Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1866 → Rev 1867

/alcasar.sh
1555,7 → 1555,7
expand-hosts
bogus-priv
filterwin2k
ipset=/#/whitelist_ip_allowed # dynamicly add the resolv IP address in the Firewall rules
ipset=/#/wl_ip_allowed # dynamicly add the resolv IP address in the Firewall rules
address=/#/$PRIVATE_IP # for Domain name without local resolution (WL)
EOF
# 4th dnsmasq listen on udp 56 ("blackhole")
1708,6 → 1708,14
EOF
 
 
# Enabling update for BL/WL categories with rsync
cat << EOF > /etc/cron.d/alcasar-update-cat
# update malware category every twelve hours
* 0-23/12 * * * /usr/local/bin/alcasar-bl.sh --update-cat malware rsync://ftp.ut-capitole.fr/blacklist/dest/malware > /dev/null 2>&1
EOF
 
chown root:apache /etc/cron.d/alcasar-update-cat
 
# removing the users crons
rm -f /var/spool/cron/*
} # End cron
/scripts/alcasar-bl.sh
137,7 → 137,7
}
 
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }"
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload } | { -update_cat or --update_cat } & categorie & url_rsync"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
225,7 → 225,7
fi
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
# extract ip addresses for iptables
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add blacklist_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
# for dnsmask, remove IP addesses, accented characters and commented lines.
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp
$SED "/[äâëêïîöôüû]/d" $FILE_tmp
249,6 → 249,52
rm -rf $DIR_tmp
echo
;;
#mise a jour d'une categorie avec rsync
-update_cat | --update_cat)
if [ $# -ge 3 ]
then
echo -n "Updating $2 category ..."
 
PATH_FILE=$(find $DIR_DG_BL/ -type d -name $2) # retrieve directory name of the category
rsync -rv $3 $(dirname $PATH_FILE ) #rsync inside of the blacklist directory
# Creation of DNSMASQ and Iptables BL and WL
DOMAINE=$(basename $PATH_FILE)
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
# extract ip addresses for iptables
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
# for dnsmask, remove IP addesses, accented characters and commented lines.
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp
$SED "/[äâëêïîöôüû]/d" $FILE_tmp
$SED "/^#.*/d" $FILE_tmp
black=`grep black $PATH_FILE/usage |wc -l`
if [ $black == "1" ]
then
# adapt to the dnsmasq syntax for the blacklist
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE
/usr/bin/systemctl restart dnsmasq-blacklist
else
# adapt to the dnsmasq syntax for the whitelist
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf
/usr/bin/systemctl restart dnsmasq-whitelist
fi
 
rm -f $FILE_tmp $FILE_ip_tmp
/usr/bin/systemctl restart dansguardian
/usr/local/bin/alcasar-iptables.sh
echo "MAJ RSYNC réussie"
else
echo "$usage"
fi
;;
# reload when categories are changed
-reload | --reload)
# for DG
279,3 → 325,4
esac
 
 
 
/scripts/alcasar-conup.sh
13,7 → 13,7
#do
# echo "$i : ${!i}" >> /tmp/debug-conup.txt
#done
ipset del user_not_connected_yet $FRAMED_IP_ADDRESS
ipset del not_auth_yet $FRAMED_IP_ADDRESS
# Add user to the SET (function of his filtering level)
case $FILTER_ID in
# HAVP
30,7 → 30,7
;;
# No filtering
*)
set="no_filtering_set"
set="not_filtered"
;;
esac
ipset add $set $FRAMED_IP_ADDRESS
/scripts/alcasar-iptables.sh
54,15 → 54,15
 
# Sauvegarde des SET des utilisateurs connectés si ils existent
# Saving SET of connected users if it exists
ipset list no_filtering_set 1>/dev/null 2>&1
ipset list not_filtered 1>/dev/null 2>&1
if [ $? -eq 0 ];
then
ipset save no_filtering_set > $TMP_users_set_save
ipset save not_filtered > $TMP_users_set_save
ipset save havp_set >> $TMP_users_set_save
ipset save havp_bl_set >> $TMP_users_set_save
ipset save havp_wl_set >> $TMP_users_set_save
ipset save user_not_connected_yet >> $TMP_users_set_save
ipset save ipset_users_list >> $TMP_users_set_save
ipset save not_auth_yet >> $TMP_users_set_save
ipset save users_list >> $TMP_users_set_save
fi
 
# loading of NetFlow probe (ipt_NETFLOW kernel module)
100,15 → 100,15
# destroy all SET
ipset destroy
 
ipset flush blacklist_ip_blocked
ipset destroy blacklist_ip_blocked
ipset flush whitelist_ip_allowed
ipset destroy whitelist_ip_allowed
ipset flush bl_ip_blocked
ipset destroy bl_ip_blocked
ipset flush wl_ip_allowed
ipset destroy wl_ip_allowed
###### BL set ###########
# Calcul de la taille / Compute the length
bl_set_length=$(($(wc -l $BL_IP_CAT/* | awk '{print $1}' | tail -n 1)+$(wc -l $BL_IP_OSSI | awk '{print $1}')))
# Chargement / loading
echo "create blacklist_ip_blocked hash:net family inet hashsize 1024 maxelem $bl_set_length" > $TMP_set_save
echo "create bl_ip_blocked hash:net family inet hashsize 1024 maxelem $bl_set_length" > $TMP_set_save
for category in `ls -1 $BL_IP_CAT | cut -d '@' -f1`
do
cat $BL_IP_CAT/$category >> $TMP_set_save
119,7 → 119,7
# Suppression des ip réhabilitées / Removing of rehabilitated ip
for ip in $(cat $IP_REHABILITEES)
do
ipset del blacklist_ip_blocked $ip
ipset del bl_ip_blocked $ip
done
 
###### WL set ###########
126,7 → 126,7
# Calcul de la taille / Compute the length
wl_set_length=$(($(wc -l $DIR_WL_IP_ENABLED/* | awk '{print $1}' | tail -n 1)*3))
# Chargement Loading
echo "create whitelist_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save
echo "create wl_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save
#get ip-wl files from ACC
for ossi in `ls -1 $DIR_WL_IP_ENABLED`
do
142,19 → 142,19
ipset -! restore < $TMP_users_set_save
rm -f $TMP_users_set_save
else
ipset create no_filtering_set hash:net hashsize 1024
ipset create not_filtered hash:net hashsize 1024
ipset create havp_set hash:net hashsize 1024
ipset create havp_bl_set hash:net hashsize 1024
ipset create havp_wl_set hash:net hashsize 1024
#utilisé pour l'interception des utilisateurs non authentifiés au réseau
#used for intercepting users not connected to the network
ipset create user_not_connected_yet hash:net hashsize 1024
ipset create ipset_users_list list:set
ipset add ipset_users_list havp_set
ipset add ipset_users_list havp_wl_set
ipset add ipset_users_list havp_bl_set
ipset add ipset_users_list no_filtering_set
ipset add ipset_users_list user_not_connected_yet
ipset create not_auth_yet hash:net hashsize 1024
ipset create users_list list:set
ipset add users_list havp_set
ipset add users_list havp_wl_set
ipset add users_list havp_bl_set
ipset add users_list not_filtered
ipset add users_list not_auth_yet
fi
 
#############################
163,8 → 163,8
 
# Redirection des requetes DNS des utilisateurs non connectés dans le DNS-Blackhole
# Redirect users not connected DNS requests in DNS-Blackhole
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56
 
 
# Marquage des paquets qui tentent d'accéder directement à un serveur sans authentification en mode proxy pour pouvoir les rejeter en INPUT
207,11 → 207,11
 
# Redirection HTTP des usagers 'havp_bl' cherchant à joindre les IP de la blacklist vers ALCASAR (page 'accès interdit')
# Redirect HTTP of 'havp_bl' users who want blacklist IP to ALCASAR ('access denied' page)
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set blacklist_ip_blocked dst -p tcp --dport http -j REDIRECT --to-port 80
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set bl_ip_blocked dst -p tcp --dport http -j REDIRECT --to-port 80
 
# Redirection HTTP des usagers 'havp_wl' cherchant à joindre les IP qui ne sont pas dans la WL vers ALCASAR (page 'accès interdit')
# Redirect HTTP of 'havp_wl' users who want IP not in the WL to ALCASAR ('access denied' page)
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl_set src -m set ! --match-set whitelist_ip_allowed dst -p tcp --dport http -j REDIRECT --to-port 80
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl_set src -m set ! --match-set wl_ip_allowed dst -p tcp --dport http -j REDIRECT --to-port 80
 
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers DansGuardian
# Redirect outbound HTTP requests of "BL" users to DansGuardian (transparent proxy)
343,11 → 343,11
# FORWARD #
#############################
 
# Blocage des IPs du SET blacklist_ip_blocked pour le SET havp_bl_set
# Deny IPs of the SET blacklist_ip_blocked for the set havp_bl_set
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set blacklist_ip_blocked dst -p icmp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set blacklist_ip_blocked dst -p udp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set blacklist_ip_blocked dst -p tcp -j REJECT --reject-with tcp-reset
# Blocage des IPs du SET bl_ip_blocked pour le SET havp_bl_set
# Deny IPs of the SET bl_ip_blocked for the set havp_bl_set
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set bl_ip_blocked dst -p icmp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set bl_ip_blocked dst -p udp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set bl_ip_blocked dst -p tcp -j REJECT --reject-with tcp-reset
 
# Rejet des requêtes DNS vers Internet
# Deny forward DNS
/scripts/alcasar-url_filter_wl.sh
57,7 → 57,7
echo "address=/$gg_dnsname/$forcesafesearch_server" >> $DNSMASQ_WL_CONF
done
$SED "/$forcesafesearch_server/d" $IP_WL
echo "add whitelist_ip_allowed $forcesafesearch_server" >> $IP_WL
echo "add wl_ip_allowed $forcesafesearch_server" >> $IP_WL
else
$SED "/google/d" $DNSMASQ_WL_CONF
rm $IP_WL
/scripts/alcasar-watchdog.sh
114,8 → 114,8
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep "Unicast reply"|wc -l`
if [[ $(expr $arp_reply) -eq 0 ]]
then
#on vide les ip inactifs de l'ipset user_not_connected_yet
ipset del user_not_connected_yet $noresponse_ip
#on vide les ip inactifs de l'ipset not_auth_yet
ipset del not_auth_yet $noresponse_ip
logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponse_user)."
/usr/sbin/chilli_query logout $noresponse_mac
if [[ $noresponse_user == $noresponse_mac ]] # for @mac auth equipments, we must remove the arp entry
/web/acc/admin/bl_categories_help.php
8,6 → 8,7
$wl_iptables_dir="/usr/local/share/iptables-wl/";
$bl_dnsmasq_dir="/usr/local/share/dnsmasq-bl/";
$wl_dnsmasq_dir="/usr/local/share/dnsmasq-wl/";
if(isset($_GET['ossi'])) $ossi = $_GET['ossi'];
# Choice of language
$Language = 'en';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
62,6 → 63,31
}
if($liste == "bl")
{
if(isset($ossi))
{
$bl_categorie_domain_file = $bl_dnsmasq_dir."-enabled/".$categorie;
$bl_categorie_ip_file = $bl_iptables_dir.$categorie;
if(isset($_GET['nb_domains']) && isset($_GET['nb_urls']) && isset($_GET['nb_ip']))
{
$nb_domains = $_GET['nb_domains'];
$nb_ip = $_GET['nb_ip'];
}
else
{
if (file_exists($bl_categorie_domain_file))
$nb_domains = exec("wc -l $bl_categorie_domain_file | cut -d ' ' -f1");
else
$nb_domains = $l_error_open_file." ".$bl_categorie_domain_file;
if(file_exists($bl_categorie_ip_file))
$nb_ip = exec("wc -l $bl_categorie_ip_file | cut -d ' ' -f1");
else
$nb_ip = $l_error_open_file." ".$bl_categorie_ip_file;
}
}
else
{
$bl_categorie_domain_file = $bl_dnsmasq_dir.$categorie.".conf";
$bl_categorie_url_file = $bl_dir.$categorie."/urls";
$bl_categorie_ip_file = $bl_iptables_dir.$categorie;
86,9 → 112,34
else
$nb_ip = $l_error_open_file." ".$bl_categorie_ip_file;
}
}
}
else
{
if(isset($ossi))
{
$wl_categorie_domain_file = "/usr/local/share/dnsmasq-wl-enabled/".$categorie;
$wl_categorie_ip_file = "/usr/local/share/iptables-wl-enabled/".$categorie;
if(isset($_GET['nb_domains']) && isset($_GET['nb_urls']) && isset($_GET['nb_ip']))
{
$nb_domains = $_GET['nb_domains'];
$nb_ip = $_GET['nb_ip'];
}
else
{
if (file_exists($wl_categorie_domain_file))
$nb_domains = exec("wc -l $wl_categorie_domain_file | cut -d ' ' -f1");
else
$nb_domains = $l_error_open_file." ".$wl_categorie_domain_file;
if(file_exists($wl_categorie_ip_file))
$nb_ip = exec("wc -l $wl_categorie_ip_file | cut -d ' ' -f1");
else
$nb_ip = $l_error_open_file." ".$wl_categorie_ip_file;
}
}
else
{
$wl_categorie_domain_file = $wl_dnsmasq_dir.$categorie.".conf";
$wl_categorie_ip_file = $wl_iptables_dir.$categorie;
if(isset($_GET['nb_domains']))
106,10 → 157,11
$nb_urls = 0;
$nb_ip = 0;
}
}
}
$global_usage = file($bl_dir."global_usage");
$langue = strtoupper($Language);
if(isset($categorie))
if(isset($categorie) && !isset($ossi))
{
$fin1 = 0; $fin2 = 0;
foreach($global_usage as $line)
151,11 → 203,20
$filtre_url = $liste == "bl" ? $bl_categorie_url_file : "";
$filtre_ip = $liste == "bl" ? $bl_categorie_ip_file : $wl_categorie_ip_file;
$compat_categorie=strtr($categorie,"-","_");
if(!isset($ossi))
{
echo "<br><center><b>$l_name_cat</b></center>";
echo "<center><b>$l_description_cat</b></center><br>";
echo "$l_nb_domains <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_domain&titre=domain&nb_domains=$nb_domains&nb_urls=$nb_urls&nb_ip=$nb_ip'>$nb_domains</a></b><br>";
echo "$l_nb_urls <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_url&titre=url&nb_domains=$nb_domains&nb_urls=$nb_urls&nb_ip=$nb_ip'>$nb_urls</a></b><br>";
echo "$l_nb_ip <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_ip&titre=ip&nb_domains=$nb_domains&nb_urls=$nb_urls&nb_ip=$nb_ip'>$nb_ip</a></b><br>";
}
else
{
echo "$l_nb_domains <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_domain&titre=domain&nb_domains=$nb_domains&nb_ip=$nb_ip&ossi=yes'>$nb_domains</a></b><br>";
echo "$l_nb_ip <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_ip&titre=ip&nb_domains=$nb_domains&nb_ip=$nb_ip&ossi=yes'>$nb_ip</a></b><br>";
}
?>
</td></tr>
</TABLE>
178,13 → 239,16
</TABLE>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>
<tr><td valign="middle" align="left">
<?php
<?php
if($titre == "domain")
{
 
$filtre = $liste == "bl" ? $bl_categorie_domain_file : $wl_categorie_domain_file;
exec("head -n 15 $filtre | cut -d '/' -f2", $resultat);
}
elseif($titre == "ip")
{
$filtre = $liste == "bl" ? $bl_categorie_ip_file : $wl_categorie_ip_file;
exec("head -n 15 $filtre | cut -d ' ' -f3", $resultat);
}
else
/web/acc/admin/bl_filter.php
29,11 → 29,11
}
if($color == "white")
{
return preg_replace("/(.*)\n/", "add whitelist_ip_allowed $1\n", $new_list);
return preg_replace("/(.*)\n/", "add wl_ip_allowed $1\n", $new_list);
}
else
{
return preg_replace("/(.*)\n/", "add blacklist_ip_blocked $1\n", $new_list);
return preg_replace("/(.*)\n/", "add bl_ip_blocked $1\n", $new_list);
}
}
function echo_file ($filename)
191,7 → 191,7
$dir_tmp="/tmp/blacklists";
$upload_dir_ip = "/usr/local/share/iptables-bl-enabled/";
$upload_dir_domain_names = "/usr/local/share/dnsmasq-bl-enabled/";
$cron_apache = "/etc/cron.d/alcasar-update-categories";
$cron_apache = "/etc/cron.d/alcasar-update-cat";
# default values
if (is_file ($conf_file))
{
235,9 → 235,20
{
$line=str_replace('chk-','',$key)."\n";
fwrite($pointeur,$line);
if(trim($line) == 'malware')
{
$cron_malware = 1;
$fichier=fopen($cron_apache,"w+");
fputs($fichier, "# update malware categories every 12 hours\n");
fputs($fichier, "* 0-23/12 * * * /usr/local/bin/alcasar-bl.sh --update-cat malware rsync://ftp.ut-capitole.fr/blacklist/dest/malware\n");
}
}
}
if(!$cron_malware)
{
$fichier=fopen($cron_apache,"w+");
fputs($fichier, "# malware updates disabled\n");
}
fclose($pointeur);
}
295,7 → 306,7
exec("sort -u $upload_dir_ip\ossi_ip > $upload_dir_ip\ossi-$nom && rm -f $upload_dir_ip\ossi_ip");
 
# On adapte le fichier à la sauvegarde du set
exec("sed -i \"s/^/add blacklist_ip_blocked /g\" $upload_dir_ip\ossi-$nom");
exec("sed -i \"s/^/add bl_ip_blocked /g\" $upload_dir_ip\ossi-$nom");
 
# On extrait uniquement les noms de domaine
444,7 → 455,7
exec("cd $upload_dir_ip && ls | grep ossi-", $fichiersIp);
foreach($fichiersIp as $fichier => $value)
{
echo "<tr><td><center>".exec("sed 's/^.....//g' <<< $value")."</center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>";
echo "<tr><td><center><a href='bl_categories_help.php?liste=bl&cat=$value&ossi=yes&filtre=domain' target='cat_help' onclick=window.open('bl_categories_help','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>".exec("sed 's/^.....//g' <<< $value")."</a></center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>";
}
echo "</table><br/></td></form><form action='bl_filter.php' method='POST' enctype='multipart/form-data'>";
echo "<input type='hidden' name='choix' value='MAJ_ip_file_upload'><td width=50% colspan=5 align=center>";
/web/acc/admin/wl_filter.php
29,11 → 29,11
}
if($color == "white")
{
return preg_replace("/(.*)\n/", "add whitelist_ip_allowed $1\n", $new_list);
return preg_replace("/(.*)\n/", "add wl_ip_allowed $1\n", $new_list);
}
else
{
return preg_replace("/(.*)\n/", "add blacklist_ip_blocked $1\n", $new_list);
return preg_replace("/(.*)\n/", "add bl_ip_blocked $1\n", $new_list);
}
}
function echo_file ($filename)
254,7 → 254,7
exec("sort -u $upload_dir_ip\ossi_ip > $upload_dir_ip\ossi-$nom && rm -f $upload_dir_ip\ossi_ip");
 
# On adapte le fichier à la sauvegarde du set
exec("sed -i \"s/^/add whitelist_ip_allowed /g\" $upload_dir_ip\ossi-$nom");
exec("sed -i \"s/^/add wl_ip_allowed /g\" $upload_dir_ip\ossi-$nom");
# On extrait uniquement les noms de domaine
# max_tld() retourne le nombre max de charactere pour un top-level dns
354,10 → 354,10
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_file_list</H3>";
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th>$l_file_remove</tr>";
exec("cd $upload_dir_ip && ls | grep ossi-", $fichiersIp);
exec("cd $upload_dir_ip && ls ossi-*", $fichiersIp);
foreach($fichiersIp as $fichier => $value)
{
echo "<tr><td><center>".exec("sed 's/^.....//g' <<< $value")."</center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>";
echo "<tr><td><center><a href='bl_categories_help.php?liste=wl&cat=$value&ossi=yes&filtre=domain' target='cat_help' onclick=window.open('bl_categories_help','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>".exec("sed 's/^.....//g' <<< $value")."</a></center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>";
}
echo "</table><br/></td></form><form action='wl_filter.php' method='POST' enctype='multipart/form-data'>";
echo "<input type='hidden' name='choix' value='MAJ_ip_file_upload'><td width=50% colspan=5 align=center>";
/web/acc/manager/htdocs/security.php
12,6 → 12,11
<link rel="stylesheet" href="../../../css/bootstrap.min.css">
<script src="../../../js/jquery.min.js"></script>
<script src="../../../js/bootstrap.min.js"></script>
<style>
body {
background-color: #EFEFEF;
}
</style>
</HEAD>
<body>
 
/web/index.php
104,8 → 104,8
{
# cas où l'utilisateur non-loggué décide de joindre une page HTTP/S => redirection http://URL
# ALCASAR => redirection index.php
# on place l'IP de l'utilisateur dans un ipset user_not_connected pour ne pas boucler
exec("sudo /usr/sbin/ipset add user_not_connected_yet $remote_ip");
# on place l'IP de l'utilisateur dans un ipset not_auth_yet pour ne pas boucler
exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip");
if(!$direct_access)
{
header("Cache-Control: no-cache, must-revalidate");