Thread Info
  • State Not Answered
  • Replies 16 replies
  • Subscribers 0 subscribers
  • Views 3848 views
  • Users 0 members are here
Options
Suggested

[8.161][BUG][FIXED] Can't modify any settings in one section of Advanced under HTTP/S

BrucekConvergent
In 8.161, have found that an error occurs when trying to edit any settings in the section of the Advanced Tab, HTTP/S, including logging allowed / blocked sites, changing target services, etc.  Please see screenshot for the error that is displayed in red.  This was working fine under 8.160 (at least the changing of logging settings, that is something I did mess with under the last version).

ETA:  Forgot to mention, this occurs under IE8 and Firefox.
  • 0 
    Astaro Beta Report

    --------------------------------

    Version: 8.161

    Type: BUG

    State: MERGED/FIXED

    Reporter: BrucekConvergent+

    Contributor: Scott_Klassen, Robert Tausend, asg_user++, RFCat_vk

    MantisID: 17223

    Target version: 8.162

    Fixed in version: 8.162

    --------------------------------
  • 0
    I saw this as well when trying to delete an entry from the transparent proxy skip list.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    As far as I can tell I have the same error message as Bruce.
    When you try to save you get the error and when you try to remove the the tick and save you get the error.

    Ian M
  • 0
    While waiting for SvenS to take a look at this, can you please tell me if you have HTTPS-Scanning enabled?
  • 0 in reply to kbr
    No, I don't have HTTPS scanning enabled.

    Ian
  • 0
    Scan HTTPS (SSL) Traffic unticked here as well.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Do you have imported some own certificates, maybe for the reverse proxy?
  • 0
    Message in the confd.log:

     confd[7780]: W Message::err_set:937() => id="3100" severity="warn" sys="System" sub="confd" name="NODE_OBJECT_TYPE (The http->ca_list configuration cannot use certificate meta information objects.)" user="admin" srcip="193.158.32.240" facility="webadmin" client="index.plx" call="set" goodclass="ca" nodelist="http->ca_list" badtype="meta_x509" check="input" badref="REF_METAC039A3269EE4B8E82D00C53FA797B5A19E836F47"

    The problem seams to be the last entry at MAIN > http > ca_list:
    144 'REF_METAC039A3269EE4B8E82D00C53FA797B5A19E836F47' [C=US, O=GeoTrust\, Inc., CN=RapidSSL CA]

    After removing this entry, the other global web proxy settings like target services can be saved again.

    Regards,
    Marco
  • 0
    Thanks Marco, 

    this has been erroneous introduced by our recent addition of the RapidSSL Certificates that are needed for the Log-Management, see here.

    This error only appears if if you upgrade from 8.160 to 8.161. It doesn't happen when you are doing a fresh install. And Marco is right, deleting that single entry from http->ca_list is all you need to do to fix it.

    Quick steps:


    On the console, as root, enter the following commands:
    [FONT="Courier New"][SIZE="4"]


    • cc
    • http
    • ca_list@
    [/SIZE][/FONT]a list with Certificates appears, the last one will have the text "[SIZE="4"]CN=RapidSSL CA[/SIZE]" at the end, and a number at the 
    beginning of the line. In my case this is 181. Now type
    [FONT="Courier New"][SIZE="4"]

    • - [FONT="Arial"][SIZE="2"](in my case this was [SIZE="4"][FONT="Courier New"]-181[/FONT][/SIZE])
    [/SIZE][/FONT]
    • quit
    [/SIZE][/FONT]



    Thanks everyone for reporting this!
  • 0 in reply to kbr
    Hi there,

    seems not to work:


    firewall:/root # cc
    Confd command-line client.  Maintainer: 

    Connected to 127.0.0.1:4472, SID = uiBBxzuZuyNvHdSrkFwv.
    Available modes: MAIN OBJS RAW WIZARD.
    Type mode name to switch mode.
    Typing 'help' will always give some help.
                                                                                                                                                                                            127.0.0.1 MAIN > http
    allowed_target_services@
    aua_maxconns$
    aua_timeout$
    auth_cache_size$
    auth_cache_ttl$
    auth_realm$
    block_unscannable$
    bypass_streaming$
    ca_list@
    cache_ignores_cookies$
    cachessl$
    caching$
    certcache$
    certstore$
    cff_override_users@
    ciphers$
    client_timeout$
    connect_timeout$
    connlimit$
    ctype_inspect_body$
    debug@
    defaultblockaction$
    deferagents@
    deferlength$
    download_manager_default_charset$
    edir_delay_basic_auth$
    exceptions@
    maxthreads$
    maxthreads_unused$
    modulepath$
    modules@
    noscancontent@
    opendirectory_keytab$
    pac_file$
    port$
    profiles@
    remove_request@
    remove_response@
    response_timeout$
    sc_local_db$
    searchdomain$
    transparent_auth_timeout$
    transparent_dst_skip@
    transparent_skip_auto_pf$
    transparent_src_skip@
    tunnel_timeout$
    undefercontent@
    usefwnotify$
                                                                                                                                                                                            127.0.0.1 MAIN http > ca_list
    Syntax error, or no such command, node, array, hash or scalar.
                                                                                                                                                                                            127.0.0.1 MAIN http > ca_list
    Syntax error, or no such command, node, array, hash or scalar.
                                                                                                                                                                                            127.0.0.1 MAIN http >


    any ideas?
Cookie Information Banner