Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 2 subscribers
  • Views 8881 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All sites being blocked for one user after upgrade to 7.5

jlbrown
I upgraded from 7.405 to 7.5 last night.

This morning one of my users can't visit any web sites.

The Content Filter logs show:

2009:10:07-09:21:30 astaro1-2 httpproxy[5061]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.55" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2170" time="0 ms" request="0x88e5568" url="74.125.127.100/favicon.ico" exceptions="" error="" category="9999" reputation="neutral" categoryname="Categorization failed"
2009:10:07-09:21:50 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.30" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2118" time="0 ms" request="0xa66054f0" url="" exceptions="" error=""
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs01.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs02.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs03.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs04.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:53 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs05.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:53 astaro1-2 httpproxy[5061]: [ 0x88e8ad0] sc_categorize_url (scr_scanner.c:940) no categorization received for url: http://yahoo.com/
2009:10:07-09:21:53 astaro1-2 httpproxy[5061]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.55" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2130" time="7 ms" request="0x88e8ad0" url="yahoo.com/" exceptions="" error="" category="9999" reputation="neutral" categoryname="Categorization failed"
This might be related to my other error for which I keep getting email notifications:

The spam filter daemon is unable to reach the database servers via HTTP. Please make sure that the device is able to send HTTP (TCP port 80) requests to the Internet. You may have to allow such traffic on upstream devices.
Any ideas how to fix this?

Thanks,

James.


This thread was automatically locked due to age.
  • 0 in reply to BAlfson
    Also,
    The DNS's network settings have Astaro as the gateway - is this enough or do I have to change some BIND settings?

    In the Windows world, there's an explicit "forwarders" setting that needs to be set.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Were there big changes to the DNS code in 7.5 that require all these changes? The setup worked perfectly before under 7.405.

    Why does Apple get a pass but au.finance.yahoo.com get blocked?

    BTW, I saw this in the System Messages log:

    2009:10:07-11:36:40 astaro1-1 postgres[17271]: [3-1] LOG: unexpected EOF on client connection
    2009:10:07-11:37:52 astaro1-1 postgres[17287]: [3-1] LOG: unexpected EOF on client connection

    Related?

    James.
  • 0
    "unexpected EOF on client connection" - Look back - I think that message is unremarkable.

    What's happening now?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Still having the http issues with DNS.

    I rebooted the Master server (I have HA Master-Slave setup), but still get the same errors.

    httpproxy[4936]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs01.astaro.com: Temporary failure in name resolution


    And System Messages still get the:

    astaro1-2 postgres[4152]: [3-1] LOG: unexpected EOF on client connection


    but I'm not worrying about that now!

    DNS log is full of things like:

    2009:10:07-16:23:36 astaro1-1 named[3985]: too many timeouts resolving 'resolver1.ast.ctmail.com.bordo.com.au/A' (in '.'?): disabling EDNS
    2009:10:07-16:23:36 astaro1-1 named[3985]: too many timeouts resolving 'resolver1.ast.ctmail.com.bordo.com.au/A' (in '.'?): disabling EDNS


    James.
  • 0 in reply to jlbrown
    Do you have HA?

    Your system seems to be running in Cluster mode.

    I had the same error here.

    Have a look onto astaro-1 and astaro-2 in your log file!

    Frank
  • 0
    Thanks Frank.

    What do you mean by "Have a look onto astaro-1 and astaro-2 in your log file!"

    Which log file?

    James
  • 0 in reply to jlbrown
    /var/log/http.log

    This was my post (it was not the AV engine, but it was hard to find out!):

    https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/44230
  • 0
    Wow Frank, that looks to be exactly what the problem is:

    2009:10:07-20:54:27 astaro1-2 httpproxy[343]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.10" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="15" time="74239 ms" request="0x88a5a90" url="http://stork11.getdropbox.com/subscribe?host_int=9224346&ns_map=3339172_227099449501086628,3409319_255718500221584807&ts=1254909192" exceptions="" error="" category="170" reputation="unverified" categoryname="Personal Network Storage" content-type="text/html"
    2009:10:07-20:54:51 astaro1-1 httpproxy[4936]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.119" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2408" time="15 ms" request="0x8a40a28" url="http://au.download.windowsupdate.com/msdownload/update/software/crup/2009/08/windowsserver2003-kb968389-x86-enu_adfe4f7410d3633e51f8ce7a7346fb52ca6a345d.exe" exceptions="av,content,url,mime" error=""


    But 'Operation Mode' in the Configuration tab of HA Availability is set to 'Hot Standby (active-passive)'.

    James.
  • 0 in reply to jlbrown
    Yes, here too!

    A known Astaro Bug!

    Can you post /etc/ha/cluster.cf?

    Looks like:

    cluster_ipsec_dist=auto
    cluster_snort_dist=auto
    cluster_http_dist=auto
    cluster_smtp_dist=auto
    cluster_pop3_dist=auto
    cluster_ftp_dist=auto

    Right?
  • 0
    Don't know how to log in using SSH to find that out (I'm at home now, Astaro boxes are at work).

    If it's a known Astaro Bug, is there a Known Astaro Fix/Workaround? Physically turn off one box?

    James.
Cookie Information Banner