[squid-users] Squid and ufdbGuard, display blocked URL on client browser address bar
Marcus Kool
marcus.kool at urlfilterdb.com
Fri Jul 10 10:31:21 UTC 2015
On 07/10/2015 12:54 AM, Amos Jeffries wrote:
> On 10/07/2015 9:51 a.m., David Touzeau wrote:
>> Hi ikna
>>
>> This can be done, but you need to forget the ufdbgclient and create
>> yourself a new one that is able to connect to the ufdbguard server in
>> order to get ufdbguard results.
>> In this case, you have with your code to replace the OK status=302
>> url="" sent by ufdbguard server by OK rewrite-url=""
>>
>> Then the address bar will be not changed.
>>
>> If you need an example, you will find it after installing this open
>> source software :
>> http://sourceforge.net/projects/artica-squid/files/ISO/proxy-appliances/
>>
>
> Thats not what he is asking for though.
>
> He is asking to change the page *content*. By only altering the URL
> request-line on the received message.
>
> The answer is to change what the http://10.1.1.142/sgerror.php script
> does. So it displays the url= parameter instead of its own full URL.
Ikna contacted me yesterday and I have sent the same answer yesterday
directly without notifying the list.
The issue is basically that URL redirectors usually send an HTML 302
redirection code to redirect a blocked URL to an error page.
squidGuard and ufdbGuard use by default the 302 code.
Ikna has, however, a 404 code which behaves differrent and likes to know
how to configure ufdbGuard to send a 404 code. This is the same as with
squidGuard:
redirect "404:<some-URL>"
> IMPORTANT: doing that was a XSS / open-proxy vulnerability that
> squidguard had. Its not a good idea to just dump out query-string data
> delivered by the client as body content. It needs to be sanitized
> properly first.
ufdbGuard sends a sanitised URL so in this case dumping out the value of the
url= parameter is safe.
Marcus
> Amos
>
>>
>> Le 09/07/2015 22:19, Ikna Nou a écrit :
>>> Dear all,
>>> We recently migrated from Squid3.4.13/squidGuard to Squid3.5/ufdbGuard
>>>
>>> With Squid3.4+squidguard, we were able to display on clients browser a
>>> customized error page showing ONLY the original URL request on the
>>> address bar.
>>>
>>> But, now: what we display on clients browser is:
>>> http://10.1.1.142/sgerror.php?url=http%3A%2F%2Fwww.blocked_site.com
>>>
>>> From command line:
>>> :~#echo "http://www.blocked_site.com 10.10.0.1/ - - GET" |
>>> /usr/local/ufdbguard/bin/ufdbgclient -d
>>> OK status=302
>>> url="http://10.1.1.142/sgerror.php?url=http%3A%2F%2Fwww.blocked_site.com"
>>>
>>> squid access log:
>>> 10.10.2.2 GET http://www.blocked_site.com/ HTTP/1.1 - 287 -
>>> "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML,
>>> like Gecko) Chrome/43.0.2357.124 Safari/537.36" TCP_REDIRECT:HIER_NONE
>>> - www.blocked_site.com / - - -
>>>
>>>
>>> Is it possible to achieve the prevoius behavior? (display the blocked
>>> URL on clients browser address bar?)
>>> Thank you
>>>
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list