search

darold / squidguardmgr

SquidGuard Manager is a Perl CGI script used to manage SquidGuard blocklists and ACLs. It also have a GUI for SquidClamav. It support all configurations directives of SquidGuard and SquidClamav, configuration files can still be edited by hand.
http://squidguardmgr.darold.net/
Other
12 stars 5 forks source link

Source ordering #20

Closed Tatsuya-Nonogaki closed 10 years ago

Tatsuya-Nonogaki commented 10 years ago

This is a TODO memo to share. One important thing SG Manager is behind hand config editing yet is source ordering. In most cace, this doesn't matter, but my client bumped into the problem. They have considerablly many client network segments and require such filters among others, like below:

SRCGRPNAME[alpha]: 192.168.0.0/16 -> DST: ! www.one.com, any SRCGRPNAME[beta]: 192.168.1.1-192.168.1.100 -> DST: ! www.two.com, any

The source group name in squidguard.conf 'alpha' and 'beta' above are those I employed without deep thought. Many LInux programs out there sort such group lists based on "unique address first" rule. But SquidGuard, a speed freak doesn't, instead uses simpler "appears first" rule. As SquidGuard Manager sorts lists alphanumerically on source-name before saving them to squidguard.conf, the two always reside in above order. In consequence, say, request from client 192.168.1.1 is recognized as [alpha] group, filter breaks! For the time being, I made an messy operation guideline that source group name must be, if expressed with regexp ^[a-z][0-9][0-9][0-9]_.+ where more unique network address must have alphanumerically 'less' name. By the by, SquidGuard doesn't like group names that start with a number and if found, complains and stops working. SquidGuard Manager should acquire a capability to manage order of source groups, say, like firewall policy management interfaces? calculate specificity of addresses before saving? what if some group stores addresses in separate file and some directly on conf file? Just seize sorting is not a solution because it breaks when added new source groups. Appearence order of objects other than source (destination groups, ACLs etc.) doesn't matter.

darold commented 10 years ago

Let me work on it, I think I have an easy way to do that.

darold commented 10 years ago

Hi Tatsuya,

Fresh commit 2fd5bf6 adds the source ordering feature. This patch also adds 2 new images used as link for moving up and down a source in the list. Let me know if that's what you were looking for.

Tatsuya-Nonogaki commented 10 years ago

Thank you Darold. Yes, that is exactly what I meant! Simple and beautiful code... I added some adjustment on top of it. Please check it.

Tatsuya-Nonogaki commented 10 years ago

The functionality has been fulfilled. Closing the issue.