Jump to content

Need Assistance with Placement of Code for PHP Script


Dereck
 Share

Recommended Posts

Hi All

I am currently setting up an instance of SquidGuard which is a site blocker for Squid.   In order to get it to log properly to the SIEM, I need to inject some code but have no idea where in the script to put it.  First, here is the code it says I need to put in the script:


Important: This option will only work if you include the code below in your sgerror.php file.
This forces the client browser to send a second request to Squid with the denied string in URL.

$sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?");
$str[] = '< iframe > src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';

Hint: You MUST remove extra spaces in the above iframe HTML tags.

 

Here is the actual script:

<?php
include "globals.inc";
include "config.inc";
$page_info = <<<EOD
/*
 * sgerror.php
 *
 * part of pfSense (https://www.pfsense.org)
 * Copyright (c) 2017-2021 Rubicon Communications, LLC (Netgate)
 * Copyright (c) 2006-2011 Serg Dvoriancev
 * All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

----------------------------------------------------------------------------------------------------------------------
SquidGuard error page generator
----------------------------------------------------------------------------------------------------------------------
This program processes redirection requests to specified URL or generated error page for a standard HTTP error code.
Redirection supports HTTP and HTTPS protocols.
----------------------------------------------------------------------------------------------------------------------
Format:
        sgerror.php?url=[http://myurl]or[https://myurl]or[error_code[space_code]output-message][incoming SquidGuard variables]
Incoming SquidGuard variables:
        a=client_address
        n=client_name
        i=client_user
        s=client_group
        t=target_group
        u=client_url
Example:
        sgerror.php?url=http://myurl.com&a=..&n=..&i=..&s=..&t=..&u=..
        sgerror.php?url=https://myurl.com&a=..&n=..&i=..&s=..&t=..&u=..
        sgerror.php?url=404%20output-message&a=..&n=..&i=..&s=..&t=..&u=..
----------------------------------------------------------------------------------------------------------------------
Tags:
        myurl and output messages can include Tags
                [a] - client address
                [n] - client name
                - client user
                - client group
                [t] - target group
                - client url
Example:
        sgerror.php?url=401 Unauthorized access to URL for client [n]
        sgerror.php?url=http://my_error_page.php?cladr=%5Ba%5D&clname=%5Bn%5D // %5b=[ %d=]
----------------------------------------------------------------------------------------------------------------------
Special Tags:
        blank     - get blank page
        blank_img - get one-pixel transparent image (to replace images such as banners, ads, etc.)
Example:
        sgerror.php?url=blank
        sgerror.php?url=blank_img
----------------------------------------------------------------------------------------------------------------------
EOD;

define('ACTION_URL', 'url');
define('ACTION_RES', 'res');
define('ACTION_MSG', 'msg');

define('TAG_BLANK', 'blank');
define('TAG_BLANK_IMG', 'blank_img');

/* ----------------------------------------------------------------------------------------------------------------------
 * ?url=EMPTY_IMG
 *      Use this option to replace banners/ads with a transparent picture. This is better for web page rendering.
 * ----------------------------------------------------------------------------------------------------------------------
 * NULL GIF file
 * HEX: 47 49 46 38 39 61 - - -
 * SYM: G  I  F  8  9  a  01 00 | 01 00 80 00 00 FF FF FF | 00 00 00 2C 00 00 00 00 | 01 00 01 00 00 02 02 44 | 01 00 3B
 * ----------------------------------------------------------------------------------------------------------------------
 */
define('GIF_BODY', "GIF89a\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");

$url  = '';
$msg  = '';
$cl   = Array(); // squidGuard variables: %a %n %i %s %t %u
$err_code = array();

$err_code[301] = "301 Moved Permanently";
$err_code[302] = "302 Found";
$err_code[303] = "303 See Other";
$err_code[305] = "305 Use Proxy";

$err_code[400] = "400 Bad Request";
$err_code[401] = "401 Unauthorized";
$err_code[402] = "402 Payment Required";
$err_code[403] = "403 Forbidden";
$err_code[404] = "404 Not Found";
$err_code[405] = "405 Method Not Allowed";
$err_code[406] = "406 Not Acceptable";
$err_code[407] = "407 Proxy Authentication Required";
$err_code[408] = "408 Request Time-out";
$err_code[409] = "409 Conflict";
$err_code[410] = "410 Gone";
$err_code[411] = "411 Length Required";
$err_code[412] = "412 Precondition Failed";
$err_code[413] = "413 Request Entity Too Large";
$err_code[414] = "414 Request-URI Too Large";
$err_code[415] = "415 Unsupported Media Type";
$err_code[416] = "416 Requested range not satisfiable";
$err_code[417] = "417 Expectation Failed";

$err_code[500] = "500 Internal Server Error";
$err_code[501] = "501 Not Implemented";
$err_code[502] = "502 Bad Gateway";
$err_code[503] = "503 Service Unavailable";
$err_code[504] = "504 Gateway Time-out";
$err_code[505] = "505 HTTP Version not supported";

/* ----------------------------------------------------------------------------------------------------------------------
 * Functions
 * ----------------------------------------------------------------------------------------------------------------------
 */
function get_page($body) { ?>
<html>
        <body>
<?=$body?>
        </body>
</html>
<?php
}

/*
 * Generate an error page for the user
 */
function get_error_page($er_code_id, $err_msg='') {
        global $g, $config, $err_code, $cl;
        header("HTTP/1.1 " . $err_code[$er_code_id]);

?>
<html>
        <head>
                <title>squidGuard Error page</title>
        </head>
        <body>
        <?php if ($config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']): ?>
                <h3><?= $config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage'] ?>: <?= htmlspecialchars($err_code[$er_code_id]) ?></h3>;
        <?php else: ?>
                <h3>Request denied by <?= $g['product_name'] ?> proxy: <?= htmlspecialchars($err_code[$er_code_id]) ?></h3>
        <?php endif; ?>

        <?php if ($err_msg): ?>
                <b>Reason:</b> <?= htmlspecialchars($err_msg) ?>
        <?php endif; ?>

                <hr size="1" noshade>
        <?php if ($cl['a']): ?>
                <b> Client address: </b> <?= htmlspecialchars($cl['a']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['n']): ?>
                <b> Client name:    </b> <?= htmlspecialchars($cl['n']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['i']): ?>
                <b> Client user:    </b> <?= htmlspecialchars($cl['i']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['s']): ?>
                <b> Client group:   </b> <?= htmlspecialchars($cl['s']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['t']): ?>
                <b> Target group:   </b> <?= htmlspecialchars($cl['t']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['u']): ?>
                <b> URL:            </b> <?= htmlspecialchars($cl['u']) ?><br/>
        <?php endif; ?>

                <hr size="1" noshade>
        </body>
</html>
<?php
}

function get_about() {
        global $err_code, $page_info; ?>
<?= str_replace("\n", "<br/>", $page_info); ?>
<br/>
<table>
        <tr><th><b>HTTP error codes (ERROR_CODE):</b></th></tr>
        <?php foreach ($err_code as $val): ?>
        <tr><td><?= htmlspecialchars($val) ?></td></tr>
        <?php endforeach; ?>
</table>
<?php
}


/* ----------------------------------------------------------------------------------------------------------------------
 * Check arguments
 * ----------------------------------------------------------------------------------------------------------------------
 */
if (count($_REQUEST)) {
        $url  = trim($_REQUEST['url']);
        $msg  = $_REQUEST['msg'];
        $cl['a'] = $_REQUEST['a'];
        $cl['n'] = $_REQUEST['n'];
        $cl['i'] = $_REQUEST['i'];
        $cl['s'] = $_REQUEST['s'];
        $cl['t'] = $_REQUEST['t'];
        $cl['u'] = $_REQUEST['u'];
} else {
        // Show 'About page'
        echo get_page(get_about());
        exit();
}

/* ----------------------------------------------------------------------------------------------------------------------
 * Process URLs
 * ----------------------------------------------------------------------------------------------------------------------
 */
if ($url) {
        $err_id = 0;

        // Check error code
        foreach ($err_code as $key => $val) {
                if (strpos(strtolower($url), strval($key)) === 0) {
                        $err_id = $key;
                        break;
                }
        }

        if ($url === TAG_BLANK) {
                // Output a blank page
                echo get_page('');
        } elseif ($url === TAG_BLANK_IMG) {
                // Return a blank image
                header("Content-Type: image/gif;"); // charset=windows-1251");
                echo GIF_BODY;
        } elseif ($err_id !== 0) {
                // Output an error code
                $er_msg = strstr($_GET['url'], ' ');
                echo get_error_page($err_id, $er_msg);
        } elseif ((strpos(strtolower($url), "http://") === 0) or (strpos(strtolower($url), "https://") === 0)) {
                // Redirect to the specified url
                header("HTTP/1.0");
                header("Location: $url", '', 302);
        } else {
                // Output an error
                echo get_page("sgerror: error arguments " . htmlspecialchars($url));
        }
} else {
        echo get_page($_SERVER['QUERY_STRING']); //$url . implode(" ", $_GET));
        // echo get_error_page(500);

 

Link to comment
Share on other sites

Obviously without knowledge of this package that you are using how could anyone help you?  Besides - looking at this 'script' I don't think it would ever run.  It is not written properly since there are lot of non-PHP lines there that are not commented out.  And what is with all of the strike-through lines?

I would think that if this were really 'the' script, there would be some line somewhere that tells you that something needs to be inserted there.  Are you sure you are posting the right thing or have looked hard enough to find that script?

Link to comment
Share on other sites

As stated at the beginning, this is a script that works with Squidguard.  If you are not familiar with Squid, it is a popular opensource caching and forwarding web proxy.  Squidguard is a website blocking program used with Squid.   I don't know why it struck out part of the script.   I am posting this again.

I am currently setting up an instance of SquidGuard which is a site blocker for Squid.   In order to get it to log properly to the SIEM, I need to inject some code but have no idea where in the script to put it.  First, here is the code it says I need to put in the script:


Important: This option will only work if you include the code below in your sgerror.php file.
This forces the client browser to send a second request to Squid with the denied string in URL.

$sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?");
$str[] = '< iframe > src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';

Hint: You MUST remove extra spaces in the above iframe HTML tags.

 

Here is the script sgerror.php

<?php
include "globals.inc";
include "config.inc";
$page_info = <<<EOD
/*
 * sgerror.php
 *
 * part of pfSense (https://www.pfsense.org)
 * Copyright (c) 2017-2021 Rubicon Communications, LLC (Netgate)
 * Copyright (c) 2006-2011 Serg Dvoriancev
 * All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

----------------------------------------------------------------------------------------------------------------------
SquidGuard error page generator
----------------------------------------------------------------------------------------------------------------------
This program processes redirection requests to specified URL or generated error page for a standard HTTP error code.
Redirection supports HTTP and HTTPS protocols.
----------------------------------------------------------------------------------------------------------------------
Format:
        sgerror.php?url=[http://myurl]or[https://myurl]or[error_code[space_code]output-message][incoming SquidGuard variables]
Incoming SquidGuard variables:
        a=client_address
        n=client_name
        i=client_user
        s=client_group
        t=target_group
        u=client_url
Example:
        sgerror.php?url=http://myurl.com&a=..&n=..&i=..&s=..&t=..&u=..
        sgerror.php?url=https://myurl.com&a=..&n=..&i=..&s=..&t=..&u=..
        sgerror.php?url=404%20output-message&a=..&n=..&i=..&s=..&t=..&u=..
----------------------------------------------------------------------------------------------------------------------
Tags:
        myurl and output messages can include Tags
                [a] - client address
                [n] - client name
                - client user
                - client group
                [t] - target group
                - client url
Example:
        sgerror.php?url=401 Unauthorized access to URL for client [n]
        sgerror.php?url=http://my_error_page.php?cladr=%5Ba%5D&clname=%5Bn%5D // %5b=[ %d=]
----------------------------------------------------------------------------------------------------------------------
Special Tags:
        blank     - get blank page
        blank_img - get one-pixel transparent image (to replace images such as banners, ads, etc.)
Example:
        sgerror.php?url=blank
        sgerror.php?url=blank_img
----------------------------------------------------------------------------------------------------------------------
EOD;

define('ACTION_URL', 'url');
define('ACTION_RES', 'res');
define('ACTION_MSG', 'msg');

define('TAG_BLANK', 'blank');
define('TAG_BLANK_IMG', 'blank_img');

/* ----------------------------------------------------------------------------------------------------------------------
 * ?url=EMPTY_IMG
 *      Use this option to replace banners/ads with a transparent picture. This is better for web page rendering.
 * ----------------------------------------------------------------------------------------------------------------------
 * NULL GIF file
 * HEX: 47 49 46 38 39 61 - - -
 * SYM: G  I  F  8  9  a  01 00 | 01 00 80 00 00 FF FF FF | 00 00 00 2C 00 00 00 00 | 01 00 01 00 00 02 02 44 | 01 00 3B
 * ----------------------------------------------------------------------------------------------------------------------
 */
define('GIF_BODY', "GIF89a\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");

$url  = '';
$msg  = '';
$cl   = Array(); // squidGuard variables: %a %n %i %s %t %u
$err_code = array();

$err_code[301] = "301 Moved Permanently";
$err_code[302] = "302 Found";
$err_code[303] = "303 See Other";
$err_code[305] = "305 Use Proxy";

$err_code[400] = "400 Bad Request";
$err_code[401] = "401 Unauthorized";
$err_code[402] = "402 Payment Required";
$err_code[403] = "403 Forbidden";
$err_code[404] = "404 Not Found";
$err_code[405] = "405 Method Not Allowed";
$err_code[406] = "406 Not Acceptable";
$err_code[407] = "407 Proxy Authentication Required";
$err_code[408] = "408 Request Time-out";
$err_code[409] = "409 Conflict";
$err_code[410] = "410 Gone";
$err_code[411] = "411 Length Required";
$err_code[412] = "412 Precondition Failed";
$err_code[413] = "413 Request Entity Too Large";
$err_code[414] = "414 Request-URI Too Large";
$err_code[415] = "415 Unsupported Media Type";
$err_code[416] = "416 Requested range not satisfiable";
$err_code[417] = "417 Expectation Failed";

$err_code[500] = "500 Internal Server Error";
$err_code[501] = "501 Not Implemented";
$err_code[502] = "502 Bad Gateway";
$err_code[503] = "503 Service Unavailable";
$err_code[504] = "504 Gateway Time-out";
$err_code[505] = "505 HTTP Version not supported";

/* ----------------------------------------------------------------------------------------------------------------------
 * Functions
 * ----------------------------------------------------------------------------------------------------------------------
 */
function get_page($body) { ?>
<html>
        <body>
<?=$body?>
        </body>
</html>
<?php
}

/*
 * Generate an error page for the user
 */
function get_error_page($er_code_id, $err_msg='') {
        global $g, $config, $err_code, $cl;
        header("HTTP/1.1 " . $err_code[$er_code_id]);

?>
<html>
        <head>
                <title>squidGuard Error page</title>
        </head>
        <body>
        <?php if ($config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']): ?>
                <h3><?= $config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage'] ?>: <?= htmlspecialchars($err_code[$er_code_id]) ?></h3>;
        <?php else: ?>
                <h3>Request denied by <?= $g['product_name'] ?> proxy: <?= htmlspecialchars($err_code[$er_code_id]) ?></h3>
        <?php endif; ?>

        <?php if ($err_msg): ?>
                <b>Reason:</b> <?= htmlspecialchars($err_msg) ?>
        <?php endif; ?>

                <hr size="1" noshade>
        <?php if ($cl['a']): ?>
                <b> Client address: </b> <?= htmlspecialchars($cl['a']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['n']): ?>
                <b> Client name:    </b> <?= htmlspecialchars($cl['n']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['i']): ?>
                <b> Client user:    </b> <?= htmlspecialchars($cl['i']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['s']): ?>
                <b> Client group:   </b> <?= htmlspecialchars($cl['s']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['t']): ?>
                <b> Target group:   </b> <?= htmlspecialchars($cl['t']) ?><br/>
        <?php endif; ?>

        <?php if ($cl['u']): ?>
                <b> URL:            </b> <?= htmlspecialchars($cl['u']) ?><br/>
        <?php endif; ?>

                <hr size="1" noshade>
        </body>
</html>
<?php
}

function get_about() {
        global $err_code, $page_info; ?>
<?= str_replace("\n", "<br/>", $page_info); ?>
<br/>
<table>
        <tr><th><b>HTTP error codes (ERROR_CODE):</b></th></tr>
        <?php foreach ($err_code as $val): ?>
        <tr><td><?= htmlspecialchars($val) ?></td></tr>
        <?php endforeach; ?>
</table>
<?php
}


/* ----------------------------------------------------------------------------------------------------------------------
 * Check arguments
 * ----------------------------------------------------------------------------------------------------------------------
 */
if (count($_REQUEST)) {
        $url  = trim($_REQUEST['url']);
        $msg  = $_REQUEST['msg'];
        $cl['a'] = $_REQUEST['a'];
        $cl['n'] = $_REQUEST['n'];
        $cl['i'] = $_REQUEST['i'];
        $cl['s'] = $_REQUEST['s'];
        $cl['t'] = $_REQUEST['t'];
        $cl['u'] = $_REQUEST['u'];
} else {
        // Show 'About page'
        echo get_page(get_about());
        exit();
}

/* ----------------------------------------------------------------------------------------------------------------------
 * Process URLs
 * ----------------------------------------------------------------------------------------------------------------------
 */
if ($url) {
        $err_id = 0;

        // Check error code
        foreach ($err_code as $key => $val) {
                if (strpos(strtolower($url), strval($key)) === 0) {
                        $err_id = $key;
                        break;
                }
        }

        if ($url === TAG_BLANK) {
                // Output a blank page
                echo get_page('');
        } elseif ($url === TAG_BLANK_IMG) {
                // Return a blank image
                header("Content-Type: image/gif;"); // charset=windows-1251");
                echo GIF_BODY;
        } elseif ($err_id !== 0) {
                // Output an error code
                $er_msg = strstr($_GET['url'], ' ');
                echo get_error_page($err_id, $er_msg);
        } elseif ((strpos(strtolower($url), "http://") === 0) or (strpos(strtolower($url), "https://") === 0)) {
                // Redirect to the specified url
                header("HTTP/1.0");
                header("Location: $url", '', 302);
        } else {
                // Output an error
                echo get_page("sgerror: error arguments " . htmlspecialchars($url));
        }
} else {
        echo get_page($_SERVER['QUERY_STRING']); //$url . implode(" ", $_GET));
        // echo get_error_page(500);
} 

Use the image.png.d904078dd9cb67de8e8d7a21527f5d10.pngbutton when posting code. I've edited it for you - this time.

Edited by Barand
code tags added
Link to comment
Share on other sites

It's still a script that won't execute.  Look at the first commented out block.  At its end there is a block of plain text that php will see as an error since it's not valid code nor is it a comment itself.

Plus - it's written horribly.  PHP tags all over the place - poor programming skills.

You are correct tho.  If one knows this squid thing then it may make sense.  Perhaps you need to post this on a forum that pertains to squid rather than just plain php to find out how to do what needs to be done.

Link to comment
Share on other sites

Thats incorrect.   The script executes fine as is.   The goal is to add the functionality where it triggers an error page AND sends logs out.  That is why it must include those 2 lines below they say.

"

Important: This option will only work if you include the code below in your sgerror.php file.
This forces the client browser to send a second request to Squid with the denied string in URL.

$sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?");
$str[] = '< iframe > src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';

Hint: You MUST remove extra spaces in the above iframe HTML tags.

"

 

 

The only question I'm asking is where might those 2 lines above in bold logically go in the php script?

Edited by Dereck
Link to comment
Share on other sites

This hack was for a very old version of the package.  You can see that it references an array $str, that is no longer available or used in the script you provided, so this hack is not going to work.  The general idea can probably be hacked to work with the existing script, but I can only warrant an educated guess on this.

Since it's dependent on the $cl['u'] parameter, I would try and stick this code inside the code that processes that particular url parameter.  

 

<?php if ($cl['u']): ?>
                <b> URL:            </b> <?= htmlspecialchars($cl['u']) ?><br/>
<?php endif; ?>

Since it's fairly obvious that the hack is just injecting a 1x1 iframe, you might try this, but I have no way of testing this at all.

Change the code above, to this:

 

<?php if ($cl['u']): ?>
                <b> URL:            </b> <?= htmlspecialchars($cl['u']) ?><br/>
  <?php
  	$sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?");
	$str = '<iframe src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1"></iframe>';	
  ?>
  <?= $str ?>    
<?php endif; ?>

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.