diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-12-26 16:42:44 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-12-28 19:42:50 +0100 |
| commit | b9a2312f02e40b16d5b85454eadd84dc3cb7bea8 (patch) | |
| tree | ed114ee4619cb210a92d02416f3554531f393304 | |
| parent | e7649f9cf4f6beda6adb50998db3e57964bd5010 (diff) | |
| download | vyos-1x-b9a2312f02e40b16d5b85454eadd84dc3cb7bea8.tar.gz vyos-1x-b9a2312f02e40b16d5b85454eadd84dc3cb7bea8.zip | |
webproxy: T563: add squidguard body
| -rw-r--r-- | data/templates/squid/squid.conf.tmpl | 9 | ||||
| -rw-r--r-- | data/templates/squid/squidGuard.conf.tmpl | 18 | ||||
| -rw-r--r-- | interface-definitions/service_webproxy.xml.in | 6 | ||||
| -rwxr-xr-x | src/conf_mode/service_webproxy.py | 23 |
4 files changed, 48 insertions, 8 deletions
diff --git a/data/templates/squid/squid.conf.tmpl b/data/templates/squid/squid.conf.tmpl index 814f94aa7..8754e762d 100644 --- a/data/templates/squid/squid.conf.tmpl +++ b/data/templates/squid/squid.conf.tmpl @@ -98,6 +98,15 @@ http_port 127.0.0.1:{{ default_port }} {# NOT insert the client address in X-Forwarded-For header #} forwarded_for off +{# SquidGuard #} +{% if url_filtering is defined and url_filtering.disable is not defined %} +{% if url_filtering.squidguard is defined and url_filtering.squidguard is not none %} +redirect_program /usr/bin/squidGuard -c {{ squidguard_conf }} +redirect_children 8 +redirector_bypass on +{% endif %} +{% endif %} + {% if cache_peer is defined and cache_peer is not none %} {% for peer, config in cache_peer.items() %} cache_peer {{ config.address }} {{ config.type }} {{ config.http_port }} {{ config.icp_port }} {{ config.options }} diff --git a/data/templates/squid/squidGuard.conf.tmpl b/data/templates/squid/squidGuard.conf.tmpl new file mode 100644 index 000000000..907043614 --- /dev/null +++ b/data/templates/squid/squidGuard.conf.tmpl @@ -0,0 +1,18 @@ +### generated by service_webproxy.py ###
+{% if url_filtering is defined and url_filtering.disable is not defined %}
+{% if url_filtering.squidguard is defined and url_filtering.squidguard is not none %}
+dbhome /opt/vyatta/etc/config/url-filtering/squidguard/db
+logdir /var/log/squid
+
+rewrite safesearch {
+ s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
+ s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
+ s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
+ s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
+ s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
+ s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
+ log rewrite.log
+}
+
+{% endif %}
+{% endif %}
diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in index c2e8c4120..ba33a30f4 100644 --- a/interface-definitions/service_webproxy.xml.in +++ b/interface-definitions/service_webproxy.xml.in @@ -425,13 +425,13 @@ </node> <leafNode name="redirect-url"> <properties> - <help>Redirect URL for filtered websites (default: http:\/\/block.vyos.net)</help> + <help>Redirect URL for filtered websites (default: block.vyos.net)</help> <valueHelp> <format>url</format> <description>URL for redirect</description> </valueHelp> </properties> - <defaultValue>http:\/\/block.vyos.net</defaultValue> + <defaultValue>block.vyos.net</defaultValue> </leafNode> <tagNode name="rule"> <properties> @@ -449,7 +449,7 @@ #include <include/webproxy-squidguard.xml.i> <leafNode name="redirect-url"> <properties> - <help>Redirect URL for filtered websites (default: http:\/\/block.vyos.net)</help> + <help>Redirect URL for filtered websites</help> <valueHelp> <format>url</format> <description>URL for redirect</description> diff --git a/src/conf_mode/service_webproxy.py b/src/conf_mode/service_webproxy.py index 332e10329..76b72ad48 100755 --- a/src/conf_mode/service_webproxy.py +++ b/src/conf_mode/service_webproxy.py @@ -29,7 +29,8 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -config_file = '/etc/squid/squid.conf' +squid_config_file = '/etc/squid/squid.conf' +squidguard_config_file = '/etc/squidguard/squidGuard.conf' def get_config(config=None): if config: @@ -45,9 +46,15 @@ def get_config(config=None): # options which we need to update into the dictionary retrived. default_values = defaults(base) - # if no authentication method is supplid, no need to add defaults + # if no authentication method is supplied, no need to add defaults if not dict_search('authentication.method', proxy): default_values.pop('authentication') + # if no url_filteringurl-filtering method is supplied, no need to add defaults + if 'url_filtering' not in proxy: + default_values.pop('url_filtering') + else: + # store path to squidGuard config, used when generating Squid config + proxy['squidguard_conf'] = squidguard_config_file # XXX: T2665: blend in proper cache-peer default values later default_values.pop('cache_peer') @@ -118,15 +125,21 @@ def generate(proxy): if not proxy: return None - render(config_file, 'squid/squid.conf.tmpl', proxy) + render(squid_config_file, 'squid/squid.conf.tmpl', proxy) + render(squidguard_config_file, 'squid/squidGuard.conf.tmpl', proxy) + return None def apply(proxy): if not proxy: # proxy is removed in the commit call('systemctl stop squid.service') - if os.path.exists(config_file): - os.unlink(config_file) + + if os.path.exists(squid_config_file): + os.unlink(squid_config_file) + if os.path.exists(squidguard_config_file): + os.unlink(squidguard_config_file) + return None call('systemctl restart squid.service') |