Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2687 → Rev 2688

/web/acc/admin/bl_filter.php
37,22 → 37,22
}
}
function echo_file ($filename)
{
if (file_exists($filename))
{
if (file_exists($filename))
if (filesize($filename) != 0)
{
if (filesize($filename) != 0)
{
$pointeur=fopen($filename,"r");
$tampon = fread($pointeur, filesize($filename));
fclose($pointeur);
echo $tampon;
}
}
}
else
{
{
echo "$filename doesn't exist";
}
}
}
function echo_ip_file ($filename)
{
$filename = escapeshellarg($filename);
68,7 → 68,7
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$Language = strtolower(substr(chop($Langue[0]),0,2));
}
}
if($Language == 'fr'){
$l_bl="Liste noire générale";
$l_load="Chargement...";
89,7 → 89,7
$l_rehabilitated_ip_explain="Entrez ici des IP bloquées par la liste noire <BR> que vous souhaitez réhabiliter.";
$l_one_dns="Entrez une adresse DNS par ligne (exemple : www.domaine.com)";
$l_one_ip="Entrez une IP par ligne (exemple : 123.123.123.123)";
$l_one_dns_ip="Entrez un nom de domaine ou une adresse IP ou une adresse de réseau par ligne<br>exemple (domaine) : .domaine.org - exemple (ip) : 61.54.52.56 - exemple (réseau) : 172.16.0.0/16";
$l_one_dns_ip="Entrez un nom de domaine ou une adresse IP ou une adresse de réseau par ligne<br>exemple (domaine) : domaine.org. - exemple (ip) : 61.54.52.56 - exemple (réseau) : 172.16.0.0/16";
$l_record="Enregistrer les modifications";
$l_wait="Une fois validées, 10 secondes sont nécessaires pour traiter vos modifications";
$l_ip_filtering="Filtrer les URLs contenant une adresse IP au lieu d'un nom de domaine (ex: http://25.56.58.59/index.htm)";
133,9 → 133,9
$l_add_to_bl="Domain names or IP addresses to add to the blacklist";
$l_rehabilitated_ip="IP addresses to rehabilitated";
$l_rehabilitated_ip_explain="Enter here IP that are blocked by the blacklist <BR> and you want to rehabilitate.";
$l_one_dns="Enter one DNS per row (example : www.domaine.com)";
$l_one_dns="Enter one DNS per row (example : www.domain.com)";
$l_one_ip="Enter one IP per row (example : 123.123.123.123)";
$l_one_dns_ip="Enter one domain name or one IP address or one network address per row <br>example (domain): .domain.org - example (ip): 61.54.56.52 - example (network) : 172.16.0.0/16";
$l_one_dns_ip="Enter one domain name or one IP address or one network address per row <br>example (domain): domain.org. - example (ip): 61.54.56.52 - example (network) : 172.16.0.0/16";
$l_record="Save changes";
$l_wait="Once validated, 10 seconds are necessary to compute your modifications";
$l_ip_filtering="Filtering URLs that contain an IP address instead of a domain name (ie: http://25.56.58.59/index.htm)";
165,142 → 165,158
$dir_blacklist=$dir_dg."blacklists/";
$dir_bl_ip="/usr/local/share/iptables-bl/";
$dir_bl_ip_enabled="/usr/local/share/iptables-bl-enabled/";
$dir_bl_domain_names="/usr/local/share/dnsmasq-bl/";
$dir_bl_domain_names_enabled="/usr/local/share/dnsmasq-bl-enabled/";
$dir_bl_domain_names="/usr/local/share/unbound-bl/";
$dir_bl_domain_names_enabled="/usr/local/share/unbound-bl-enabled/";
$bl_categories=$dir_etc."alcasar-bl-categories";
$bl_categories_enabled=$dir_etc."alcasar-bl-categories-enabled";
$conf_file=$dir_etc."alcasar.conf";
$urlregex_file=$dir_dg."urlregexplist";
$domainfilter_file="/etc/unbound/conf.d/blacklist/domainfilter.conf";
$bannedsite_file=$dir_dg."bannedsitelist";
$dir_tmp="/tmp/blacklists";
$update_file_cat="/usr/local/etc/update_cat.conf";
 
$bl_safesearch="off";
$bl_pureip="off";
 
# default values
if (is_file ($conf_file))
{
{
$tab=file($conf_file);
if ($tab)
{
foreach ($tab as $line)
{
foreach ($tab as $line)
{
$field=explode("=", $line);
if ($field[0] == "PRIVATE_IP")
{
$PRIVATE_IP_MASK=trim($field[1]);
$tmp = explode("/",$PRIVATE_IP_MASK);
$PRIVATE_IP=$tmp[0];
}
switch ($field[0]) {
case 'PRIVATE_IP':
$PRIVATE_IP_MASK=trim($field[1]);
$tmp = explode("/",$PRIVATE_IP_MASK);
$PRIVATE_IP=$tmp[0];
break;
 
case 'BL_SAFESEARCH':
if (strtolower(trim($field[1])) == 'on') {
$bl_safesearch='on';
}
break;
 
case 'BL_PUREIP':
if (strtolower(trim($field[1])) == 'on') {
$bl_pureip='on';
}
break;
}
}
}
}
else { echo "$l_error_open_file $conf_file";}
if (isset($_POST['choix'])){ $choix=$_POST['choix']; } else { $choix=""; }
switch ($choix)
{
case 'Download_list' :
exec ("sudo /usr/local/bin/alcasar-bl.sh --download");
break;
case 'Active_list' :
exec ("sudo /usr/local/bin/alcasar-bl.sh --adapt");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
break;
case 'Reject_list' :
unlink ("$dir_tmp/blacklists.tar.gz"); unlink ("$dir_tmp/md5sum");
break;
case 'MAJ_cat_bl' :
if (file_exists($bl_categories_enabled))
{
exec("/bin/sed -i \"/^ossi-/!d\" $bl_categories_enabled"); // keep ossi custom categories
$pointeur=fopen($bl_categories_enabled, "a+");
$fichier=fopen($update_file_cat,"w+");
foreach ($_POST as $key => $value)
case 'Download_list' :
exec ("sudo /usr/local/bin/alcasar-bl.sh --download");
break;
case 'Active_list' :
exec ("sudo /usr/local/bin/alcasar-bl.sh --adapt");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
break;
case 'Reject_list' :
unlink ("$dir_tmp/blacklists.tar.gz"); unlink ("$dir_tmp/md5sum");
break;
case 'MAJ_cat_bl' :
if (file_exists($bl_categories_enabled))
{
if (strstr($key,'chk-'))
exec("/bin/sed -i \"/^ossi-/!d\" $bl_categories_enabled"); // keep ossi custom categories
$pointeur=fopen($bl_categories_enabled, "a+");
$fichier=fopen($update_file_cat,"w+");
foreach ($_POST as $key => $value)
{
$line=str_replace('chk-','',$key)."\n";
fwrite($pointeur,$line);
if(trim($line) == 'malware' && $_POST['update_cat'] == 1) //auto-update of malware
if (strstr($key,'chk-'))
{
fputs($fichier, "malware rsync://ftp.ut-capitole.fr/blacklist/dest/malware\n");
$line=str_replace('chk-','',$key)."\n";
fwrite($pointeur,$line);
if(trim($line) == 'malware' && $_POST['update_cat'] == 1) //auto-update of malware
{
fputs($fichier, "malware rsync://ftp.ut-capitole.fr/blacklist/dest/malware\n");
}
}
}
fclose($pointeur);
fclose($fichier);
}
fclose($pointeur);
else {echo "$l_error_open_file $bl_categories_enabled";}
$fichier=fopen($dir_blacklist."ossi-bl/domains","w+");
fputs($fichier, form_filter($_POST['OSSI_bl']));
fclose($fichier);
}
else {echo "$l_error_open_file $bl_categories_enabled";}
$fichier=fopen($dir_blacklist."ossi-bl/domains","w+");
fputs($fichier, form_filter($_POST['OSSI_bl']));
fclose($fichier);
unset($_POST['OSSI_bl']);
$fichier=fopen($dir_dg."exceptionsitelist","w+");
fputs($fichier, form_filter($_POST['BL_rehabilited_domains']));
fclose($fichier);
unset($_POST['BL_rehabilited_domains']);
$fichier=fopen($dir_dg."exceptioniplist","w+");
fputs($fichier, form_filter($_POST['BL_rehabilited_ip']));
fclose($fichier);
unset($_POST['BL_rehabilited_ip']);
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
break;
case 'Specific_filtering' :
$pureip="-pureip_off"; $safesearch="-safesearch_off"; ;
foreach ($_POST as $key => $value)
{
if (strstr($key,'chk-ip')) $pureip="-pureip_on";
if (strstr($key,'chk-safesearch')) $safesearch="-safesearch_on";
}
exec ("sudo /usr/local/bin/alcasar-url_filter_bl.sh $safesearch $pureip");
break;
case 'MAJ_ossi_file' :
foreach($_POST as $fichier => $value)
{
if($fichier != "choix")
unset($_POST['OSSI_bl']);
$fichier=fopen($dir_dg."exceptionsitelist","w+");
fputs($fichier, form_filter($_POST['BL_rehabilited_domains']));
fclose($fichier);
unset($_POST['BL_rehabilited_domains']);
$fichier=fopen($dir_dg."exceptioniplist","w+");
fputs($fichier, form_filter($_POST['BL_rehabilited_ip']));
fclose($fichier);
unset($_POST['BL_rehabilited_ip']);
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
break;
case 'Specific_filtering':
$bl_pureip='off';
$bl_safesearch='off';
foreach ($_POST as $key => $value)
{
$action=$_POST[$fichier];
if($action == $l_remove) //delete
if (strstr($key,'chk-ip')) $bl_pureip="on";
if (strstr($key,'chk-safesearch')) $bl_safesearch="on";
}
exec ("sudo /usr/local/bin/alcasar-url_filter_bl.sh -safesearch_$bl_safesearch -pureip_$bl_pureip");
break;
case 'MAJ_ossi_file' :
foreach($_POST as $fichier => $value)
{
if($fichier != "choix")
{
exec("/bin/sed -i ".escapeshellarg("/^$fichier\$/d")." $bl_categories_enabled");
exec("/bin/sed -i ".escapeshellarg("/$fichier\$/d")." $bl_categories");
exec("rm -rf $dir_blacklist".escapeshellarg($fichier));
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
$action=$_POST[$fichier];
if($action == $l_remove) //delete
{
exec("/bin/sed -i ".escapeshellarg("/^$fichier\$/d")." $bl_categories_enabled");
exec("/bin/sed -i ".escapeshellarg("/$fichier\$/d")." $bl_categories");
exec("rm -rf $dir_blacklist".escapeshellarg($fichier));
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
if($action == $l_disable) //disable
{
exec("/bin/sed -i ".escapeshellarg("/^$fichier\$/d")." $bl_categories_enabled");
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
if($action == $l_enable) //enable
{
file_put_contents ($bl_categories_enabled, $fichier."\n", FILE_APPEND);
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
}
if($action == $l_disable) //disable
}
break;
case 'MAJ_ossi_file_upload' :
$file_name = str_replace (".", "_",basename($_FILES['fichier_ip']['name']));
$dest_dir = $dir_blacklist."ossi-bl-".$file_name; # /etc/e2guardian/list/blacklist/ossi-bl-XXXXXXXX
if((!empty($file_name)) && (!file_exists($dest_dir)))
{
exec("mkdir ".escapeshellarg($dest_dir));
$file=$_FILES['fichier_ip']['tmp_name'];
exec('/usr/bin/dos2unix '.escapeshellarg($file));
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $dest_dir."/domains")) // copy in the file "domains" (containing @ip & domain names (like over Toulouse categories))
{
exec("/bin/sed -i ".escapeshellarg("/^$fichier\$/d")." $bl_categories_enabled");
touch ($dest_dir."/urls"); // create the URL file even if it isn't used
file_put_contents ($bl_categories, $dest_dir."\n", FILE_APPEND); # add to the categories list
file_put_contents ($bl_categories_enabled, "ossi-bl-".$file_name."\n", FILE_APPEND); //Enabled by default
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
if($action == $l_enable) //enable
else
{
file_put_contents ($bl_categories_enabled, $fichier."\n", FILE_APPEND);
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
exec("rm -rf ".escapeshellarg($dest_dir));
echo $l_error_upload;
}
}
}
break;
case 'MAJ_ossi_file_upload' :
$file_name = str_replace (".", "_",basename($_FILES['fichier_ip']['name']));
$dest_dir = $dir_blacklist."ossi-bl-".$file_name; # /etc/e2guardian/list/blacklist/ossi-bl-XXXXXXXX
if((!empty($file_name)) && (!file_exists($dest_dir)))
{
exec("mkdir ".escapeshellarg($dest_dir));
$file=$_FILES['fichier_ip']['tmp_name'];
exec('/usr/bin/dos2unix '.escapeshellarg($file));
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $dest_dir."/domains")) // copy in the file "domains" (containing @ip & domain names (like over Toulouse categories))
{
touch ($dest_dir."/urls"); // create the URL file even if it isn't used
file_put_contents ($bl_categories, $dest_dir."\n", FILE_APPEND); # add to the categories list
file_put_contents ($bl_categories_enabled, "ossi-bl-".$file_name."\n", FILE_APPEND); //Enabled by default
exec("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
else
{
exec("rm -rf ".escapeshellarg($dest_dir));
echo $l_error_upload;
}
}
break;
break;
}
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
314,7 → 330,7
<FORM action='bl_filter.php' method=POST>
<?php
if ((file_exists("$dir_tmp/blacklists.tar.gz")) && (file_exists("$dir_tmp/md5sum")))
{
{
echo "$l_fingerprint"; echo_file ("$dir_tmp/md5sum");
echo "<br>$l_fingerprint2<a href='http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST' target='cat_help' onclick=\"window.open('http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST','cat_help','width=600,height=150,toolbar=no,scrollbars=yes,resizable=yes')\" title='verify fingerprint'>dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST</a><br>";
echo "<input type='hidden' name='choix' value='Active_list'>";
322,12 → 338,12
echo "<FORM action='bl_filter.php' method=POST>";
echo "<input type='hidden' name='choix' value='Reject_list'>";
echo "<input type='submit' onClick=\"this.disabled=true; this.value='$l_load';submit();\" value='$l_reject_bl'></form>";
}
}
else
{
{
echo "<input type='hidden' name='choix' value='Download_list'>";
echo "<input type='submit' onClick=\"this.disabled=true; this.value='$l_load';submit();\" value='$l_download_bl'> ($l_warning)</form>";
}
}
?>
</td></tr>
</table><br>
342,7 → 358,7
<?php
echo "<center>";
// total number of IP, DNS & URLs
$nbDomainNames = exec("wc -l /usr/local/share/dnsmasq-bl/* | tail -n 1 | awk '{print $1}'");
$nbDomainNames = exec("wc -l /usr/local/share/unbound-bl/* | tail -n 1 | awk '{print $1}'") / 2;
$nbUrl = exec("for file in `find /etc/e2guardian/lists/blacklists/ -name 'urls'`; do nb=$((nb+$(wc -l \$file | awk '{print $1}'))); done; echo \$nb");
$nbIp = exec("wc -l /usr/local/share/iptables-bl/* | tail -n 1 | awk '{print $1}'");
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>";
350,11 → 366,11
//read & display all BL categories (checked or not)
$cols=1;
if (file_exists($bl_categories))
{
{
$bl_files = file($bl_categories);
$bl_files = preg_grep("/ossi-/", $bl_files, 1); // don't display ossi custom categories
foreach($bl_files as $fichier => $value)
{
{
if ($cols == 1) { echo "<tr>";}
$categorie=trim(basename($value));
echo "<td><a href='bl_categories_help.php?liste=bl&cat=$categorie' target='cat_help' onclick=\"window.open('bl_categories_help.php','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes')\" title='categories help page'>$categorie</a><br>";
366,10 → 382,11
$cols++;
if ($cols > 10) {
echo "</tr>\n";
$cols=1; }
$cols=1;
}
}
else {
}
else {
echo "$l_error_open_file $bl_categories";
}
 
451,59 → 468,14
<input type='hidden' name='choix' value='Specific_filtering'>
<table width="100%" border=1 cellspacing=0 cellpadding=1>
<tr><td>
<input type='checkbox' name='chk-ip'
<?php
// verify "pureip" filtering state
if (file_exists($bannedsite_file))
{
$pointeur=fopen($bannedsite_file,"r");
while (!feof ($pointeur))
{
$ligne=fgets($pointeur, 4096);
if ($ligne)
{
if (preg_match('/^\*ip$/',$ligne, $r))
{
echo " checked";
break;
}
}
}
fclose($pointeur);
}
else {
echo "$l_error_open_file $bannedsite_file";
}
echo "> $l_ip_filtering";
?>
<input type='checkbox' name='chk-ip' <?= $bl_pureip == 'on' ? 'checked' : ''; ?>><?= $l_ip_filtering; ?>
</td></tr>
<tr><td>
<input type='checkbox' name='chk-safesearch'
<?php
// verify "safesearch" filtering state
if (file_exists($urlregex_file))
{
$pointeur=fopen($urlregex_file,"r");
while (!feof ($pointeur))
{
$ligne=fgets($pointeur, 4096);
if ($ligne)
{
if (preg_match('/^\"\(\^http\:\/\/\[0\-9a\-z\]\+\\\.google/',$ligne, $r))
{
echo " checked";
break;
}
}
}
fclose($pointeur);
}
else {
echo "$l_error_open_file $urlregex_file";
}
echo "> $l_safe_searching<tr><td>";
echo "<input type='submit' onClick=\"this.disabled=true; this.value='$l_load';submit();\" value='$l_record'></td></tr>";
?>
<input type='checkbox' name='chk-safesearch' <?= $bl_safesearch == 'on' ? 'checked' : ''; ?>><?= $l_safe_searching; ?>
</tr></td>
<tr><td>
<?= "<input type='submit' onClick=\"this.disabled=true; this.value='$l_load';submit();\" value='$l_record'>"; ?>
</td></tr>
</table>
</form>
</BODY>