This method details creating an alternate block page which allows for overrides to take place granting temporary access to a page. This method should be considered beta code. This howto presently only covers the default content filter policy.
In the following example, our content filter server has the address of 192.168.1.37. Make the following appropriate changes to /etc/dansguardian-av/dansguardian.conf:
Change:
accessdeniedaddress = 'http://192.168.1.37:82/approot/content_filter/htdocs/warning.php'
To:
accessdeniedaddress = 'http://192.168.1.37:82/approot/content_filter/htdocs/accessdenied.php'
Change:
#nonstandarddelimiter = off
To:
nonstandarddelimiter = on
In the following example, our content filter server has the address of 192.168.1.37. Make the following appropriate changes to /etc/dansguardian-av/dansguardian.conf:
Change:
#bypass = 0
To:
bypass = -1
Next, you will need a bypass key. You can generate this key by supplying data into the md5sum generator. In this example, we will use the phrase 'password' to generate the key. Please use a different code or phrase:
echo -n "password" | md5sum
This returns the following result:
5f4dcc3b5aa765d61d8327deb882cf99 -
Take the number portion of this result and change the following:
#bypasskey = ''
To:
bypasskey = '5f4dcc3b5aa765d61d8327deb882cf99'
You will create a username and password file on the server so that you can override the
vi /usr/clearos/apps/content_filter/libraries/access.txt
In this file you will specify a username followed by some whitespace and a password:
username password
This is the username and password that will grant temporary access.
Create the following file on your server using 'vi' or 'nano':
vi /usr/clearos/apps/content_filter/htdocs/accessdenied.php
This file should contain the following
<?php /** * Content filter accessdenied page. * * @category apps * @package content-filter * @subpackage configuration * @author ClearFoundation <developer@clearfoundation.com> and Mike Empey (http://honestpchelp.com/author/mempey/) * @copyright 2011 ClearFoundation * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License version 3 or later * @link http://www.clearfoundation.com/docs/developer/apps/content_filter/ */ /////////////////////////////////////////////////////////////////////////////// // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. // /////////////////////////////////////////////////////////////////////////////// // // Content filter warnings are sent with get variables which are not allowed // in the framework. This is a simple wrapper script to convert these to a // framework-friendly format. // /////////////////////////////////////////////////////////////////////////////// ////////////////////////////////// TODO ////////////////////////////////////// // Change style to conform with ClearOS Theming // Add ClearOS theming but put in qualifier for support and reasons // Add verbose logging or no logging support like exists in the warning page // Move username/password text file to /etc/dansguardian-av/ // Change username/password to work as a config file // Add support in config file for default time for ban lift (currently 15 mins) // Add support to block page to override 15 mins with variety custom time intervals // Add permanent add support to page // Add support for multiple filter policies // Add username/password support to use multiple usernames and passwords from 'getent passwd' based on groups // Deliniate authentication for temporary ban lift and permanent ban lift based on separate groups // Add support for configurable block message // Add support for Terms of Service // Add support for user IP allow (captive portal) // Add alternative authentication mechanism (ToS, room number, code, et al) // Add support changing organization 'School or Business Name' via Webconfig // Add email notification support // Add reason code/comment field. /////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////// // B O O T S T R A P /////////////////////////////////////////////////////////////////////////////// $bootstrap = getenv('CLEAROS_BOOTSTRAP') ? getenv('CLEAROS_BOOTSTRAP') : '/usr/clearos/framework/shared'; require_once $bootstrap . '/bootstrap.php'; /////////////////////////////////////////////////////////////////////////////// // T R A N S L A T I O N S /////////////////////////////////////////////////////////////////////////////// clearos_load_language('content_filter'); /////////////////////////////////////////////////////////////////////////////// // D E P E N D E N C I E S /////////////////////////////////////////////////////////////////////////////// use \clearos\apps\content_filter\DansGuardian as DansGuardian; clearos_load_library('content_filter/DansGuardian'); /////////////////////////////////////////////////////////////////////////////// // M A I N /////////////////////////////////////////////////////////////////////////////// $dansguardian = new DansGuardian(); // break up the query string into useable pieces $url = explode("::",$_SERVER["QUERY_STRING"]); // Save the url string, we'll need it later $url2 = $_SERVER["QUERY_STRING"]; foreach ($url as $temp){ $pieces = explode("==",$temp); $value[$pieces[0]] = urldecode($pieces[1]); } $myurl=$value['DENIEDURL']; $magic = "5f4dcc3b5aa765d61d8327deb882cf99"; $clientip=$value['IP']; // Obviously this is completely impossible if you use the random passphrase $unixtimekey = time() + 900; $time=time(); // If these lines are missing, some web browsers won't work properly if (!eregi("https?://.+/.*", $myurl)){ $myurl = $myurl . "/"; } // This is the most important part. // The MD5 Hash MUST be hex encoded and uppercase with no // padding, salt, etc other than what is shown here // This can take some experimenting in Perl // DO NOT just use the time() function at this point $hash = strtoupper(md5($myurl . $magic . $clientip . $unixtimekey)); $hash .= $unixtimekey; // If these lines are missing, some URL's won't work properly if (eregi("\?", $url2)){ $bypass = $value['DENIEDURL'] . "&GBYPASS=" . $hash; }else{ $bypass = $value['DENIEDURL'] . "?GBYPASS=" . $hash; } ?> <html> <head> <title>Access Denied</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style> body,td,p { font: x-small Verdana,Arial,Helevetica; } table.main { border: 2px solid #cccccc; width: 600px; } td.top_denied { font: x-large Georgia; font-weight: bold; color: #ffffff; padding: 10; text-align: center; background-color: #CC3333; } td.top_granted { font: x-large Georgia; font-weight: bold; color: #ffffff; padding: 10; text-align: center; background-color: #339933; } td.body { background-color: #ffffff; padding: 10; } td.bottom { background-color: #eeeeee; height: 25px; } p.url_denied { text-align: center; font-size: medium; color: #ff0000; border: 1px dashed #ff0000; background-color: #FFF0F0; padding: 3; } p.url_granted { text-align: center; font-size: medium; color: #339933; border: 1px dashed #339933; background-color: #EFFAEF; padding: 3; } p.reason { border: 1px dashed #ff0000; background-color: #FFF0F0; padding: 3; } input.text { width: 100%; border: 1px inset; font-size: xx-small; color: #666666; font-weight: normal; padding-left:2; } input.button { width: 150px; } td.overide { border: 1px dashed #339933; background-color: #EFFAEF; } </style> </head> <body bgcolor="#f4f4f4"> <script> // functions for navigation function goBack() { history.back(); } </script> <?php if (!$value['ACTION']): ?> <table border="0" align="center" cellpadding="0" cellspacing="0" class="main"> <tr> <td class='top_denied'>Access Denied!</td> </tr> <tr> <td class='body'> <p>Access to the page:</p> <p class='url_denied'><?php print $value['DENIEDURL']; ?></p> <p>... has been denied for the following reason:</p> <p class='reason'><?php print $value['REASON']; ?></p> <table width="576" border="0" cellpadding="3" cellspacing="0"> <tr valign="top"> <td width="300"> <p align="justify">You are seeing this error because what you attempted to access appears to contain, or is labeled as containing, material that has been deemed inappropriate. <br><br>You can enter a username/password to bypass the filter for 15 minutes. </p> <p align="justify"></p> <p align="center"><strong>School or Business Name</strong><br> </td> <td width="230" class='overide'> <p align="center"><strong>Overide Filtering</strong></p> <form action="http://192.168.1.37:82/approot/content_filter/htdocs/accessdenied.php?ACTION==verify::<?php print $url2; ?>" method="post"> <div align="center">Please enter your override username/password:<br> <table> <tr> <td>Username:</td><td><input type="text" name="username" size="20"></td> </tr> <tr> <td>Password:</td><td><input type="password" name="passwd" size="20"></td> </tr> </table> <br> <input type="submit" name="Submit" value="Overide" class='button'> <br> <br> <input type="button" name="Button" value="Go Back" class='button' onClick="goBack()"> </div></form></td> </tr> </table> </td> </tr> <tr><td class='bottom'> </td></tr> </table> <?php endif; ?> <?php if ($value['ACTION']): // Check credentials $username=$_POST['username']; $passwd=$_POST['passwd']; $file=file("/usr/clearos/apps/content_filter/libraries/access.txt"); $found=false; foreach ($file as $line){ if(!$line = trim($line)) continue; #break up each line on white space $f_temp = preg_split('/\s+/', $line); if ($f_temp[0] == $username){ if ($f_temp[1] == $passwd){ $found=true; ?> <table border="0" align="center" cellpadding="0" cellspacing="0" class="main"> <script> // functions for navigation function visitSite(){ document.location.href = "<?php print $bypass; ?>"; } </script> <tr><td class='top_granted'>Access Granted!</td></tr> <tr> <td class='body'> <p>Access to the following page has been granted.</p> <p class='url_granted'><?php print $value['DENIEDURL']; ?></p> <p class='reason'><?php print $value['REASON']; ?></p> <p><input type="button" name="Button" value="Proceed" class='button' onclick="visitSite()"></p> </td> </tr> <tr><td class='bottom'> </td></tr> </table> <? } } } if ($found == false){ $url3 = implode("::", $url); $url3 = str_replace("ACTION==verify","",$url3); print "<script>document.location.href='accessdenied.php?$url3'</script>"; #print "<script>document.location.href='accessdenied.php'</script>"; } ?> <?php endif; ?> </body> </html>
With the rules in place, restart dansguardian:
service dansguardian-av restart
The lines of code above which are useful for modification are the following:
$unixtimekey = time() + 900;
900 seconds is 15 mins, the default.
<p align="center"><strong>School or Business Name</strong><br>
<p align="justify">You are seeing this error because what you attempted to access appears to contain, or is labeled as containing, material that has been deemed inappropriate. <br><br>You can enter a username/password to bypass the filter for 15 minutes. </p>
This end section contains information to assist the user in ways external to the document or with the document in general
Navigation provides a path back and a 'path to' for SEO purposes