EFW Support

Development => EFW Wishlist => Topic started by: iomega55 on Thursday 27 October 2011, 01:57:27 pm


Title: Adding comments HTTP proxy: Policy Access Policy
Post by: iomega55 on Thursday 27 October 2011, 01:57:27 pm
How can I add some comments in the section:

HTTP proxy: Policy

Access Policy

Insert Source MAC Addresses *


I need to identity to whom belongs each MAC address.

I am using Endian 2.4.1.

Example:

00:23:23:23:23   #director
00:23:23:23:45   #ceo

Title: Re: Adding comments HTTP proxy: Policy Access Policy
Post by: dysmas on Sunday 13 May 2012, 03:31:37 am
Well, still no news on that point.  :(

I thought a little about it. It should not be too difficult to do if the comment was added only to the interface with a simple php code. There would be no change to the configuration and the way squid works.

I could try to propose some code. But I would be interested if someone could tell me where to look to the files of the Http Proxy interface. Just to spare the time needed to dive in the project tree.

The basic idea is : a manually maintained table, in the form of a standard ini file :

00:11:22:33:44:55 = My first address.
The php code would just read that file, get the comment, and add it to the display. *


Title: Re: Adding comments HTTP proxy: Policy Access Policy
Post by: kashifmax on Monday 14 May 2012, 12:26:27 am
Did you tried the newer version i.e. 2.5.1 ???

Title: Re: Adding comments HTTP proxy: Policy Access Policy
Post by: mrkroket on Saturday 19 May 2012, 05:11:26 am
I don't know if 2.5.1 already has this.

It could be easy to achieve. I did something similar some time ago, but on firewall rules to know if a rule is being logged or not.
Check /home/httpd/cgi-bin/proxypolicy.cgi for the frontend.
Things to do:
-Copy the proxypolicy.cgi file, something like BCKproxypolicy.cgi for backup purposes
-Review the file, it probably writes all its config on /var/efw/proxy/policyrules.
-Modify the code to show a Description textbox when editing, try to mimic what endian does on firewall rules.
-Modify the write function to add that description at end of each config line on /var/efw/proxy/policyrules
-Modify the read function to read that data too
-Modify the Listview to show a new column with the new data created.
-If you dont need to show some column (like useragent) try to hide/remove it.

That's it.

Title: Re: Adding comments HTTP proxy: Policy Access Policy
Post by: dysmas on Sunday 27 May 2012, 09:08:43 pm
Hello kashifmax, No I didn't try 2.5.1 because it is  not available for upgrade with efw_upgrade and I don't want to wipe my disk with a new installation, since I have installed other software after EFW and I don't want to do the job all over again. If the feature was added in 2.5.1, it is fine for me, I can wait a little.

Thanks mrkroket for the indications. I will have a look at it.

No luck it's Perl  >:( . I don't like it. I use Python. But I have used perl in the past.

Title: Re: Adding comments HTTP proxy: Policy Access Policy
Post by: kashifmax on Monday 28 May 2012, 12:35:32 am
I think it is not very difficult to import from older to newer version of EFW ? I'm using the current version of EFW but I'm not using EFW's Proxy, so if it is easy for you than login to firewall via ssh. Open squid.conf, find 00:11:22:33:44:55 and then add the information like below.

00:11:22:33:44:55 #kashif
00:11:22:33:44:00 #max
And so on....

Title: Re: Adding comments HTTP proxy: Policy Access Policy
Post by: dysmas on Friday 20 July 2012, 09:04:43 pm
We have done it in a simple enough way but fairly good in the interface.

1) in the directory /home/httpd/cgi-bin, we have added a macaddr.txt file with a content similar to this :

Code:
00:00:00:00:00:01 = <b>Visitors</b>
00:10:75:FF:DF:9D = MAXTOR
08:00:86:16:56:45 = QMS
192.168.1.56 = Foo
192.168.1.146 = <font color='red'>unknown</font>

Normal lines will be displayed in the list like this :
DF:9D = MAXTOR
TCPIP addresses are supported and will be displayed like that :
56 = Foo

You can change the color by adding valid html code. The last line will be displayed like this :
146 = unknown

The first line is intended to be used as a title. Addresses which start with 00:00:00:00: are considered titles. The value only will be displayed and not the end of the Mac address.
Visitors

The changes are made in the file proxypolicy.cgi :

First we add a function which will build the table from the macaddr.txt file.


Code:
sub mac2host() {
    open(FILEIN, "macaddr.txt") || return;
    
    my $ligne = "";
    my $key = "";
    my $temp = "";
    my $temp2 = "";
    my $header = "";
    my $value = "";
    my @tab = ();
    my %host2mac = ();
    my %mac2host = ();
    while($ligne = <FILEIN>)
    {
        chomp($ligne);
        #print "ligne=$ligne\n";
    
        # extraction and verification
        @tab = split('=', $ligne, 2);
        if(2 > scalar(@tab))
        {
            next;
        }        
        $key = $tab[0];
        # strip spaces; perl does not have a trim function :-( 
        $key =~ s/^\s+//;
	    $key =~ s/\s+$//;
        # If this is a TCPIP address, keep the last digits
        if ($key =~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/)
        {
            $temp = $key;
            $temp =~ s/^[0-9]+\.[0-9]+\.[0-9]+\.//;
            $header = $temp . " = <font color='green'>";
        } else {
            $temp = substr $key, 12;   
            $temp2 = substr $key, 0, 12;
            # If MAC address starts with 00:00:00:00, this is a Title, don't add the header
            $header = ($temp2 eq "00:00:00:00:") ? "" : $temp . " = <font color='blue'>";
        }
        $value = $tab[1];
        $value =~ s/^\s+//;
	    $value =~ s/\s+$//;
        
        # construction of the hashtable
        $mac2host{$key} = $header . $value . "</font>";
    }    
    return %mac2host;
}

%mac2host_table = mac2host();




Secondly we add some code in the middle of the file :

Code:
        my $source = $splitted{'src'};
        $source =~ s/\|/<br\/>/g;
        $source =~ s/GREEN/<font color='$colourgreen'>GREEN<\/font>/g;
        $source =~ s/ORANGE/<font color='$colourorange'>ORANGE<\/font>/g;
        $source =~ s/BLUE/<font color='$colourblue'>BLUE<\/font>/g;       
        
        # Addition by Dysmas
        my $idx;
        foreach $idx (keys(%mac2host_table))
        {
            $source =~ s/$idx/$mac2host_table{$idx}/gi;        
        }            
        # End of Dysmas's addition
        
        push(@cols, {V_CELL_CONTENT => $source eq "" ? "<b>" . _("ANY") . "</b>" : $source});
        
        my $destination = $splitted{'dst'};
        $destination =~ s/\|/<br\/>/g;
        $destination =~ s/GREEN/<font color='$colourgreen'>GREEN<\/font>/g;
        $destination =~ s/ORANGE/<font color='$colourorange'>ORANGE<\/font>/g;
        $destination =~ s/BLUE/<font color='$colourblue'>BLUE<\/font>/g;
        
        push(@cols, {V_CELL_CONTENT => $destination eq "" ? "<b>" . _("ANY") . "</b>" : $destination});
 

Now if you want to suppress the column auth (useless for us), just comment the two following lines :

Code:
        #push(@cols, {V_CELL_CONTENT => $auth});

Code:
            #{HEADING => _("Authgroup/-user")},

Hope it can be useful. We enjoy it.
Next step would be adding the ability to edit the macaddr.txt file in the gui.


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media