NethServer 6

Changed default builtin rules state to respect the upgrade policy. On the next NethServer release we could change the default to enabled.

Test case 1

• Ensure no builtin substring is in /etc/squid/squidGuard.conf
• After upgrading to the modified version builtin must be there:

  --- squidGuard.conf    2015-11-19 15:18:14.413418281 +0000
  +++ /etc/squid/squidGuard.conf    2015-11-19 15:29:40.810435086 +0000
  @@ -272,6 +272,12 @@
         urllist /var/squidGuard/blacklists/models/urls
         logfile urlfilter.log
   }
  +dest builtin {
  +      domainlist /var/squidGuard/blacklists/custom/builtin/domains
  +      urllist /var/squidGuard/blacklists/custom/builtin/urls
  +      expressionlist /var/squidGuard/blacklists/custom/builtin/expressions
  +      logfile urlfilter.log
  +}
   dest webphone {
         domainlist /var/squidGuard/blacklists/webphone/domains
         urllist /var/squidGuard/blacklists/webphone/urls
  

• After enabling the builtin rules in the defaultl filter:

  --- squidGuard.conf    2015-11-19 15:18:14.413418281 +0000
  +++ /etc/squid/squidGuard.conf    2015-11-19 15:34:09.782427882 +0000
  @@ -272,6 +272,12 @@
         urllist /var/squidGuard/blacklists/models/urls
         logfile urlfilter.log
   }
  [...]
  
   acl {
       default {
  -        pass whitelist  !blacklist  !in-addr  all
  +        pass whitelist  !blacklist  !in-addr  !builtin  all
           redirect     http://192.168.122.94/cgi-bin/nethserver-block.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetgroup=%t&url=%u
       }
  

Test case 2

check the builtin rules are actually enforced. I checked the manual proxy configuration with curl.

• Rules disabled:

  curl -x http://<PROXYIP>:3128 http://www.google.com/p***y
  [404 response]
  

• Rules enabled:

      $ curl -x http://<PROXYIP>:3128 http://www.google.com/p***y
  <!DOCTYPE html PUBLIC "-//W3C//DTD  HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
  <html><head>
  <title>403 Forbidden</title>
  [...]
  Category&nbsp;<b> builtin</b><br>
  URL&nbsp;<b>http://www.google.com/p***y</b><br>
  <br>
  Origin: <b>192.168.122.1</b><hr><div style="float:right;">Powered by <a href="http://www.squidguard.org">SquidGuard</a></div></body></html>
  

In nethserver-testing
nethserver-squidguard-1.3.4-1.5.g7ed70ce.ns6.noarch.rpm

updated developer's manual

System and Package Version installed
Package Installed: nethserver-squidguard-1.3.4-1.5.g7ed70ce.ns6.noarch
Other Package installed: nethserver-squid-1.3.10-1.ns6.noarch

Test Original Problem
Add new builtin filter

Install Updated Package

yum --enablerepo=nethserver-testing update nethserver-squidguard

Test Results after update
After the update, the builtin filter is not enabled by default: OK.

After enabling it, the page is blocker:

echo "https://www.google.it/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=tits - - GET" | squidGuard -c /etc/squid/squidGuard.conf -d 

...
2015-11-19 17:03:50 [14979] Request(default/builtin/-) https://www.google.it/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=tits -/- - GET REDIRECT
http://192.168.5.246/cgi-bin/nethserver-block.cgi?clientaddr=-&clientname=&clientident=&srcclass=default&targetgroup=builtin&url=https://www.google.it/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=tits -/- - GET

Verified Or Reopen
Verified

Note
Administrator manual and inline help are missing.

In nethserver-updates:

nethserver-squidguard-1.4.0-1.ns6.noarch.rpm
nethserver-squidguard-1.4.1-1.ns6.noarch.rpm