From 59cebc2cd60581f2ece9d44fe0d66b4d1fdfb5cb Mon Sep 17 00:00:00 2001
From: Klas Arvidsson <klas.arvidsson@liu.se>
Date: Thu, 16 Jan 2020 23:57:04 +0100
Subject: [PATCH] squid filter corrections

---
 files/squid/helpers/rules.d/opendsa.rules | 19 -------------------
 files/squid/helpers/squid-url-rewrite.py  | 12 +++++-------
 manifests/squid_filter.pp                 |  1 +
 3 files changed, 6 insertions(+), 26 deletions(-)

diff --git a/files/squid/helpers/rules.d/opendsa.rules b/files/squid/helpers/rules.d/opendsa.rules
index 85ab98f..3c85a02 100644
--- a/files/squid/helpers/rules.d/opendsa.rules
+++ b/files/squid/helpers/rules.d/opendsa.rules
@@ -1,7 +1,5 @@
 // OpenDSA
 
-// New setup on tentix
-
 ^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/Books/.*                false
 ^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/lib/.*                  true
 ^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/JSAV/.*                 true
@@ -11,23 +9,6 @@
 ^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/Exercises/.*            true
 ^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/khan-exercises/.*       true
 
-
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDI16_190110/.*   false
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDC91_190110/.*   false
-
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDD86_181219/.*   false
-
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDC91_181029/.*   false
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDI16_181029/.*   false
-
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDD86_180828/.*   false
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDC91_180828/.*   false
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDI16_180828/.*   false
-
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDD86_180404/.*   false
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDI16_170822/.*   false
-^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDC91_170104/.*   false
-^https?://tentix\.ida\.liu\.se:12000/api/v1/.*                        true
 ^https?://exam\.ida\.liu\.se:12000/api/v1/.*                          true
 ^https?://cdn\.mathjax\.org/mathjax/.*                                true
 ^https?://cdnjs\.cloudflare\.com/ajax/libs/mathjax/.*                 true
diff --git a/files/squid/helpers/squid-url-rewrite.py b/files/squid/helpers/squid-url-rewrite.py
index d14f0df..a35f3b3 100755
--- a/files/squid/helpers/squid-url-rewrite.py
+++ b/files/squid/helpers/squid-url-rewrite.py
@@ -13,11 +13,11 @@ basedir = "/usr/libexec/squid/helpers"
 hostname = socket.gethostname()
 
 def block_response(url):
+    quoted_url = urllib.parse.quote(url)
     if re.match('.*\.s?html([#?].*)?', url):
-        url = urllib.parse.quote(url)
-        return 'OK rewrite-url="{}?url={}"'.format(errorpage, url)
+        return 'OK status=307 url="{}?requested={}"'.format(errorpage, quoted_url)
     else:
-        return 'OK rewrite-url="{}"'.format(emptypage, url)
+        return 'OK status=307 url="{}"'.format(emptypage)
 
     # return "OK status=302 url=\"" + errorpage + "\""
     # "status" can only be used in the "Using an HTTP redirector" case,
@@ -55,7 +55,6 @@ def modify_url(line, ruleset):
                 return block_response(url)
 
     return block_response(url)
-    
 
 
 def load_rules(ruleset, filename):
@@ -65,21 +64,20 @@ def load_rules(ruleset, filename):
             if not re.match('(^#.*)|(^//.*)|(^;.*)|(^--.*)|^ *$', line):
                 columns = line.strip().split()
                 ruleset.append( [ re.compile(columns[0]), columns[1].lower() == 'true' ] )
-#              ruleset.append( [ columns[0], columns[1].lower() == 'true' ] )
 
 
 def main():
     
     ruleset = list()
+    # load opendsa first to let it override default rules
+    load_rules(ruleset, basedir + "/rules.d/opendsa.rules")
     load_rules(ruleset, basedir + "/rules.d/default.rules")
     load_rules(ruleset, basedir + "/rules.d/rstudio.rules")
     load_rules(ruleset, basedir + "/rules.d/cplusplus.rules")
-    load_rules(ruleset, basedir + "/rules.d/opendsa.rules")
     load_rules(ruleset, basedir + "/rules.d/python.rules")
     load_rules(ruleset, basedir + "/rules.d/java.rules")
     load_rules(ruleset, basedir + "/rules.d/ruby.rules")
     load_rules(ruleset, basedir + "/rules.d/sas.rules")
-#    load_rules(ruleset, basedir + "/rules.d/dn.rules")
 
     with open(filterlog, 'a') as log:
         try:
diff --git a/manifests/squid_filter.pp b/manifests/squid_filter.pp
index 1079553..f6ae203 100644
--- a/manifests/squid_filter.pp
+++ b/manifests/squid_filter.pp
@@ -30,6 +30,7 @@ class aes::squid_filter {
     group  => squid,
     mode => '0755',
     source => "puppet:///modules/${module_name}/squid/helpers/squid-url-rewrite.py",
+    notify  => Service['squid']
   }
 
   file { '/var/cache/squid' :
-- 
GitLab