Author Topic: [SOLVED] How to edit access denied page?  (Read 18179 times)

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: How to edit access denied page?
« Reply #30 on: April 26, 2013, 04:43:53 pm »
Just to add, I have done the same as zentyal 3.0, ie, downloaded the blacklist from dansguardian website and chose which categories are denied and which are allowed. Than assigned the filer profile to the group.

christian

  • Guest
Re: How to edit access denied page?
« Reply #31 on: April 26, 2013, 04:55:02 pm »
OK, so I need to look back at 2.2  ;)
On my side, I confirm that is you hack squid.conf adding deny_info, Zentyal does display custom error page of your choice.

For the time being, I did some dirty but quick hack directly in /usr/share/zentyal/stubs/squid

Code: [Select]
deny_info ERR_LIST shalllist~dc~socialnet~dom
deny_info ERR_LIST shalllist~dc~socialnet~urls

then I added custom page (ERR_LIST) in /usr/share/squid3/errors/templates/

restarted Squid and when I try to access facebook, my customized error page is displayed.

So if you do it manually, this is really painful but as squid.conf is built when HTTP proxy start, with some development skill (that I don't have even spending hours at this :-[) you can generate squid conf that will, like building ACL, add the deny_info directive.

Next step is to point to the right custom page pragmatically but this should not be an issue.

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: How to edit access denied page?
« Reply #32 on: April 27, 2013, 08:11:23 am »
Hi Christian,

Thanks for your response :). OK so by that way at least we know that it is possible to display the category of the website being blocked. The only disadvantage as you said is that it takes a long time to do.

Today I am going to install Zentyal 2.2 at home and try to figure out how to display the category. I do not mind using a previous version as long as it works correctly :). At least in version 2.2, the category is present but it is set to N/A and I am assuming it could be easier with this version rather than v3. What do you think? Thanks and happy weekend :)

christian

  • Guest
Re: How to edit access denied page?
« Reply #33 on: April 27, 2013, 08:24:53 am »
I think that the category concept here is somewhat external to any control engine (would it be DansGuardian or Squid) as this is "only" a way of classifying URLs and domains.
What it does at he end, at least in Squid, is to deny list of domain but these domains are by no mean "stamped" with any category, reason why Squid can't show it.

Again assuming my understanding is correct, if you decide to build your own list with different categorization, it will work exactly the same.
What you can do it to show, in your custom error page, the ACL or rule denying access (this is what I suggest with my above example).

This is for Squid.

For Dansguardian's based implementation, I didn't investigate as this is not manageable using Zentyal GUI.

Last but not least I don't think you will get anything better with 2.2  :-\

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: How to edit access denied page?
« Reply #34 on: April 27, 2013, 08:30:18 am »
Hi Christian,

Well actually I am not going to build my own categorized list and sorry if I was understood that way. I am always going to make use of the blacklist file downloaded from Dansguardian website. In fact in both v3 and v2 I have imported this file.

Don't know if that makes a difference but, ie, using the blacklist file from Dansguardian or building one yourself? Thanks

christian

  • Guest
Re: How to edit access denied page?
« Reply #35 on: April 27, 2013, 08:56:03 am »
No need to apologize, in fact I was not clear on my side.
What I meant to say is that category is something external to URL or domain.
e.g. your blacklist shows facebook as "social networking" while you could (I'm not saying you will), if you were building your own list, classify it as "extremely useful tool".

There is no intrinsic category and, this is my main point, what you get at the end is only a list of domain or URL associated to Squid ACL rule. This is the only tangible information you can display, for what I understand.

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: How to edit access denied page?
« Reply #36 on: April 27, 2013, 09:20:55 am »
Oh right I got a clear picture of what you're saying which makes good sense. Well at this stage all I could do is try to change some settings maybe I get something don't know. That's why such feature has to be added to Zentyal because as I have explained in the contribute section (ideas), is that either the Squid HTML is edited to display the category or else edit Zentyal source code so that from the GUI once you are doing categories and that, you will be actually editing Dansguardian instead of Squid. Reason being is that Dansguardian displays the category.

christian

  • Guest
Re: How to edit access denied page?
« Reply #37 on: April 27, 2013, 09:34:39 am »
Again, I might be wrong but what I understand is that Dansguardian displays category for content filtering which is different:
- once page is accessed, content is analysed and then classified depending on matching rules.
- Dansguardian basically displays matching and may prevent access.

Squid domain category ACL can't even know what your list really means. This is only a list with some ACL name that makes sense for you (only) and hopefully for Zentyal web interface too.

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: How to edit access denied page?
« Reply #38 on: April 29, 2013, 11:05:16 am »
Hi Christian,

Did not have that much time this weekend to view the configuration. Now I am working on it (v2.2) and I think its better when compared to v3. The reason is that in v2.2, it makes use of squid for time restrictions and dansguardian to block websites. In fact I went to /etc/dansguardian/lists and chose one of the lists, which in my case was bannedsitelist3 and the configuration is listed in the screenshot.

So apparently the system works this way (the way that I am seeing it) - it first checks if the particular website is permitted via the categories which are blacklisted; if it is blacklisted it stops the user from continuing and displays access denied WITHOUT the category; if it is not blacklisted, it checks with squid regarding the time restriction.

So basically as you have said Christian is that I want to tell dansguardian somehow that if website X is being blocked by category Y, display category Y. Right now it is only stopping on blocking because it does not have the right "coding" to display the category (that which I want to focus on).

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: How to edit access denied page?
« Reply #39 on: April 29, 2013, 11:51:55 am »
SUCCESS!!!!!!! Its finally working :D

OK here is what I have done (based on my configuration):

1) First I went to the following path - /etc/dansguardian/extralists/strict_filter/archives/blacklist2/blacklists/ecommerce

2) Then I went to domains file

3) Once I went to the domains file, you could see a whole list of domains and in this point we are interested that if a user goes into any of such domains, the cateory ecommerce will be displayed.

4) The solution is that at the top of the list you will have to write the following - #listcategory: "ecommerce"

5) Close, save and restart dansguardian and viola should work :)

The only trouble thing is that you have to do this for every category that you want to block such as ecommerce, news etc....


mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: [SOLVED] How to edit access denied page?
« Reply #40 on: April 30, 2013, 01:30:19 pm »
A little update on the previous post....when one restarts Zentyal, all configuration will be lost!!

christian

  • Guest
Re: [SOLVED] How to edit access denied page?
« Reply #41 on: April 30, 2013, 01:43:59 pm »
I'm glad you finally found answer to your initial problem.
Reason why changes are not kept after reboot or service start is described here.

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: [SOLVED] How to edit access denied page?
« Reply #42 on: April 30, 2013, 01:49:13 pm »
Thanks Christian will try that out :). I have posted another topic regarding time restrictions since it works differently when compared to v3. I really appreciate if you could help me out please and sorry for bothering you. Thanks for your patience

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: How to edit access denied page?
« Reply #43 on: May 08, 2013, 08:10:45 am »
OK, so I need to look back at 2.2  ;)
On my side, I confirm that is you hack squid.conf adding deny_info, Zentyal does display custom error page of your choice.

For the time being, I did some dirty but quick hack directly in /usr/share/zentyal/stubs/squid

Code: [Select]
deny_info ERR_LIST shalllist~dc~socialnet~dom
deny_info ERR_LIST shalllist~dc~socialnet~urls

then I added custom page (ERR_LIST) in /usr/share/squid3/errors/templates/

restarted Squid and when I try to access facebook, my customized error page is displayed.

So if you do it manually, this is really painful but as squid.conf is built when HTTP proxy start, with some development skill (that I don't have even spending hours at this :-[) you can generate squid conf that will, like building ACL, add the deny_info directive.

Next step is to point to the right custom page pragmatically but this should not be an issue.

Hi Christian,

Thinking about what you have said to me about the deny_info.

I went to /usr/share/zentyal/stubs/squid but there is a long list of code. Where should I put the deny_info lines please? I have a long list to make so I am going to try them out :). Thanks

christian

  • Guest
Re: [SOLVED] How to edit access denied page?
« Reply #44 on: May 08, 2013, 08:46:40 am »
I'm currently away, far from my server with no remote access.
I'll look at this on Friday when I'm back.
In the meantime, Squid documentation may help. These "deny" drirectives are part of ACL