Facebook fun with Squid

Omer tarafından 31 Aralık 2008 tarihinde gönderildi
Bookmark and Share

Obsolete!

Try this page instead, its a faster and a better solution. You may keep on reading this for historical information.

You have probably read the magnificient and inspiring tutorial at http://www.ex-parrot.com/~pete/upside-down-ternet.html and how Peter Stevens handled the stealing of wireless by his neighbours. This is how I handle it my way in our corporate LAN.

My idea about corporate LANs are if you don’t have to ban a website from users, don’t do it, just make them understand that they can not enter the website in workhours. In our corporate LAN, our main work hour stealer is -probably in yours too- facebook. Yes, it’s a great site to enjoy yourself, buy hey; you should be working dude! So I decided to try Peter’s way to mogrify how users see pages, but it had some problems; I had to disable a few sites and all my users were in the same subnet.

After some manual reading and googling, I found out that I can use regex to direct my users to another page with my squid and squidGuard setup. First of all for this system to work you need these to be installed on your server;

Apache2
PHP5
Squid
SquidGuard
Imagick

If we are good to go let’s begin with squid, you should add these lines in your squid.conf to make it start working with squidGuard;

redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 5

Let’s have a look at my squidGuard.conf, I have put my SG configuration file under /etc/squid/ you might want to put it somewhere else, just change the path above as needed;

#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /etc/squid/squidGuard/
logdir /var/log/squid/
#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
        weekly mtwhf 08:30-12:00
        weekly mtwhf 13:30-17:45
}
src office {
        ip      192.168.1.0/255.255.255.0
}
dest adult {
        expressionlist  adult
        log /var/log/squid/adult.log
}
dest facebook {
        expressionlist  facebook
        redirect        http://192.168.1.1/facebook.php?url=%u
        log /var/log/squid/facebook.log
}
acl {
        office within workhours {
                pass !adult !facebook all
        } else {
                pass !adult all
        }
}

As you can read in the above configuration you should create two files under /etc/squid/squidGuard/, adult and facebook, you can enter any amount of expressions in these files, the facebook file looks like this;

.*facebook\.com.*(\.jpg|\.gif|\.png)
.*fbcdn\.net.*(\.jpg|\.gif|\.png)

You should add fbcdn.net in this file since facebook serves its static file from this domain. Warning: you should chown these files to proxy:proxy, else squid cannot read these files. Just go ahead and chown proxy:proxy /etc/squid/squidGuard/facebook. Before we are good to go, we should create a file to handle the mogrifying process, since this is going to be .php file, just create it under /var/www/, you should name it facebook.php or any other name, but don’t forget to change it in the regex file of squidGuard. The file should look like this;

<?
$method = "-monochrome";
$path = "/home/www/joker";

// No need to touch below this line.
$u = explode(" ",trim($_GET["url"]));
if (count($u) > 0) {
        $url = $u[0];
} else {
        $url = $u;
}

$temp = md5(time().microtime().$url);

if (stristr($url,".jpg")) {
        $name = $temp.".jpg";
} else if (stristr($url,".gif")) {
        $name = $temp.".gif";
} else if (stristr($url,".png")) {
        $name = $temp.".png";
}

$ff = fopen($url, "r");
$contents = stream_get_contents($ff);

$fz = fopen($path."/".$name,"w");
fwrite($fz, $contents);
fclose($fz);
fclose($ff);
exec("/usr/bin/mogrify ".$method." ".$path."/".$name);
header("Location: http://192.168.1.1/facebook/".$name);
exit;
?>

After all file creating and such, what you need is a /etc/init.d/squid reload, everything should be working flawless and you should be seeing some files created under /var/www/facebook. It might get too crowded in there, so you should just create a cron job to delete these files maybe every 10 minutes or so. Someone might ask what if we delete the files while the client haven’t finished the downloading, as usual Linux again refuses to suck, it does not physically delete the file, instead it just deletes the inode and any client requesting the file gets the file properly.

When you give this setup a try, your facebook pages should like this;

before & after

After I started using this script, there has been a dramatic decrease in facebook usage, and since my users know that they shouldn’t surf instead of working, stumbling also decreased a lot. But the best part is nobody asks “why my pages display in black & white?” since they know the question might turn against them.

Bookmark and Share
Bu yazı Linux kategorisine gönderilmiş. Kalıcı bağlantıyı yer imlerinize ekleyin.

Facebook fun with Squid için 1 cevap

  1. name der ki:
    30 Temmuz 2009 tarihinde, saat 01:46

    Great site. Keep doing.,

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

*

*


Şu HTML etiketlerini ve özelliklerini kullanabilirsiniz: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>