Proxy block page pointed to pfsense management port
-
Playing around with Squid Proxy and the SquidGuard package i decided to toy aorund with doing content control by blocking exe and pdf files.
On the https site i get the squidguard error message noting what was blocked and by what policy.Problem: To get this to work you have to have your Redirect mode pointed to your firewall in order for the page to be displayed. In my case its firewall.com:10443//sgerror.php?url=403&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
Port 10443 is the management port of the fireawll (I am using HA Proxy so cant use 443).
I dont know how to create another listening port just for squidguard so im left with either displaying a custom page noting why a user was blocked but opening up port 10443 to the entire LAN or dont use a SG error page.
Any ideas?
-
@jimp Would you happen to still have the code for your custom web page in this old Netgate video ? Around the 1hr mark is your custom external page. You did state you would make the code in the page available in turn notes..itβs been some time
https://youtu.be/OjQ4__0AGOE
-
I haven't used that setup in quite a long time so I have no idea if it would even still work, but here it is:
<?PHP /* Used in the March 2014 Hangout for pfSense Gold Members by ESF, LLC */ /* Most of this copied from sgerror.php in squidGuard */ $url = ''; $msg = ''; $cl = Array(); // squidGuard variables: %a %n %i %s %t %u $err_code = array(); $err_code[301] = "301 Moved Permanently"; $err_code[302] = "302 Found"; $err_code[303] = "303 See Other"; $err_code[305] = "305 Use Proxy"; $err_code[400] = "400 Bad Request"; $err_code[401] = "401 Unauthorized"; $err_code[402] = "402 Payment Required"; $err_code[403] = "403 Forbidden"; $err_code[404] = "404 Not Found"; $err_code[405] = "405 Method Not Allowed"; $err_code[406] = "406 Not Acceptable"; $err_code[407] = "407 Proxy Authentication Required"; $err_code[408] = "408 Request Time-out"; $err_code[409] = "409 Conflict"; $err_code[410] = "410 Gone"; $err_code[411] = "411 Length Required"; $err_code[412] = "412 Precondition Failed"; $err_code[413] = "413 Request Entity Too Large"; $err_code[414] = "414 Request-URI Too Large"; $err_code[415] = "415 Unsupported Media Type"; $err_code[416] = "416 Requested range not satisfiable"; $err_code[417] = "417 Expectation Failed"; $err_code[500] = "500 Internal Server Error"; $err_code[501] = "501 Not Implemented"; $err_code[502] = "502 Bad Gateway"; $err_code[503] = "503 Service Unavailable"; $err_code[504] = "504 Gateway Time-out"; $err_code[505] = "505 HTTP Version not supported"; if (count($_POST)) { $url = trim($_POST['url']); $msg = $_POST['msg']; $cl['a'] = $_POST['a']; $cl['n'] = $_POST['n']; $cl['i'] = $_POST['i']; $cl['s'] = $_POST['s']; $cl['t'] = $_POST['t']; $cl['u'] = $_POST['u']; } elseif (count($_GET)) { if (isset($_GET['url'])) $url = trim($_GET['url']); if (isset($_GET['msg'])) $msg = $_GET['msg']; $cl['a'] = $_GET['a']; $cl['n'] = $_GET['n']; $cl['i'] = $_GET['i']; $cl['s'] = $_GET['s']; $cl['t'] = $_GET['t']; $cl['u'] = $_GET['u']; } ?> <html> <head><title>You're fired!</title></head> <body> <center> We were monitoring that transaction! <h1>YOU'RE</h1> <h1>FIRED!!!</h1> <img src="blocked.gif"> <?PHP // Use this if you want the image inline for use with "ext url error page": //$gif_data = file_get_contents("blocked.gif"); //echo "<img alt=\"Embedded Image\" src=\"data:image/png;base64," . base64_encode($gif_data) . "\" />"; ?> <br/>© Universal Studios </center> <br/> <table width="50%" align="center"><tr><td> <?PHP if (count($_GET)) { $str[] = '<hr size="1" noshade>'; if ($cl['a']) $str[] = "<b> Client address: </b> {$cl['a']} <br>"; if ($cl['n']) $str[] = "<b> Client name: </b> {$cl['n']} <br>"; if ($cl['i']) $str[] = "<b> Client user: </b> {$cl['i']} <br>"; if ($cl['s']) $str[] = "<b> Client group: </b> {$cl['s']} <br>"; if ($cl['t']) $str[] = "<b> Target group: </b> {$cl['t']} <br>"; if ($cl['u']) $str[] = "<b> URL: </b> {$cl['u']} <br>"; $str[] = '<hr size="1" noshade>'; echo implode("\n", $str); } ?> </td></tr></table> </body> </html>The gif is too large to attach, but a copy can be found at https://i.imgur.com/CAecfuD.gif
-
@jimp I appreciate you.
Those old videos are great for content. I have this one deployment at a rural school. I can host an apache instance and i remember this squidguard video from a year ago where you could have a custom page for blocking. Your code works beautifully. Thanks again.edit: I love the GIF...but had to get rid of it :)
