[squid-users] Squid and ufdbGuard, display blocked URL on client browser address bar

Amos Jeffries squid3 at treenet.co.nz
Fri Jul 10 03:54:54 UTC 2015 

On 10/07/2015 9:51 a.m., David Touzeau wrote:
> Hi ikna
> 
> This can be done, but you need to forget the ufdbgclient and create
> yourself a new one that is able to connect to the ufdbguard server in
> order to get ufdbguard results.
> In this case, you have with your code to replace the  OK status=302
> url="" sent by ufdbguard server by OK rewrite-url=""
> 
> Then the address bar will be not changed.
> 
> If you need an example, you will find it after installing this open
> source software :
> http://sourceforge.net/projects/artica-squid/files/ISO/proxy-appliances/
> 

Thats not what he is asking for though.

He is asking to change the page *content*. By only altering the URL
request-line on the received message.

The answer is to change what the http://10.1.1.142/sgerror.php script
does. So it displays the url= parameter instead of its own full URL.


IMPORTANT:  doing that was a XSS / open-proxy vulnerability that
squidguard had. Its not a good idea to just dump out query-string data
delivered by the client as body content. It needs to be sanitized
properly first.

Amos

> 
> Le 09/07/2015 22:19, Ikna Nou a écrit :
>> Dear all,
>> We recently migrated from Squid3.4.13/squidGuard to Squid3.5/ufdbGuard
>>
>> With Squid3.4+squidguard, we were able to display on clients browser a
>> customized error page showing ONLY the original URL request on the
>> address bar.
>>
>> But, now: what we display on clients browser is:
>> http://10.1.1.142/sgerror.php?url=http%3A%2F%2Fwww.blocked_site.com
>>
>>  From command line:
>> :~#echo "http://www.blocked_site.com 10.10.0.1/ - - GET" |
>> /usr/local/ufdbguard/bin/ufdbgclient -d
>> OK status=302
>> url="http://10.1.1.142/sgerror.php?url=http%3A%2F%2Fwww.blocked_site.com"
>>
>> squid access log:
>> 10.10.2.2 GET http://www.blocked_site.com/ HTTP/1.1 - 287 -
>> "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/43.0.2357.124 Safari/537.36" TCP_REDIRECT:HIER_NONE
>> - www.blocked_site.com / - - -
>>
>>
>> Is it possible to achieve the prevoius behavior? (display the blocked
>> URL on clients browser address bar?)
>> Thank you
>>
>>                          
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list