Search the web
Sign In
New User? Sign Up
dansguardian · A public mailing list to discuss all aspects of DansGuardian
  • Members Only
  • Post
  • Photos
  • Polls
  • Promote
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Hear how Yahoo! Groups has changed the lives of others. Take me there.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
Generate own hash only works if proxy is transparent   Message List  
Reply | Forward Message #16042 of 23411 |
RE: [dansguardian] Re: Generate own hash only works if proxyistransparent

Ok all, here are my configs and access denied page for my WORKING self
generating hash setup.

-----------------------------------------
accessdenied.php
-----------------------------------------
<?php
#
#===========================================================================
=
# break up the query string into useable pieces
#===========================================================================
=
$url = explode("::",$_SERVER["QUERY_STRING"]);

foreach ($url as $temp){
$pieces = explode("==",$temp);
$value[$pieces[0]] = urldecode($pieces[1]);
}
$myurl=$value['DENIEDURL'];
$magic = "insertyourhashhere";
$clientip=$value['IP'];
// Obviously this is completely impossible if you use the
// random passphrase
$unixtimekey = time() + 300;
$time=time();


// If these lines are missing, some web browsers won't work
// properly
if (!eregi("https?://.+/.*", $myurl)){
$myurl = $myurl . "/";
}

// This is the most important part.
// The MD5 Hash MUST be hex encoded and uppercase with no
// padding, salt, etc other than what is shown here
// This can take some experimenting in Perl
// DO NOT just use the time() function at this point

$hash = strtoupper(md5($myurl . $magic . $clientip . $unixtimekey));
$hash .= $unixtimekey;

// If these lines are missing, some URL's won't work properly
if (eregi("\?", $url2)){
$bypass = $value['DENIEDURL'] . "&GBYPASS=" . $hash;
}else{
$bypass = $value['DENIEDURL'] . "?GBYPASS=" . $hash;
}

?>
<html>
<head>
<title>Access Denied</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style>
body,td,p {
font: x-small Verdana,Arial,Helevetica;
}
table.main {
border: 2px solid #cccccc;
width: 600px;
}
td.top_denied {
font: x-large Georgia;
font-weight: bold;
color: #ffffff;
padding: 10;
text-align: center;
background-color: #CC3333;
}
td.top_granted {
font: x-large Georgia;
font-weight: bold;
color: #ffffff;
padding: 10;
text-align: center;
background-color: #339933;
}
td.body {
background-color: #ffffff;
padding: 10;
}
td.bottom {
background-color: #eeeeee;
height: 25px
}
p.url_denied {
text-align: center;
font-size: medium;
color: #ff0000;
border: 1px dashed #ff0000;
background-color: #FFF0F0;
padding: 3;
}
p.url_granted {
text-align: center;
font-size: medium;
color: #339933;
border: 1px dashed #339933;
background-color: #EFFAEF;
padding: 3;
}
p.reason {
border: 1px dashed #ff0000;
background-color: #FFF0F0;
padding: 3;
}
input.text {
width: 100%;
border: 1px inset;
font-size: xx-small;
color: #666666;
font-weight: normal;
padding-left:2;
}
input.button {
width: 150px;
}
td.overide {
border: 1px dashed #339933;
background-color: #EFFAEF;
}
</style>
</head>

<body bgcolor="#f4f4f4">
<script>
// functions for navigation
function goBack(){
history.back();
}
function visitSite(){
document.location.href = "<?php print $bypass; ?>";
}
</script>

<?php if (!$value['ACTION']): ?>
<table border="0" align="center" cellpadding="0" cellspacing="0"
class="main">
<tr><td class='top_denied'>Access Denied!</td></tr>
<tr>
<td class='body'>
<p>Access to the page:</p>
<p class='url_denied'><?php print
$value['DENIEDURL']; ?></p>
<p>... has been denied for the following reason:</p>
<p class='reason'><?php print $value['REASON'];
?></p>


<table width="576" border="0" cellpadding="3" cellspacing="0">
<tr valign="top">
<td width="334"> <p>You are seeing this error because what you
attempted
to access appears to contain, or is labeled as containing,
material
that has been deemed inappropriate. </p>
<p>If you have any questions, please contact our technical
support
staff.</p>
<p><strong>Your Company Name</strong><br>
555-555-5555<br>
<a
href="mailto:support@...">support@...</a></p></td>
<td width="230" class='overide'> <p align="center"><strong>Overide
Filtering</strong></p>
<form
action="http://yourserver.com/accessdenied.php?ACTION==verify::<?php print
$url2; ?>" method="post">
<div align="center">Please enter your override
username/password:<br>
<table>
<tr>
<td>Username:</td><td><input type="text"
name="username" size="20"></td>
</tr>
<tr>
<td>Password:</td><td><input type="password"
name="passwd" size="20"></td>
</tr>
</table> <br>
<input type="submit" name="Submit" value="Overide"
class='button'>
<br>
<br>
<input type="button" name="Button" value="Go Back"
class='button' onClick="goBack()">
</div></form></td>
</tr>
</table> </td>
</tr>
<tr><td class='bottom'>&nbsp;</td></tr>
</table>
<?php endif; ?>

<?php if ($value['ACTION']):
###########################################
# Check credentials
###########################################
$username=$_POST['username'];
$passwd=$_POST['passwd'];
$file=file("path_to_your_access_file");
$ftemp=explode("/",$file[0]);
$found=false;
foreach ($ftemp as $line){
$f_temp=explode(":",$line);
if ($f_temp[0] == $username){
if ($f_temp[1] == $passwd){
$found=true;
?><table border="0" align="center" cellpadding="0" cellspacing="0"
class="main">
<tr><td class='top_granted'>Access Granted!</td></tr>
<tr>
<td class='body'> <p>Access to the following page has been
granted.</p>
<p class='url_granted'><?php print
$value['DENIEDURL']; ?></p>

<p class='reason'><?php print $value['REASON']; ?></p>
<p><input type="button" name="Button" value="Proceed" class='button'
onclick="visitSite()"></p>
</td>
</tr>
<tr><td class='bottom'>&nbsp;</td></tr>
</table>
<?
}
}
}
if ($found == false){
print "<script>document.location.href='accessdenied.php'</script>";
}
?>
<?php endif; ?>

</body>
</html>
--------------------------------------
Ok, obviously for now I am using a flat text file for authentication, in the
future I will probably be using a SQL database for that, so feel free to use
your own authentication method....

---------------------------------
dansguardian.conf
---------------------------------
# DansGuardian config file for version 2.8.0

# **NOTE** as of version 2.7.5 most of the list files are now in
dansguardianf1.conf


# Web Access Denied Reporting (does not affect logging)
#
# -1 = log, but do not block - Stealth mode
# 0 = just say 'Access Denied'
# 1 = report why but not what denied phrase
# 2 = report fully
# 3 = use HTML template file (accessdeniedaddress ignored) - recommended
#
reportinglevel = 1

# Language dir where languages are stored for internationalisation.
# The HTML template within this dir is only used when reportinglevel
# is set to 3. When used, DansGuardian will display the HTML file instead of
# using the perl cgi script. This option is faster, cleaner
# and easier to customise the access denied page.
# The language file is used no matter what setting however.
#
languagedir = '/usr/local/dansguardian-2.8.0.6/etc/dansguardian/languages'

# language to use from languagedir.
language = 'ukenglish'

# Logging Settings
#
# 0 = none 1 = just denied 2 = all text based 3 = all requests
loglevel = 2

# Log Exception Hits
# Log if an exception (user, ip, URL, phrase) is matched and so
# the page gets let through. Can be useful for diagnosing
# why a site gets through the filter. on | off
logexceptionhits = on

# Log File Format
# 1 = DansGuardian format 2 = CSV-style format
# 3 = Squid Log File Format 4 = Tab delimited
logfileformat = 1


# Log file location
#
# Defines the log directory and filename.
loglocation =
'/usr/local/dansguardian-2.8.0.6/var/log/dansguardian/access.log'


# Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip =

# the port that DansGuardian listens to.
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1

# the port DansGuardian connects to proxy on
proxyport = 3128

# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
# Do NOT change from the default if you are not using the cgi.
#
accessdeniedaddress = 'http://yourserver.com/accessdenied.php'

# Non standard delimiter (only used with accessdeniedaddress)
# Default is enabled but to go back to the original standard mode dissable
it.
nonstandarddelimiter = on
-----------------------------------------------
This isn't the entire file, but it is long and the rest does not pertain to
the hash stuff....

---------------------------------------
dansguardianf1.conf
---------------------------------------
# DansGuardian filter group config file for version 2.8.0


# Content filtering files location
bannedphraselist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/bannedphraselist'
weightedphraselist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/weightedphraselist'
exceptionphraselist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/exceptionphraselist'
bannedsitelist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/bannedsitelist'
greysitelist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/greysitelist'
exceptionsitelist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/exceptionsitelist'
bannedurllist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/bannedurllist'
greyurllist = '/usr/local/dansguardian-2.8.0.6/etc/dansguardian/greyurllist'
exceptionurllist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/exceptionurllist'
bannedregexpurllist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/bannedregexpurllist'
bannedextensionlist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/bannedextensionlist'
bannedmimetypelist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/bannedmimetypelist'
picsfile = '/usr/local/dansguardian-2.8.0.6/etc/dansguardian/pics'
contentregexplist =
'/usr/local/dansguardian-2.8.0.6/etc/dansguardian/contentregexplist'



# Naughtyness limit
# This the limit over which the page will be blocked. Each weighted phrase
is given
# a value either positive or negative and the values added up. Phrases to
do with
# good subjects will have negative values, and bad subjects will have
positive
# values. See the weightedphraselist file for examples.
# As a guide:
# 50 is for young children, 100 for old children, 160 for young adults.
naughtynesslimit = 50



# Temporary Denied Page Bypass
# It provides a link on the denied page to bypass the ban for a few minutes.
To be
# secure it uses a random hashed secret generated at daemon startup. You
define the
# number of seconds the bypass will function for before the deny will appear
again.
# To allow the link on the denied page to appear you will need to edit the
template.html
# or dansguardian.pl file for your language.
# 300 = enable for 5 minutes
# 0 = disable ( defaults to 0 )
# -1 = enable but you require a seperate program to generate a valid link
bypass = -1

# Temporary Denied Page Bypass Secret Key
# Rather than generating a random key you can specify one. It must be more
than 8 chars.
# '' = generate a random one (recommended and default)
# 'Mary had a little lamb.' = an example
# '76b42abc1cd0fdcaf6e943dcbc93b826' = an example
bypasskey = 'insertyourhashhere'
---------------------------------------

I really appreciate the help I have gotten here, and in true reciprocation I
will help any one else I can. If you all have any questions about the above
files, please let me know.

-Jason
Wed Apr 26, 2006 9:18 pm

Show Message Option
jasonbateznet
Offline Offline
Send Email Send Email

Forward 		Message #16042 of 23411 |
Expand Messages Author Sort by Date

Hi all, I have run into a little snag. I am running dansguardian and set it up so I generate my own hash to bypass filtering. That is working wonderfully, but... 		jasonbateznet
Offline Send Email 		Apr 20, 2006
9:02 pm

Sorry, forgot to mention, I have tried with the following: 1 or 2 filter groups Version 2.8.0.6 & 2.9.6.2 getting the same results using squid in custom build...
jasonbateznet
Offline Send Email 		Apr 20, 2006
9:07 pm

Do you set permissions based on IP or usernames? check on firewall when using transparent proxy to which port connections to HTTP were redirected, to the same...
hajrullahu
Offline Send Email 		Apr 21, 2006
3:17 pm

... Hmm.. could be some difference in the client IP as seen by Guardian, if you have any other form of proxy running in front of it. Another possibility is...
Philip Allison
philip.allison@...
Send Email 		Apr 24, 2006
8:31 am

Phillip, I appreciate your input here! When Dans reports the URL, as an example:(http://dans?DENIEDURL==http%3a%2f%2fwww%2efrogsex%2ecom%2f::IP==192 ...
Jason Boor - EZ-Net
jasonbateznet
Offline Send Email 		Apr 24, 2006
1:30 pm

... That certainly seems like the thing to do, yes. I notice in that example that the "HASH" parameter is already filled in; I take it that you intend to...
Philip Allison
philip.allison@...
Send Email 		Apr 24, 2006
2:01 pm

Could you resend the blocked URL (the one below) and the URL that you generate to use the hash? What I want to see from you is something like this: ...
Ernest W. Lessenger
ernest_lesse...
Offline Send Email 		Apr 24, 2006
2:19 pm

Ernest, Thank you so much for your assistance! To be honest I do not use the hash that is passed to generate my hash. Here ... $url =...
Jason Boor - EZ-Net
jasonbateznet
Offline Send Email 		Apr 24, 2006
2:30 pm

Okay, there's the problem. Try this and let me know if it works. <code> $url = explode("::",$_SERVER["QUERY_STRING"]); foreach ($url as $temp){ $pieces =...
Ernest W. Lessenger
ernest_lesse...
Offline Send Email 		Apr 24, 2006
2:36 pm

Ernest, That was it, thank you so much. I feel like a fool not catching that! Thanks again! -Jason ... From: dansguardian@yahoogroups.com...
Jason Boor - EZ-Net
jasonbateznet
Offline Send Email 		Apr 24, 2006
3:31 pm

... Hello Jason, Do you mind posting the final "working" files for your set up so that I can fix the files hosted on the wiki? If possible, also the pages you...
Fernand Jonker
fernandlist@...
Send Email 		Apr 24, 2006
3:42 pm

... Hmm, I'd like to second this request. This issue comes up every now and then but there is no documentation anywhere how it can be done. It would be a great...
Odhiambo Washington
pipinD
Offline Send Email 		Apr 24, 2006
3:54 pm

Hi all, I would like to once again thank you all for your assistance. I will happily post any config/php that you think pertinent. Let me know what you guys ...
Jason Boor - EZ-Net
jasonbateznet
Offline Send Email 		Apr 25, 2006
8:37 pm

... It would be great to see your blocked page (html, php or cgi) and the files you mention above. ... That would be fantastic. I have yet to see anybody...
Fernand Jonker
fernandlist@...
Send Email 		Apr 25, 2006
8:47 pm

Ok all, here are my configs and access denied page for my WORKING self generating hash setup. ... accessdenied.php ... <?php # ...
Jason Boor - EZ-Net
jasonbateznet
Offline Send Email 		Apr 26, 2006
9:19 pm

I am following the instructions here to get this to work. However I am running into a problem with the following lines: if (eregi("\?", $url2)){ $bypass =...
gspearson69
Offline Send Email 		Apr 10, 2007
3:01 pm

... I am ... the ... my ... WORKING self ... #==================================================================== ... ...
hdundar91
Offline Send Email 		Apr 10, 2007
6:01 pm

... Hello Jason, Thank you for submitting your working files - it's the first full implementation we've seen on the list. I'll go ahead and upload the ...
Fernand Jonker
fernandlist@...
Send Email 		Apr 27, 2006
2:06 am

Philip, Thanks again for your willingness to help! I do have bypass = -1 I sends that hash regardless, although it isn't the hash that allows the bypass. If...
Jason Boor - EZ-Net
jasonbateznet
Offline Send Email 		Apr 24, 2006
2:19 pm
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help