What to know:
Squid caches and breaks clients encryption in MITM style. After clients request he establishes conections to both server and client. To the server he impersonates a client and checks servers certificates. Dismissed Server certs will be reported to the real client. To the client he acts like a server. After a succeful check real servers cert he generates on the fly a new cert signed by his own root CA and delivered to the real client. Squids own root CA cert must be imported to your real clients browsers as trusted root CA cert.
There are a lot descriptions available, i will not retype them. But here are some hints for problems i stumbled upon:
Root CA cert creation
Use your companys real name as common name.
Check your servers openssl cipher set
Sometimes your default openssl installation does not support ECDH cipers. You will need them.
Some Hints
HTTPS:
squidclamav works proper on sslBumped traffic.
You can’t filter for URLpath stuff with squid alone even you have had sslBumped the traffic cs details will be tunneled via CONNECT protocol from client to server. In result you will need some kind of redirector or c-icap or ecap capable software who handles this CONNECT tunnel stuff for you. I’ve tried a lot of stuff, but either they were payware or they were no longer under development. I’ve ended up with old school squidGuard. You have to know, that first filters squid via its own ruleset and then squidGuard as the second filter instance.
There were three major problems with squidguard:
1.:
If he handles sslBumped https traffic (what means breaking the CONNECT tunnel) and filters someting based upon the domain part of an URL, he will not proper redirect to your error/info-cgi.
2.:
The squidGuard configuration files does not know any include functionality.
3.:
You cant quote the ‘#’ character in rulesets. That’s bad for filtering URL’s like icloud/#mail
The first Problem you can solve the following way: Use both the squid AND the squidGuard filtering opportunities. In first stage filter domain/hostname stuff only using squids own mechanism, in second stage use squidGuard for filtering stuff embedded in urlPATHES only.
Using Shalla
Shalla lists are great, but you have to process them for been used foe squid: They contain a lot of subdomain duplicates you will have to be removed automatically.
Don’t forget to ask the shalla girls and guys for a license.
squidClamav
ClamAV does not reside on the same machine.
My configuration:
squid.conf:
# Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl SSL_ports port 9001 # RadioPAD acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT #acl Safe_ports port 9001 # RadioPAD # METHODS acl PURGE method PURGE acl CONNECT method CONNECT # # AUTH # auth_param basic program /usr/libexec/squid/basic_radius_auth -f /etc/squid/basic_radius_auth.conf auth_param basic children 50 auth_param basic realm Your friendly proxy server auth_param basic credentialsttl 5 hours auth_param basic casesensitive on # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # AXXELZ CRAP #debug_options ALL,1 11,3 20,3 dns_v4_first on tcp_outgoing_address 0.0.0.0 all forwarded_for delete strip_query_terms on ftp_user anonymous@yourcompany.com visible_hostname YOURSQUID max_filedescriptors 64000 # TO PREVENT STALL #connect_timeout 5 minutes # INCREASE FOR WETRANSFER UPLOADS #request_timeout 5 minutes # INCREASE FOR WETRANSFER UPLOADS #pconn_timeout 5 minutes #persistent_request_timeout 5 minutes # AXXELZ END # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user http_access deny to_localhost ########################################################################################################################## # ACL HIVE ############################################################################################################### ########################################################################################################################## # USERS acl users_all proxy_auth REQUIRED acl users_admins proxy_auth "/etc/squid/db/users.ADMINS" acl users_flash proxy_auth "/etc/squid/db/users.flash" acl proto_ftp port 21 acl sites_noBump ssl::server_name_regex "/etc/squid/db/sites.ssl.noBump.server_name_regex" acl sites_ignoreCertError dstdomain -i "/etc/squid/db/sites.ssl.ignoreCertError.dstdomain" acl sites_noCache dstdom_regex -i "/etc/squid/db/sites.noCache.dstdom_regex" acl intraservers dst 192.168.100.0/24 acl sites_wl_ftp dstdomain -i "/etc/squid/db/sites.wl.ftp.dstdomain" # CPT. FLASH acl type_flash rep_mime_type video/flv acl type_flash rep_mime_type application/x-shockwave-flash # BLACKLISTED acl sites_bl_absolute_dstdomain dstdomain -i "/etc/squid/db/sites.bl.absolute.dstdomain" acl sites_bl_dstdomain dstdomain -i "/etc/squid/db/sites.bl.dstdomain" acl sites_bl_dstdom_regex dstdom_regex -i "/etc/squid/db/sites.bl.dstdom_regex" acl sites_bl_url_regex url_regex -i "/etc/squid/db/sites.bl.url_regex" acl sites_bl_urlpath_regex urlpath_regex -i "/etc/squid/db/sites.bl.urlpath_regex" # WHITELISTED acl sites_wl_dstdomain dstdomain -i "/etc/squid/db/sites.wl.dstdomain" ############################################################################################################################ # ACL HIVE END ############################################################################################################# ############################################################################################################################ ############################################################################################################################ # ACCESS RULES ############################################################################################################# ############################################################################################################################ # ATTENTION: READ CAREFULLY # FIRST BLOCKS SQUIDS OWN http_access MECHANISM # THEN BLOCKS SQUIDGUARD # HTTPS URLPATH REGEX STUFF WILL NOT BE BLOCKED BY SQUID ---> USE SQUIDGUARD FOR THIS # ATTENTION2: REGEX PATTERNS IN DOMAINS CATCHED BY SQUIDGUARD WILL CAUSE A SQUIDGUARD-REDIRECT-CERT-FUCKUP ---> CATCH DOMAIN REGEX PATTERNS IN SQUID FIRST # BEST USE: BLOCK ALL REGEX DOMAIN STUFF IN SQUID + BLOCK ALL URLPATH STUFF IN SQUIDGUARD # PREPARING THE BATTLEFIELD always_direct allow all http_access allow intraservers http_access allow sites_wl_ftp http_access deny sites_bl_absolute_dstdomain deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=sites_bl_absolute_dstdomain&app=Squid&url=%u sites_bl_absolute_dstdomain http_access allow PURGE localhost http_access deny PURGE # ALLOW SOME FOR THE GOOD GUYS # FEEL FREE TO ADD GOOD GUY GROUPS FOR SOLVING SPECIAL CASES http_access allow users_admins http_reply_access allow users_flash type_flash http_access allow users_flash type_flash # WHITELISTING http_access allow sites_wl_dstdomain # WHITELIST SPECIAL include "/etc/squid/sites_wl_special.include" # DENY FOR ALL THE OTHER GUYS include "/etc/squid/shalla.include" http_access deny sites_bl_dstdomain deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=sites_bl_dstdomain&app=Squid&url=%u sites_bl_dstdomain http_access deny sites_bl_dstdom_regex deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=sites_bl_dstdom_regex&app=Squid&url=%u sites_bl_dstdom_regex http_access deny sites_bl_url_regex deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=sites_bl_url_regex&app=Squid&url=%u sites_bl_url_regex http_access deny sites_bl_urlpath_regex deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=sites_bl_urlpath_regex&app=Squid&url=%u sites_bl_urlpath_regex #http_access deny sites_bl_dstdomain #http_access deny sites_bl_dstdom_regex #http_access deny sites_bl_url_regex #http_access deny sites_bl_urlpath_regex #http_reply_access deny type_flash # THE LAST FRONTIER http_access deny proto_ftp deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=proto_ftp&app=Squid&url=%u proto_ftp http_reply_access deny type_flash http_access deny type_flash deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=type_flash&app=Squid&url=%u type_flash http_access allow all http_access deny all http_access allow all http_access deny all ############################################################################################################################ # ACCESS RULES END ######################################################################################################### ############################################################################################################################ ############################################################################################################################ # MAIN STUFF # CACHE DIRECTIVES cache deny sites_noCache # LISTENING TO #http_port 127.0.0.1:8082 transparent http_port 127.0.0.1:8080 ssl-bump generate-host-certificates=on options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl_cert/proxy.de.cert key=/etc/squid/ssl_cert/proxy.de.private cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS #https_port 127.0.0.1:8082 intercept ssl-bump generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl_cert/proxy.de.cert key=/etc/squid/ssl_cert/proxy.de.private #ftp_port 127.0.0.1:8083 transparent # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /var/cache/squid 1024 16 256 # Leave coredumps in the first cache dir coredump_dir /var/cache/squid # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # ICAP STUFF # CLAMAV icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all # REDIRECT STUFF # SQUIDGUARD # url_rewrite_program # IS UNUSED redirect_program /usr/bin/squidGuard -c /etc/squidGuard/squidGuard.conf #redirect_children 8 #redirector_bypass off # SSL STUFF sslcrtd_program /usr/libexec/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB sslcrtd_children 32 startup=1 idle=1 sslproxy_cipher HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE sslproxy_cert_error allow intraservers sslproxy_cert_error allow sites_ignoreCertError ssl_bump splice sites_noBump ssl_bump terminate sites_bl_urlpath_regex ssl_bump server-first all ssl_bump bump all ####### # END #
shalla.include:
# SHALLA INCLUDE FILE # DO NOT EDIT BY HAND # Tue Jun 6 00:00:17 CEST 2017 # sites_bl_shalla_aggressive_dstdomain acl sites_bl_shalla_aggressive_dstdomain dstdomain "/etc/squid/db/shalla/aggressive.dstdom" http_access deny sites_bl_shalla_aggressive_dstdomain deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=sites_bl_shalla_aggressive_dstdomain&app=Squid&url=%u sites_bl_shalla_aggressive_dstdomain # sites_bl_shalla_gamble_dstdomain acl sites_bl_shalla_gamble_dstdomain dstdomain "/etc/squid/db/shalla/gamble.dstdom" http_access deny sites_bl_shalla_gamble_dstdomain deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=sites_bl_shalla_gamble_dstdomain&app=Squid&url=%u sites_bl_shalla_gamble_dstdomain ... # sites_bl_shalla_violence_dstdomain acl sites_bl_shalla_violence_dstdomain dstdomain "/etc/squid/db/shalla/violence.dstdom" http_access deny sites_bl_shalla_violence_dstdomain deny_info http://proxy.intranet/cgi-bin/squidGuard.cgi?targetgroup=sites_bl_shalla_violence_dstdomain&app=Squid&url=%u sites_bl_shalla_violence_dstdomain # END #
squidclamav.conf
#----------------------------------------------------------------------------- # SquidClamav v6.1 default configuration file # # To know to customize your configuration file, see squidclamav manpage # or go to http://squidclamav.darold.net/ # #----------------------------------------------------------------------------- # # Global configuration # # Maximum size of a file that may be scanned. Any file bigger that this value # will not be scanned. maxsize 5000000 # When a virus is found then redirect the user to this URL #redirect http://proxy.domain.dom/cgi-bin/clwarn.cgi redirect http://proxy.intranet/cgi-bin/virusWarn.cgi # Path to the squiGuard binary if you want URL filtering, note that you'd better # use the squid configuration directive 'url_rewrite_program' instead. #squidguard /usr/local/squidGuard/bin/squidGuard # Path to the clamd socket, use clamd_local if you use Unix socket or if clamd # is listening on an Inet socket, comment clamd_local and set the clamd_ip and # clamd_port to the corresponding value. #clamd_local /var/run/clamav/clamd.sock clamd_ip 192.168.100.8 clamd_port 3310 # Set the timeout for clamd connection. Default is 1 second, this is a good # value but if you have slow service you can increase up to 3. timeout 1 # Force SquidClamav to log all virus detection or squiguard block redirection # to the c-icap log file. logredir 1 # Enable / disable DNS lookup of client ip address. Default is enabled '1' to # preserve backward compatibility but you must desactivate this feature if you # don't use trustclient with hostname in the regexp or if you don't have a DNS # on your network. Disabling it will also speed up squidclamav. dnslookup 1 # # Here is some defaut regex pattern to have a high speed proxy on system # with low resources. # # Do not scan images #abort ^.*\.(ico|gif|png|jpg)$ #abortcontent ^image\/.*$ # Do not scan text files #abort ^.*\.(css|xml|xsl|js|html|jsp)$ #abortcontent ^text\/.*$ #abortcontent ^application\/x-javascript$ # Do not scan streamed videos #abortcontent ^video\/x-flv$ #abortcontent ^video\/mp4$ # Do not scan flash files #abort ^.*\.swf$ #abortcontent ^application\/x-shockwave-flash$ # Do not scan sequence of framed Microsoft Media Server (MMS) data packets #abortcontent ^.*application\/x-mms-framed.*$ # White list some sites #whitelist .*\.clamav.net # See also 'trustuser' and 'trustclient' configuration directives # # Here is some defaut regex pattern to have a high speed proxy on system # with low resources. # # Abort AV scan, but not chained program #abort \.google\.* #abort \.youtube\.com #abort \.googlevideo\.com #abort \.ytimg\.com #abort \.yimg\.com # Do not scan images #abort ^.*\.([j|J][p|P][?:[e|E]?[g|G]|gif|png|bmp|ico|svg|web[p|m]) #abortcontent ^image\/.*$ # Do not scan text files #abort ^.*\.((cs|d?|m?|p?|r?|s?|w?|x?|z?)h?t?m?(l?)|php[3|5]?|rss|atom|vr(t|ml)|(c|x|j)s[s|t|px]?) #abortcontent ^text\/.*$ #abortcontent ^application\/x-javascript$ #abortcontent ^application\/javascript$ #abortcontent ^application\/json$ # Do not scan fonts #abort ^.*\.(ttf|eot|woff2?) #abortcontent ^font\/.*$ #abortcontent ^application\/x-woff$ #abortcontent ^application\/font-woff2?$ #abortcontent ^application\/x-font-ttf$ # Do not scan (streamed) videos and audios abort ^.*\.(flv|f4f|mp(3|4)) abortcontent ^video\/.*$ abortcontent ^audio\/.*$ abortcontent ^application\/mp4$ # Do not scan flash files #abort ^.*\.swfx? #abortcontent ^application\/x-shockwave-flash$ # Do not scan sequence of framed Microsoft Media Server (MMS) data packets #abortcontent ^.*application\/x-mms-framed.*$ # White list some sites # Abort both AV and chained program #whitelist clamav\.net #whitelist securiteinfo\.com #whitelist sanesecurity\.com #whitelist clamav\.bofhland\.org #whitelist threatcenter\.crdf\.fr #whitelist \.avast\.* #whitelist \.gdatasoftware\.com #whitelist \.emsisoft\.* #whitelist \.chilisecurity\.* #whitelist pcpitstop\.com #whitelist \.unthreat\.com #whitelist \.preventon\.com #whitelist lavasoft\.com #whitelist \.norton\.com #whitelist \.symantec\.com #whitelist \.symantecliveupdate\.com #whitelist \.kaspersky\.* #whitelist \.drweb\.* #whitelist \.mcafee\.com #whitelist \.fsecure\.com #whitelist \.f-secure\.com #whitelist \.esetnod32\.* #whitelist \.eset\.* #whitelist \.escanav\.com #whitelist \.360totalsecurity\.com #whitelist \.bitdefender\.com #whitelist pckeeper\.com #whitelist \.mysecuritycenter\.com #whitelist \.avira\.com #whitelist \.pandasecurity\.com #whitelist \.vipreantivirus\.com #whitelist \.quickheal\.com #whitelist \.trustport\.* #whitelist \.trustport-ru\.* #whitelist \.sophos\.com #whitelist \.spamfighter\.com #whitelist \.webroot\.com #whitelist \.k7computing\.com #whitelist \.charityantivirus\.com #whitelist \.avg\.com #whitelist \.trendmicro\.* #whitelist \.zonealarm\.com #whitelist \.comodo\.com #whitelist update\.microsoft\.com #whitelist update\.microsoft\.com\.akadns\.net #whitelist download\.windowsupdate\.com #whitelist download\.microsoft\.com #whitelist update\.microsoft\.com #whitelist \.oracle\.com #whitelist \.shallalist\.de #whitelist \.eicar\.org #whitelist opencsw\.org #whitelist wetransfer\.com #whitelist wetransfer\.net #whitelist amazonaws\.com whitelist shallalist\.de # See also 'trustuser' and 'trustclient' configuration directives # #trustuser thatsmeasauser
squidGuard.conf
logdir /var/log/squidGuard
dbhome /etc/squidGuard/db
dest whitesites {
domainlist whitesites_dom
# expressionlist whitesites_expr
# urllist whitesites_url
}
dest blockedsites {
# domainlist blockedsites_dom
expressionlist blockedsites_expr
urllist blockedsites_url
# THE LOG FILE blockedsites.log IS ALWAYS EMPTY
# INFOS APPEAR IN /var/log/squid/cache.log
log blockedsites.log
}
src admins {
userlist users_admin
}
# DO NOT CHANGE THIS LINE! NEVER!!!!
dest aggressive {
urllist /etc/squidGuard/db/shalla/aggressive.urls
}
dest gamble {
urllist /etc/squidGuard/db/shalla/gamble.urls
}
dest ringtones {
urllist /etc/squidGuard/db/shalla/ringtones.urls
}
dest warez {
urllist /etc/squidGuard/db/shalla/warez.urls
}
dest urlshortener {
urllist /etc/squidGuard/db/shalla/urlshortener.urls
}
dest chat {
urllist /etc/squidGuard/db/shalla/chat.urls
}
dest drugs {
urllist /etc/squidGuard/db/shalla/drugs.urls
}
dest spyware {
urllist /etc/squidGuard/db/shalla/spyware.urls
}
dest costtraps {
urllist /etc/squidGuard/db/shalla/costtraps.urls
}
dest porn {
urllist /etc/squidGuard/db/shalla/porn.urls
}
dest tracker {
urllist /etc/squidGuard/db/shalla/tracker.urls
}
dest webmail {
urllist /etc/squidGuard/db/shalla/webmail.urls
}
dest downloads {
urllist /etc/squidGuard/db/shalla/downloads.urls
}
dest remotecontrol {
urllist /etc/squidGuard/db/shalla/remotecontrol.urls
}
dest hobby_games-misc {
urllist /etc/squidGuard/db/shalla/hobby_games-misc.urls
}
dest hobby_games-online {
urllist /etc/squidGuard/db/shalla/hobby_games-online.urls
}
dest hacking {
urllist /etc/squidGuard/db/shalla/hacking.urls
}
dest dating {
urllist /etc/squidGuard/db/shalla/dating.urls
}
dest socialnet {
urllist /etc/squidGuard/db/shalla/socialnet.urls
}
dest anonvpn {
urllist /etc/squidGuard/db/shalla/anonvpn.urls
}
dest redirector {
urllist /etc/squidGuard/db/shalla/redirector.urls
}
dest violence {
urllist /etc/squidGuard/db/shalla/violence.urls
}
acl {
admins {
pass all
}
default {
pass whitesites !blockedsites !aggressive !gamble !ringtones !warez !urlshortener !chat !drugs !spyware !costtraps !porn !tracker !webmail !downloads !remotecontrol !hobby_games-misc !hobby_games-online !hacking !dating !socialnet !anonvpn !redirector !violence all
redirect http://proxy.intranet/cgi-bin/squidGuard.cgi?app=SquidGuard&clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
squidGuard.cgi:
use URI::Encode qw(uri_encode uri_decode);
$QUERY_STRING = $ENV{'QUERY_STRING'};
$DOCUMENT_ROOT = $ENV{'DOCUMENT_ROOT'};
# Email Adresse des Proxy Administrators:
my $PROXYEMAIL = "support\@mycompany.com";
my $PROXYWEB = "http://proxy.intranet";
open(DATA, "<$DOCUMENT_ROOT/css/mystyle.css");
#
#
$clientaddr = "";
$clientname = "";
$clientuser = "";
$clientgroup = "";
$targetgroup = "";
$app = "";
$url = "";
$time = time;
@day = ("Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday");
@month = ("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec");
while ($QUERY_STRING =~ /^\&?([^&=]+)=([^&=]*)(.*)/) {
$key = $1;
$value = $2;
$QUERY_STRING = $3;
if ($key =~ /^(clientaddr|clientname|clientuser|clientgroup|targetgroup|url|app)$/) {
eval "\$$key = \$value";
}
if ($QUERY_STRING =~ /^url=(.*)/) {
$url = $1;
$QUERY_STRING = "";
}
}
my $urldec = uri_decode($url);
if ($url =~ /\.(gif|jpg|jpeg|mpg|mpeg|avi|mov)$/i) {
print "Content-Type: image/gif\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime($time);
printf "Expires: %s, %02d-%s-%02d %02d:%02d:%02d GMT\n\n", $day[$wday],$mday,$month[$mon],$year,$hour,$min,$sec;
open(GIF, "$DOCUMENT_ROOT/images/blocked.gif");
while () {
print;
}
close(GIF)
} else {
print "Content-type: text/html\n";
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = gmtime($time);
printf "Expires: %s, %02d-%s-%02d %02d:%02d:%02d GMT\n\n", $day[$wday],$mday,$month[$mon],$year,$hour,$min,$sec;
print "\n";
print " \n";
print " Zugriff verweigert\n";
print " ";
while(){
print "$_";
};
print " ";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " Ende des Internets.\n";
print " \n";
# if ($clientuser ne "") { print "Hallo ".$clientuser."!\n"};
if ($urldec ne "") { print "Die URL ".$urldec." ist gesperrt.\n"};
if ($app ne "") { print "Geblockt durch ".$app.".\n"};
if ($targetgroup ne "") { print "Die blockierende Regel ist ".$targetgroup.".\n"};
print " ";
print " \n";
print "
\n";
print " \n";
print " \n";
print "\n";
}
exit 0;
mystyle.css:
div.bg {
background-image: url(http://proxy.intranet/pix/bg.jpg);
background-repeat: no-repeat;
background-attachment: fixed;
background-position: center;
background-size: cover;
height: 100vh;
color: white;
}
div.info {
background-color: rgba(255,0,0,0.2);
font-family: BENDER;
text-align: center;
#vertical-align: middle;
font-size: 2em;
position: absolute;
left: 10%;
top: 20%;
clear: both;
float: left;
border: 0px solid red;
border-radius: 3%;
box-shadow: 10px 10px 5px rgba(0, 0, 0, 0.3);
padding: 3%;
xtransform: rotate(-10deg);
}
div.logo {
background-color: rgba(255,255,255,0.2);
font-family: BENDER;
text-align: center;
#vertical-align: middle;
font-size: 1em;
position: relative;
right: 10px;
top: 10px;
height: 340px;
width: 73px;
clear: both;
float: right;
border: 0px solid red;
border-radius: 3%;
box-shadow: 10px 10px 5px rgba(0, 0, 0, 0.3);
#padding: 3%;
#transform: rotate(-10deg);
}
#logo_irmedia {
position: absolute;
top: 145px;
left: 5px;
right: 5px;
bottom: 5px;
background-image: url("http://proxy.intranet/pix/a_logo.jpg");
background-repeat: no-repeat;
background-size: contain;
}
#logo_bbr {
position: absolute;
top: 5px;
left: 5px;
right: 5px;
bottom: 5px;
background-image: url("http://proxy.intranet/pix/b_logo.png");
background-repeat: no-repeat;
background-size: contain;
}
#logo_tdy {
position: absolute;
top: 75px;
left: 5px;
right: 5px;
bottom: 5px;
background-image: url("http://proxy.intranet/pix/c_logo.png");
background-repeat: no-repeat;
background-size: contain;
}
span.header {
font-size: 3em;
font-weight: bold;
}
span.body {
font-size: 1em;
font-weight: bold;
}
span.element {
position: relative;
display: block;
color: red;
}
span.footer {
position: relative;
top: 25px;
font-weight: bold;
}
a {
color: white;
}
@font-face {
font-family: "BENDER";
src: url("http://proxy.intranet/fonts/HelveticaNeue.ttf");
}
virusWarn.cgi:
#!/usr/bin/perl
use strict;
use CGI;
my $DOCUMENT_ROOT = $ENV{'DOCUMENT_ROOT'};
my $VERSION = '6.8';
my $TITLE_VIRUS = "Virus Alarm";
my $cgi = new CGI;
my $url = CGI::escapeHTML($cgi->param('url')) || '';
my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
my $source = CGI::escapeHTML($cgi->param('source')) || '';
$source =~ s/\/-//;
my $user = CGI::escapeHTML($cgi->param('user')) || '';
my $subtitle = 'contains this virus:';
if ($virus =~ /Safebrowsing/) {
$TITLE_VIRUS = "Unsafe Browsing Alarm";
$subtitle = 'Safe Browsing message';
}
# Remove clamd infos
$virus =~ s/stream: //;
$virus =~ s/ FOUND//;
my $PROXYEMAIL = "support\@mycompany.com";
my $PROXYWEB = "http://proxy.intranet.de";
open(DATA, "header();
print "\n";
print " \n";
print " Virus gefunden\n";
#print "Expires: %s, %02d-%s-%02d %02d:%02d:%02d GMT\n\n", $day[$wday],$mday,$month[$mon],$year,$hour,$min,$sec;
print " ";
while(){
print "$_";
};
print " ";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " \n";
print " Virus gefunden!\n";
print " \n";
#if ($clientuser ne "") { print "Hallo ".$clientuser."!\n"};
if ($url ne "") { print "Die URL ".$url." ist infiziert.\n"};
if ($virus ne "") { print "".$virus.".\n"};
print " ";
print " \n";
print "
\n";
print " \n";
print " \n";
print "\n";
virusstyle.css:
div.bg {
background-image: url(http://proxy.intranet/pix/virus.jpg);
background-repeat: no-repeat;
background-attachment: fixed;
background-position: center;
background-size: cover;
xheight: 100vh;
height: 100%;
color: white;
}
div.info {
background-color: rgba(255,0,0,0.2);
font-family: BENDER;
text-align: center;
#vertical-align: middle;
font-size: 2em;
position: absolute;
left: 10%;
top: 10%;
clear: both;
float: left;
border: 0px solid red;
border-radius: 3%;
box-shadow: 10px 10px 5px rgba(0, 0, 0, 0.3);
padding: 3%;
xtransform: rotate(-10deg);
}
div.logo {
background-color: rgba(255,255,255,0.2);
font-family: BENDER;
text-align: center;
#vertical-align: middle;
font-size: 1em;
position: relative;
right: 10px;
top: 10px;
height: 340px;
width: 73px;
clear: both;
float: right;
border: 0px solid red;
border-radius: 3%;
box-shadow: 10px 10px 5px rgba(0, 0, 0, 0.3);
#padding: 3%;
#transform: rotate(-10deg);
}
#logo_irmedia {
position: absolute;
top: 145px;
left: 5px;
right: 5px;
bottom: 5px;
background-image: url("http://proxy.intranet/pix/a_logo.jpg");
background-repeat: no-repeat;
background-size: contain;
}
#logo_bbr {
position: absolute;
top: 5px;
left: 5px;
right: 5px;
bottom: 5px;
background-image: url("http://proxy.intranet/pix/b_logo.png");
background-repeat: no-repeat;
background-size: contain;
}
#logo_tdy {
position: absolute;
top: 75px;
left: 5px;
right: 5px;
bottom: 5px;
background-image: url("http://proxy.intranet/pix/c_logo.png");
background-repeat: no-repeat;
background-size: contain;
}
span.header {
font-size: 3em;
font-weight: bold;
}
span.body {
font-size: 1em;
font-weight: bold;
}
span.element {
position: relative;
display: block;
color: red;
}
span.footer {
position: relative;
top: 25px;
font-weight: bold;
}
a {
color: white;
}
@font-face {
font-family: "BENDER";
src: url("http://proxy.intranet/fonts/HelveticaNeue.ttf");
}
/etc/security/limits.conf
* soft nofile 94000 * hard nofile 94000 * hard nproc 64000 * soft nproc 64000 root soft nofile 94000 root hard nofile 94000
bytes and bones 