| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 #!/usr/bin/perl 2 3 ############################################################################################# 4 # $Id: getSquidConf 3463 2009-01-08 16:32:40Z misterT $ 5 # Script cgi-bin utilise par se3-internet pour generer un extrait de squidGuard.conf a partir des plages sauvees en SQL 6 # Sur le proxy il faut lancer wget http://<ipSE3>:909/cgi-bin/getSquidConf 7 # Seul le SE3 et le proxy renseigné peuvent acceder a ce cgi-bin 8 # Les autre machines recoivent une erreur 401 Unauthorized 9 # Debut du projet: Decembre 2008 10 # Auteur MrT - Sebastien TACK CRDP Basse Normandie 11 # A partir des scripts initiaux de Denis Bonnenfant. 12 ############################################################################################# 13 14 use Se; 15 use DBI; 16 use CGI; 17 use Socket; 18 19 20 # Adresses IP, qui peut lire ce script 21 # proxy = lcsIp ? slisip ? ipProxySe3Internet 22 # Fixer ce choix dans l'interface 23 # Ou se trouvre le squidguard (LCS/Slis/Ailleurs ) -> quel est son IP - menu configuration se3-internet 24 # ICI = slapdIp 25 26 $ipproxy = "$ipProxySe3Internet"; 27 $ipici = "$slapdIp"; 28 $iprecu = $ENV{'REMOTE_ADDR'}; 29 30 31 #filtrage par nom host pour VM 32 $test_host_reel = gethostbyaddr(inet_aton($iprecu),AF_INET); 33 $test_host = gethostbyaddr(inet_aton($ipproxy),AF_INET); 34 $test_ici = gethostbyaddr(inet_aton($ipici),AF_INET); 35 36 $flux = "# ".localtime(time)."\n"; 37 $flux.="# Transmission vers $test_host_reel($iprecu) en provenance de $test_ici($ipici)\n"; 38 $flux .="# Fichier genere par SE3 - module se3-internet\n\n"; 39 $flux .="#-- DEBUT_TIME_RULES --#\n\n"; 40 41 # Connexion Mysql 42 43 $dsn = "DBI:mysql:database=$connexionDb;host=$mysqlServerIp"; 44 $dbh = DBI->connect($dsn, $mysqlServerUsername, $mysqlServerPw ) or die "Echec connexion"; 45 46 $requete = "SELECT * FROM squid_plages where 1 order by `nom`; "; 47 $sth = $dbh->prepare($requete); 48 $sth->execute(); 49 50 while(@row = $sth->fetchrow_array){ 51 $id = $row['0']; 52 $requete2 = "SELECT * FROM squid_horaire where id_plage='$id'; "; 53 $flux .= "time $row[1] {\n"; 54 $sth2 = $dbh->prepare($requete2); 55 $sth2->execute(); 56 while(my @row2 = $sth2->fetchrow_array){ 57 $flux.="\t@row2[4] @row2[2] - @row2[3]\n"; 58 } 59 60 $flux .= "}\n\n"; 61 62 } 63 $flux .="#-- FIN_TIME_RULES --#\n\n"; 64 65 $flux.="#-- DEBUT_SOURCE_ADDRESSES --#\n\n"; 66 67 $flux.="src internet {\n"; 68 $flux.="\t# laisse passer tous les postes ayant les droits internet\n"; 69 $flux.="\tldapipsearch ldap://$slapdIp/$computersDn?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:interne*:tous))\n"; 70 $flux.="}\n"; 71 $flux.="src internet-pause {\n"; 72 $flux.="\t# laisse passer tous les postes internet-pause durant les pauses\n"; 73 $flux.="\tldapipsearch ldap://$slapdIp/$computersDn?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:internet-pause:*))\n"; 74 $flux.="}\n"; 75 $flux.="src internet-cours {\n"; 76 $flux.="\t# laisse passer tous les postes internet-cours sauf durant les pauses \n"; 77 $flux.="\tldapipsearch ldap://$slapdIp/$computersDn?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:internet-cours:*))\n"; 78 $flux.="}\n"; 79 $flux.="src internet-soir {\n"; 80 $flux.="\t# laisse passer tous les postes internet-soir le soir\n"; 81 $flux.="\tldapipsearch ldap://$slapdIp/$computersDn?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:internet-soir:*))\n"; 82 $flux.="}\n"; 83 84 $flux.="src intranet {\n"; 85 $flux.="\t# filtre tous les postes ayant les droits intranet \n"; 86 $flux.="\tldapipsearch ldap://$slapdIp/$computersDn?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:intranet*))\n"; 87 $flux.="}\n"; 88 $flux.="src aucun {\n"; 89 $flux.="\t# filtre tous les postes ayant les droits aucun (punis ou non configurés) \n"; 90 $flux.="\tldapipsearch ldap://$slapdIp/$computersDn?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:aucun:*))\n"; 91 $flux.="}\n"; 92 93 $flux.="#-- FIN_SOURCE_ADDRESSES --#\n\n"; 94 95 $flux.="#-- DEBUT_ACL --#\n\n"; 96 97 $flux.="acl {\n"; 98 $flux.="\tsurf-bypass {\n"; 99 $flux.="\t\tpass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez\n"; 100 $flux.="\t\tredirect #REDIRECT#\n"; 101 $flux.="\t}\n"; 102 $flux.="\tproxy-ftp {\n"; 103 $flux.="\t\tpass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez\n"; 104 $flux.="\t\tredirect #REDIRECT#\n"; 105 $flux.="\t}\n"; 106 $flux.="\tinternet-pause within pause {\n"; 107 $flux.="\t\tpass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr\n"; 108 $flux.="\t\tredirect #REDIRECT#\n"; 109 $flux.="\t}\n"; 110 $flux.="\tinternet-soir within soir {\n"; 111 $flux.="\t\tpass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr\n"; 112 $flux.="\t\tredirect #REDIRECT#\n"; 113 $flux.="\t}\n"; 114 $flux.="\tinternet-cours within pause {\n"; 115 $flux.="\t\tpass whitelists none\n"; 116 $flux.="\t\tredirect #REDIRECT#\n"; 117 $flux.="\t} else {\n"; 118 $flux.="\t\tpass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr\n"; 119 $flux.="\t\tredirect #REDIRECT#\n"; 120 $flux.="\t}\n"; 121 $flux.="\tinternet {\n"; 122 $flux.="\t\tpass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr\n"; 123 $flux.="\t\tredirect #REDIRECT#\n"; 124 $flux.="\t}\n"; 125 $flux.="\tintranet {\n"; 126 $flux.="\t\tpass whitelists none\n"; 127 $flux.="\t\tredirect #REDIRECT#\n"; 128 $flux.="\t}\n"; 129 $flux.="\taucun {\n"; 130 $flux.="\t\tpass none\n"; 131 $flux.="\t\tredirect $hostname/se3-internet/charte_internet.php\n"; 132 $flux.="\t}\n"; 133 $flux.="\tdefault {\n"; 134 $flux.="\t\tpass none\n"; 135 $flux.="\t\tredirect $hostname/se3-internet/connexions_portables.php\n"; 136 $flux.="\t}\n"; 137 $flux.="}\n"; 138 139 $flux.="#-- FIN_ACL --#\n\n"; 140 141 142 $sth -> finish; 143 $dbh -> disconnect; 144 145 #Filtrer et Sortir les informations. 146 147 $q = new CGI; 148 #Liste de parametres fournis 149 @params = $q->param(); 150 $flux.= @params[0]; 151 if ( (($iprecu cmp $ipproxy) == 0) || (($iprecu cmp $ipici) == 0 ) || (($test_host_reel cmp $test_ici) == 0 ) ) { 152 153 # CAS FILTRAGE IP OK 154 155 print $q->header('text/plain'); 156 print $flux; 157 exit; 158 159 } else { 160 161 # CAS FILTRAGE IP KO 162 163 print $q->header(-status=>'401',-type=>'text/html'), $q->start_html(-title=>'401 Unauthorized'), '<h1>Unauthorized !</h1>'; 164 exit; 165 166 } 167 168 169 170 171
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |