SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003221: http proxy don't returns anything after some time. If flush cache of Squid, the firewall works again correctly - MantisBT
MantisBT - Endian Firewall
View Issue Details
0003221Endian FirewallProxy HTTPpublic2010-10-25 17:412013-04-16 19:29
bortol 
lorenzo-endian 
normalmajorsometimes
feedbackopen 
2.4 
 
0003221: http proxy don't returns anything after some time. If flush cache of Squid, the firewall works again correctly
After some utilisation the firewall don't returns pages. Ping is working, dns also.
If I flush the cache of squid, proxy is again OK.
In /var/log/squid/cache.log some error

TCP connection to 127.0.0.2/9999 failed

very frewquently also this:

httpReadReply: Excess data from "GET http://cr-tools.clients.google.com/service/check2?appid=%7B430FD4D0-B729-4F6$ [^]


other error in cache.log:

Initialising SSL.
2010/10/25 13:36:28| Store logging disabled
2010/10/25 13:36:28| Referer logging is disabled.
2010/10/25 13:36:28| DNS Socket created at 0.0.0.0, port 35399, FD 10
2010/10/25 13:36:28| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2010/10/25 13:36:28| helperOpenServers: Starting 20 'ncsa_auth' processes
2010/10/25 13:36:29| Accepting transparently proxied HTTP connections at 0.0.0.0, port 8080, FD 35.
2010/10/25 13:36:29| Accepting SNMP messages on port 3401, FD 36.
2010/10/25 13:36:29| WCCP Disabled.
2010/10/25 13:36:29| Configuring Parent 127.0.0.1/9999/0
2010/10/25 13:36:29| Configuring Parent 127.0.0.2/9999/0
2010/10/25 13:36:29| Configuring Parent 127.0.0.1/9998/0
2010/10/25 13:36:29| Loaded Icons.
2010/10/25 13:36:29| Ready to serve requests.
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| Detected DEAD Parent: content2
2010/10/25 13:37:11| Failed to select source for 'http://123.123.123.123/wpad.dat' [^]
2010/10/25 13:37:11| always_direct = 0
2010/10/25 13:37:11| never_direct = 1
2010/10/25 13:37:11| timedout = 0
2010/10/25 13:37:12| Failed to select source for 'http://crl.verisign.com/pca3.crl' [^]
2010/10/25 13:37:12| always_direct = 0
2010/10/25 13:37:12| never_direct = 1
2010/10/25 13:37:12| timedout = 0



Sorry for my english and also for my very low technical know-how

I've installed endian in my School. Now this problem is blocking navigation everyday....


Luigi
purple
related to 0003528confirmed lorenzo-endian Problems with HAVP 
Issue History
2010-10-25 17:41bortolNew Issue
2010-11-25 10:14gmar_87Note Added: 0005204
2010-12-02 09:26lorenzo-endianNote Added: 0005264
2010-12-02 09:26lorenzo-endianAssigned To => lorenzo-endian
2010-12-02 09:26lorenzo-endianStatusnew => feedback
2010-12-02 09:34gmar_87Note Added: 0005265
2010-12-02 09:36gmar_87Note Added: 0005266
2010-12-05 23:23gmar_87Note Added: 0005303
2010-12-14 09:27bortolNote Added: 0005369
2010-12-15 22:24gmar_87Note Added: 0005383
2011-01-18 11:54lorenzo-endianNote Added: 0005493
2011-01-18 20:37bortolNote Added: 0005501
2011-01-18 20:47lorenzo-endianNote Added: 0005502
2011-01-20 00:30gmar_87Note Added: 0005510
2011-01-20 08:25clauritaNote Added: 0005512
2011-02-09 22:19lorenzo-endianNote Added: 0005651
2011-02-09 22:28lorenzo-endianNote Added: 0005652
2011-02-10 06:13gmar_87Note Added: 0005653
2011-02-10 08:25clauritaNote Added: 0005655
2011-03-03 10:01ardit-endianNote Added: 0005799
2011-03-03 10:02ardit-endianTag Attached: purple
2011-03-03 10:54ardit-endianNote Edited: 0005799
2011-03-08 12:15diwodaNote Added: 0005879
2011-03-08 15:43lorenzo-endianNote Added: 0005889
2011-03-09 12:02lorenzo-endianRelationship addedrelated to 0003528
2011-07-26 07:01gvecchiNote Added: 0007087
2011-07-26 07:04gvecchiNote Edited: 0007087
2011-07-26 07:07gvecchiNote Edited: 0007087
2011-07-26 13:42gvecchiNote Edited: 0007087
2011-07-28 09:29gvecchiNote Edited: 0007087
2012-12-10 15:49victorhugopsNote Added: 0008352
2013-02-08 15:15rbianchiNote Added: 0008368
2013-04-06 20:27jejethxNote Added: 0008415
2013-04-16 19:29riaanjvrNote Added: 0008418
2013-04-16 19:38riaanjvrNote Edited: 0008418bug_revision_view_page.php?bugnote_id=8418#r30

Notes
(0005204)
gmar_87   
2010-11-25 10:14   
I too am having this problem. I restored an Endian Firewall 2.3 backup config to an identical hardware spec server also running version 2.3 and see this issue everyday!

I reinstalled Endian, this time with 2.4.1 and restored the backup, but still occurring. The end-user sees "Read Error. Connection reset by peer".

My cache log shows:
2010/11/25 16:39:52| TCP connection to 127.0.0.2/9999 failed
2010/11/25 16:39:52| Detected DEAD Parent: content2

I have now disabled antivirus scans in my content filters to see if that is the cause...
(0005264)
lorenzo-endian   
2010-12-02 09:26   
Hi bortol and gmar_87,

does you efw work after disabling the antivirus scan?

This info would be useful to troubleshoot the problem!

Thanks in advance!

Lo
(0005265)
gmar_87   
2010-12-02 09:34   
Hi Lo,

Proxy seems to be stable after disabling anti-virus scanning under proxy content filter settings.
Uptime = 6d 22h 44m so far..

Cheers,
John
(0005266)
gmar_87   
2010-12-02 09:36   
also seemed to only occur under heavy load/traffic.
(0005303)
gmar_87   
2010-12-05 23:23   
Definitely related to having Anti virus scanning enabled under content filter.
EFW has been up for 10d 12h 20m after disabling this option.
(0005369)
bortol   
2010-12-14 09:27   
I've reinstalled all with release 2.4.0 and I don't have any problem from 31d 9h 53m (with antivirus scan actived).
(0005383)
gmar_87   
2010-12-15 22:24   
I can confirm the this issue only occurs on release 2.4.1
(0005493)
lorenzo-endian   
2011-01-18 11:54   
Hi bordol,

can you provide please the version of you efw-clamav package?

You can get it with the command

rpm -q efw-clamav

Thanks in advance!

Lo
(0005501)
bortol   
2011-01-18 20:37   
Now I have reinstalled version 2.4.0 and the efw-clamav is efw-clamav-2.3.17-0.endian5
I don't kwow the version when of efw-clamav in 2.4.1 ... sorry

Bye

Bortol

p.s. in italiano

non conosco bene l'inglese dunque fatico a scrivere in quella lingua... Ho visto che ti chiami Lorenzo: non è che sei italiano?

Ho deciso, non essendo riuscito a fare funzionare senza blocchi la 2.4.1, di riinstallare la 2.4.0 con cui non ho problemi se non nello scaricamento di alcuni file pdf di grosse dimensioni.
(0005502)
lorenzo-endian   
2011-01-18 20:47   
Hey,

yes, I am italian :-P we try to use english on the bugtrack so that the information of a ticket are useful for all the people around the world :)

Today I tried to replicate the problem on a 2.4.1 but without success, but I think I have discovered something interesting and the fact that you are using the package efw-clamav-2.3.17-0.endian5 is a great help for me!

Thanks a lot

Lo

--- TRANSLATED ---

Ciao!

sisi, sono italiano :-P cerchiamo di tenere l'inglese sul bagtracker perchè cosi le informazioni servono a tutti quelli che nel mondo hanno problemi. Io oggi ho provato a replicare il problema con una 2.4.1 ma non ci sono riuscito.

Ad ogni modo credo di aver scoperto qualche cosa ed il fatto che stai usando il pacchetto efw-clamav-2.3.17-0.endian5 mi aiuta un sacco!

Grazie mille davvero

Lo
(0005510)
gmar_87   
2011-01-20 00:30   
My EFW 2.4.1 shows efw-clamav-2.4.4-0.endian8
(0005512)
claurita   
2011-01-20 08:25   
Hi everybody,
inserting myself in the thread because I have identical problem and made some tests I'd like to report.

Running 2.4.1, efw-clamav-2.4.4-0.endian8
The problem arises after a couple of hours since proxy reset, (under low traffic conditions). In my case, it's not related just to clam called from dansguardian. Using havp alone has about the same final effect, but squid reports a different error:
--------------
2011/01/18 23:57:00| helperOpenServers: Starting 20 'ncsa_auth' processes
2011/01/19 08:22:01| parseHttpRequest: Unsupported method '<D1><BC>Sp<D4><C1><D1><C6><AB><DD>^NY^R<89>^X<E3><E6><BA>^V^V=^Q^K<FC><D4><96>dx^S<93>bN^E<A8>KRi
<DF><99><8E>Wvh'
2011/01/19 08:22:01| clientReadRequest: FD 43 (192.168.18.54:1068) Invalid Request
--------------

I tried clamav updates from stellarcore.net (I've been using them since endian 2.0), actually clamav 0.95.5 and havp 0.91
Nothing seems changed, but I noticed that havp log claims an error in clamav:
-------------------
Jan 19 22:05:38 efw havp[32295]: Detected crashed ClamAV Library Scanner process
 (getanswer, pid: 32296, lasturl: http://www.google.it/search? [^])
Jan 19 22:05:38 efw havp[32295]: Scanner errors: ClamAV: Scanner crashed (lastur
l: http://www.google.it/search? [^])
Jan 19 22:14:25 efw havp[537]: Detected crashed ClamAV Library Scanner process (
getanswer, pid: 539, lasturl: http://suggestqueries.google.com/complete/search? [^])
Jan 19 22:14:25 efw havp[537]: Scanner errors: ClamAV: Scanner crashed (lasturl:
 http://suggestqueries.google.com/complete/search? [^])
---------------

If I could help with other tests, ask me.
Claudio
(0005651)
lorenzo-endian   
2011-02-09 22:19   
Hi everybody,

I have tested a lot havp and clamav and they don't freeze the system on my side.

Can I kindly ask to you which version of HAVP are your systems running?

You can get it using

rpm -q efw-havp

Thanks to all in advance!

Lo
(0005652)
lorenzo-endian   
2011-02-09 22:28   
ps: On my system:

root@efw-lo-ce-2:~ # rpm -q efw-clamav
efw-clamav-2.4.4-0.endian8
root@efw-lo-ce-2:~ # rpm -q efw-havp
efw-havp-2.3.19-0.endian3
root@efw-lo-ce-2:~ # rpm -q squid
squid-2.6.STABLE22-6.endian10
root@efw-lo-ce-2:~ #
(0005653)
gmar_87   
2011-02-10 06:13   
My system:
root@PROXY1:~ # rpm -q efw-clamav
efw-clamav-2.4.4-0.endian8
root@PROXY1:~ # rpm -q efw-havp
efw-havp-2.3.19-0.endian3
root@PROXY1:~ # rpm -q squid
squid-2.6.STABLE22-6.endian10
root@PROXY1:~ #
(0005655)
claurita   
2011-02-10 08:25   
This is my "official" efw machine:
root@efw:~ # rpm -q efw-clamav
efw-clamav-2.4.4-0.endian8
root@efw:~ # rpm -q efw-havp
efw-havp-2.3.19-0.endian3
root@efw:~ # rpm -q squid
squid-2.6.STABLE22-6.endian10

Don't know if this could help:
I'm also actually testing efw on a pc without hd (I'm using a 2GB SD, tmpfs for /tmp and /var, 2 GB ram, NO swap). It's a fresh 2.4.1 install with the same patches applied as my "official" one, and works very well. Focusing, of course, on ram usage, I noticed that sometimes it starts rising and reaches 98% in few hours (normally is about 50%, low load, many days of working). At that point, havp crashes in a way much similar to the one focused in this thread. Haven't yet found the event which triggers this behaviour, but I suspect it could be exactly the same problem we're investigating here.
Claudio
(0005799)
ardit-endian   
2011-03-03 10:01   
(edited on: 2011-03-03 10:54)
Hi,

the problem is related to dansguardian, for some reason "the guy" goes down :)

http://pastie.org/1627966 [^]

The problem with dansguardian now is that it have no debug options [at least for this issue], if you want dansguardian in debug mode we need to compile the "debug version" of dansguardian:

http://contentfilter.futuragts.com/wiki/doku.php?id=using_a_debug_version [^]

As the wiki says, this version is used for
"Unexplained frequent crashes when not even a stack backtrace identifies a resolution. "

I think this is the case.

In past we have several reports of the same problem and unfortunately dansguardian doesn't "say" much om the logs.

Regards,
Ardit.

(0005879)
diwoda   
2011-03-08 12:15   
Something new about this? I had a similar problem today, http proxy just stopped working, believing that it is the same issue. Flushing the Cache made it work again...Logs look quite the same as above...

greets
Johann
(0005889)
lorenzo-endian   
2011-03-08 15:43   
Hello diwoda,

we are working on it! I will keep you updated about the progress :)

Thanks for the patience

Lo
(0007087)
gvecchi   
2011-07-26 07:01   
(edited on: 2011-07-28 09:29)
Hi all!
I think I have the problem me too.

root@PROXY:~ # rpm -q efw-clamav
efw-clamav-2.4.4-0.endian8
root@PROXY:~ # rpm -q efw-havp
efw-havp-2.3.19-0.endian3
root@PROXY:~ # rpm -q squid
squid-2.6.STABLE22-6.endian10
root@PROXY:~ # rpm -q efw-dansguardian
efw-dansguardian-2.4.1-2.endian15

after weekly/dayly automatic backup, dansguardian fails to start:


root@PROXY:~ # /etc/init.d/dansguardian restart
Stopping dansguardian: [FAILED]
Starting dansguardian: [FAILED]

Any workaround? Any news about solution?

Setting squid to allow traffic when dansguardian goes down may be a right workaround, isn't it?

Thanks!

(0008352)
victorhugops   
2012-12-10 15:49   
Hello,

here, we have the same problem (with the last endian version) !!! :-(
(0008368)
rbianchi   
2013-02-08 15:15   
We have the same problem with Endian Community ed. 2.5.1
Trying disable HAVP.
(0008415)
jejethx   
2013-04-06 20:27   
Hello,

Do you find issue to this probleme?
I'am increase MAXSERVERS & SERVERNUMBER in /var/efw/havp/settings :
MAXSERVERS=500
SERVERNUMBER=200
Set 1Mb of Squid cache but it not resolv.

Regards
(0008418)
riaanjvr   
2013-04-16 19:29   
(edited on: 2013-04-16 19:38)
Hallo
This happens in the commercial Endian as well. I have the latest version 2.5.1 Endian appliance. In the Web IF one can see HAVP is not running. It broke after a while from setting it up, and I changed the P.I.C.S score from 50 to 100 in the content filter.

Flushing the cache, rebooting, en/disabling the proxy doesnt help
Forcing an update of Dansguardian rules, doesnt help