ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Content Filter Block Page Override

This method details creating an alternate block page which allows for overrides to take place granting temporary access to a page. This method should be considered beta code. This howto presently only covers the default content filter policy.

Configuration changes

dansguardian.conf

In the following example, our content filter server has the address of 192.168.1.37. Make the following appropriate changes to /etc/dansguardian-av/dansguardian.conf:

Change:

accessdeniedaddress = 'http://192.168.1.37:82/approot/content_filter/htdocs/warning.php'

To:

accessdeniedaddress = 'http://192.168.1.37:82/approot/content_filter/htdocs/accessdenied.php'

Change:

#nonstandarddelimiter = off

To:

nonstandarddelimiter = on

dansguardianf1.conf

In the following example, our content filter server has the address of 192.168.1.37. Make the following appropriate changes to /etc/dansguardian-av/dansguardian.conf:

Change:

#bypass = 0

To:

bypass = -1

Next, you will need a bypass key. You can generate this key by supplying data into the md5sum generator. In this example, we will use the phrase 'password' to generate the key. Please use a different code or phrase:

echo -n "password" | md5sum

This returns the following result:

5f4dcc3b5aa765d61d8327deb882cf99  -

Take the number portion of this result and change the following:

#bypasskey = ''

To:

bypasskey = '5f4dcc3b5aa765d61d8327deb882cf99'

Username and Password

You will create a username and password file on the server so that you can override the

vi /usr/clearos/apps/content_filter/libraries/access.txt

In this file you will specify a username followed by some whitespace and a password:

username      password

This is the username and password that will grant temporary access.

Code WIP

Create the following file on your server using 'vi' or 'nano':

vi /usr/clearos/apps/content_filter/htdocs/accessdenied.php

This file should contain the following

<?php
/**
 * Content filter accessdenied page.
 *
 * @category   apps
 * @package    content-filter
 * @subpackage configuration
 * @author     ClearFoundation  and Mike Empey (http://honestpchelp.com/author/mempey/)
 * @copyright  2011 ClearFoundation
 * @license    http://www.gnu.org/copyleft/gpl.html GNU General Public License version 3 or later
 * @link       http://www.clearfoundation.com/docs/developer/apps/content_filter/
 */

///////////////////////////////////////////////////////////////////////////////
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see .  
//  
///////////////////////////////////////////////////////////////////////////////
//
// Content filter warnings are sent with get variables which are not allowed
// in the framework.  This is a simple wrapper script to convert these to a
// framework-friendly format.
//
///////////////////////////////////////////////////////////////////////////////

//////////////////////////////////  TODO //////////////////////////////////////
// Change style to conform with ClearOS Theming
// Add ClearOS theming but put in qualifier for support and reasons
// Add verbose logging or no logging support like exists in the warning page
// Move username/password text file to /etc/dansguardian-av/
// Change username/password to work as a config file
// Add support in config file for default time for ban lift (currently 15 mins)
// Add support to block page to override 15 mins with variety custom time intervals
// Add permanent add support to page
// Add support for multiple filter policies
// Add username/password support to use multiple usernames and passwords from 'getent passwd' based on groups
// Deliniate authentication for temporary ban lift and permanent ban lift based on separate groups
// Add support for configurable block message
// Add support for Terms of Service
// Add support for user IP allow (captive portal)
// Add alternative authentication mechanism (ToS, room number, code, et al)
// Add support changing organization 'School or Business Name' via Webconfig
// Add email notification support
// Add reason code/comment field.
///////////////////////////////////////////////////////////////////////////////

///////////////////////////////////////////////////////////////////////////////
// B O O T S T R A P
///////////////////////////////////////////////////////////////////////////////

$bootstrap = getenv('CLEAROS_BOOTSTRAP') ? getenv('CLEAROS_BOOTSTRAP') : '/usr/clearos/framework/shared';
require_once $bootstrap . '/bootstrap.php';

///////////////////////////////////////////////////////////////////////////////
// T R A N S L A T I O N S
///////////////////////////////////////////////////////////////////////////////

clearos_load_language('content_filter');

///////////////////////////////////////////////////////////////////////////////
// D E P E N D E N C I E S
///////////////////////////////////////////////////////////////////////////////

use \clearos\apps\content_filter\DansGuardian as DansGuardian;

clearos_load_library('content_filter/DansGuardian');

///////////////////////////////////////////////////////////////////////////////
// M A I N
///////////////////////////////////////////////////////////////////////////////

$dansguardian = new DansGuardian();

// break up the query string into useable pieces
$url = explode("::",$_SERVER["QUERY_STRING"]);

// Save the url string, we'll need it later 
$url2 = $_SERVER["QUERY_STRING"];
foreach ($url as $temp){
	$pieces = explode("==",$temp);
	$value[$pieces[0]] = urldecode($pieces[1]);
}
$myurl=$value['DENIEDURL'];
$magic = "5f4dcc3b5aa765d61d8327deb882cf99"; 
$clientip=$value['IP'];

// Obviously this is completely impossible if you use the random passphrase
$unixtimekey = time() + 900;
$time=time();

// If these lines are missing, some web browsers won't work properly
if (!eregi("https?://.+/.*", $myurl)){
	$myurl = $myurl . "/";
}

// This is the most important part.
// The MD5 Hash MUST be hex encoded and uppercase with no 
// padding, salt, etc other than what is shown here
// This can take some experimenting in Perl
// DO NOT just use the time() function at this point
$hash = strtoupper(md5($myurl . $magic . $clientip . $unixtimekey));
$hash .= $unixtimekey;

// If these lines are missing, some URL's won't work properly
if (eregi("\?", $url2)){
	$bypass = $value['DENIEDURL'] . "&GBYPASS=" . $hash; 
}else{
	$bypass = $value['DENIEDURL'] . "?GBYPASS=" . $hash; 
}
?>




Access Denied
 


 



<?php if (!$value['ACTION']): ?>

Access Denied!

Access to the page:

<?php print $value['DENIEDURL']; ?>

... has been denied for the following reason:

<?php print $value['REASON']; ?>

You are seeing this error because what you attempted to access appears to contain, or is labeled as containing, material that has been deemed inappropriate.

You can enter a username/password to bypass the filter for 15 minutes.

School or Business Name

Overide Filtering

" method="post">
Please enter your override username/password:
Username:
Password:



&nbsp;
<?php endif; ?> <?php if ($value['ACTION']): // Check credentials $username=$_POST['username']; $passwd=$_POST['passwd']; $file=file("/usr/clearos/apps/content_filter/libraries/access.txt"); $found=false; foreach ($file as $line){ if(!$line = trim($line)) continue; #break up each line on white space $f_temp = preg_split('/\s+/', $line); if ($f_temp[0] == $username){ if ($f_temp[1] == $passwd){ $found=true; ?>
Access Granted!

Access to the following page has been granted.

<?php print $value['DENIEDURL']; ?>

<?php print $value['REASON']; ?>

&nbsp;
document.location.href='accessdenied.php?$url3'"; #print ""; } ?> <?php endif; ?>

Cleaning up and Customizing

Restart

With the rules in place, restart dansguardian:

service dansguardian-av restart

Customization

The lines of code above which are useful for modification are the following:

Sets time that the site will ban will be lifted in seconds
$unixtimekey = time() + 900;

900 seconds is 15 mins, the default.

Sets Organization Name

School or Business Name

Sets block message

You are seeing this error because what you attempted to access appears to contain, or is labeled as containing, material that has been deemed inappropriate.

You can enter a username/password to bypass the filter for 15 minutes.

Help

This end section contains information to assist the user in ways external to the document or with the document in general

Navigation provides a path back and a 'path to' for SEO purposes

ClearOS DocumentationKnowledgebaseSkunkworks

content/en_us/kb_skunkworks_content_filter_block_page_override.txt · Last modified: 2015/02/06 08:48 by dloper