{companylogo}></a>\n";
print "<a href=$conf{squidguard}>\n";
print "<img align=right border=0 alt=\"\" src=$conf{squidguardlogo}></a><br><br>\n";
print "<center>\n";
print "<table border=0 width=80%>\n";
print "<tr><td align=center>\n";
print "<h2>$Babel{Msg}</h2>\n";
print "<br><br>\n";
print "<b>$Babel{Tabcaption}</b><br><br>\n";
print "<table border=4>\n";
print "<tr>\n";
print "<td>$Babel{TabIP}</td><td>&nbsp;$clientaddr</td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td>$Babel{Tabclientname}</td><td>&nbsp;$clientname</td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td>$Babel{Tabclientuser}</td><td>&nbsp;$clientuser</td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td>$Babel{Tabclientgroup}</td><td>&nbsp;$clientgroup</td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td>$Babel{Taburl}</td><td>&nbsp;$url</td>\n";
print "</tr>\n";
print "<tr>\n";
print "<td>$Babel{Tabtargetgroup}</td><td>&nbsp;$targetgroup</td>\n";
print "</tr>\n";
print "</table>\n";
print "<br><br>\n";
print "</td></tr>\n";
print "<tr><td>\n";
if ($targetgroup eq "in-addr") {
print "$Babel{msginaddr}<br><br>\n";
print "$Babel{msgnoalternatives} <U>",$address,"</U>.<br>\n";
print "$Babel{msgwebmaster}\n";
}
print "<br><br>\n";
print "$Babel{msgproxymaster} <A HREF=mailto:$conf{proxymaster}>$conf{proxymaster}</A>.<br>\n";
print "$Babel{msgrefresh}\n";
print "</td></tr></table>\n";
# bottom of page
print "</center>\n";
print "</body></html>\n";
exit 0;

BIN
root/usr/share/squidGuard/images/blocked.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
root/usr/share/squidGuard/images/empty.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 B

20
root/usr/share/squidGuard/lang/babel.de Normal file
View File

@@ -0,0 +1,20 @@
Unknown=unbekannt
Title=403 Verboten
Msg=Der Zugriff auf die Seite ist nicht erlaubt.
Tabclientname=Rechnername
Tabcaption=Zusatzinformationen:
TabIP=IP-Adresse
Tabclientuser=Benutzer
Tabclientgroup=Gruppe
Taburl=URL
Tabtargetgroup=Kategorie
msgproxymaster=Falls ein Fehler vorliegt schicken Sie die Adresse <U>dieser Seite</U> bitte an
msgrefresh=Nach einer &Auml;nderung der Zugriffsrechte m&uuml;ssen Sie evtl. die Seite mit dem &lt;Aktualisieren&gt; bzw. &lt;Neu laden&gt; Button des Browsers oder mit &lt;Strg&gt;+&lt;F5&gt; erneut laden lassen.
msgtimerefresh=Nach dem Wechsel in eine erlaubte Zeitperiode m&uuml;ssen Sie evtl. die Seite mit dem &lt;Aktualisieren&gt; bzw. &lt;Neu laden&gt; Button des Browsers oder sogar mit &lt;Strg&gt;+&lt;F5&gt; erneut laden lassen.
msgunknown=Zugriff verweigert, da Ihr Rechner bei $proxy unbekannt ist.
msginaddr=Die direkte Verwendung von <U>IP-Adressen</U> ist von diesem Rechner aufgrund der geltenden Netzwerk Zugriffregelungen nicht erlaubt.
msgalternatives=Die folgenden Alternativen wurden gefunden:
msgnoalternatives=F&uuml;r diesen Server konnte kein alternativer Domainname gefunden werden:
msgreferermaster=Bitte erfragen Sie den korrekten Domainnamen von dem Webmaster dieses Servers.
msgwebmaster=Bitte fragen Sie den <U>Webmaster</U> von dieses Servers nach einem <EM>Domainnamen</EM> f&uuml;r den Server.
msgdeflang=Dieser Text erscheint in Deutsch, da Ihr Browser dies als bevorzugte (erste) Sprache einstellt hat, die unterst&uuml;tzt werden. Unterst&uuml;tzte Sprachen:

20
root/usr/share/squidGuard/lang/babel.en Normal file
View File

@@ -0,0 +1,20 @@
Unknown=unknown
Title=403 Forbidden
Msg=The access to this site is blocked.
Tabclientname=Client name
Tabcaption=Additional information:
TabIP=Client address
Tabclientuser=Client user
Tabclientgroup=Client group
Taburl=URL
Tabtargetgroup=Target group
msgproxymaster=If you think this is an error, send <U>this page</U> to
msgrefresh=You may need to use the browser's &lt;Reload&gt; button or &lt;Keyboard Shift&gt;+&lt;Browser Reload&gt; to get rid of this page after an access rule change.
msgtimerefresh=You may need to use the browser's &lt;Reload&gt; button or even &lt;Keyboard Shift&gt;+&lt;Browser Reload&gt; to get rid of this page after transition from a time zone with access restrictions.
msgunknown=Access denied because your clienten is unknown to $proxy.
msginaddr=Surfing on plain <U>IP-addresses</U> is denied from this client due to network access policies.
msgalternatives=The following possible alternatives were found:
msgnoalternatives=No alternative domainname were found for the server
msgreferermaster=Send complaints to the webmaster of referer and ask him to correct the link(s) that points to $url in referer with the supposedly correct alternative above.
msgwebmaster=Please ask the <U>webmaster</U> of that server for the correct <EM>domainname</EM>.
msgdeflang=This message is in English because either your browser has "en" listed first in your prefered language list for those languages supported by this program or the chosen language is not supported by this program. Supported languages are:

20
root/usr/share/squidGuard/lang/babel.es Normal file
View File

@@ -0,0 +1,20 @@
Unknown=desconocido
Title=403 Restringido
Msg=Acceso a este sitio restringido
Tabclientname=Nombre del cliente
Tabcaption=Informaci&oacute;n adicional:
TabIP=Direcci&oacute;n IP del cliente
Tabclientuser=Usuario del cliente
Tabclientgroup=Grupo del cliente
Taburl=URL
Tabtargetgroup=Clasificaci&oacute;n del destino
msgproxymaster=Si piensa que esto es incorrecto, manda <U>esta p&aacute;gina</U> a
msgrefresh=Puede que necesitas usar el bot&oacute;n &lt;Refrescar&gt; o &lt;CONTROL&gt;+&lt;F5&gt; para refrescar el contenido de esta p&aacute;gina.
msgtimerefresh=Puede que necesitas usar el bot&oacute;n &lt;Refrescar&gt; o &lt;CONTROL&gt;+&lt;F5&gt; para refrescar el contenido de esta p&aacute;gina si el bloqueo es debido a una restricci&oacute;n basada en la hora de acceso.
msgunknown=Acceso denegado porque cliente es desconocido para proxy.
msginaddr=La navegaci&oacute;n usando <U>direcciones IP</U> est&aacute; restringida para este cliente por motivos de seguridad.
msgalternatives=Las siguientes posibles alternativas han sido encontradas:
msgnoalternatives=No han sido encontradas alternativas para el acceso a
msgreferermaster=Env&iacute;e sus sugerencias al webmaster de referer y preg&uacute;ntele c&oacute;mo corregir los lings que apuntan a url en referer con las anteriores alternativas supuestamente correctas.
msgwebmaster=Env&iacute;e sus sugerencias al <U>webmaster</U> para url y pregunte por un <EM>nombre de dominio</EM> para el servidor.
msgdeflang=Este mensaje est&aacute; en espa&ntilde;ol porque es el primero de los lenguajes soportados que est&aacute;n configurados en tu servidor para ser usado en la navegaci&oacute;n. Los lenguajes soportados son:

20
root/usr/share/squidGuard/lang/babel.fr Normal file
View File

@@ -0,0 +1,20 @@
Unknown=inconnu
Title=403 Interdit
Msg=L'acc&eacute;s &agrave; ce site est bloqu&eacute;.
Tabclientname=Nom de la machine
Tabcaption=Information compl&eacute;mentaire:
TabIP=Adresse de la machine
Tabclientuser=Utilisateur
Tabclientgroup=Groupe
Taburl=URL
Tabtargetgroup=Groupe cible
msgproxymaster=Si vous pensez qu'il s'agit d'une erreur, contactez votre administrateur
msgrefresh=Vous avez peut-&ecirc;tre besoin d'utiliser le bouton &lt;Recharger&gt; ou m&ecirc;me &lt;Shift&gt;+&lt;Recharger&gt; apr&egrave;s un changement de r&egrave;gles.
msgtimerefresh=Vous avez peut-&ecirc;tre besoin d'utiliser le bouton &lt;Recharger&gt; ou m&ecirc;me &lt;Shift&gt;+&lt;Recharger&gt; après un changement de zone temporelle d\'interdiction.
msgunknown=Acc&egrave;s interdit car votre client est inconnu de proxy.
msginaddr=Naviguer sur des <U>adresses IP</U> est refus&eacute; &agrave; cette machine pour des raisons de s&eacute;curit&eacute;.
msgalternatives=Les alternatives suivantes sont possibles:
msgnoalternatives=Aucun nom de domaine alternatif n'a &eacute;t&eacute; trouv&eacute; pour le serveur
msgreferermaster=Envoyez les demandes au webmaster de le serveur et demandez lui corriger les liens qui pointent sur url dans referer avec l'alternative (suppos&eacute;e correcte) suivante.
msgwebmaster=Envoyez les demandes au <U>webmaster</U> pour url et demandez un <EM>nom de domaine</EM> pour le serveur.
msgdeflang=Ce message est en fran&ccedil;ais car "fr" est la premi&egrave;re langue support&eacute;e parmi celles que votre navigateur signale comme pr&eacute;f&eacute;r&eacute;e. Les langues support&eacute;es sont:

20
root/usr/share/squidGuard/lang/babel.nl Normal file
View File

@@ -0,0 +1,20 @@
Unknown=onbekend
Title=403 Verboden
Msg=De toegang is geblokkeerd.
Tabclientname=Computernaam
Tabcaption=Extra informatie:
TabIP=Computeradres
Tabclientuser=Gebruiker
Tabclientgroup=Groep
Taburl=URL
Tabtargetgroup=Doelgroep
msgproxymaster=Als u denkt dat dit onjuist is, zend <U>deze bladzijde</U> aan
msgrefresh=U moet waarschijnlijk de browser's &lt;Reload&gt; knop gebruiken of zelfs &lt;Shift&gt;+&lt;Reload&gt; na een verandering in de squidGuard regels.
msgtimerefresh=U moet waarschijnlijk de browser's &lt;Reload&gt; knop gebruiken of zelfs &lt;Shift&gt;+&lt;Reload&gt; na beeindiging van een periode met beperkingen.
msgunknown=Toegand geweigerd omdat uw client niet bekend is bij proxy.
msginaddr=Surfen naar harde <U>IP adressen</U> wordt op deze client geweigerd om veiligheidsredenen.
msgalternatives=De volgende alternatieven zijn mogelijk:
msgnoalternatives=Geen alternatieve domeinnaam gevonden voor de server.
msgreferermaster=Zend klachten aan webmaster de referer en vraag deze de link te verbeteren die verwijst naar url op referer met het waarschijnlijk correcte alternatief.
msgwebmaster=Stuur klachten aan de <U>webmaster</U> voor de <U>address</U> en vraag om een <EM>domeinnaam</EM> voor de server.
msgdeflang=Deze melding is in het Nederlands want "nl" is de eerst ondersteunde taal van de talen die uw browser ondersteunt. De ondersteunde talen zijn:

20
root/usr/share/squidGuard/lang/babel.no Normal file
View File

@@ -0,0 +1,20 @@
Unknown=ukjent
Title=403 Sperret
Msg=Siden er sperret.
Tabclientname=Klientnavn
Tabcaption=Tilleggsinformasjon:
TabIP=Klientadresse
Tabclientuser=Brukerident
Tabclientgroup=Klientgruppe
Taburl=URL
Tabtargetgroup=M&aring;lkategori
msgproxymaster=Om du mener dette er feil, s&aring; send <U>denne siden</U> til
msgrefresh=Du kan trenge &aring; bruke browserens &lt;Reload&gt; knapp eller til og med &lt;Tastatur Shift&gt;+&lt;Browser Reload&gt; for &aring; bli kvitt denne siden etter endring i adgangskontrollen.
msgtimerefresh=Du kan trenge &aring; bruke browserens &lt;Reload&gt; knapp eller til og med &lt;Tastatur Shift&gt;+&lt;Browser Reload&gt; for &aring; bli kvitt denne siden ved overgang fra et tidsrom med sperring.
msgunknown=Adgang nektes fordi denne klienten ikke er definert p&aring; proxy.
msginaddr=Av sikkerhetsgrunner er surfing p&aring; <U>IP-adressen</U> ikke tillatt fra denne klienten.
msgalternatives=F&oslash;lgende mulige alternativer ble funnet:
msgnoalternatives=Finner ingen alternative domenenavn for serveren
msgreferermaster=Send evt. klager til webmaster for referer og be ham rette linken(e) som peker til url i referer med det antatt korrekte alternativet over.
msgwebmaster=Send evt. klager til <U>webmaster</U> for address og anmod om &aring; f&aring; knyttet serveren til et <EM>domenenavn</EM>.
msgdeflang=Denne meldingen er p&aring; norsk ford "no" er det f&oslash;rste st&oslash;ttede sproget av de din nettleser er satt opp til &aring; rapportere som foretrukket. St&oslash;ttede sprog er: