[7.075] HTTP Proxy can't find categorization server after bootup [CONFIRMED]

2007:11:08-18:00:36 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_connect_server" file="scr_scanner.c" line="681" message="DNS: cffs05.astaro.com: Temporary failure in name resolution"
2007:11:08-18:00:36 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_connect_server" file="scr_scanner.c" line="681" message="DNS: cffs06.astaro.com: Temporary failure in name resolution"
2007:11:08-18:00:36 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_connect_server" file="scr_scanner.c" line="681" message="DNS: cffs05.astaro.com: Temporary failure in name resolution"
2007:11:08-18:03:38 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scr_scan" file="scr_scanner.c" line="153" message="no categegorization server available"
2007:11:08-18:03:38 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="172.16.70.12" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2631" time="2 ms" request="0x94d22d8" url="www.heise.de/" error=""

-------------------------

Fresh install........

Parents

0 svens over 17 years ago

Hi ClausP,

this happens if the httpproxy isn't able to resolve the IP addresses of the Servers used for content categorization on proxy startup.
This could happen due to reconfiguration of interfaces/dns setup. The proxy will try again after 15 minutes. Simply switching the proxy off in Webadmin, and switching it on again should 'fix' this.

I've changed the delay between two consecutive checks two 30s now if the initial check fails.

Thanks for reporting,

Sven.

PS: spelling mistake corrected as well [:)]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Scott_Klassen over 17 years ago in reply to svens

I've put this in previously as a feature request, but I still think it would be beneficial to allow the "block all if content categorization server can't be connected" feature to be configurable through the Web Admin. Just a simple checkbox for "allow all if content categorization servers can't be contacted". This does not have to be the default behavior, but just having the option would save a great deal of grief.

There have been several times in the past few months where those servers weren't reachable for a time due to problems on their end. The most recent that I recall was the day a few months back when Astaro was moving offices.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 micio over 17 years ago in reply to Scott_Klassen

I've put this in previously as a feature request, but I still think it would be beneficial to allow the "block all if content categorization server can't be connected" feature to be configurable through the Web Admin. Just a simple checkbox for "allow all if content categorization servers can't be contacted". This does not have to be the default behavior, but just having the option would save a great deal of grief.

There have been several times in the past few months where those servers weren't reachable for a time due to problems on their end. The most recent that I recall was the day a few months back when Astaro was moving offices.

I agree with you in toto,
should be very usefull a option as you ask.
ciao
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 micio over 17 years ago in reply to Scott_Klassen

I've put this in previously as a feature request, but I still think it would be beneficial to allow the "block all if content categorization server can't be connected" feature to be configurable through the Web Admin. Just a simple checkbox for "allow all if content categorization servers can't be contacted". This does not have to be the default behavior, but just having the option would save a great deal of grief.

There have been several times in the past few months where those servers weren't reachable for a time due to problems on their end. The most recent that I recall was the day a few months back when Astaro was moving offices.

I agree with you in toto,
should be very usefull a option as you ask.
ciao
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 BrucekConvergent over 17 years ago in reply to micio

I have suggested the same as well... I'm sure it will be added at some point.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 William Warren over 17 years ago in reply to BrucekConvergent

I have suggested the same as well... I'm sure it will be added at some point.

still there in the beta. if you restart the machine you either have to wait 5-15 minutes or restart the proxy. Did not have this issue in 7.0.11.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

[7.075] HTTP Proxy can't find categorization server after bootup [CONFIRMED]

Submitted a Tech Support Case lately from the Support Portal?