/alcasar.sh |
---|
1555,7 → 1555,7 |
expand-hosts |
bogus-priv |
filterwin2k |
ipset=/#/whitelist_ip_allowed # dynamicly add the resolv IP address in the Firewall rules |
ipset=/#/wl_ip_allowed # dynamicly add the resolv IP address in the Firewall rules |
address=/#/$PRIVATE_IP # for Domain name without local resolution (WL) |
EOF |
# 4th dnsmasq listen on udp 56 ("blackhole") |
1708,6 → 1708,14 |
EOF |
# Enabling update for BL/WL categories with rsync |
cat << EOF > /etc/cron.d/alcasar-update-cat |
# update malware category every twelve hours |
* 0-23/12 * * * /usr/local/bin/alcasar-bl.sh --update-cat malware rsync://ftp.ut-capitole.fr/blacklist/dest/malware > /dev/null 2>&1 |
EOF |
chown root:apache /etc/cron.d/alcasar-update-cat |
# removing the users crons |
rm -f /var/spool/cron/* |
} # End cron |
/scripts/alcasar-bl.sh |
---|
137,7 → 137,7 |
} |
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }" |
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload } | { -update_cat or --update_cat } & categorie & url_rsync" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
225,7 → 225,7 |
fi |
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors |
# extract ip addresses for iptables |
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add blacklist_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp |
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp |
# for dnsmask, remove IP addesses, accented characters and commented lines. |
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp |
$SED "/[äâëêïîöôüû]/d" $FILE_tmp |
249,6 → 249,52 |
rm -rf $DIR_tmp |
echo |
;; |
#mise a jour d'une categorie avec rsync |
-update_cat | --update_cat) |
if [ $# -ge 3 ] |
then |
echo -n "Updating $2 category ..." |
PATH_FILE=$(find $DIR_DG_BL/ -type d -name $2) # retrieve directory name of the category |
rsync -rv $3 $(dirname $PATH_FILE ) #rsync inside of the blacklist directory |
# Creation of DNSMASQ and Iptables BL and WL |
DOMAINE=$(basename $PATH_FILE) |
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors |
# extract ip addresses for iptables |
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp |
# for dnsmask, remove IP addesses, accented characters and commented lines. |
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp |
$SED "/[äâëêïîöôüû]/d" $FILE_tmp |
$SED "/^#.*/d" $FILE_tmp |
black=`grep black $PATH_FILE/usage |wc -l` |
if [ $black == "1" ] |
then |
# adapt to the dnsmasq syntax for the blacklist |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE |
/usr/bin/systemctl restart dnsmasq-blacklist |
else |
# adapt to the dnsmasq syntax for the whitelist |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf |
/usr/bin/systemctl restart dnsmasq-whitelist |
fi |
rm -f $FILE_tmp $FILE_ip_tmp |
/usr/bin/systemctl restart dansguardian |
/usr/local/bin/alcasar-iptables.sh |
echo "MAJ RSYNC réussie" |
else |
echo "$usage" |
fi |
;; |
# reload when categories are changed |
-reload | --reload) |
# for DG |
279,3 → 325,4 |
esac |
/scripts/alcasar-conup.sh |
---|
13,7 → 13,7 |
#do |
# echo "$i : ${!i}" >> /tmp/debug-conup.txt |
#done |
ipset del user_not_connected_yet $FRAMED_IP_ADDRESS |
ipset del not_auth_yet $FRAMED_IP_ADDRESS |
# Add user to the SET (function of his filtering level) |
case $FILTER_ID in |
# HAVP |
30,7 → 30,7 |
;; |
# No filtering |
*) |
set="no_filtering_set" |
set="not_filtered" |
;; |
esac |
ipset add $set $FRAMED_IP_ADDRESS |
/scripts/alcasar-iptables.sh |
---|
54,15 → 54,15 |
# Sauvegarde des SET des utilisateurs connectés si ils existent |
# Saving SET of connected users if it exists |
ipset list no_filtering_set 1>/dev/null 2>&1 |
ipset list not_filtered 1>/dev/null 2>&1 |
if [ $? -eq 0 ]; |
then |
ipset save no_filtering_set > $TMP_users_set_save |
ipset save not_filtered > $TMP_users_set_save |
ipset save havp_set >> $TMP_users_set_save |
ipset save havp_bl_set >> $TMP_users_set_save |
ipset save havp_wl_set >> $TMP_users_set_save |
ipset save user_not_connected_yet >> $TMP_users_set_save |
ipset save ipset_users_list >> $TMP_users_set_save |
ipset save not_auth_yet >> $TMP_users_set_save |
ipset save users_list >> $TMP_users_set_save |
fi |
# loading of NetFlow probe (ipt_NETFLOW kernel module) |
100,15 → 100,15 |
# destroy all SET |
ipset destroy |
ipset flush blacklist_ip_blocked |
ipset destroy blacklist_ip_blocked |
ipset flush whitelist_ip_allowed |
ipset destroy whitelist_ip_allowed |
ipset flush bl_ip_blocked |
ipset destroy bl_ip_blocked |
ipset flush wl_ip_allowed |
ipset destroy wl_ip_allowed |
###### BL set ########### |
# Calcul de la taille / Compute the length |
bl_set_length=$(($(wc -l $BL_IP_CAT/* | awk '{print $1}' | tail -n 1)+$(wc -l $BL_IP_OSSI | awk '{print $1}'))) |
# Chargement / loading |
echo "create blacklist_ip_blocked hash:net family inet hashsize 1024 maxelem $bl_set_length" > $TMP_set_save |
echo "create bl_ip_blocked hash:net family inet hashsize 1024 maxelem $bl_set_length" > $TMP_set_save |
for category in `ls -1 $BL_IP_CAT | cut -d '@' -f1` |
do |
cat $BL_IP_CAT/$category >> $TMP_set_save |
119,7 → 119,7 |
# Suppression des ip réhabilitées / Removing of rehabilitated ip |
for ip in $(cat $IP_REHABILITEES) |
do |
ipset del blacklist_ip_blocked $ip |
ipset del bl_ip_blocked $ip |
done |
###### WL set ########### |
126,7 → 126,7 |
# Calcul de la taille / Compute the length |
wl_set_length=$(($(wc -l $DIR_WL_IP_ENABLED/* | awk '{print $1}' | tail -n 1)*3)) |
# Chargement Loading |
echo "create whitelist_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save |
echo "create wl_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save |
#get ip-wl files from ACC |
for ossi in `ls -1 $DIR_WL_IP_ENABLED` |
do |
142,19 → 142,19 |
ipset -! restore < $TMP_users_set_save |
rm -f $TMP_users_set_save |
else |
ipset create no_filtering_set hash:net hashsize 1024 |
ipset create not_filtered hash:net hashsize 1024 |
ipset create havp_set hash:net hashsize 1024 |
ipset create havp_bl_set hash:net hashsize 1024 |
ipset create havp_wl_set hash:net hashsize 1024 |
#utilisé pour l'interception des utilisateurs non authentifiés au réseau |
#used for intercepting users not connected to the network |
ipset create user_not_connected_yet hash:net hashsize 1024 |
ipset create ipset_users_list list:set |
ipset add ipset_users_list havp_set |
ipset add ipset_users_list havp_wl_set |
ipset add ipset_users_list havp_bl_set |
ipset add ipset_users_list no_filtering_set |
ipset add ipset_users_list user_not_connected_yet |
ipset create not_auth_yet hash:net hashsize 1024 |
ipset create users_list list:set |
ipset add users_list havp_set |
ipset add users_list havp_wl_set |
ipset add users_list havp_bl_set |
ipset add users_list not_filtered |
ipset add users_list not_auth_yet |
fi |
############################# |
163,8 → 163,8 |
# Redirection des requetes DNS des utilisateurs non connectés dans le DNS-Blackhole |
# Redirect users not connected DNS requests in DNS-Blackhole |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56 |
# Marquage des paquets qui tentent d'accéder directement à un serveur sans authentification en mode proxy pour pouvoir les rejeter en INPUT |
207,11 → 207,11 |
# Redirection HTTP des usagers 'havp_bl' cherchant à joindre les IP de la blacklist vers ALCASAR (page 'accès interdit') |
# Redirect HTTP of 'havp_bl' users who want blacklist IP to ALCASAR ('access denied' page) |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set blacklist_ip_blocked dst -p tcp --dport http -j REDIRECT --to-port 80 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set bl_ip_blocked dst -p tcp --dport http -j REDIRECT --to-port 80 |
# Redirection HTTP des usagers 'havp_wl' cherchant à joindre les IP qui ne sont pas dans la WL vers ALCASAR (page 'accès interdit') |
# Redirect HTTP of 'havp_wl' users who want IP not in the WL to ALCASAR ('access denied' page) |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl_set src -m set ! --match-set whitelist_ip_allowed dst -p tcp --dport http -j REDIRECT --to-port 80 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl_set src -m set ! --match-set wl_ip_allowed dst -p tcp --dport http -j REDIRECT --to-port 80 |
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers DansGuardian |
# Redirect outbound HTTP requests of "BL" users to DansGuardian (transparent proxy) |
343,11 → 343,11 |
# FORWARD # |
############################# |
# Blocage des IPs du SET blacklist_ip_blocked pour le SET havp_bl_set |
# Deny IPs of the SET blacklist_ip_blocked for the set havp_bl_set |
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set blacklist_ip_blocked dst -p icmp -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set blacklist_ip_blocked dst -p udp -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set blacklist_ip_blocked dst -p tcp -j REJECT --reject-with tcp-reset |
# Blocage des IPs du SET bl_ip_blocked pour le SET havp_bl_set |
# Deny IPs of the SET bl_ip_blocked for the set havp_bl_set |
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set bl_ip_blocked dst -p icmp -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set bl_ip_blocked dst -p udp -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set bl_ip_blocked dst -p tcp -j REJECT --reject-with tcp-reset |
# Rejet des requêtes DNS vers Internet |
# Deny forward DNS |
/scripts/alcasar-url_filter_wl.sh |
---|
57,7 → 57,7 |
echo "address=/$gg_dnsname/$forcesafesearch_server" >> $DNSMASQ_WL_CONF |
done |
$SED "/$forcesafesearch_server/d" $IP_WL |
echo "add whitelist_ip_allowed $forcesafesearch_server" >> $IP_WL |
echo "add wl_ip_allowed $forcesafesearch_server" >> $IP_WL |
else |
$SED "/google/d" $DNSMASQ_WL_CONF |
rm $IP_WL |
/scripts/alcasar-watchdog.sh |
---|
114,8 → 114,8 |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep "Unicast reply"|wc -l` |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |
#on vide les ip inactifs de l'ipset user_not_connected_yet |
ipset del user_not_connected_yet $noresponse_ip |
#on vide les ip inactifs de l'ipset not_auth_yet |
ipset del not_auth_yet $noresponse_ip |
logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponse_user)." |
/usr/sbin/chilli_query logout $noresponse_mac |
if [[ $noresponse_user == $noresponse_mac ]] # for @mac auth equipments, we must remove the arp entry |
/web/acc/admin/bl_categories_help.php |
---|
8,6 → 8,7 |
$wl_iptables_dir="/usr/local/share/iptables-wl/"; |
$bl_dnsmasq_dir="/usr/local/share/dnsmasq-bl/"; |
$wl_dnsmasq_dir="/usr/local/share/dnsmasq-wl/"; |
if(isset($_GET['ossi'])) $ossi = $_GET['ossi']; |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) |
62,6 → 63,31 |
} |
if($liste == "bl") |
{ |
if(isset($ossi)) |
{ |
$bl_categorie_domain_file = $bl_dnsmasq_dir."-enabled/".$categorie; |
$bl_categorie_ip_file = $bl_iptables_dir.$categorie; |
if(isset($_GET['nb_domains']) && isset($_GET['nb_urls']) && isset($_GET['nb_ip'])) |
{ |
$nb_domains = $_GET['nb_domains']; |
$nb_ip = $_GET['nb_ip']; |
} |
else |
{ |
if (file_exists($bl_categorie_domain_file)) |
$nb_domains = exec("wc -l $bl_categorie_domain_file | cut -d ' ' -f1"); |
else |
$nb_domains = $l_error_open_file." ".$bl_categorie_domain_file; |
if(file_exists($bl_categorie_ip_file)) |
$nb_ip = exec("wc -l $bl_categorie_ip_file | cut -d ' ' -f1"); |
else |
$nb_ip = $l_error_open_file." ".$bl_categorie_ip_file; |
} |
} |
else |
{ |
$bl_categorie_domain_file = $bl_dnsmasq_dir.$categorie.".conf"; |
$bl_categorie_url_file = $bl_dir.$categorie."/urls"; |
$bl_categorie_ip_file = $bl_iptables_dir.$categorie; |
86,9 → 112,34 |
else |
$nb_ip = $l_error_open_file." ".$bl_categorie_ip_file; |
} |
} |
} |
else |
{ |
if(isset($ossi)) |
{ |
$wl_categorie_domain_file = "/usr/local/share/dnsmasq-wl-enabled/".$categorie; |
$wl_categorie_ip_file = "/usr/local/share/iptables-wl-enabled/".$categorie; |
if(isset($_GET['nb_domains']) && isset($_GET['nb_urls']) && isset($_GET['nb_ip'])) |
{ |
$nb_domains = $_GET['nb_domains']; |
$nb_ip = $_GET['nb_ip']; |
} |
else |
{ |
if (file_exists($wl_categorie_domain_file)) |
$nb_domains = exec("wc -l $wl_categorie_domain_file | cut -d ' ' -f1"); |
else |
$nb_domains = $l_error_open_file." ".$wl_categorie_domain_file; |
if(file_exists($wl_categorie_ip_file)) |
$nb_ip = exec("wc -l $wl_categorie_ip_file | cut -d ' ' -f1"); |
else |
$nb_ip = $l_error_open_file." ".$wl_categorie_ip_file; |
} |
} |
else |
{ |
$wl_categorie_domain_file = $wl_dnsmasq_dir.$categorie.".conf"; |
$wl_categorie_ip_file = $wl_iptables_dir.$categorie; |
if(isset($_GET['nb_domains'])) |
106,10 → 157,11 |
$nb_urls = 0; |
$nb_ip = 0; |
} |
} |
} |
$global_usage = file($bl_dir."global_usage"); |
$langue = strtoupper($Language); |
if(isset($categorie)) |
if(isset($categorie) && !isset($ossi)) |
{ |
$fin1 = 0; $fin2 = 0; |
foreach($global_usage as $line) |
151,11 → 203,20 |
$filtre_url = $liste == "bl" ? $bl_categorie_url_file : ""; |
$filtre_ip = $liste == "bl" ? $bl_categorie_ip_file : $wl_categorie_ip_file; |
$compat_categorie=strtr($categorie,"-","_"); |
if(!isset($ossi)) |
{ |
echo "<br><center><b>$l_name_cat</b></center>"; |
echo "<center><b>$l_description_cat</b></center><br>"; |
echo "$l_nb_domains <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_domain&titre=domain&nb_domains=$nb_domains&nb_urls=$nb_urls&nb_ip=$nb_ip'>$nb_domains</a></b><br>"; |
echo "$l_nb_urls <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_url&titre=url&nb_domains=$nb_domains&nb_urls=$nb_urls&nb_ip=$nb_ip'>$nb_urls</a></b><br>"; |
echo "$l_nb_ip <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_ip&titre=ip&nb_domains=$nb_domains&nb_urls=$nb_urls&nb_ip=$nb_ip'>$nb_ip</a></b><br>"; |
} |
else |
{ |
echo "$l_nb_domains <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_domain&titre=domain&nb_domains=$nb_domains&nb_ip=$nb_ip&ossi=yes'>$nb_domains</a></b><br>"; |
echo "$l_nb_ip <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_ip&titre=ip&nb_domains=$nb_domains&nb_ip=$nb_ip&ossi=yes'>$nb_ip</a></b><br>"; |
} |
?> |
</td></tr> |
</TABLE> |
178,13 → 239,16 |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<?php |
<?php |
if($titre == "domain") |
{ |
$filtre = $liste == "bl" ? $bl_categorie_domain_file : $wl_categorie_domain_file; |
exec("head -n 15 $filtre | cut -d '/' -f2", $resultat); |
} |
elseif($titre == "ip") |
{ |
$filtre = $liste == "bl" ? $bl_categorie_ip_file : $wl_categorie_ip_file; |
exec("head -n 15 $filtre | cut -d ' ' -f3", $resultat); |
} |
else |
/web/acc/admin/bl_filter.php |
---|
29,11 → 29,11 |
} |
if($color == "white") |
{ |
return preg_replace("/(.*)\n/", "add whitelist_ip_allowed $1\n", $new_list); |
return preg_replace("/(.*)\n/", "add wl_ip_allowed $1\n", $new_list); |
} |
else |
{ |
return preg_replace("/(.*)\n/", "add blacklist_ip_blocked $1\n", $new_list); |
return preg_replace("/(.*)\n/", "add bl_ip_blocked $1\n", $new_list); |
} |
} |
function echo_file ($filename) |
191,7 → 191,7 |
$dir_tmp="/tmp/blacklists"; |
$upload_dir_ip = "/usr/local/share/iptables-bl-enabled/"; |
$upload_dir_domain_names = "/usr/local/share/dnsmasq-bl-enabled/"; |
$cron_apache = "/etc/cron.d/alcasar-update-categories"; |
$cron_apache = "/etc/cron.d/alcasar-update-cat"; |
# default values |
if (is_file ($conf_file)) |
{ |
235,9 → 235,20 |
{ |
$line=str_replace('chk-','',$key)."\n"; |
fwrite($pointeur,$line); |
if(trim($line) == 'malware') |
{ |
$cron_malware = 1; |
$fichier=fopen($cron_apache,"w+"); |
fputs($fichier, "# update malware categories every 12 hours\n"); |
fputs($fichier, "* 0-23/12 * * * /usr/local/bin/alcasar-bl.sh --update-cat malware rsync://ftp.ut-capitole.fr/blacklist/dest/malware\n"); |
} |
} |
} |
if(!$cron_malware) |
{ |
$fichier=fopen($cron_apache,"w+"); |
fputs($fichier, "# malware updates disabled\n"); |
} |
fclose($pointeur); |
} |
295,7 → 306,7 |
exec("sort -u $upload_dir_ip\ossi_ip > $upload_dir_ip\ossi-$nom && rm -f $upload_dir_ip\ossi_ip"); |
# On adapte le fichier à la sauvegarde du set |
exec("sed -i \"s/^/add blacklist_ip_blocked /g\" $upload_dir_ip\ossi-$nom"); |
exec("sed -i \"s/^/add bl_ip_blocked /g\" $upload_dir_ip\ossi-$nom"); |
# On extrait uniquement les noms de domaine |
444,7 → 455,7 |
exec("cd $upload_dir_ip && ls | grep ossi-", $fichiersIp); |
foreach($fichiersIp as $fichier => $value) |
{ |
echo "<tr><td><center>".exec("sed 's/^.....//g' <<< $value")."</center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
echo "<tr><td><center><a href='bl_categories_help.php?liste=bl&cat=$value&ossi=yes&filtre=domain' target='cat_help' onclick=window.open('bl_categories_help','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>".exec("sed 's/^.....//g' <<< $value")."</a></center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
} |
echo "</table><br/></td></form><form action='bl_filter.php' method='POST' enctype='multipart/form-data'>"; |
echo "<input type='hidden' name='choix' value='MAJ_ip_file_upload'><td width=50% colspan=5 align=center>"; |
/web/acc/admin/wl_filter.php |
---|
29,11 → 29,11 |
} |
if($color == "white") |
{ |
return preg_replace("/(.*)\n/", "add whitelist_ip_allowed $1\n", $new_list); |
return preg_replace("/(.*)\n/", "add wl_ip_allowed $1\n", $new_list); |
} |
else |
{ |
return preg_replace("/(.*)\n/", "add blacklist_ip_blocked $1\n", $new_list); |
return preg_replace("/(.*)\n/", "add bl_ip_blocked $1\n", $new_list); |
} |
} |
function echo_file ($filename) |
254,7 → 254,7 |
exec("sort -u $upload_dir_ip\ossi_ip > $upload_dir_ip\ossi-$nom && rm -f $upload_dir_ip\ossi_ip"); |
# On adapte le fichier à la sauvegarde du set |
exec("sed -i \"s/^/add whitelist_ip_allowed /g\" $upload_dir_ip\ossi-$nom"); |
exec("sed -i \"s/^/add wl_ip_allowed /g\" $upload_dir_ip\ossi-$nom"); |
# On extrait uniquement les noms de domaine |
# max_tld() retourne le nombre max de charactere pour un top-level dns |
354,10 → 354,10 |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_file_list</H3>"; |
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th>$l_file_remove</tr>"; |
exec("cd $upload_dir_ip && ls | grep ossi-", $fichiersIp); |
exec("cd $upload_dir_ip && ls ossi-*", $fichiersIp); |
foreach($fichiersIp as $fichier => $value) |
{ |
echo "<tr><td><center>".exec("sed 's/^.....//g' <<< $value")."</center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
echo "<tr><td><center><a href='bl_categories_help.php?liste=wl&cat=$value&ossi=yes&filtre=domain' target='cat_help' onclick=window.open('bl_categories_help','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>".exec("sed 's/^.....//g' <<< $value")."</a></center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
} |
echo "</table><br/></td></form><form action='wl_filter.php' method='POST' enctype='multipart/form-data'>"; |
echo "<input type='hidden' name='choix' value='MAJ_ip_file_upload'><td width=50% colspan=5 align=center>"; |
/web/acc/manager/htdocs/security.php |
---|
12,6 → 12,11 |
<link rel="stylesheet" href="../../../css/bootstrap.min.css"> |
<script src="../../../js/jquery.min.js"></script> |
<script src="../../../js/bootstrap.min.js"></script> |
<style> |
body { |
background-color: #EFEFEF; |
} |
</style> |
</HEAD> |
<body> |
/web/index.php |
---|
104,8 → 104,8 |
{ |
# cas où l'utilisateur non-loggué décide de joindre une page HTTP/S => redirection http://URL |
# ALCASAR => redirection index.php |
# on place l'IP de l'utilisateur dans un ipset user_not_connected pour ne pas boucler |
exec("sudo /usr/sbin/ipset add user_not_connected_yet $remote_ip"); |
# on place l'IP de l'utilisateur dans un ipset not_auth_yet pour ne pas boucler |
exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); |
if(!$direct_access) |
{ |
header("Cache-Control: no-cache, must-revalidate"); |