diff --git a/data/htdocs/cgi-bin/blocked b/data/htdocs/cgi-bin/blocked new file mode 100644 index 0000000..52c9983 --- /dev/null +++ b/data/htdocs/cgi-bin/blocked @@ -0,0 +1,396 @@ +#! /usr/bin/perl +# +# Explain to the user that the URL is blocked and by which rule set +# +# Original by P�l Baltzersen 1999 (pal.baltzersen@ost.eltele.no) +# French texts thanks to Fabrice Prigent (fabrice.prigent@univ-tlse1.fr) +# Dutch texts thanks to Anneke Sicherer-Roetman (sicherer@sichemsoft.nl) +# German texts thanks to Buergernetz Pfaffenhofen (http://www.bn-paf.de/filter/) +# Spanish texts thanks to Samuel García). +# Rewrite by Christine Kronberg, 2008, to enable an easier integration of +# other languages. +# + +# By accepting this notice, you agree to be bound by the following +# agreements: +# +# This software product, squidGuard, is copyrighted (C) 1998-2008 +# by Christine Kronberg, Shalla Secure Services. All rights reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License (version 2) as +# published by the Free Software Foundation. It is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY; without even +# the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License (GPL) for more details. +# +# You should have received a copy of the GNU General Public License +# (GPL) along with this program. + +use strict; +use Socket; +# +# GLOBAL VALUES: +# +my ($clientaddr,$clientname,$clientuser,$clientgroup,$targetgroup,$url); +my (@supported,$image,$redirect,$autoinaddr,$proxy,$proxymaster); +my $lang="en"; +my (%msgconf,%title,%logo,%msg,%tab,%word); +my ($protocol,$address,$port,$path,$refererhost,$referer); +my %Babel = (); +my $rechts=""; +my $links=""; +my $dummy=""; +sub getpreferedlang(@); +sub parsequery($); +sub status($); +sub redirect($); +sub content($); +sub expires($); +sub msg($$); +sub gethostnames($); +sub spliturl($); +sub showhtml($); +sub showimage($$$); +sub showinaddr($$$$$); + +# +# CONFIGURABLE OPTIONS: +# +# (Currently: "en", "fr", "de", "es", "nl", "no") +@supported = ( + "en (English), ", + "fr (Fran�ais), ", + "de (Deutsch), ", + "es (Espa�ol), ", + "nl (Nederlands), ", + "no (Norsk)." + ); +# +# Modifiy the values below to reflect you environment +# The image you define with "$image" and redirect will be displayed if the unappropriate +# url is of the type: gif, jpg, jpeg, png, mp3, mpg, mpeg, avi or mov. +# +$image = "/images/blocked.png"; # RELATIVE TO DOCUMENT_ROOT +$redirect = "http://admin.your-domain/images/blocked.png"; # "" TO AVOID REDIRECTION +$proxy = "proxy.your-domain"; # Your proxy server +$proxymaster = "operator\@your-domain"; # The email of your proxy adminstrator +$autoinaddr = 2; # 0|1|2; + # 0 TO NOT REDIRECT + # 1 TO AUTORESOLVE & REDIRECT IF UNIQUE + # 2 TO AUTORESOLVE & REDIRECT TO FIRST NAME + +# You may wish to enter your company link and logo to be displayed on the page +my $company = " "; +my $companylogo = " "; + +my $squidguard = "http://www.squidguard.org"; +my $squidguardlogo = "http://www.squidguard.org/Logos/squidGuard.gif"; + +######################################################################################## +# +# SUBROUTINES: +# + +# +# RETURN THE FIRST SUPPORTED LANGUAGE OF THE BROWSERS PREFERRED OR THE +# DEFAULT: +# +sub getpreferedlang(@) { + my @supported = @_; + my @languages = split(/\s*,\s*/,$ENV{"HTTP_ACCEPT_LANGUAGE"}) if(defined($ENV{"HTTP_ACCEPT_LANGUAGE"})); + my $lang; + my $supp; + push(@languages,$supported[0]); + for $lang (@languages) { + $lang =~ s/\s.*//; + $lang = substr($lang,0,2); + for $supp (@supported) { + $supp =~ s/\s.*//; + return($lang) if ($lang eq $supp); + } + } +} + +# +# PARSE THE QUERY_STRING FOR KNOWN KEYS: +# +sub parsequery($) { + my $query = shift; + my $clientaddr = "$Babel{Unknown}"; + my $clientname = "$Babel{Unknown}"; + my $clientuser = "$Babel{Unknown}"; + my $clientgroup = "$Babel{Unknown}"; + my $targetgroup = "$Babel{Unknown}"; + my $url = "$Babel{Unknown}"; + if (defined($query)) { + while ($query =~ /^\&?([^\&=]+)=\"([^\"]*)\"(.*)/ || $query =~ /^\&?([^\&=]+)=([^\&=]*)(.*)/) { + my $key = $1; + my $value = $2; + $value = "$Babel{Unknown}" unless(defined($value) && $value && $value ne "unknown"); + $query = $3; + if ($key =~ /^(clientaddr|clientname|clientuser|clientgroup|targetgroup|url)$/) { + eval "\$$key = \$value"; + } + if ($query =~ /^url=(.*)/) { + $url = $1; + last; + } + } + } + return($clientaddr,$clientname,$clientuser,$clientgroup,$targetgroup,$url); +} + +# +# PRINT HTTP STATUS HEARER: +# +sub status($) { + my $status = shift; + print "Status: $status\n"; +} + +# +# PRINT HTTP LOCATION HEARER: +# +sub redirect($) { + my $location = shift; + print "Location: $location\n"; +} + +# +# PRINT HTTP CONTENT-TYPE HEARER: +# +sub content($) { + my $contenttype = shift; + print "Content-Type: $contenttype\n"; +} + +# +# PRINT HTTP LAST-MODIFIED AND EXPIRES HEADER: +# +sub expires($) { + my $ttl = shift; + my $time = time; + my @day = ("Sun","Mon","Tue","Wed","Thu","Fri","Sat"); + my @month = ("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"); + my ($sec,$min,$hour,$mday,$mon,$year,$wday) = gmtime($time); + printf "Last-Modified: %s, %d %s %d", $day[$wday],$mday,$month[$mon],$year+1900; + printf " %02d:%02d:%02d GMT\n", $hour,$min,$sec; + ($sec,$min,$hour,$mday,$mon,$year,$wday) = gmtime($time+$ttl); + printf "Expires: %s, %d %s %d", $day[$wday],$mday,$month[$mon],$year+1900; + printf " %02d:%02d:%02d GMT\n", $hour,$min,$sec; +} + +# +# REVERSE LOOKUP AND RETURN NAMES: +# +sub gethostnames($) { + my $address = shift; + my ($name,$aliases) = gethostbyaddr(inet_aton($address), AF_INET); + my @names; + if (defined($name)) { + push(@names,$name); + if (defined($aliases) && $aliases) { + for(split(/\s+/,$aliases)) { + next unless(/\./); + push(@names,$_); + } + } + } + return(@names); +} + +# +# SPLIT AN URL INTO PROTOCOL, ADDRESS, PORT AND PATH: +# +sub spliturl($) { + my $url = shift; + my $protocol = ""; + my $address = ""; + my $port = ""; + my $path = ""; + $url =~ /^([^\/:]+):\/\/([^\/:]+)(:\d*)?(.*)/; + $protocol = $1 if(defined($1)); + $address = $2 if(defined($2)); + $port = $3 if(defined($3)); + $path = $4 if(defined($4)); + return($protocol,$address,$port,$path); +} + +# +# SEND OUT AN IMAGE: +# +sub showimage($$$) { + my ($type,$file,$redirect) = @_; + content("image/$type"); + expires(300); + redirect($redirect) if($redirect); + print "\n"; + open(GIF, "$ENV{\"DOCUMENT_ROOT\"}$file"); + print ; + close(GIF) +} + +# +# SHOW THE INADDR ALERNATIVES WITH OPTIONAL ATOREDIRECT: +# +sub showinaddr($$$$$) { + my ($targetgroup,$protocol,$address,$port,$path) = @_; + my $msgid = $targetgroup; + my @names = gethostnames($address); + if($autoinaddr == 2 && @names || $autoinaddr && @names==1) { + status("301 Moved Permanently"); + redirect("$protocol://$names[0]$port$path"); + } elsif (@names>1) { + status("300 Multiple Choices"); + } elsif (@names) { + status("301 Moved Permanently"); + } else { + status("404 Not Found"); + } + if (@names) { + print "Content-type: text/html\n\n"; + print "\n"; + print "\n"; + print "$Babel{Title}\n"; + print "\n"; + print "\n"; + print " \n"; + expires(0); + $msgid = "in-addr" unless(defined($msgconf{$msgid})); + if (defined($msgconf{$msgid})) { + print " \n"; + for (@{$msgconf{$msgid}}) { + my @config = split(/:/); + my $type = shift(@config); + if ($type eq "msg") { + msg($config[0],$config[1]); + } elsif ($type eq "tab") { + table(shift(@config),shift(@config),@config); + } elsif ($type eq "alternatives") { + print " \n"; + for (@names) { + print " \n \n \n"; + } + print "
\n "; + href("$protocol://$_$port$path"); + print "\n \n
\n\n"; + if (defined($ENV{"HTTP_REFERER"}) && $ENV{"HTTP_REFERER"} =~ /:\/\/([^\/:]+)/) { + $refererhost = $1; + $referer = $ENV{"HTTP_REFERER"}; + msg("H4","referermaster"); + } + } + } + } + } + return; +} + + +######################################################################################## +# +# MAIN PROGRAM +# +# To change the messages in the blocked page please refer to the corresponding babel file. +# +$lang = getpreferedlang(@supported); + +open (BABEL, "babel.$lang") || warn "Unable to open language file: $!\n"; +flock (BABEL, 2); + while () { + chomp $_ ; + ($links, $rechts) = split (/=/, $_); + $Babel{$links} = $rechts; + } +flock (BABEL, 8); +close (BABEL); + +($clientaddr,$clientname,$clientuser,$clientgroup,$targetgroup,$url) = parsequery($ENV{"QUERY_STRING"}); +($protocol,$address,$port,$path) = spliturl($url); + +if ($url =~ /\.(gif|jpg|jpeg|png|mp3|mpg|mpeg|avi|mov)$/i) { + status("403 Forbidden"); + showimage("gif",$image,$redirect); + exit 0; +} +if ($targetgroup eq "in-addr") { + showinaddr($targetgroup,$protocol,$address,$port,$path); +} + +status("403 Forbidden"); +expires(0); +print "Content-type: text/html\n\n"; +print "\n"; +print "\n"; +print "$Babel{Title}\n"; +print "\n"; +print "\n"; +print " \n"; + +print "\n"; +print "\n"; +print "\"\"\n"; +print "\n"; +print "\"\"

\n"; +print "
\n"; +print "\n"; +print "\n"; +print "
\n"; + +print "

$Babel{Msg}

\n"; +print "

\n"; + +print "$Babel{Tabcaption}

\n"; + +print "\n"; +print "\n"; +print "\n"; +print "\n"; + +print "\n"; +print "\n"; +print "\n"; + +print "\n"; +print "\n"; +print "\n"; + +print "\n"; +print "\n"; +print "\n"; + +print "\n"; +print "\n"; +print "\n"; + +print "\n"; +print "\n"; +print "\n"; +print "
$Babel{TabIP} $clientaddr
$Babel{Tabclientname} $clientname
$Babel{Tabclientuser} $clientuser
$Babel{Tabclientgroup} $clientgroup
$Babel{Taburl} $url
$Babel{Tabtargetgroup} $targetgroup
\n"; +print "

\n"; + +print "
\n"; +if ($targetgroup eq "in-addr") { + print "$Babel{msginaddr}

\n"; + print "$Babel{msgnoalternatives} ",$address,".
\n"; + print "$Babel{msgwebmaster}\n"; +} +print "

\n"; +print "$Babel{msgproxymaster} $proxymaster.
\n"; +print "$Babel{msgrefresh}\n"; + +print "
\n"; + +# bottom of page +print "
\n"; +print "

\n"; +print "
\n"; +print "\n"; +print "$Babel{msgdeflang} ",@supported, "\n"; +print "\n"; +print "\n"; + + + +exit 0 ;