Triggers a custom action when a site is blocked/denied. Works by monitoring the access log of Dansguardian or e2guardian.
DansGuardian is an award winning Open Source web content filter. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.
e2guardian is a fork of Dansguardian Project with many improvements and bug fixes, e2guardian is a web content filtering proxy that works in conjunction with another caching proxy such as Squid.
gem install dansguardian_denied_action
dansguardian_denied_action
follows the Observer pattern. See more information from the Ruby Rdocs. You can add as many observers as you'd like that are triggered when a denied action log is added to the access log. An observer is an instance of a class that has an update
method defined. The update
method is called whenever the observer is notified (when there is a denied log).
Currently only log file format 2 (CSV-style format) is supported. Please contribute if you'd like more formats supported. Make sure your /etc/dansguardian/dansguardian.conf
has the logfileformat
set as 2
. For example:
# Log File Format
# 1 = DansGuardian format (space delimited)
# 2 = CSV-style format
# 3 = Squid Log File Format
# 4 = Tab delimited
# 5 = Protex format
# 6 = Protex format with server field blanked
logfileformat = 2
require 'dansguardian_denied_action'
# An observer class that outputs to the screen
class OutputToScreen
def update( log )
puts "IP: #{log.requesting_ip}"
puts "URL: #{log.requested_url}"
puts "Category: #{log.category}"
end
end
# An observer class that sends an email
class SendEmail
def update( log )
message = "Denied page accessed!\n\n"
message << "IP: #{log.requesting_ip}\n"
message << "URL: #{log.requested_url}\n"
message << "Category: #{log.category}"
`echo "#{message}" | mail -s "Denied page" [email protected]`
end
end
# Initialize the access log class and select the format of dansguardian
@access_log = DansguardianDeniedAction::AccessLog.new( format: DansguardianDeniedAction::LOG_FORMAT_CSV )
# Add as many observers as you'd like
@access_log.add_observer( OutputToScreen.new )
@access_log.add_observer( SendEmail.new )
# Call the monitor method to monitor the log and notify
# your observers when a blocked page is accessed
@access_log.monitor
If you want to trigger your observers on an action other than DENIED
, you can specify one like so:
@access_log = DansguardianDeniedAction::AccessLog.new(
format: DansguardianDeniedAction::LOG_FORMAT_CSV,
action: 'INFECTED'
)
If you are using e2guardian rather than dansguardian, you want to point to the correct log path. For example:
@access_log = DansguardianDeniedAction::AccessLog.new(
format: DansguardianDeniedAction::LOG_FORMAT_CSV,
path: '/var/log/e2guardian/access.log'
)
Your observer class which as the update
method defined accepts a log
as it's sole argument. This is an instance of DansguardianDeniedAction::Log
. The accessor methods available include:
- raw
- date_time
- requesting_user
- requesting_ip
- requested_url
- actions
- reason
- subreason
- method
- size
- weight
- category
- filter_group_number
- http_code
- mime_type
- client_name
- filter_group_name
- user_agent
More information on the data within these accessor methods can be found on the DansGuardian Documentation Wiki.
Bug reports and pull requests are welcome on GitHub at https://github.com/eterry1388/dansguardian_denied_action. Please make sure
all tests pass before making a pull request. The tests require an OS with a /tmp
directory.
rspec
The output should look something like this:
DansguardianDeniedAction
DansguardianDeniedAction::AccessLog
Updates observer for every new log
logs
DansguardianDeniedAction::CsvLog
raw
should eq "\"2016.1.8 19:46:10\",\"fred\",\"192.168.0.1\",\"http://example.com\",\"*DENIED* Banned site: example.com\",\"GET\",\"3804\",\"0\",\"Pornography\",\"1\",\"403\",\"text/html\",\"fred.example.com\",\"group-name\",\"Mozilla/5.0\""
date_time
should eq "2016.1.8 19:46:10"
requesting_user
should eq "fred"
requesting_ip
should eq "192.168.0.1"
requested_url
should eq "http://example.com"
actions
should eq "DENIED"
reason
should eq "Banned site: example.com"
subreason
should eq "Banned site: example.com"
method
should eq "GET"
size
should eq 3804
weight
should eq 0
category
should eq "Pornography"
filter_group_number
should eq 1
http_code
should eq 403
mime_type
should eq "text/html"
client_name
should eq "fred.example.com"
filter_group_name
should eq "group-name"
user_agent
should eq "Mozilla/5.0"
Finished in 4.03 seconds (files took 0.10009 seconds to load)
19 examples, 0 failures
The gem is available as open source under the terms of the MIT License.