OK, most of you have read my work on Squid and SquidGuard against Facebook. Let’s make something clear, I have nothing against Facebook. Ok, I don’t like it much, but what I really don’t like is people who surf at it in working hours. So this script makes clear that they are being followed.
Now, its time to move one step further. Better, faster and a stronger solution for your corporate squid server. ImageMagick library is a nice library, but it remains slow if you have reckless users. We will keep on manipulating images, yes, but in a much faster way. Just keep on reading.
First lets install GD library for PHP5;
sudo apt-get install php5-gd
Yes, you should have a running web server available for this to work. Now lets setup our Squid and squidGuard against facebook. First add these lines to the end of your squid.conf file;
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf redirect_children 5
Now make sure your squidGuard.conf file looks something like this;
# # CONFIG FILE FOR SQUIDGUARD # dbhome /home/squidguard/ logdir /var/log/squid/ src everyone { ip 192.168.1.0/255.255.255.0 } dest facebook { expressionlist facebook redirect http://192.168.1.1/joker.php?url=%u log /var/log/squid/joker.log } acl { everyone within workhours { pass !facebook all } else { pass all } default { pass none } }
Now let’s create the file that catches the URL regex. I placed it in /home/squidguard this time, since I backup my whole /home directory everyday. It does not get lost between setups.
.*facebook\.com.*(\.jpg|\.gif|\.png) .*fbcdn\.net.*(\.jpg|\.gif|\.png)
Let’s create our image manipulation script in our web root. You should name it to joker.php or whatever you want, just keep it in sync with your squidGuard.conf file.
<?php /* joker.php This is where we keep our tmp files. You can set it to /tmp also. */ $path = "/var/www/joker"; if (!is_dir($path)) { mkdir($path,0755); } // Parse the URL line delivered from Squid. $u = explode(" ",trim($_GET["url"])); if (count($u) > 0) { $url = $u[0]; } else { $url = $u; } // Temporary file name. $temp = md5(time().microtime().$url); $ff = fopen($url, "r"); $contents = stream_get_contents($ff); fclose($ff); $fz = fopen($path."/".$temp,"w"); fwrite($fz, $contents); fclose($fz); $file = $path."/".$temp; // U shall not touch below this line. // ------------------------------- // // Yeah, that line above this. // switch (substr($url,-4)) { case ".jpg": $source = imagecreatefromjpeg($file); $header = "image/jpeg"; break; case ".png": $source = imagecreatefrompng($file); $header = "image/png"; break; case ".gif": $source = imagecreatefromgif($file); $header = "image/gif"; break; } list($width, $height) = getimagesize($file); $bwimage= imagecreate($width, $height); for ($c = 0; $c < 256; $c++) { $palette[$c] = imagecolorallocate($bwimage,$c,$c,$c); } function yiq($r, $g, $b) { $gray = ($r + $g + $b) / 3; if ($gray > 0x7F) { return 0xFF; } else { return 0x00; } return (($r*0.299)+($g*0.587)+($b*0.114)); } /* Reads the original colors pixel by pixel */ for ($y = 0; $y < $height; $y++) { for ($x = 0; $x < $width; $x++) { $rgb = imagecolorat($source, $x, $y); $r = ($rgb >> 16) & 0xFF; $g = ($rgb >> 8) & 0xFF; $b = $rgb & 0xFF; /* This is where we actually use yiq to modify our rbg values, and then convert them to our grayscale palette */ $gs = yiq($r, $g, $b); imagesetpixel($bwimage, $x, $y, $palette[$gs]); } } /* Outputs a jpg image, but you can change this to png or gif if that is what you are working with */ header("Content-type: ".$header); imagejpeg($bwimage); ?>
Let’s restart our Squid;
sudo /etc/init.d/squid restart
Everything should be working fine right now, good luck now you facebook lovers!
/*
joker.phpThis is where we keep our tmp files.
You can set it to /tmp also.
*/
$path = “/home/www/html/joker”;// Parse the URL line delivered from Squid.
$u = explode(” “,trim($_GET[“url”]));
if (count($u) > 0) {
$url = $u[0];
} else {
$url = $u;
}
// Temporary file name.
$temp = md5(time().microtime().$url);
$ff = fopen($url, “r”);
$contents = stream_get_contents($ff);
fclose($ff);
$fz = fopen($path.”/”.$temp,”w”);
fwrite($fz, $contents);
fclose($fz);
$file = $path.”/”.$temp;
// U shall not touch below this line.
// ——————————- //
// Yeah, that line above this.
switch (substr($url,-4)) {
case “.jpg”:
$source = imagecreatefromjpeg($file);
$header = “image/jpeg”;
break;
case “.png”:
$source = imagecreatefrompng($file);
$header = “image/png”;
break;
case “.gif”:
$source = imagecreatefromgif($file);
$header = “image/gif”;
break;
}
list($width, $height) = getimagesize($file);
$bwimage= imagecreate($width, $height);
for ($c = 0; $c < 256; $c++) {
$palette[$c] = imagecolorallocate($bwimage,$c,$c,$c);
}
function yiq($r, $g, $b) {
$gray = ($r + $g + $b) / 3;
if ($gray > 0x7F) {
return 0xFF;
} else {
return 0x00;
}
return (($r*0.299)+($g*0.587)+($b*0.114));
}
/*
Reads the original colors pixel by pixel
*/
for ($y = 0; $y < $height; $y++) {
for ($x = 0; $x < $width; $x++) {
$rgb = imagecolorat($source, $x, $y);
$r = ($rgb >> 16) & 0xFF;
$g = ($rgb >> 8) & 0xFF;
$b = $rgb & 0xFF;
/*
This is where we actually use yiq to modify our rbg values,
and then convert them to our grayscale palette
*/
$gs = yiq($r, $g, $b);
imagesetpixel($bwimage, $x, $y, $palette[$gs]);
}
}
/*
Outputs a jpg image, but you can change this to png or gif if that
is what you are working with
*/
header(“Content-type: “.$header);
imagejpeg($bwimage);
?>