Dereck Posted September 12, 2021 Share Posted September 12, 2021 Hi All I am currently setting up an instance of SquidGuard which is a site blocker for Squid. In order to get it to log properly to the SIEM, I need to inject some code but have no idea where in the script to put it. First, here is the code it says I need to put in the script: Important: This option will only work if you include the code below in your sgerror.php file. This forces the client browser to send a second request to Squid with the denied string in URL. $sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?"); $str[] = '< iframe > src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >'; Hint: You MUST remove extra spaces in the above iframe HTML tags. Here is the actual script: <?php include "globals.inc"; include "config.inc"; $page_info = <<<EOD /* * sgerror.php * * part of pfSense (https://www.pfsense.org) * Copyright (c) 2017-2021 Rubicon Communications, LLC (Netgate) * Copyright (c) 2006-2011 Serg Dvoriancev * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ ---------------------------------------------------------------------------------------------------------------------- SquidGuard error page generator ---------------------------------------------------------------------------------------------------------------------- This program processes redirection requests to specified URL or generated error page for a standard HTTP error code. Redirection supports HTTP and HTTPS protocols. ---------------------------------------------------------------------------------------------------------------------- Format: sgerror.php?url=[http://myurl]or[https://myurl]or[error_code[space_code]output-message][incoming SquidGuard variables] Incoming SquidGuard variables: a=client_address n=client_name i=client_user s=client_group t=target_group u=client_url Example: sgerror.php?url=http://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. sgerror.php?url=https://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. sgerror.php?url=404%20output-message&a=..&n=..&i=..&s=..&t=..&u=.. ---------------------------------------------------------------------------------------------------------------------- Tags: myurl and output messages can include Tags [a] - client address [n] - client name - client user - client group [t] - target group - client url Example: sgerror.php?url=401 Unauthorized access to URL for client [n] sgerror.php?url=http://my_error_page.php?cladr=%5Ba%5D&clname=%5Bn%5D // %5b=[ %d=] ---------------------------------------------------------------------------------------------------------------------- Special Tags: blank - get blank page blank_img - get one-pixel transparent image (to replace images such as banners, ads, etc.) Example: sgerror.php?url=blank sgerror.php?url=blank_img ---------------------------------------------------------------------------------------------------------------------- EOD; define('ACTION_URL', 'url'); define('ACTION_RES', 'res'); define('ACTION_MSG', 'msg'); define('TAG_BLANK', 'blank'); define('TAG_BLANK_IMG', 'blank_img'); /* ---------------------------------------------------------------------------------------------------------------------- * ?url=EMPTY_IMG * Use this option to replace banners/ads with a transparent picture. This is better for web page rendering. * ---------------------------------------------------------------------------------------------------------------------- * NULL GIF file * HEX: 47 49 46 38 39 61 - - - * SYM: G I F 8 9 a 01 00 | 01 00 80 00 00 FF FF FF | 00 00 00 2C 00 00 00 00 | 01 00 01 00 00 02 02 44 | 01 00 3B * ---------------------------------------------------------------------------------------------------------------------- */ define('GIF_BODY', "GIF89a\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"); $url = ''; $msg = ''; $cl = Array(); // squidGuard variables: %a %n %i %s %t %u $err_code = array(); $err_code[301] = "301 Moved Permanently"; $err_code[302] = "302 Found"; $err_code[303] = "303 See Other"; $err_code[305] = "305 Use Proxy"; $err_code[400] = "400 Bad Request"; $err_code[401] = "401 Unauthorized"; $err_code[402] = "402 Payment Required"; $err_code[403] = "403 Forbidden"; $err_code[404] = "404 Not Found"; $err_code[405] = "405 Method Not Allowed"; $err_code[406] = "406 Not Acceptable"; $err_code[407] = "407 Proxy Authentication Required"; $err_code[408] = "408 Request Time-out"; $err_code[409] = "409 Conflict"; $err_code[410] = "410 Gone"; $err_code[411] = "411 Length Required"; $err_code[412] = "412 Precondition Failed"; $err_code[413] = "413 Request Entity Too Large"; $err_code[414] = "414 Request-URI Too Large"; $err_code[415] = "415 Unsupported Media Type"; $err_code[416] = "416 Requested range not satisfiable"; $err_code[417] = "417 Expectation Failed"; $err_code[500] = "500 Internal Server Error"; $err_code[501] = "501 Not Implemented"; $err_code[502] = "502 Bad Gateway"; $err_code[503] = "503 Service Unavailable"; $err_code[504] = "504 Gateway Time-out"; $err_code[505] = "505 HTTP Version not supported"; /* ---------------------------------------------------------------------------------------------------------------------- * Functions * ---------------------------------------------------------------------------------------------------------------------- */ function get_page($body) { ?> <html> <body> <?=$body?> </body> </html> <?php } /* * Generate an error page for the user */ function get_error_page($er_code_id, $err_msg='') { global $g, $config, $err_code, $cl; header("HTTP/1.1 " . $err_code[$er_code_id]); ?> <html> <head> <title>squidGuard Error page</title> </head> <body> <?php if ($config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']): ?> <h3><?= $config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage'] ?>: <?= htmlspecialchars($err_code[$er_code_id]) ?></h3>; <?php else: ?> <h3>Request denied by <?= $g['product_name'] ?> proxy: <?= htmlspecialchars($err_code[$er_code_id]) ?></h3> <?php endif; ?> <?php if ($err_msg): ?> <b>Reason:</b> <?= htmlspecialchars($err_msg) ?> <?php endif; ?> <hr size="1" noshade> <?php if ($cl['a']): ?> <b> Client address: </b> <?= htmlspecialchars($cl['a']) ?><br/> <?php endif; ?> <?php if ($cl['n']): ?> <b> Client name: </b> <?= htmlspecialchars($cl['n']) ?><br/> <?php endif; ?> <?php if ($cl['i']): ?> <b> Client user: </b> <?= htmlspecialchars($cl['i']) ?><br/> <?php endif; ?> <?php if ($cl['s']): ?> <b> Client group: </b> <?= htmlspecialchars($cl['s']) ?><br/> <?php endif; ?> <?php if ($cl['t']): ?> <b> Target group: </b> <?= htmlspecialchars($cl['t']) ?><br/> <?php endif; ?> <?php if ($cl['u']): ?> <b> URL: </b> <?= htmlspecialchars($cl['u']) ?><br/> <?php endif; ?> <hr size="1" noshade> </body> </html> <?php } function get_about() { global $err_code, $page_info; ?> <?= str_replace("\n", "<br/>", $page_info); ?> <br/> <table> <tr><th><b>HTTP error codes (ERROR_CODE):</b></th></tr> <?php foreach ($err_code as $val): ?> <tr><td><?= htmlspecialchars($val) ?></td></tr> <?php endforeach; ?> </table> <?php } /* ---------------------------------------------------------------------------------------------------------------------- * Check arguments * ---------------------------------------------------------------------------------------------------------------------- */ if (count($_REQUEST)) { $url = trim($_REQUEST['url']); $msg = $_REQUEST['msg']; $cl['a'] = $_REQUEST['a']; $cl['n'] = $_REQUEST['n']; $cl['i'] = $_REQUEST['i']; $cl['s'] = $_REQUEST['s']; $cl['t'] = $_REQUEST['t']; $cl['u'] = $_REQUEST['u']; } else { // Show 'About page' echo get_page(get_about()); exit(); } /* ---------------------------------------------------------------------------------------------------------------------- * Process URLs * ---------------------------------------------------------------------------------------------------------------------- */ if ($url) { $err_id = 0; // Check error code foreach ($err_code as $key => $val) { if (strpos(strtolower($url), strval($key)) === 0) { $err_id = $key; break; } } if ($url === TAG_BLANK) { // Output a blank page echo get_page(''); } elseif ($url === TAG_BLANK_IMG) { // Return a blank image header("Content-Type: image/gif;"); // charset=windows-1251"); echo GIF_BODY; } elseif ($err_id !== 0) { // Output an error code $er_msg = strstr($_GET['url'], ' '); echo get_error_page($err_id, $er_msg); } elseif ((strpos(strtolower($url), "http://") === 0) or (strpos(strtolower($url), "https://") === 0)) { // Redirect to the specified url header("HTTP/1.0"); header("Location: $url", '', 302); } else { // Output an error echo get_page("sgerror: error arguments " . htmlspecialchars($url)); } } else { echo get_page($_SERVER['QUERY_STRING']); //$url . implode(" ", $_GET)); // echo get_error_page(500); Quote Link to comment https://forums.phpfreaks.com/topic/313731-need-assistance-with-placement-of-code-for-php-script/ Share on other sites More sharing options...
ginerjm Posted September 13, 2021 Share Posted September 13, 2021 Obviously without knowledge of this package that you are using how could anyone help you? Besides - looking at this 'script' I don't think it would ever run. It is not written properly since there are lot of non-PHP lines there that are not commented out. And what is with all of the strike-through lines? I would think that if this were really 'the' script, there would be some line somewhere that tells you that something needs to be inserted there. Are you sure you are posting the right thing or have looked hard enough to find that script? Quote Link to comment https://forums.phpfreaks.com/topic/313731-need-assistance-with-placement-of-code-for-php-script/#findComment-1589872 Share on other sites More sharing options...
Dereck Posted September 13, 2021 Author Share Posted September 13, 2021 (edited) As stated at the beginning, this is a script that works with Squidguard. If you are not familiar with Squid, it is a popular opensource caching and forwarding web proxy. Squidguard is a website blocking program used with Squid. I don't know why it struck out part of the script. I am posting this again. I am currently setting up an instance of SquidGuard which is a site blocker for Squid. In order to get it to log properly to the SIEM, I need to inject some code but have no idea where in the script to put it. First, here is the code it says I need to put in the script: Important: This option will only work if you include the code below in your sgerror.php file. This forces the client browser to send a second request to Squid with the denied string in URL. $sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?"); $str[] = '< iframe > src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >'; Hint: You MUST remove extra spaces in the above iframe HTML tags. Here is the script sgerror.php <?php include "globals.inc"; include "config.inc"; $page_info = <<<EOD /* * sgerror.php * * part of pfSense (https://www.pfsense.org) * Copyright (c) 2017-2021 Rubicon Communications, LLC (Netgate) * Copyright (c) 2006-2011 Serg Dvoriancev * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ ---------------------------------------------------------------------------------------------------------------------- SquidGuard error page generator ---------------------------------------------------------------------------------------------------------------------- This program processes redirection requests to specified URL or generated error page for a standard HTTP error code. Redirection supports HTTP and HTTPS protocols. ---------------------------------------------------------------------------------------------------------------------- Format: sgerror.php?url=[http://myurl]or[https://myurl]or[error_code[space_code]output-message][incoming SquidGuard variables] Incoming SquidGuard variables: a=client_address n=client_name i=client_user s=client_group t=target_group u=client_url Example: sgerror.php?url=http://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. sgerror.php?url=https://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. sgerror.php?url=404%20output-message&a=..&n=..&i=..&s=..&t=..&u=.. ---------------------------------------------------------------------------------------------------------------------- Tags: myurl and output messages can include Tags [a] - client address [n] - client name - client user - client group [t] - target group - client url Example: sgerror.php?url=401 Unauthorized access to URL for client [n] sgerror.php?url=http://my_error_page.php?cladr=%5Ba%5D&clname=%5Bn%5D // %5b=[ %d=] ---------------------------------------------------------------------------------------------------------------------- Special Tags: blank - get blank page blank_img - get one-pixel transparent image (to replace images such as banners, ads, etc.) Example: sgerror.php?url=blank sgerror.php?url=blank_img ---------------------------------------------------------------------------------------------------------------------- EOD; define('ACTION_URL', 'url'); define('ACTION_RES', 'res'); define('ACTION_MSG', 'msg'); define('TAG_BLANK', 'blank'); define('TAG_BLANK_IMG', 'blank_img'); /* ---------------------------------------------------------------------------------------------------------------------- * ?url=EMPTY_IMG * Use this option to replace banners/ads with a transparent picture. This is better for web page rendering. * ---------------------------------------------------------------------------------------------------------------------- * NULL GIF file * HEX: 47 49 46 38 39 61 - - - * SYM: G I F 8 9 a 01 00 | 01 00 80 00 00 FF FF FF | 00 00 00 2C 00 00 00 00 | 01 00 01 00 00 02 02 44 | 01 00 3B * ---------------------------------------------------------------------------------------------------------------------- */ define('GIF_BODY', "GIF89a\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"); $url = ''; $msg = ''; $cl = Array(); // squidGuard variables: %a %n %i %s %t %u $err_code = array(); $err_code[301] = "301 Moved Permanently"; $err_code[302] = "302 Found"; $err_code[303] = "303 See Other"; $err_code[305] = "305 Use Proxy"; $err_code[400] = "400 Bad Request"; $err_code[401] = "401 Unauthorized"; $err_code[402] = "402 Payment Required"; $err_code[403] = "403 Forbidden"; $err_code[404] = "404 Not Found"; $err_code[405] = "405 Method Not Allowed"; $err_code[406] = "406 Not Acceptable"; $err_code[407] = "407 Proxy Authentication Required"; $err_code[408] = "408 Request Time-out"; $err_code[409] = "409 Conflict"; $err_code[410] = "410 Gone"; $err_code[411] = "411 Length Required"; $err_code[412] = "412 Precondition Failed"; $err_code[413] = "413 Request Entity Too Large"; $err_code[414] = "414 Request-URI Too Large"; $err_code[415] = "415 Unsupported Media Type"; $err_code[416] = "416 Requested range not satisfiable"; $err_code[417] = "417 Expectation Failed"; $err_code[500] = "500 Internal Server Error"; $err_code[501] = "501 Not Implemented"; $err_code[502] = "502 Bad Gateway"; $err_code[503] = "503 Service Unavailable"; $err_code[504] = "504 Gateway Time-out"; $err_code[505] = "505 HTTP Version not supported"; /* ---------------------------------------------------------------------------------------------------------------------- * Functions * ---------------------------------------------------------------------------------------------------------------------- */ function get_page($body) { ?> <html> <body> <?=$body?> </body> </html> <?php } /* * Generate an error page for the user */ function get_error_page($er_code_id, $err_msg='') { global $g, $config, $err_code, $cl; header("HTTP/1.1 " . $err_code[$er_code_id]); ?> <html> <head> <title>squidGuard Error page</title> </head> <body> <?php if ($config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']): ?> <h3><?= $config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage'] ?>: <?= htmlspecialchars($err_code[$er_code_id]) ?></h3>; <?php else: ?> <h3>Request denied by <?= $g['product_name'] ?> proxy: <?= htmlspecialchars($err_code[$er_code_id]) ?></h3> <?php endif; ?> <?php if ($err_msg): ?> <b>Reason:</b> <?= htmlspecialchars($err_msg) ?> <?php endif; ?> <hr size="1" noshade> <?php if ($cl['a']): ?> <b> Client address: </b> <?= htmlspecialchars($cl['a']) ?><br/> <?php endif; ?> <?php if ($cl['n']): ?> <b> Client name: </b> <?= htmlspecialchars($cl['n']) ?><br/> <?php endif; ?> <?php if ($cl['i']): ?> <b> Client user: </b> <?= htmlspecialchars($cl['i']) ?><br/> <?php endif; ?> <?php if ($cl['s']): ?> <b> Client group: </b> <?= htmlspecialchars($cl['s']) ?><br/> <?php endif; ?> <?php if ($cl['t']): ?> <b> Target group: </b> <?= htmlspecialchars($cl['t']) ?><br/> <?php endif; ?> <?php if ($cl['u']): ?> <b> URL: </b> <?= htmlspecialchars($cl['u']) ?><br/> <?php endif; ?> <hr size="1" noshade> </body> </html> <?php } function get_about() { global $err_code, $page_info; ?> <?= str_replace("\n", "<br/>", $page_info); ?> <br/> <table> <tr><th><b>HTTP error codes (ERROR_CODE):</b></th></tr> <?php foreach ($err_code as $val): ?> <tr><td><?= htmlspecialchars($val) ?></td></tr> <?php endforeach; ?> </table> <?php } /* ---------------------------------------------------------------------------------------------------------------------- * Check arguments * ---------------------------------------------------------------------------------------------------------------------- */ if (count($_REQUEST)) { $url = trim($_REQUEST['url']); $msg = $_REQUEST['msg']; $cl['a'] = $_REQUEST['a']; $cl['n'] = $_REQUEST['n']; $cl['i'] = $_REQUEST['i']; $cl['s'] = $_REQUEST['s']; $cl['t'] = $_REQUEST['t']; $cl['u'] = $_REQUEST['u']; } else { // Show 'About page' echo get_page(get_about()); exit(); } /* ---------------------------------------------------------------------------------------------------------------------- * Process URLs * ---------------------------------------------------------------------------------------------------------------------- */ if ($url) { $err_id = 0; // Check error code foreach ($err_code as $key => $val) { if (strpos(strtolower($url), strval($key)) === 0) { $err_id = $key; break; } } if ($url === TAG_BLANK) { // Output a blank page echo get_page(''); } elseif ($url === TAG_BLANK_IMG) { // Return a blank image header("Content-Type: image/gif;"); // charset=windows-1251"); echo GIF_BODY; } elseif ($err_id !== 0) { // Output an error code $er_msg = strstr($_GET['url'], ' '); echo get_error_page($err_id, $er_msg); } elseif ((strpos(strtolower($url), "http://") === 0) or (strpos(strtolower($url), "https://") === 0)) { // Redirect to the specified url header("HTTP/1.0"); header("Location: $url", '', 302); } else { // Output an error echo get_page("sgerror: error arguments " . htmlspecialchars($url)); } } else { echo get_page($_SERVER['QUERY_STRING']); //$url . implode(" ", $_GET)); // echo get_error_page(500); } Use the button when posting code. I've edited it for you - this time. Edited September 13, 2021 by Barand code tags added Quote Link to comment https://forums.phpfreaks.com/topic/313731-need-assistance-with-placement-of-code-for-php-script/#findComment-1589874 Share on other sites More sharing options...
Dereck Posted September 13, 2021 Author Share Posted September 13, 2021 (edited) I don't know why it strikes out part of the script above. Please just try and ignore it while looking at the issue. Edited September 13, 2021 by Dereck Quote Link to comment https://forums.phpfreaks.com/topic/313731-need-assistance-with-placement-of-code-for-php-script/#findComment-1589875 Share on other sites More sharing options...
ginerjm Posted September 13, 2021 Share Posted September 13, 2021 It's still a script that won't execute. Look at the first commented out block. At its end there is a block of plain text that php will see as an error since it's not valid code nor is it a comment itself. Plus - it's written horribly. PHP tags all over the place - poor programming skills. You are correct tho. If one knows this squid thing then it may make sense. Perhaps you need to post this on a forum that pertains to squid rather than just plain php to find out how to do what needs to be done. Quote Link to comment https://forums.phpfreaks.com/topic/313731-need-assistance-with-placement-of-code-for-php-script/#findComment-1589876 Share on other sites More sharing options...
Dereck Posted September 13, 2021 Author Share Posted September 13, 2021 (edited) Thats incorrect. The script executes fine as is. The goal is to add the functionality where it triggers an error page AND sends logs out. That is why it must include those 2 lines below they say. " Important: This option will only work if you include the code below in your sgerror.php file. This forces the client browser to send a second request to Squid with the denied string in URL. $sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?"); $str[] = '< iframe > src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >'; Hint: You MUST remove extra spaces in the above iframe HTML tags. " The only question I'm asking is where might those 2 lines above in bold logically go in the php script? Edited September 13, 2021 by Dereck Quote Link to comment https://forums.phpfreaks.com/topic/313731-need-assistance-with-placement-of-code-for-php-script/#findComment-1589887 Share on other sites More sharing options...
gizmola Posted September 15, 2021 Share Posted September 15, 2021 This hack was for a very old version of the package. You can see that it references an array $str, that is no longer available or used in the script you provided, so this hack is not going to work. The general idea can probably be hacked to work with the existing script, but I can only warrant an educated guess on this. Since it's dependent on the $cl['u'] parameter, I would try and stick this code inside the code that processes that particular url parameter. <?php if ($cl['u']): ?> <b> URL: </b> <?= htmlspecialchars($cl['u']) ?><br/> <?php endif; ?> Since it's fairly obvious that the hack is just injecting a 1x1 iframe, you might try this, but I have no way of testing this at all. Change the code above, to this: <?php if ($cl['u']): ?> <b> URL: </b> <?= htmlspecialchars($cl['u']) ?><br/> <?php $sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?"); $str = '<iframe src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1"></iframe>'; ?> <?= $str ?> <?php endif; ?> Quote Link to comment https://forums.phpfreaks.com/topic/313731-need-assistance-with-placement-of-code-for-php-script/#findComment-1589919 Share on other sites More sharing options...
Dereck Posted September 16, 2021 Author Share Posted September 16, 2021 Thanks Gizmola! That worked. Quote Link to comment https://forums.phpfreaks.com/topic/313731-need-assistance-with-placement-of-code-for-php-script/#findComment-1589987 Share on other sites More sharing options...
gizmola Posted September 18, 2021 Share Posted September 18, 2021 On 9/16/2021 at 3:59 PM, Dereck said: Thanks Gizmola! That worked. Appreciate you updating us that it worked. Quote Link to comment https://forums.phpfreaks.com/topic/313731-need-assistance-with-placement-of-code-for-php-script/#findComment-1590055 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.