From patchwork Wed May 1 02:16:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2225 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 9C91B85BD81 for ; Tue, 30 Apr 2019 17:17:20 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44tmrc0tJFz5Btsl; Tue, 30 Apr 2019 17:17:20 +0100 (BST) Received: from ipfire.tremer.co.uk (unknown [88.215.19.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44tmrT1mhVz5Dw8Y; Tue, 30 Apr 2019 17:17:13 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556641033; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=5VX5FmMoKlWB3wQYRFl1/1bywcJROrc5yJ/We7jwFII=; b=DggvigS8Qo5+FrWI+MFoA6N0KosFO4FEdOlxjl0wFEWE2v8xT143fZNKonHOIDllckYwqU U4HoL0frPCxJQpkQ9E9A5yeLkTNDM0t46EHGgyqkfxomO+MVM8XqhgW/On+/7F6GmkWrLL IPQoUhKHRMZDWnHmJrMP+Iy6Ao6QMB4kY+MrumKOY1GyESONjvrNiNU0cZRiTmkmzLfAtV WLcDZlPAiuYzDeDYnj9D2xdwe3XMw89MEVK+QFcpoTnS9YtHu5UrEjYKgjXm2iQk/QjF/l /Sv0qy03rKKBTk/rjTb/X7gBokwN9dt1a00ccQN8pyt992sY5QXPbraDT9Ze0g== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556641033; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=5VX5FmMoKlWB3wQYRFl1/1bywcJROrc5yJ/We7jwFII=; b=sCC0cpHfd4JrmwqrDKYl3hVRr8wAZIRxxgNzGdBEHIj0yiW5ItOhrEAgfcm78+qYMt073Z P99eqEyJdH7wGcAw== From: Michael Tremer To: development@lists.ipfire.org Subject: [RFC PATCH 1/8] unbound: Add switch to enable Google Safe Search Date: Tue, 30 Apr 2019 17:16:38 +0100 Message-Id: <20190430161645.24261-2-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20190430161645.24261-1-michael.tremer@ipfire.org> References: <20190430161645.24261-1-michael.tremer@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ms smtp.mailfrom=michael.tremer@ipfire.org Cc: Michael Tremer X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- src/initscripts/system/unbound | 215 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 215 insertions(+) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index fbb096e0d..4ac8331dc 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL="dnssec-failed.org" INSECURE_ZONES= USE_FORWARDERS=1 +ENABLE_SAFE_SEARCH=off # Cache any local zones for 60 seconds LOCAL_TTL=60 @@ -21,6 +22,202 @@ LOCAL_TTL=60 # EDNS buffer size EDNS_DEFAULT_BUFFER_SIZE=4096 +GOOGLE_TLDS=( + google.ad + google.ae + google.al + google.am + google.as + google.at + google.az + google.ba + google.be + google.bf + google.bg + google.bi + google.bj + google.bs + google.bt + google.by + google.ca + google.cat + google.cd + google.cf + google.cg + google.ch + google.ci + google.cl + google.cm + google.cn + google.co.ao + google.co.bw + google.co.ck + google.co.cr + google.co.id + google.co.il + google.co.in + google.co.jp + google.co.ke + google.co.kr + google.co.ls + google.com + google.co.ma + google.com.af + google.com.ag + google.com.ai + google.com.ar + google.com.au + google.com.bd + google.com.bh + google.com.bn + google.com.bo + google.com.br + google.com.bz + google.com.co + google.com.cu + google.com.cy + google.com.do + google.com.ec + google.com.eg + google.com.et + google.com.fj + google.com.gh + google.com.gi + google.com.gt + google.com.hk + google.com.jm + google.com.kh + google.com.kw + google.com.lb + google.com.ly + google.com.mm + google.com.mt + google.com.mx + google.com.my + google.com.na + google.com.nf + google.com.ng + google.com.ni + google.com.np + google.com.om + google.com.pa + google.com.pe + google.com.pg + google.com.ph + google.com.pk + google.com.pr + google.com.py + google.com.qa + google.com.sa + google.com.sb + google.com.sg + google.com.sl + google.com.sv + google.com.tj + google.com.tr + google.com.tw + google.com.ua + google.com.uy + google.com.vc + google.com.vn + google.co.mz + google.co.nz + google.co.th + google.co.tz + google.co.ug + google.co.uk + google.co.uz + google.co.ve + google.co.vi + google.co.za + google.co.zm + google.co.zw + google.cv + google.cz + google.de + google.dj + google.dk + google.dm + google.dz + google.ee + google.es + google.fi + google.fm + google.fr + google.ga + google.ge + google.gg + google.gl + google.gm + google.gp + google.gr + google.gy + google.hn + google.hr + google.ht + google.hu + google.ie + google.im + google.iq + google.is + google.it + google.je + google.jo + google.kg + google.ki + google.kz + google.la + google.li + google.lk + google.lt + google.lu + google.lv + google.md + google.me + google.mg + google.mk + google.ml + google.mn + google.ms + google.mu + google.mv + google.mw + google.ne + google.nl + google.no + google.nr + google.nu + google.pl + google.pn + google.ps + google.pt + google.ro + google.rs + google.ru + google.rw + google.sc + google.se + google.sh + google.si + google.sk + google.sm + google.sn + google.so + google.sr + google.st + google.td + google.tg + google.tk + google.tl + google.tm + google.tn + google.to + google.tt + google.vg + google.vu + google.ws +) + # Load optional configuration [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound @@ -481,6 +678,21 @@ fix_time_if_dns_fail() { fi } +# Sets up Safe Search for various search engines +setup_safe_search() { + # Nothing to do if safe search is not enabled + if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then + return 0 + fi + + local domain + + # Google + for domain in ${GOOGLE_TLDS[@]}; do + unbound-control local_data "${domain} CNAME forcesafesearch.google.com." + done +} + case "$1" in start) # Print a nicer messagen when unbound is already running @@ -501,6 +713,9 @@ case "$1" in # Make own hostname resolveable own_hostname + # Setup Safe Search + setup_safe_search + # Update any known forwarding name servers update_forwarders From patchwork Wed May 1 02:16:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2226 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 278D585BD81 for ; Tue, 30 Apr 2019 17:17:24 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44tmrg5GD2z5Dw80; Tue, 30 Apr 2019 17:17:23 +0100 (BST) Received: from ipfire.tremer.co.uk (unknown [88.215.19.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44tmrT5PpQz55Jp1; Tue, 30 Apr 2019 17:17:13 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556641033; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=fyQEzqApEKXtTl7c82Zl+nsfOmSBVKJ7B8JFbhg0uxE=; b=vXSj68aP7CUOhJrq9oS0OWCv0VLcpC8ssdipZHa5thdYSDW0L8Jj8USNx3q5hnk7p3KjwA lvb3oUxVr74XtUzjXIDUtVbJSkA0nv5/BY3Lk5dWIzjnD86sVD73M6DTLleXPYgk3zJIu3 Gay7uy8xXNGFph+T5OFDAeKbWNxhj+8giTRt/ouLLBrHI+D6iHlC+XrOxjphg5tPwRJ1Ka R5T54UnmyADIft6FifkpX889hnFMV6T2mFZMnAryr9kGGmnr3KMIH0x4RNPS4JVDsNtyNT +4wqbgsaYzT7yrht6xDSZ37CUX9vhhaiQbdhIoXdGzRBCLNKrpbhAAUYAZ8uyg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556641033; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=fyQEzqApEKXtTl7c82Zl+nsfOmSBVKJ7B8JFbhg0uxE=; b=0HS/RiCzSwsj5UZ9da4BtcTqgjSe+AvWgeS4kAu7wiu/LN8C8Y0V0nDAe3KtZADgzmplTi U1v31ZRRQY0dB1BA== From: Michael Tremer To: development@lists.ipfire.org Subject: [RFC PATCH 2/8] unbound: Enable Bing SafeSearch Date: Tue, 30 Apr 2019 17:16:39 +0100 Message-Id: <20190430161645.24261-3-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20190430161645.24261-1-michael.tremer@ipfire.org> References: <20190430161645.24261-1-michael.tremer@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ms smtp.mailfrom=michael.tremer@ipfire.org Cc: Michael Tremer X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- src/initscripts/system/unbound | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 4ac8331dc..3b4da1dff 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -687,6 +687,9 @@ setup_safe_search() { local domain + # Bing + unbound-control local_data "bind.com CNAME strict.bing.com." + # Google for domain in ${GOOGLE_TLDS[@]}; do unbound-control local_data "${domain} CNAME forcesafesearch.google.com." From patchwork Wed May 1 02:16:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2227 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 4EE9985BD81 for ; Tue, 30 Apr 2019 17:17:27 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44tmrk6QRYz5H9PF; Tue, 30 Apr 2019 17:17:26 +0100 (BST) Received: from ipfire.tremer.co.uk (unknown [88.215.19.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44tmrV1lt1z4yv6V; Tue, 30 Apr 2019 17:17:14 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556641034; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=WwkVqLbtfTIR+y/FTmKmQpkLZ+rv2tWEXBxZw3o0eno=; b=VOe4j60jdt8acC/h28zQfvDsqCM2QYrT1yTybLGsYD8qcnyqcI+WQc2xWMl9hIR9RYYFNQ 3ZhxIpGo4gnFDCcz+Hpgs9PpKO+wsqMlmdvEDTTyJst++NE60vYFID6643p96gYTIlYWK7 iZAmEBo8W08faCbyUBcpwqZ4pAxxO3rsmrJqgDJSsAG1M+wUDIYsndlnFW5A4sePsvoBrV uA/y5JvOMvivNS/4uTX0/KROdjJvBgvIOlr6xqSS/6vxngpD9cNyvDhJxnm/u80nfL3u9K FSDjzkwXQaEzMxob5ESXRSdBFkgeUoqxGCm5iE6vanuX5nh19BrJU8lPe1OEjg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556641034; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=WwkVqLbtfTIR+y/FTmKmQpkLZ+rv2tWEXBxZw3o0eno=; b=nlVScBPrjThoDV4nOjSH4BU6HUZj/kL77bho76DXLle9mLckCrPD9eyQ+CI8ZzayQwJyGv mU2BpQIpq9TmcoBw== From: Michael Tremer To: development@lists.ipfire.org Subject: [RFC PATCH 3/8] unbound: Enbale DuckDuckGo safe search Date: Tue, 30 Apr 2019 17:16:40 +0100 Message-Id: <20190430161645.24261-4-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20190430161645.24261-1-michael.tremer@ipfire.org> References: <20190430161645.24261-1-michael.tremer@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ms smtp.mailfrom=michael.tremer@ipfire.org Cc: Michael Tremer X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- src/initscripts/system/unbound | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 3b4da1dff..41117904f 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -690,6 +690,9 @@ setup_safe_search() { # Bing unbound-control local_data "bind.com CNAME strict.bing.com." + # DuckDuckGo + unbound-control local_data "duckduckgo.com CNAME safe.duckduckgo.com." + # Google for domain in ${GOOGLE_TLDS[@]}; do unbound-control local_data "${domain} CNAME forcesafesearch.google.com." From patchwork Wed May 1 02:16:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2228 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 8D6C485BD81 for ; Tue, 30 Apr 2019 17:17:30 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44tmrp0vlqz57JhQ; Tue, 30 Apr 2019 17:17:30 +0100 (BST) Received: from ipfire.tremer.co.uk (unknown [88.215.19.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44tmrV59s5z55Jp2; Tue, 30 Apr 2019 17:17:14 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556641035; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=aCN32L5GnAPgP/oDrOqVtvh6ZolmXMut+cF37uxg2pw=; b=fmIUqHx0Be5sfs0HrInHFVbDFac7QkRtd5y6Vpa9KYaTqZCifYkX7oerEd20aXrtr21JDH WIhWdxJhFq42bHJu2vhCUdDD4IwCNFq10uIryTJIoyjl1PMhuW6vXtuYw17CXlattupM6u GSjfWXBAqwisIQrH0wYhFgX7KY0onPu3GDbhJ9VK6Fa2jwNIuLSbcg4Wo4wcLBNXlP9hBj +6qY8HbkcncwnhrOfDFGOW//iAR7DF9BMhRZR2rvht3I0nWB0l0DP9/02FFPQu5aIkpfrg LPq0wvT7Jjv9UKunOUYwXTc9DSLk/lC4qKhDJp7ykOfnD5Nfc0l1q0pCCSoR/Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556641035; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=aCN32L5GnAPgP/oDrOqVtvh6ZolmXMut+cF37uxg2pw=; b=k5BGlkOpqPcZlAecY6Pebl6jJjBjpX3oT6x8Is5TWBKKzDO/k78+57tBOsWlne627cViiF 9e0zj4r2rh69UJDA== From: Michael Tremer To: development@lists.ipfire.org Subject: [RFC PATCH 4/8] unbound: Move Safe Search zone setup to configuration file Date: Tue, 30 Apr 2019 17:16:41 +0100 Message-Id: <20190430161645.24261-5-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20190430161645.24261-1-michael.tremer@ipfire.org> References: <20190430161645.24261-1-michael.tremer@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ms smtp.mailfrom=michael.tremer@ipfire.org Cc: Michael Tremer X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- config/unbound/unbound.conf | 3 + src/initscripts/system/unbound | 431 +++++++++++++++++++++-------------------- 2 files changed, 221 insertions(+), 213 deletions(-) diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index e20c3330d..4d492a5bc 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -81,6 +81,9 @@ server: # Include any forward zones include: "/etc/unbound/forward.conf" + # Include safe search settings + include: "/etc/unbound/safe-search.conf" + remote-control: control-enable: yes control-use-cert: no diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 41117904f..951fda7ab 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -22,202 +22,6 @@ LOCAL_TTL=60 # EDNS buffer size EDNS_DEFAULT_BUFFER_SIZE=4096 -GOOGLE_TLDS=( - google.ad - google.ae - google.al - google.am - google.as - google.at - google.az - google.ba - google.be - google.bf - google.bg - google.bi - google.bj - google.bs - google.bt - google.by - google.ca - google.cat - google.cd - google.cf - google.cg - google.ch - google.ci - google.cl - google.cm - google.cn - google.co.ao - google.co.bw - google.co.ck - google.co.cr - google.co.id - google.co.il - google.co.in - google.co.jp - google.co.ke - google.co.kr - google.co.ls - google.com - google.co.ma - google.com.af - google.com.ag - google.com.ai - google.com.ar - google.com.au - google.com.bd - google.com.bh - google.com.bn - google.com.bo - google.com.br - google.com.bz - google.com.co - google.com.cu - google.com.cy - google.com.do - google.com.ec - google.com.eg - google.com.et - google.com.fj - google.com.gh - google.com.gi - google.com.gt - google.com.hk - google.com.jm - google.com.kh - google.com.kw - google.com.lb - google.com.ly - google.com.mm - google.com.mt - google.com.mx - google.com.my - google.com.na - google.com.nf - google.com.ng - google.com.ni - google.com.np - google.com.om - google.com.pa - google.com.pe - google.com.pg - google.com.ph - google.com.pk - google.com.pr - google.com.py - google.com.qa - google.com.sa - google.com.sb - google.com.sg - google.com.sl - google.com.sv - google.com.tj - google.com.tr - google.com.tw - google.com.ua - google.com.uy - google.com.vc - google.com.vn - google.co.mz - google.co.nz - google.co.th - google.co.tz - google.co.ug - google.co.uk - google.co.uz - google.co.ve - google.co.vi - google.co.za - google.co.zm - google.co.zw - google.cv - google.cz - google.de - google.dj - google.dk - google.dm - google.dz - google.ee - google.es - google.fi - google.fm - google.fr - google.ga - google.ge - google.gg - google.gl - google.gm - google.gp - google.gr - google.gy - google.hn - google.hr - google.ht - google.hu - google.ie - google.im - google.iq - google.is - google.it - google.je - google.jo - google.kg - google.ki - google.kz - google.la - google.li - google.lk - google.lt - google.lu - google.lv - google.md - google.me - google.mg - google.mk - google.ml - google.mn - google.ms - google.mu - google.mv - google.mw - google.ne - google.nl - google.no - google.nr - google.nu - google.pl - google.pn - google.ps - google.pt - google.ro - google.rs - google.ru - google.rw - google.sc - google.se - google.sh - google.si - google.sk - google.sm - google.sn - google.so - google.sr - google.st - google.td - google.tg - google.tk - google.tl - google.tm - google.tn - google.to - google.tt - google.vg - google.vu - google.ws -) - # Load optional configuration [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound @@ -679,24 +483,227 @@ fix_time_if_dns_fail() { } # Sets up Safe Search for various search engines -setup_safe_search() { - # Nothing to do if safe search is not enabled - if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then - return 0 - fi +write_safe_search_conf() { + local google_tlds=( + google.ad + google.ae + google.al + google.am + google.as + google.at + google.az + google.ba + google.be + google.bf + google.bg + google.bi + google.bj + google.bs + google.bt + google.by + google.ca + google.cat + google.cd + google.cf + google.cg + google.ch + google.ci + google.cl + google.cm + google.cn + google.co.ao + google.co.bw + google.co.ck + google.co.cr + google.co.id + google.co.il + google.co.in + google.co.jp + google.co.ke + google.co.kr + google.co.ls + google.com + google.co.ma + google.com.af + google.com.ag + google.com.ai + google.com.ar + google.com.au + google.com.bd + google.com.bh + google.com.bn + google.com.bo + google.com.br + google.com.bz + google.com.co + google.com.cu + google.com.cy + google.com.do + google.com.ec + google.com.eg + google.com.et + google.com.fj + google.com.gh + google.com.gi + google.com.gt + google.com.hk + google.com.jm + google.com.kh + google.com.kw + google.com.lb + google.com.ly + google.com.mm + google.com.mt + google.com.mx + google.com.my + google.com.na + google.com.nf + google.com.ng + google.com.ni + google.com.np + google.com.om + google.com.pa + google.com.pe + google.com.pg + google.com.ph + google.com.pk + google.com.pr + google.com.py + google.com.qa + google.com.sa + google.com.sb + google.com.sg + google.com.sl + google.com.sv + google.com.tj + google.com.tr + google.com.tw + google.com.ua + google.com.uy + google.com.vc + google.com.vn + google.co.mz + google.co.nz + google.co.th + google.co.tz + google.co.ug + google.co.uk + google.co.uz + google.co.ve + google.co.vi + google.co.za + google.co.zm + google.co.zw + google.cv + google.cz + google.de + google.dj + google.dk + google.dm + google.dz + google.ee + google.es + google.fi + google.fm + google.fr + google.ga + google.ge + google.gg + google.gl + google.gm + google.gp + google.gr + google.gy + google.hn + google.hr + google.ht + google.hu + google.ie + google.im + google.iq + google.is + google.it + google.je + google.jo + google.kg + google.ki + google.kz + google.la + google.li + google.lk + google.lt + google.lu + google.lv + google.md + google.me + google.mg + google.mk + google.ml + google.mn + google.ms + google.mu + google.mv + google.mw + google.ne + google.nl + google.no + google.nr + google.nu + google.pl + google.pn + google.ps + google.pt + google.ro + google.rs + google.ru + google.rw + google.sc + google.se + google.sh + google.si + google.sk + google.sm + google.sn + google.so + google.sr + google.st + google.td + google.tg + google.tk + google.tl + google.tm + google.tn + google.to + google.tt + google.vg + google.vu + google.ws + ) + + ( + # Nothing to do if safe search is not enabled + if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then + exit 0 + fi - local domain + # This all belongs into the server: section + echo "server:" - # Bing - unbound-control local_data "bind.com CNAME strict.bing.com." + # Bing + echo " local-zone: bing.com transparent" + echo " local-data: \"bing.com CNAME strict.bing.com.\"" - # DuckDuckGo - unbound-control local_data "duckduckgo.com CNAME safe.duckduckgo.com." + # DuckDuckGo + echo " local-zone: duckduckgo.com transparent" + echo " local-data: \"duckduckgo.com CNAME safe.duckduckgo.com.\"" - # Google - for domain in ${GOOGLE_TLDS[@]}; do - unbound-control local_data "${domain} CNAME forcesafesearch.google.com." - done + # Google + local domain + for domain in ${google_tlds[@]}; do + echo " local-zone: ${domain} transparent" + echo " local-data: \"${domain} CNAME forcesafesearch.google.com.\"" + done + ) > /etc/unbound/safe-search.conf } case "$1" in @@ -712,6 +719,7 @@ case "$1" in # Update configuration files write_tuning_conf write_forward_conf + write_safe_search_conf boot_mesg "Starting Unbound DNS Proxy..." loadproc /usr/sbin/unbound || exit $? @@ -719,9 +727,6 @@ case "$1" in # Make own hostname resolveable own_hostname - # Setup Safe Search - setup_safe_search - # Update any known forwarding name servers update_forwarders From patchwork Wed May 1 02:16:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2229 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id E009185BD81 for ; Tue, 30 Apr 2019 17:17:33 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44tmrs3TQxz5Btsl; Tue, 30 Apr 2019 17:17:33 +0100 (BST) Received: from ipfire.tremer.co.uk (unknown [88.215.19.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44tmrW2Yk5z57JhQ; Tue, 30 Apr 2019 17:17:15 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556641035; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=hZ4iLfEG7kAED4/s19oAOPGRileN4xwRkv/OKEGnCEk=; b=RH0n7qUVlGPsl3wEWdUC4AtuzNhw/SHKm8quUzhKOV2dwerw5UDoUdveY82iNQ4rNe7xOP 0i0XCT4ZwWqlvjv+WCpYcBTycZaPBJeJ6jd5VoGnjRvgta4eJa5nG8L8bU7fkT2o1JZlGh 4IbQARKRKQZDagWv5IL/wUyre9tp/8DDLHESMAdBnMjHqer53Ca9my/cS0Mi1AJcOdeq3b hwfB6LxnFAwy3jDNSywmhHElSSkxm8zoq9N8kLFO3a+t6ByzJ7W1N33QhSNqwF6EWJvLdN /bzT2frPkHt4Zu+yrs6ThI4eo5KBQDVvDMzgQpRaWRw6gtqsqwO/Q+HZ+yytXw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556641035; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=hZ4iLfEG7kAED4/s19oAOPGRileN4xwRkv/OKEGnCEk=; b=wky6xVOZKR+hzuUyw5q4oXXnJbpxkm6CQTFxqqG59CELXtKxxl/Uid7/gc5gfF/qxzcDEy 8VmFzYOKjVsscUAw== From: Michael Tremer To: development@lists.ipfire.org Subject: [RFC PATCH 5/8] unbound: Add Yandex Safe Search Date: Tue, 30 Apr 2019 17:16:42 +0100 Message-Id: <20190430161645.24261-6-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20190430161645.24261-1-michael.tremer@ipfire.org> References: <20190430161645.24261-1-michael.tremer@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ms smtp.mailfrom=michael.tremer@ipfire.org Cc: Michael Tremer X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- src/initscripts/system/unbound | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 951fda7ab..388b65c03 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -703,6 +703,10 @@ write_safe_search_conf() { echo " local-zone: ${domain} transparent" echo " local-data: \"${domain} CNAME forcesafesearch.google.com.\"" done + + # Yandex + echo " local-zone: yandex.ru transparent" + echo " local-data: \"yandex.ru A 213.180.193.56\"" ) > /etc/unbound/safe-search.conf } From patchwork Wed May 1 02:16:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2230 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 0154685BD81 for ; Tue, 30 Apr 2019 17:17:37 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44tmrw4Ff1z57JhQ; Tue, 30 Apr 2019 17:17:36 +0100 (BST) Received: from ipfire.tremer.co.uk (unknown [88.215.19.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44tmrW6JByz57Jhg; Tue, 30 Apr 2019 17:17:15 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556641036; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=2uA7VraLhm7ewaRxpQbi0kg/CRpsy1jMexN+zNRtecs=; b=YtiXDCdWJXgEgUGA7OsfCNZ3h+tdEGgmc1Z2ZSG9mcLXvHF/20OkEEf5WHcezx2+oXmqkp C4x4EggTuDKbgKaAhB3q2nt/Qecrr++F/Vy/xzxg1+k91HCiN7AdEU9LTSKGBW7O+MuKae +Cp2IqXCPe1CKW6tj5PEUFklY7ENHtXKnNHBKFOifx3sUk9mYBhrhU4hXJ6JepvsCdml8R SXmY0j6rYXcvyE+20fM1GEpLDrc3FaIWPiF144hYtoxki/lHviFRBO7nZwgGPDRYB+nxtL DS95AxSN70Gw5fJ8EB26ao85XxcOLV1NfD2Yf3IScnmrgD9sGmvzMpCaLBR4Yg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556641036; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=2uA7VraLhm7ewaRxpQbi0kg/CRpsy1jMexN+zNRtecs=; b=fzYjtf4Ov2HlgmIGibFkIN5fFbsXaJxrkJveejkOXRzqCQ2w/r8muesRK+T7iyrVgbo2Qp eaNQbY7aXetw1eAQ== From: Michael Tremer To: development@lists.ipfire.org Subject: [RFC PATCH 6/8] unbound: Fix Bing domain name for SafeSearch Date: Tue, 30 Apr 2019 17:16:43 +0100 Message-Id: <20190430161645.24261-7-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20190430161645.24261-1-michael.tremer@ipfire.org> References: <20190430161645.24261-1-michael.tremer@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ms smtp.mailfrom=michael.tremer@ipfire.org Cc: Michael Tremer X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- src/initscripts/system/unbound | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 388b65c03..318656b80 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -691,7 +691,7 @@ write_safe_search_conf() { # Bing echo " local-zone: bing.com transparent" - echo " local-data: \"bing.com CNAME strict.bing.com.\"" + echo " local-data: \"www.bing.com CNAME strict.bing.com.\"" # DuckDuckGo echo " local-zone: duckduckgo.com transparent" From patchwork Wed May 1 02:16:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2231 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 7202685BD81 for ; Tue, 30 Apr 2019 17:17:41 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44tms10V7Nz5H9PF; Tue, 30 Apr 2019 17:17:41 +0100 (BST) Received: from ipfire.tremer.co.uk (unknown [88.215.19.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44tmrX2xbBz57vqH; Tue, 30 Apr 2019 17:17:16 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556641036; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=E9Blmx+rV5O+pQ9IoBkYTCe5F23YpQ/RegvMYnawZe4=; b=PMddT0eqwzO/sZqReKTsVXekGAUqJQ0mr4xKWtitn/pFbOWBVf/66iBifgGSkIrCgHJf1b Jo2/HkR1JVIOW9FOOQvItHU9jHWDi7bWZgflnWyG8RQQgAl6JmHzxnGvPQyUfkgBwq25DX 8MUhS86AuPLaJUi9IMjK3djF0SzQf53WXdX9Lw2tYtTL0rttcWkXhjjEQilPtDhyXYyhgF qR0kSctD2ejByde5MvaOH3un/HP8LWgPfhB+7xqASF8ne5BkMnEVqHAqZlmAaJ4iOCc/Mn dGpOOHYi42NR/K+etw2/XgmuldPv3fKQ43d7fPp+minD/mgyLpAjpI6MnLecFg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556641036; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=E9Blmx+rV5O+pQ9IoBkYTCe5F23YpQ/RegvMYnawZe4=; b=iKxxt8Atuju5OmTdiyZQdSSEYY4LKajnfaLJ+dzw1PZVMzUZcfAieUHRXYrqSd+fGqcfDk WrAUDTwr7dsEAeBQ== From: Michael Tremer To: development@lists.ipfire.org Subject: [RFC PATCH 7/8] unbound: Fix domain name for Google Safe Search Date: Tue, 30 Apr 2019 17:16:44 +0100 Message-Id: <20190430161645.24261-8-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20190430161645.24261-1-michael.tremer@ipfire.org> References: <20190430161645.24261-1-michael.tremer@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ms smtp.mailfrom=michael.tremer@ipfire.org Cc: Michael Tremer X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- src/initscripts/system/unbound | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 318656b80..3e372ff65 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -701,7 +701,7 @@ write_safe_search_conf() { local domain for domain in ${google_tlds[@]}; do echo " local-zone: ${domain} transparent" - echo " local-data: \"${domain} CNAME forcesafesearch.google.com.\"" + echo " local-data: \"www.${domain} CNAME forcesafesearch.google.com.\"" done # Yandex From patchwork Wed May 1 02:16:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2232 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id B7B6C85BD81 for ; Tue, 30 Apr 2019 17:17:44 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44tms42CHbz5D1h7; Tue, 30 Apr 2019 17:17:44 +0100 (BST) Received: from ipfire.tremer.co.uk (unknown [88.215.19.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44tmrX6Rgcz56X2Y; Tue, 30 Apr 2019 17:17:16 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1556641037; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=6drsTBWW8KdL8cQ3/sAZ4pWREIW1YHyVCKF9F1Frt5c=; b=u1DgLmkMrE/9wuHZ4Buo1vwLdYUZQSItQEovLYpxUZTkN4JpsXE0TTPJvmIklqL1C4ESCs hZisqCNA8OGozNQUCFFRpessP5DcttHwDuMNTCAEOhVxCCp9rcQQNPSOFw9zh3QE3hAg0B ugnjReH+EjVjsDo4K3GA+Ogh3zA/9OwiZJOVTm+AZRzVZEruupIWIPrHxsJhImfp0/McA3 YIqdGUVWBih/quG1jU+kuZsLiCechKXYSzz9tPBVxFBDj6nlWaGuUvga6/T6mIemk06QVX QKUcMaq89sAcaByPsiFzYMcb8Lsz0PNFFmtWPnjDCbnV76lxgLFIFe4BMFWcsw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1556641037; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:openpgp:autocrypt; bh=6drsTBWW8KdL8cQ3/sAZ4pWREIW1YHyVCKF9F1Frt5c=; b=2x8gUEEdtCTHuO/PUx6fyX7yXITUOUp5/9v6hLfARAPEudoTsyzKMM2UawN0e/qeu2u8yd cQMLX44eWtxkkUAw== From: Michael Tremer To: development@lists.ipfire.org Subject: [RFC PATCH 8/8] URL Filter: Drop Safe Search feature Date: Tue, 30 Apr 2019 17:16:45 +0100 Message-Id: <20190430161645.24261-9-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20190430161645.24261-1-michael.tremer@ipfire.org> References: <20190430161645.24261-1-michael.tremer@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ms smtp.mailfrom=michael.tremer@ipfire.org Cc: Michael Tremer X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is not working for quite some time now because all search engines have moved over to HTTPS. Therefore we no longer can manipulate the URL query string. Signed-off-by: Michael Tremer --- doc/language_issues.de | 1 + doc/language_issues.en | 1 - doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + html/cgi-bin/urlfilter.cgi | 62 +++++++--------------------------------------- 10 files changed, 17 insertions(+), 54 deletions(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index 5f7bf7b5f..05be63aa9 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -706,6 +706,7 @@ WARNING: translation string unused: uptime and users WARNING: translation string unused: urlfilter background image WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter enable jpeg +WARNING: translation string unused: urlfilter safesearch WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results diff --git a/doc/language_issues.en b/doc/language_issues.en index 498bf4078..7ba4d1d24 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1995,7 +1995,6 @@ WARNING: untranslated string: urlfilter restore results = Restore results WARNING: untranslated string: urlfilter restore settings = Restore URL filter settings WARNING: untranslated string: urlfilter restore success = URL filter configuration has been restored. The URL filter must be restarted to activate the new settings. WARNING: untranslated string: urlfilter restore text = To restore a previously saved configuration upload the .tar.gz backup file below -WARNING: untranslated string: urlfilter safesearch = Enable SafeSearch WARNING: untranslated string: urlfilter sat = S WARNING: untranslated string: urlfilter saturday = Sat WARNING: untranslated string: urlfilter save and restart = Save and Restart diff --git a/doc/language_issues.es b/doc/language_issues.es index f3b695f24..220211cf8 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -631,6 +631,7 @@ WARNING: translation string unused: uptime and users WARNING: translation string unused: urlfilter background image WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter enable jpeg +WARNING: translation string unused: urlfilter safesearch WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results diff --git a/doc/language_issues.fr b/doc/language_issues.fr index af1f15ab7..d1386349a 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -747,6 +747,7 @@ WARNING: translation string unused: uptime and users WARNING: translation string unused: urlfilter background image WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter enable jpeg +WARNING: translation string unused: urlfilter safesearch WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results diff --git a/doc/language_issues.it b/doc/language_issues.it index 5da8a8dd7..10633c2ec 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -720,6 +720,7 @@ WARNING: translation string unused: uptime and users WARNING: translation string unused: urlfilter background image WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter enable jpeg +WARNING: translation string unused: urlfilter safesearch WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 6be2cb6b2..c4654c4af 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -715,6 +715,7 @@ WARNING: translation string unused: uptime and users WARNING: translation string unused: urlfilter background image WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter enable jpeg +WARNING: translation string unused: urlfilter safesearch WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results diff --git a/doc/language_issues.pl b/doc/language_issues.pl index f3b695f24..220211cf8 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -631,6 +631,7 @@ WARNING: translation string unused: uptime and users WARNING: translation string unused: urlfilter background image WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter enable jpeg +WARNING: translation string unused: urlfilter safesearch WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 53a655c99..6820bca75 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -634,6 +634,7 @@ WARNING: translation string unused: uptime and users WARNING: translation string unused: urlfilter background image WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter enable jpeg +WARNING: translation string unused: urlfilter safesearch WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 88baad746..d2d9b9c82 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -748,6 +748,7 @@ WARNING: translation string unused: uptime and users WARNING: translation string unused: urlfilter background image WARNING: translation string unused: urlfilter background text WARNING: translation string unused: urlfilter enable jpeg +WARNING: translation string unused: urlfilter safesearch WARNING: translation string unused: urlfilter update information WARNING: translation string unused: urlfilter update notification WARNING: translation string unused: urlfilter update results diff --git a/html/cgi-bin/urlfilter.cgi b/html/cgi-bin/urlfilter.cgi index c3c327eec..28ffc8114 100644 --- a/html/cgi-bin/urlfilter.cgi +++ b/html/cgi-bin/urlfilter.cgi @@ -138,7 +138,6 @@ $filtersettings{'BLOCK_IP_ADDR'} = 'off'; $filtersettings{'BLOCK_ALL'} = 'off'; $filtersettings{'ENABLE_EMPTY_ADS'} = 'off'; $filtersettings{'ENABLE_GLOBAL_WHITELIST'} = 'off'; -$filtersettings{'ENABLE_SAFESEARCH'} = 'off'; $filtersettings{'ENABLE_LOG'} = 'off'; $filtersettings{'ENABLE_USERNAME_LOG'} = 'off'; $filtersettings{'ENABLE_CATEGORY_LOG'} = 'off'; @@ -1057,9 +1056,6 @@ $checked{'ENABLE_EMPTY_ADS'}{$filtersettings{'ENABLE_EMPTY_ADS'}} = "checked='ch $checked{'ENABLE_GLOBAL_WHITELIST'}{'off'} = ''; $checked{'ENABLE_GLOBAL_WHITELIST'}{'on'} = ''; $checked{'ENABLE_GLOBAL_WHITELIST'}{$filtersettings{'ENABLE_GLOBAL_WHITELIST'}} = "checked='checked'"; -$checked{'ENABLE_SAFESEARCH'}{'off'} = ''; -$checked{'ENABLE_SAFESEARCH'}{'on'} = ''; -$checked{'ENABLE_SAFESEARCH'}{$filtersettings{'ENABLE_SAFESEARCH'}} = "checked='checked'"; $checked{'ENABLE_LOG'}{'off'} = ''; $checked{'ENABLE_LOG'}{'on'} = ''; $checked{'ENABLE_LOG'}{$filtersettings{'ENABLE_LOG'}} = "checked='checked'"; @@ -1474,20 +1470,16 @@ print < - $Lang::tr{'urlfilter safesearch'}: - - $Lang::tr{'urlfilter username log'}: - - - $Lang::tr{'urlfilter empty ads'}: - $Lang::tr{'urlfilter category log'}: - + $Lang::tr{'urlfilter username log'}: + $Lang::tr{'urlfilter block ip'}: + $Lang::tr{'urlfilter category log'}: + $Lang::tr{'urlfilter block all'}: @@ -2834,47 +2826,15 @@ sub writeconfigfile } } - if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) - { + if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) { print FILE "rewrite rew-rule-1 {\n"; - if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) - { - print FILE " # rewrite localfiles\n"; - foreach (@repositoryfiles) - { - print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n"; - } - } - - if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on') + print FILE " # rewrite localfiles\n"; + foreach (@repositoryfiles) { - print FILE " # rewrite safesearch\n"; - print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|nwshp|frghp|froogle)\\?)(.*)(\\bsafe=\\w+)(.*)\@\\1\\3safe=strict\\5\@i\n"; - print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|nwshp|frghp|froogle)\\?)(.*)\@\\1safe=strict\\\&\\3\@i\n"; - print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W)(.*)(\\bvm=\\w+)(.*)\@\\1\\2vm=r\\4\@i\n"; - print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W.*)\@\\1\\\&vm=r\@i\n"; - print FILE " s@(.*\\Walltheweb\\.com/customize\\?)(.*)(\\bcopt_offensive=\\w+)(.*)\@\\1\\2copt_offensive=on\\4\@i\n"; - print FILE " s@(.*\\Wbing\\.\\w+/)(.*)(\\badlt=\\w+)(.*)\@\\1\\2adlt=strict\\4\@i\n"; - print FILE " s@(.*\\Wbing\\.\\w+/.*)\@\\1\\\&adlt=strict\@i\n"; + print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n"; } - print FILE "}\n\n"; - - if ((!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) && ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) { - print FILE "rewrite rew-rule-2 {\n"; - if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) - { - print FILE " # rewrite localfiles\n"; - foreach (@repositoryfiles) - { - print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n"; - } - } else { - print FILE " # rewrite nothing\n"; - } - print FILE "}\n\n"; - } } if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) { @@ -3083,10 +3043,6 @@ sub writeconfigfile if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) { print FILE " unfiltered {\n"; print FILE " pass all\n"; - if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on') - { - print FILE " rewrite rew-rule-2\n"; - } print FILE " }\n\n"; } if (!($filtersettings{'BANNED_CLIENTS'} eq '')) { @@ -3215,7 +3171,7 @@ sub writeconfigfile print FILE " logfile".$ident." urlfilter.log\n"; } } - if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) + if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) { print FILE " rewrite rew-rule-1\n"; }