Fix bugs in the code that generates the squidguard config file: 1) Comment out sources for disabled ACLs, or squidguard treats these sources as "always pass"! 2) In the acl block squidguard doesn't know log statements in the action block. (In the default case a log statement seems to be ok?) Volker Kuhlmann 03 Jun 2014, 05 Feb 2015, 10 Feb 2015, 29 Sep 2015 --- /usr/local/pkg/squidguard_configurator.inc.orig_5.1 2015-09-29 08:32:00.000000000 +1300 +++ /usr/local/pkg/squidguard_configurator.inc.orig_5.2 2015-09-29 08:38:33.000000000 +1300 @@ -900,11 +900,26 @@ } # --- Sources --- + #$sgconf[] = "# # src begin"; if ($squidguard_config[F_SOURCES]) { $temp_str = ''; foreach($squidguard_config[F_SOURCES][F_ITEM] as $src) { + # Don't write out the source if the ACL is disabled! Or comment it out. + # Squidguard 1.4 treats the source as "always pass" otherwise!! + $srclinepref = ""; + $srccomment = ""; + foreach($squidguard_config[F_ACLS][F_ITEM] as $acl) { + if ($acl[F_NAME] == $src[F_NAME]) { + if ($acl[F_DISABLED]) { + $srclinepref = "## "; + $srccomment = "Commented out because it makes SquidGuard pass all! +" . $srclinepref; + } + break; + } + } $sg_tag->clear(); - $sg_tag->set("src", $src[F_NAME], "", $src[F_DESCRIPTION]); + $sg_tag->set("src", $src[F_NAME], "", $srccomment . $src[F_DESCRIPTION], $srclinepref); # separate IP, domains, usernames if (strpos(trim($src[F_SOURCE]), 'ldapusersearch') === false) { @@ -934,6 +949,7 @@ $temp_str = !empty($temp_str) ? $temp_str : "Nothing."; sg_addlog("sg_create_config", "Add sources: $temp_str", SQUIDGUARD_INFO); } + #$sgconf[] = "# # src end"; # --- Blacklist --- # Note! Blacklist must be added to config permanently. It's need for rebuild DB now @@ -1076,9 +1092,13 @@ $temp_str = ''; $log_entr_added = ''; foreach($squidguard_config[F_ACLS][F_ITEM] as $acl) { - if (!$acl[F_DISABLED]) { + #if (!$acl[F_DISABLED]) { + $srclinepref = ""; + if ($acl[F_DISABLED]) { + $srclinepref = "## "; + } $sg_acltag = new TSgTag; - $sg_acltag->set($acl[F_NAME], "", $acl[F_TIMENAME], $acl[F_DESCRIPTION]); + $sg_acltag->set($acl[F_NAME], "", $acl[F_TIMENAME], $acl[F_DESCRIPTION], $srclinepref); # delete blacklist entries from 'pass' if blacklist disabled if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') { @@ -1102,10 +1122,11 @@ $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_REDIRECT], $acl[F_RMOD]); if ($acl[F_REWRITENAME]) $sg_acltag->items[] = "rewrite {$acl[F_REWRITENAME]}"; - if ($squidguard_config[F_ENABLELOG] == 'on' ) { - if ($acl[F_LOG]) - $sg_acltag->items[] = "log " . SQUIDGUARD_LOGFILE; - } + # Squidguard 1.4 doesn't allow a log statement here. + #if ($squidguard_config[F_ENABLELOG] == 'on' ) { + # if ($acl[F_LOG]) + # $sg_acltag->items[] = "log " . SQUIDGUARD_LOGFILE; + #} # overtime if ($acl[F_TIMENAME]) { @@ -1115,13 +1136,14 @@ $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_OVERREDIRECT], $acl[F_RMOD]); if ($acl[F_OVERREWRITENAME]) $sg_acltag->items[] = "rewrite {$acl[F_OVERREWRITENAME]}"; - if ($squidguard_config[F_ENABLELOG] == 'on' ) { - if ($acl[F_LOG]) - $sg_acltag->items[] = "log " . SQUIDGUARD_LOGFILE; - } + # Squidguard 1.4 doesn't allow a log statement here. + # if ($squidguard_config[F_ENABLELOG] == 'on' ) { + # if ($acl[F_LOG]) + # $sg_acltag->items[] = "log " . SQUIDGUARD_LOGFILE; + # } } $sg_tag->items[] = $sg_acltag; - } + #} $log_entr_added .= " {$acl[F_NAME]};"; } # log @@ -2447,6 +2469,7 @@ var $time; var $items; var $desc; + var $linepref; function __construct() { $this->clear(); @@ -2458,18 +2481,20 @@ $this->time = ''; $this->items = array(); $this->desc = ''; + $this->linepref = ''; } - function set($tag, $name, $time, $desc) { + function set($tag, $name, $time, $desc, $linepref = "") { $this->tag = $tag; $this->name = $name; $this->time = $time; $this->desc = $desc; + $this->linepref = $linepref; } function tag_text($offset = 0) { $str = array(); - $off = str_repeat("\t", $offset); + $off = $this->linepref . str_repeat("\t", $offset); $str[] = $off . "# {$this->desc}"; if (empty($this->time))