Using cgi in python with squidGuard to show a block page

Hello guys, how are you?

I had have a server running debian 7 and had to make a new one with debian 12.

The python on the old server, was python 2.7.2+ and the new one is. 3.11.2.

I’m using a cgi to show a block page for the SquidGuard, but the problem is, It’ll bring the error page without the info about ip adress, user, page accessed and so on. It’ll only show the html code, the rest it won’t.

I tried and read on the net and nothing made it work, so here I’m. Hope you can help me

The string it’ll get from the access is

“GET /cgi-bin/squidGuard.cgi?clientaddr=192.168.0.11&clientname=192.168.0.11&clientuser=&clientident=admin&srcclass=netherworld&url=http://www.google.com/&targetclass=google HTTP/1.1” 200 695 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36”

#!/usr/bin/python3
# -*- coding: utf-8 -*-

# Script to show a error page for SquidGuard

import cgi
import sys
formData = cgi.FieldStorage()
from time import strftime

t = strftime("%d-%b-%y %H:%M:%S")

print ("Content-type: text/html\n")

print ("""<html>
    <head>
        <title>Access Denied</title>
	<STYLE type="text/css"><!--BODY{background-color:red;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
	<H1>ERRO</H1>
<H2>The requested URL couldn't be retrieved</H2>
<HR noshade size="1px">
<P>
	
        <meta http-equiv="Content-Type" content="text/html;
            charset=utf-8">
        <meta name="description" content="">
        <meta name="keywords" content="">
        <meta name="author" content="Helder Guerreiro">
        <meta name="language" content="pt">
        <meta http-equiv="cache-control" content="no-cache">
    </head>
<body>

<br>
   <STRONG><font color="yellow" size=4>
Forbidden Access. Your access has been recorded!
</STRONG><br><br><br></font>

""")


#formData = cgi.FieldStorage()
#if not ((form.in("clientaddr")) or \
#(form.in("clientname")) or \
#	  (form.in("clientuser")) or \
#	  (form.in("clientident")) or \
#         (form.in("srcclass")) or \
#          (form.in("targetclass")) or \
#          (form.in("url")) ):
##    print "<h2>Erro</h2>"

if "clientaddr" not in formData or "clientname" not in formData or "clientuser" not in formData or "clientident" not in formData or "srcclass" not in formData or "targetclass" not in formData or "url" not in formData:

    print ("<p>Thie script is not to be accessed!")
    sys.exit(0)
    #return

#print "<h1>Your access has been blocked!</h1>"

print ("""<p>This system has a Webfilter.
      All websites that are not allowed is blocked.
      <br>If you think this is a mistake,
      get in touch with the admin on admin@admin.com.<br><br>
<ul>""")

try:
    clientaddr = formData["clientaddr"].value
except:
    clientaddr = ""
try:
    clientname = formData["clientname"].value
except:
    clientname = ""
try:
    clientuser = formData["clientuser"].value
except:
    clientuser = ""
try:
    clientident = formData["clientident"].value
except:
    clientident = ""
try:
    srcclass = formData["srcclass"].value
except:
    srcclass = ""
try:
    targetclass = formData["targetclass"].value
except:
    targetgroup = ""
try:
    url = formData["url"].value
except:
    url = ""


print ("<STRONG><li>IP:"), clientaddr
#print "</STRONG><li>Domain:", clientname
#print "</STRONG><li>Teste:", clientuser
print ("<li>User:"), clientident
print ("</STRONG><li>Date and hour:"), t
print ("<li>ACL SquidGuard:"), srcclass
print ("<li>Kind:"), targetclass> 
> print ("<li>Blocked URL:<STRONG>"), url
> print ("""</STRONG></ul>
> 
> 
> </body>
> </html>
>         """) 
```'''

In Python 3, print is a function. You need to add parentheses around the arguments:

print("<STRONG><li>IP:", clientaddr)

or better yet, use modern string formatting:

print(f"<STRONG><li>IP: {clientaddr}")

The original code is interpreted as a tuple literal, the same as writing

>>> 1, 2
(1, 2)

See also

Just a heads up: the cgi module is deprecated and is scheduled to be removed in Python 3.13 (to be released later this year). See PEP 594 – Removing dead batteries from the standard library | peps.python.org for more details.

Hello Brian, thank you for helping me out, So, I assume the rest is ok, I did some reseach and change it to the below, Can I use it?

print(f"

I ask because I tried it and reloaded apache2 and squid, and it didn’t work.

About the cgi, I’ve got no choice, I haven’t found anything about dynamic page blocker like this one.

Single-quoted strings can’t be split across multiple lines ^[1].

Try

print(f"Domain: {clientname}")

or

print(f"""
Domain: {clientname}
""")

if you want the whitespace.

1. without escaping ↩︎

I see, thanks for the tips.

About this

I already read that, just like I said, I haven’t found any way to change what I do know.if you know anything , let me know.

and thank you again.

You can see the traceback in the apache error log file.
Default is /var/log/http/error_log or something like that.

Also beware that the CGI module is going to be removed from python.
You might want to look at changing your CGI script to work without the cgi module.

Well, I got these after reading what you guys said.

I think it’s strange for it to say access denied.

[cgid:error] [pid 18505:tid 139621898213248] (13)Permission denied: AH01241: exec of '/usr/lib/cgi-bin/OPsquidGuard.cgi' failed
[Tue Feb 20 19:32:56.930093 2024] [cgid:error] [pid 17473:tid 139621886293696] [client 127.0.0.1:55222] End of script output before headers: OPsquidGuard.cgi

Do all the normal debugging stuff then, check file permissions and ownership. Check httpd config.

Try running the script as the apache user (assuming you have the default setup). For example:

sudo sudo -u apache /usr/lib/cgi-bin/OPsquidGuard.cgi

Yes two sudo’s are needed if you are not root.

Bear in mind that this is not a httpd support forum.

Hey there, thanks for the help, I think my problem is not with python anymore, at least i think. Thank you all.