function xstart() { $pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".pid"; $pidtime = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".time"; $dbfile = "/var/log/squid/ufdbgclient.unlock.db"; $pid = @file_get_contents($pidfile); if ($GLOBALS["VERBOSE"]) { echo "{$pidtime}\n"; } $unix = new unix(); $squid = $unix->LOCATE_SQUID_BIN(); if (!$GLOBALS["FORCE"]) { if ($unix->process_exists($pid, basename(__FILE__))) { $time = $unix->PROCCESS_TIME_MIN($pid); unlock_events("Already executed pid {$pid} since {$time}mn-> DIE"); if ($GLOBALS["VERBOSE"]) { echo "Already executed pid {$pid} since {$time}mn\n"; } die; } } $mypid = getmypid(); @file_put_contents($pidfile, $mypid); $timefile = $unix->file_time_min($pidtime); if ($GLOBALS["VERBOSE"]) { echo "Timelock:{$pidtime} {$timefile} Mn\n"; } if (!$GLOBALS["FORCE"]) { if ($timefile < 5) { if ($GLOBALS["VERBOSE"]) { echo "{$timefile}mn require 5mn\n"; } unlock_events("{$timefile}mn require 5mn"); return; } } @unlink($pidtime); @file_put_contents($pidtime, time()); $q = new mysql_squid_builder(); $sock = new sockets(); $EnableUfdbGuardArtica = $sock->EnableUfdbGuardArtica(); unlock_events("EnableUfdbGuardArtica={$EnableUfdbGuardArtica}"); $Count = $q->COUNT_ROWS("ufdbunlock"); if ($Count == 0) { if ($GLOBALS["VERBOSE"]) { echo "ufdbunlock = 0 rows\n"; } unlock_events("ufdbunlock = 0 rows"); if (is_file($dbfile)) { @unlink($dbfile); if ($EnableUfdbGuardArtica == 0) { if ($GLOBALS["FORCE"]) { squid_admin_mysql(2, "Reconfigure Proxy service in order to release blocked {$_GET["reconfigure-unlock"]} website(s)", null, __FILE__, __LINE__); unlock_events("/etc/init.d/squid reload --script=exec.ufdb.queue.release.php"); system("/etc/init.d/squid reload --script=exec.ufdb.queue.release.php/" . __LINE__); return; } } unlock_ufdbguard_artica(); return; } die; } if ($EnableUfdbGuardArtica == 1) { unlock_ufdbguard_artica(); return; } $q->QUERY_SQL("DELETE FROM ufdbunlock WHERE finaltime <" . time()); $Count2 = $q->COUNT_ROWS("ufdbunlock"); if ($Count == $Count2) { if ($Count2 == 0) { @unlink($dbfile); } if ($GLOBALS["VERBOSE"]) { echo "***** NOTHING ******\n"; } if ($GLOBALS["FORCE"]) { squid_admin_mysql(2, "Reconfigure Proxy service in order to release blocked {$_GET["reconfigure-unlock"]} website(s)", null, __FILE__, __LINE__); system("/etc/init.d/squid reload --script=exec.ufdb.queue.release.php/" . __LINE__); } return; } $count3 = $Count - $Count2; $unix = new unix(); $squid = $unix->LOCATE_SQUID_BIN(); squid_admin_mysql(2, "Reconfigure Proxy service in order to re-block blocked {$count3} websites", null, __FILE__, __LINE__); system("/etc/init.d/squid reload --script=exec.ufdb.queue.release.php/" . __LINE__); $sock = new sockets(); $EnableTransparent27 = intval($sock->GET_INFO("EnableTransparent27")); if ($EnableTransparent27 == 1) { system("/etc/init.d/squid-nat reload --script=" . basename(__FILE__)); } }
function build() { $sock = new sockets(); $unix = new unix(); $ini = new Bs_IniHandler(); $IPADDRSSL = array(); $IPADDRSSL2 = array(); $ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters'); $visible_hostname = $ini->_params["NETWORK"]["visible_hostname"]; if ($visible_hostname == null) { $visible_hostname = $unix->hostname_g(); } $SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr"); $AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid"); if (!is_numeric($AllowAllNetworksInSquid)) { $AllowAllNetworksInSquid = 1; } $ini->loadString($ArticaSquidParameters); NETWORK_ALL_INTERFACES(); $LISTEN_PORT = intval($ini->_params["NETWORK"]["LISTEN_PORT"]); $ICP_PORT = intval(trim($ini->_params["NETWORK"]["ICP_PORT"])); $certificate_center = $ini->_params["NETWORK"]["certificate_center"]; $SSL_BUMP = intval($ini->_params["NETWORK"]["SSL_BUMP"]); $LogsWarninStop = intval($sock->GET_INFO("LogsWarninStop")); $ssl = false; if ($ICP_PORT == 0) { $ICP_PORT = 3130; } if ($LISTEN_PORT == 0) { $LISTEN_PORT = 3128; } $squid = new squidbee(); $q = new mysql_squid_builder(); $IPADDRS = array(); if ($SquidBinIpaddr != null) { if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$SquidBinIpaddr])) { $SquidBinIpaddr = null; } else { $IPADDRS[$SquidBinIpaddr] = $LISTEN_PORT; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$SquidBinIpaddr}\n"; } } } if ($SSL_BUMP == 1) { $ssl = true; $ssl_port = $squid->get_ssl_port(); } if ($SquidBinIpaddr == null) { reset($GLOBALS["NETWORK_ALL_INTERFACES"]); while (list($ipaddr, $val) = each($GLOBALS["NETWORK_ALL_INTERFACES"])) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$ipaddr}:{$LISTEN_PORT}\n"; } $IPADDRS[$ipaddr] = $LISTEN_PORT; $IPADDRSSL[$ipaddr] = $ssl_port; } } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} visible hostname........: {$visible_hostname}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} AllowAllNetworksInSquid.: {$AllowAllNetworksInSquid}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} ICP Port................: {$ICP_PORT}\n"; } if ($ssl) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} SSL Intercept...........: Yes - {$ssl_port}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate_center}\n"; } $MAINSSL = $squid->SaveCertificate($certificate_center, false, false, false, true); $f[] = $MAINSSL[0]; $certificate = $MAINSSL[1]["certificate"]; $key = $MAINSSL[1]["key"]; if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate}\n"; } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Key.....................: {$key}\n"; } } $sql = "SELECT * FROM proxy_ports WHERE enabled=1 and transparent=1"; $results = $q->QUERY_SQL($sql); $f[] = "# --------- proxy_ports enabled=1 and transparent=1 -> " . mysql_num_rows($results) . " ports"; while ($ligne = mysql_fetch_assoc($results)) { $ipaddr = $ligne["ipaddr"]; $xport = $ligne["port"]; $transparent_text = null; if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$ipaddr])) { $f[] = "# --------- table proxy_ports {$ipaddr}:{$xport} -> Hardware Error [" . __LINE__ . "]\n"; $f[] = "# --------- http {$ipaddr} -> Hardware Error [" . __LINE__ . "]\n"; continue; } if ($ssl) { $IPADDRSSL[$ipaddr] = $ssl_port; } $IPADDRS[$ipaddr] = $xport; } $transparent = " transparent"; while (list($ipaddr, $xport) = each($IPADDRSSL)) { $IPADDRSSL2["{$ipaddr}:{$xport}"] = true; } while (list($ipaddr, $xport) = each($IPADDRS)) { $IPADDRS2["{$ipaddr}:{$xport}"] = true; } while (list($ipaddr, $none) = each($IPADDRS2)) { $f[] = "http_port {$ipaddr}{$transparent}"; } if ($ssl) { $f[] = "# --------- https -> " . count($IPADDRSSL2) . " addresses"; while (list($ipaddr, $none) = each($IPADDRSSL2)) { $f[] = "https_port {$ipaddr} transparent cert={$certificate} key={$key}"; } } if ($AllowAllNetworksInSquid == 1) { $f[] = "acl localnet src all"; } if ($AllowAllNetworksInSquid == 0) { $k = array(); $NetworkScannerMasks = $sock->GET_INFO('NetworkScannerMasks'); $tbl = explode("\n", $NetworkScannerMasks); if (is_array($tbl)) { while (list($num, $cidr) = each($tbl)) { if (trim($cidr) == null) { continue; } $k[$cidr] = $cidr; } } if (count($this->network_array) > 0) { while (list($num, $val) = each($this->network_array)) { if ($val == null) { continue; } $k[$val] = $val; } } if (count($k == 0)) { $f[] = "acl localnet src all"; } if (count($k > 0)) { while (list($m, $l) = each($k)) { $s[] = $l; } $f[] = "acl localnet src " . implode(" ", $s); } } if ($ssl) { } $f[] = "acl all src all"; $f[] = "acl manager proto cache_object"; $f[] = "acl localhost src 127.0.0.1/32"; $f[] = "acl to_localhost dst 127.0.0.0/8 0.0.0.0/32"; $f[] = "acl SSL_ports port \"/etc/squid3/acls/SSLPorts\""; $f[] = "acl Safe_ports port 80\t\t# http"; $f[] = "acl Safe_ports port 21\t\t# ftp"; $f[] = "acl Safe_ports port 443\t\t# https"; $f[] = "acl Safe_ports port 70\t\t# gopher"; $f[] = "acl Safe_ports port 210\t\t# wais"; $f[] = "acl Safe_ports port 1025-65535\t# unregistered ports"; $f[] = "acl Safe_ports port 280\t\t# http-mgmt"; $f[] = "acl Safe_ports port 488\t\t# gss-http"; $f[] = "acl Safe_ports port 591\t\t# filemaker"; $f[] = "acl Safe_ports port 777\t\t# multiling http"; $f[] = "acl CONNECT method CONNECT"; $f[] = ""; $f[] = ""; if ($sock->EnableUfdbGuard() == 1) { $f[] = ufdbguard27(); $EnableUfdbGuardArtica = $sock->EnableUfdbGuardArtica(); if (!is_file("/etc/squid3/acls/office365-nets.acl")) { @touch("/etc/squid3/acls/office365-nets.acl"); } if (!is_file("/etc/squid3/acls/office365-domains.acl")) { @touch("/etc/squid3/acls/office365-domains.acl"); } if (!is_file("/etc/squid3/acls/skype-nets.acl")) { @touch("/etc/squid3/acls/skype-nets.acl"); } if (!is_file("/etc/squid3/acls/dropbox-nets.acl")) { @touch("/etc/squid3/acls/dropbox-nets.acl"); } $f[] = "acl squidclient proto cache_object"; $f[] = "acl MgRDest dst 127.0.0.1"; $f[] = "acl MgRPort dst 127.0.0.1"; $f[] = "acl MyTestPort src 127.0.0.1"; $f[] = "acl MyLocalIpsDest dst 127.0.0.1"; $f[] = "acl ToArticaWWW dstdomain .artica.fr .articatech.net .articatech.com"; if ($EnableUfdbGuardArtica == 0) { $f[] = "acl UrlRewriteDenyList dstdomain \"/etc/squid3/url_rewrite_program.deny.db\""; } $f[] = "acl ArticaMetaWhiteDoms dstdomain \"/etc/squid3/artica-meta/whitelist-domains.db\""; $f[] = "acl ArticaMetaWhiteIPs dst \"/etc/squid3/artica-meta/whitelist-nets.db\""; $f[] = "acl BrowsersNoWebF browser -i \"/etc/squid3/acls/Browsers-nofilter.acl\""; $f[] = "acl whitelisted_mac_computers arp \"/etc/squid3/whitelisted-computers-by-mac.acl\""; $f[] = "acl office365_ips dst \"/etc/squid3/acls/office365-nets.acl\""; $f[] = "acl office365_www dstdomain \"/etc/squid3/acls/office365-domains.acl\""; $f[] = "acl skype_www dstdomain .live.com .skypeassets.com"; $f[] = "acl skype_ips dst \"/etc/squid3/acls/skype-nets.acl\""; $f[] = "acl dropbox_ips dst \"/etc/squid3/acls/dropbox-nets.acl\""; $f[] = "acl dropbox_www dstdomain .dropbox.com"; $f[] = @file_get_contents("/etc/squid3/url_rewrite_access.conf"); } $f[] = "http_access allow manager localhost"; $f[] = "http_access deny manager"; $f[] = "http_access deny !Safe_ports"; $f[] = "http_access deny CONNECT !SSL_ports"; $f[] = "http_access allow localnet"; $f[] = "http_access deny all"; $f[] = "icp_access allow localnet"; $f[] = "icp_access deny all"; $f[] = "cache_peer 127.0.0.1\tparent\t{$LISTEN_PORT}\t3130\tdefault"; $f[] = "never_direct allow all"; $f[] = "cache_mem 64 MB"; $f[] = "maximum_object_size_in_memory 256 KB"; $f[] = "memory_replacement_policy lru"; $LOGFORMAT[] = "%>a"; $LOGFORMAT[] = "%[ui"; $LOGFORMAT[] = "%[un"; $LOGFORMAT[] = "[%tl]"; $LOGFORMAT[] = "\"%rm %ru HTTP/%rv\""; $LOGFORMAT[] = "%Hs"; $LOGFORMAT[] = "%<st"; $LOGFORMAT[] = "%Ss:"; $LOGFORMAT[] = "%Sh"; $LOGFORMAT[] = "UserAgent:\"%{User-Agent}>h\""; $LOGFORMAT[] = "Forwarded:\"%{X-Forwarded-For}>h\""; $f[] = "logformat common MAC:00:00:00:00:00:00 " . @implode(" ", $LOGFORMAT); $f[] = "access_log none"; $f[] = "cache_store_log none"; if ($LogsWarninStop == 0) { $f[] = "logfile_rotate 10"; } if ($LogsWarninStop == 1) { $f[] = "logfile_rotate 0"; } $f[] = "# emulate_httpd_log off"; $f[] = "log_ip_on_direct on"; $f[] = "mime_table /etc/squid27/mime.conf"; $f[] = "# log_mime_hdrs off"; $f[] = "pid_filename /var/run/squid/squid-nat.pid"; $f[] = "debug_options ALL,1"; $f[] = "log_fqdn on"; $f[] = "client_netmask 255.255.255.255"; $f[] = "strip_query_terms off"; $f[] = "buffered_logs on"; $f[] = "netdb_filename /var/log/squid/netdb_nat.state"; if ($LogsWarninStop == 0) { $f[] = "cache_log /var/log/squid/cache-nat.log"; } if ($LogsWarninStop == 1) { $f[] = "cache_log /dev/null"; } $f[] = "#url_rewrite_program"; $f[] = "# url_rewrite_children 5"; $f[] = "# url_rewrite_concurrency 0"; $f[] = "# url_rewrite_host_header on"; $f[] = "refresh_pattern .\t\t0\t20%\t4320"; $f[] = "cache_effective_user squid"; $f[] = "cache_effective_group squid"; $f[] = "httpd_suppress_version_string on"; $f[] = "visible_hostname {$visible_hostname}"; $f[] = "cache_dir null /tmp"; $f[] = "# icon_directory /usr/share/squid27/icons"; $f[] = "# error_directory /usr/share/squid27/errors/English"; $f[] = "forwarded_for on"; $f[] = "client_db on"; $f[] = ""; CheckFilesAndSecurity(); @file_put_contents("/etc/squid27/squid.conf", @implode("\n", $f)); if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid27/squid.conf done\n"; } }