Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 2 subscribers
  • Views 8892 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All sites being blocked for one user after upgrade to 7.5

jlbrown
I upgraded from 7.405 to 7.5 last night.

This morning one of my users can't visit any web sites.

The Content Filter logs show:

2009:10:07-09:21:30 astaro1-2 httpproxy[5061]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.55" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2170" time="0 ms" request="0x88e5568" url="74.125.127.100/favicon.ico" exceptions="" error="" category="9999" reputation="neutral" categoryname="Categorization failed"
2009:10:07-09:21:50 astaro1-1 httpproxy[5572]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.30" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="2118" time="0 ms" request="0xa66054f0" url="" exceptions="" error=""
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs01.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs02.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs03.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:52 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs04.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:53 astaro1-2 httpproxy[5061]: [ (nil)] sc_resolve_server (scr_scanner.c:355) DNS: cffs05.astaro.com: Temporary failure in name resolution
2009:10:07-09:21:53 astaro1-2 httpproxy[5061]: [ 0x88e8ad0] sc_categorize_url (scr_scanner.c:940) no categorization received for url: http://yahoo.com/
2009:10:07-09:21:53 astaro1-2 httpproxy[5061]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.55" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2130" time="7 ms" request="0x88e8ad0" url="yahoo.com/" exceptions="" error="" category="9999" reputation="neutral" categoryname="Categorization failed"
This might be related to my other error for which I keep getting email notifications:

The spam filter daemon is unable to reach the database servers via HTTP. Please make sure that the device is able to send HTTP (TCP port 80) requests to the Internet. You may have to allow such traffic on upstream devices.
Any ideas how to fix this?

Thanks,

James.


This thread was automatically locked due to age.
  • 0 in reply to jlbrown
    Hmm, that might be a problem! ;-)

    You have to change every entry in /etc/ha/cluster.cf from

    "auto"

    cluster_ipsec_dist=auto
    cluster_snort_dist=auto
    cluster_http_dist=auto
    cluster_smtp_dist=auto
    cluster_pop3_dist=auto
    cluster_ftp_dist=auto

    to "none"

    and in /etc/ha/cluster.cf-default from

    "[]"

    cluster_ipsec_dist=[]
    cluster_snort_dist=[]
    cluster_http_dist=[]
    cluster_smtp_dist=[]
    cluster_pop3_dist=[]
    cluster_ftp_dist=[]

    to "[none]"

    After that, restart HA or both machines.

    Oh of course you have to change this on both servers, you can connect to the other via the HA interface.

    The only other workaround is turning of the Slave, i think.
  • 0
    Pulled out the power cable to the Slave and all works!

    Thanks so much for all your help.

    James.
  • 0
    ok, the fix is already published here...
  • 0
    Ölm.

    Where is the fix?

    Or do you mean editing the /etc/ha files?

    James.
  • 0 in reply to jlbrown
    Hi Folks,

    as ffiene mentioned, this is an issue which occoured after 7.5. All HA systems become cluser and disribute http and ipsec traffic. The result would be that http requests will fail.

     We will publish a fix in version 7.5. Until then, please use the workaround below. If you have still any questions, please contact our support teams.


    WORKAROUND
    * Edit /etc/ha/cluster.cf and replace auto by none
    * Edit /etc/ha/cluster.cf-default and replace [] by none
    * Execute "/etc/init.d/ha reload" 


    Thank you!

    Dominic
  • 0
    also fixed in 7.501 which is sticky'd in this forum. Download and apply to sort this out.
Cookie Information Banner