Custom webgui to configure SquidGuard



  • Hi,

    I am looking for a way to write a custom WebGUI to configure Squidguard in pfSense. I couldn't find any further work in this direction - even found recommendations not to do it (see topic http://forum.pfsense.org/index.php?topic=12823.0 )

    Background:
    I work at a school. There are students and teachers, and there are rooms. All computer in the rooms access internet of a pfSense router.
    I want that a teacher in a given room has a simple possibility to (a) completely block the internet access (b) allow a default access to the internet (i.e. no porn, violence aso) or © limit the internet access to a few web sites, as required for his/her course.
    Because of the simple, and because I want the authentification for this custom access to be disctinct from the pfSense one, I currently only see the possibility of a custom page.

    What I would like to understand:

    • does pfSense in anyway cache the squidGuard configuration? what would happen if I modify the /usr/local/etc/squidGuard/squidGuard.conf directly? would it screw pfSense or squidGuard?

    • If the previous answer is "you'll screw it all"  :-[ , where should I plug into pfSense so as to configure SquidGuard? are the functions in squidguard.inc and squidguard_configurator.inc the right ones?[/li]

    • and then, how is it with authentification? I've the impression that a system login takes place with the webgui login (the admin account is also updated in the system). If I don't do the admin login for pfSense, how can I get the scripts, with all system calls, to work properly?

    • What is the file /usr/local/etc/squidGuard/squidGuard_conf.xml ? is it, as said in the post mentionned above, for backup only?



  • What I would like to understand:

    does pfSense in anyway cache the squidGuard configuration? what would happen if I modify the /usr/local/etc/squidGuard/squidGuard.conf directly? would it screw pfSense or squidGuard?
    If the previous answer is "you'll screw it all"   , where should I plug into pfSense so as to configure SquidGuard? are the functions in squidguard.inc and squidguard_configurator.inc the right ones?
    and then, how is it with authentification? I've the impression that a system login takes place with the webgui login (the admin account is also updated in the system). If I don't do the admin login for pfSense, how can I get the scripts, with all system calls, to work properly?
    What is the file /usr/local/etc/squidGuard/squidGuard_conf.xml ? is it, as said in the post mentionned above, for backup only?

    For you self squidGuard configuration you can change files 'squidguard.inc/squadguard_configurator.inc'.
    You can't change squidguard.conf - this file rewrite by system.
    You can't now delegate to you users access to selected pages WebGUI - it's will come in pfSense 2.0
    File /usr/local/etc/squidGuard/squidGuard_conf.xml  for debug only. Nothing read from this file - only write last config state.

    Also you can configure squid auth by users; SG can be configured for filter each user.



  • Hi,

    thanks for the quick answer.

    @dvserg:

    For you self squidGuard configuration you can change files 'squidguard.inc/squadguard_configurator.inc'.
    You can't change squidguard.conf - this file rewrite by system.

    My curiosity: when is it overwritten? by which process? with information taken from where? (from there: /usr/local/etc/squid/squidGuard.conf ?)

    @dvserg:

    Also you can configure squid auth by users and SG also can be configured for filter each user.

    I don't understand this. Do you mean that I can configure sg with user-specific rules (with e.g. ldap identification)? Or is this an hint to a way I can have other users log in to configure sg? Can you explain?

    thanks again,

    Jean-Marie.



  • @jeanmarieclement:

    Hi,

    thanks for the quick answer.

    @dvserg:

    For you self squidGuard configuration you can change files 'squidguard.inc/squadguard_configurator.inc'.
    You can't change squidguard.conf - this file rewrite by system.

    My curiosity: when is it overwritten? by which process? with information taken from where? (from there: /usr/local/etc/squid/squidGuard.conf ?)

    /conf/config.xml

    @dvserg:

    @dvserg:

    Also you can configure squid auth by users and SG also can be configured for filter each user.

    I don't understand this. Do you mean that I can configure sg with user-specific rules (with e.g. ldap identification)? Or is this an hint to a way I can have other users log in to configure sg? Can you explain?

    I'm mean what in SG possible define filter for 'username' too. Auth method defined by squid.
    Other users can't configure sg - this is come in pfSense 2.0.



  • Hi,

    well, it looks not so easy to reach my goals…

    Possibility 1: i directly modify the /conf/config.xml, and trigger an update (how, by the way?) (how safe is this?)
    Possibility 2: i use the scripts squidguard.inc and squidguard_configurator.inc to modify the sg configuration.
    Possibility 3: i take the SquidGuard package out of pfSense, have it run distinctly from pfSense, and directly configure sg through the squidguard.conf file or through 3rd party tools, if any.

    In all 3 cases, I have to manage user rights on myself.

    Is this right? Can anyone comment on the 3 possibilities?

    Is there an estimation on when pfSense 2 will be released?

    Thanks in advance,

    Jean-Marie.



  • Possibility 1: i directly modify the /conf/config.xml, and trigger an update (how, by the way?) (how safe is this?)
    Yes
    Look packages 'inc' files for example - $config global value

    Possibility 2: i use the scripts squidguard.inc and squidguard_configurator.inc to modify the sg configuration.

    if (file_exists(/usr/local/pkg/squidguard.inc)) {
    require_once('squidguard.inc');
    squidguard_resync();
    }
    

    Possibility 3: i take the SquidGuard package out of pfSense, have it run distinctly from pfSense, and directly configure sg through the squidguard.conf file or through 3rd party tools, if any.
    Hm..
    You can write self php code 'mysgconf.php', put them to /usr/local/www and call
    h..p://pfsense/mysgconf.php
    how configure - pls look pt.2


Locked