Bug 36819 - Dansguardian: contentfilter dansguardian/groups/.*/banned not working
Dansguardian: contentfilter dansguardian/groups/.*/banned not working
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Dansguardian
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0
Assigned To: Arvid Requate
Felix Botner
: interim-4
Depends on:
Blocks: 37012
  Show dependency treegraph
 
Reported: 2014-11-18 15:36 CET by Drees Dormann
Modified: 2014-11-26 07:05 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Drees Dormann univentionstaff 2014-11-18 15:36:32 CET
All dansguardian/groups/.*/banned settings are not applied.

So for example banned sites can still be reached ( log shows they are scanned but access is not denied)
also extensions / mimetypes settings are ignored.

The dansuardian/groups/.*/exception settings seem to work though.
Comment 1 Felix Botner univentionstaff 2014-11-18 17:12:17 CET
this works for me

dansguardian/groups/defaultgroup/banned/sites: www.google.de


but it seems that our patches are not applied (and our patches overwrite the debian/patches/series file!!!!!)
Comment 2 Arvid Requate univentionstaff 2014-11-18 17:18:42 CET
It's probably because dansguardian still uses dpatch, at least this is in the build logs:

dh build --with dpatch,autotools_dev,autoreconf
   dh_testdir
   dh_dpatch_patch
Comment 3 Arvid Requate univentionstaff 2014-11-18 17:45:37 CET
Fixed. From the new build log:

applying patch univention-00-query-filter-groups-from-nss to ./ ... ok.
applying patch univention-03-fix-ntlm-auth to ./ ... ok.

Changelog not required.
Comment 4 Felix Botner univentionstaff 2014-11-18 18:12:58 CET
OK

-> ucr get dansguardian/groups
default_group;www;www2

-> ucr get dansguardian/groups/default_group/banned/sites 
www.google.de
-> ucr get dansguardian/groups/www/banned/sites 
www.spiegel.de
-> ucr get dansguardian/groups/www2/banned/sites 
www.google.de

/var/log/dansguardian/access.log:
2014.11.18 18:08:31 - 192.168.0.68 http://www.google.de *DENIED* Verbotene Seite: www.google.de GET 0 0  1 403 text/html  default_group -
2014.11.18 18:08:39 test1 192.168.0.68 http://www.google.de *DENIED* Verbotene Seite: www.google.de GET 0 0  3 403 -  www2 -
2014.11.18 18:09:33 Administrator 192.168.0.68 http://www.google.de *SCANNED*  GET 4960 0  2 200 text/html  www -
Comment 5 Stefan Gohmann univentionstaff 2014-11-26 06:55:10 CET
UCS 4.0-0 has been released:
 http://docs.univention.de/release-notes-4.0-0-en.html
 http://docs.univention.de/release-notes-4.0-0-de.html

If this error occurs again, please use "Clone This Bug".