Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 2 subscribers
  • Views 8879 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All sites being blocked for one user after upgrade to 7.5

jlbrown
I upgraded from 7.405 to 7.5 last night.

This morning one of my users can't visit any web sites.

The Content Filter logs show:

2009:10:07-09:21:30 astaro1-2 httpproxy[5061]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.55" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2170" time="0 ms" request="0x88e5568" url="74.125.127.100/favicon.ico" exceptions="" error="" category="9999" reputation="neutral" categoryname="Categorization failed"
2009:10:07-09:21:50 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.30" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2118" time="0 ms" request="0xa66054f0" url="" exceptions="" error=""
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs01.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs02.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs03.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs04.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:53 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs05.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:53 astaro1-2 httpproxy[5061]: [ 0x88e8ad0] sc_categorize_url (scr_scanner.c:940) no categorization received for url: http://yahoo.com/
2009:10:07-09:21:53 astaro1-2 httpproxy[5061]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.55" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2130" time="7 ms" request="0x88e8ad0" url="yahoo.com/" exceptions="" error="" category="9999" reputation="neutral" categoryname="Categorization failed"
This might be related to my other error for which I keep getting email notifications:

The spam filter daemon is unable to reach the database servers via HTTP. Please make sure that the device is able to send HTTP (TCP port 80) requests to the Internet. You may have to allow such traffic on upstream devices.
Any ideas how to fix this?

Thanks,

James.


This thread was automatically locked due to age.
  • 0
    James, try flushing the Astaro's DNS cache.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Thanks Bob.

    Clicked on Flush resolver cache now. User still can't connect. He tells me that it is his machine (running Vista) and another machine in the same room running XP. No reports from anyone else.

    He's restarting his machine now.

    James.
  • 0
    Looks like it is happening to other users now too: 

    2009:10:07-09:47:55 astaro1-1 httpproxy[5572]: [0xa66854a8] dns_expire (dns.c:984) dns query timed out, retransmitting (retry 2)

    2009:10:07-09:47:56 astaro1-2 httpproxy[5061]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.45" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2118" time="0 ms" request="0x88e8ad0" url="" exceptions="" error=""

    2009:10:07-09:47:56 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.30" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2118" time="0 ms" request="0xa668ee70" url="" exceptions="" error=""

    2009:10:07-09:48:00 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.10" user="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2382" time="18086 ms" request="0xa66854a8" url="stork11.getdropbox.com/subscribe

    2009:10:07-09:48:05 astaro1-1 httpproxy[5572]: [0xa65d3d80] dns_expire (dns.c:984) dns query timed out, retransmitting (retry 1)

    2009:10:07-09:48:05 astaro1-1 httpproxy[5572]: [0xa6693e48] dns_expire (dns.c:984) dns query timed out, retransmitting (retry 1)

    2009:10:07-09:48:07 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.30" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2118" time="0 ms" request="0xa6697550" url="" exceptions="" error=""

    2009:10:07-09:48:10 astaro1-1 httpproxy[5572]: [0xa65d3d80] dns_expire (dns.c:984) dns query timed out, retransmitting (retry 2)

    2009:10:07-09:48:10 astaro1-1 httpproxy[5572]: [0xa6693e48] dns_expire (dns.c:984) dns query timed out, retransmitting (retry 2)

    2009:10:07-09:48:11 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.30" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2118" time="0 ms" request="0xa6697550" url="" exceptions="" error=""

    2009:10:07-09:48:12 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.92" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2178" time="16791 ms" request="0xa6693e48" url="feeds.nytimes.com/.../HomePage" exceptions="" error="" category="134" reputation="trusted" categoryname="General News"

    2009:10:07-09:48:12 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.92" user="" statuscode="502" cached="2" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2170" time="9 ms" request="0xa6697550" url="news.cnet.com/2547-1_3-0-5.xml" exceptions="" error="" category="134" reputation="neutral" categoryname="General News"

    2009:10:07-09:48:13 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.92" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2194" time="17350 ms" request="0xa65d3d80" url="www.apple.com/.../Hardware"

    2009:10:07-09:48:18 astaro1-2 httpproxy[5061]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.45" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2118" time="0 ms" request="0x88ce9c0" url="" exceptions="" error=""

    2009:10:07-09:48:18 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.30" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2118" time="0 ms" request="0xa6626488" url="" exceptions="" error=""


    James.
  • 0
    DNS proxy is showing: 

    2009:10:07-09:57:08 astaro1-2 named[4533]: too many timeouts resolving 'cffs05.astaro.com/A' (in '.'?): disabling EDNS

    2009:10:07-09:57:08 astaro1-2 named[4533]: too many timeouts resolving 'cffs05.astaro.com.bordo.com.au/A' (in '.'?): disabling EDNS


    The log is full of entries like this.

    James.
  • 0 in reply to jlbrown
    It looks like you aren't getting DNS resolution from your ISP.

    Try using an OpenDNS forwarder instead: 208.67.222.222
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    We use our own DNS, which I've just restarted in case that was the issue.

    Do you mean set this up in Network Services/DNS/Forwarders?

    I've added OpenDNS here, but still get the same problem.
  • 0
    I can look up cffs04.astaro.com from my machine (ie using our local DNS).

    So why can't Astaro?

    Even if I tell it to use OpenDNS in the Forwarders tab.

    James.
  • 0
    We recommend:

    Internal users point at internal name server for name resolution.

    Internal name server points at Astaro as the forwarder.

    Astaro points at the ISP's name server.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Internal users point at internal name server for name resolution.


    OK. This is what we do.

    Internal name server points at Astaro as the forwarder.


    The DNS's network settings have Astaro as the gateway - is this enough or do I have to change some BIND settings?

    Astaro points at the ISP's name server.


    I currently have 'Allowed Networks' empty in the 'Global' section. Is this correct or should I put Internal here?

    In the 'Forwarders' tab I have now added OpenDNS. Is this correct?

    Thanks,

    James.
  • 0
    Allowed Networks = IPs of Internal Name Servers

    OpenDNS and, after that. your ISP's name servers?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner