SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004350: Dansguardian filtering slows pages loads - MantisBT
MantisBT - Endian Firewall
View Issue Details
0004350Endian FirewallUncategorizedpublic2012-05-07 13:412012-11-22 20:43
marioeirea 
 
normalmajorrandom
newopen 
 
 
0004350: Dansguardian filtering slows pages loads
After operating for a while, dansguardian will slow filtered pages down to a crawl. Issuing the command "/etc/init.d/dansguardian restart" temporarily fixes the problem. This does not affect people on the allow list in the access policies which means this is a dansguardian problem. This is affecting clients on 2.5.1 and was not an issue in 2.4.1.
No tags attached.
Issue History
2012-05-07 13:41marioeireaNew Issue
2012-05-10 16:33victorhugopsNote Added: 0007862
2012-05-10 21:44juankamiloNote Added: 0007863
2012-05-11 20:17victorhugopsNote Added: 0007865
2012-05-16 06:21marioeireaNote Added: 0007871
2012-05-26 18:08victorhugopsNote Added: 0007875
2012-06-20 07:32anand_apscanNote Added: 0007923
2012-08-27 02:02fqureshiNote Added: 0008022
2012-11-22 20:43ipanema211Note Added: 0008331

Notes
(0007862)
victorhugops   
2012-05-10 16:33   
Hi,

here we have the same problem !!!
at the dashboard the HTTP Proxy status is off !!!
(0007863)
juankamilo   
2012-05-10 21:44   
Hi,

I have the same problem
do not know if this has to do but, i found these errors in /var/log/httpd/error_log

Use of uninitialized value in substitution (s///) at /home/httpd/html/proxy.pac line 287.
Use of uninitialized value in substitution (s///) at /home/httpd/html/proxy.pac line 163.
Use of uninitialized value in substitution (s///) at /home/httpd/html/proxy.pac line 160.
Use of uninitialized value in substitution (s///) at /home/httpd/html/proxy.pac line 163.
(0007865)
victorhugops   
2012-05-11 20:17   
Hello again,

the problem is recurrent !!! now, we need restart the dansguardian time-to-time..

the last time, I see many TIME_WAIT connections in the port 3128 (squid), 8080(squid??) and 9998 (havp)


=====================================
# netstat -putan | egrep '(8080)' | wc -l
    667
# netstat -putan | egrep '(3128)' | wc -l
    213
# netstat -putan | egrep '(999)' | wc -l
   1331
# netstat -putan | grep TIME_WAIT | egrep '(8080)' | wc -l
    589
# netstat -putan | grep TIME_WAIT | egrep '(3128)' | wc -l
    103
# netstat -putan | grep TIME_WAIT | egrep '(999)' | wc -l
   1165
=====================================

the log files don't show any thinks...
any services "work" checkink in the SO

=====================================
# /etc/init.d/dansguardian status
Parent DansGuardian pid:3696
# /etc/init.d/squid status
squid (pid 7194 7192) is running...
# /etc/init.d/havp status
havp (pid 2666 2665 2664 2663 2662 2661 2660 2659 2658 2657 2656 2654 2653 2652 2651 2650 2649 2648 2647 2646 2645 2644 2643 2642 2641 2640 2639 2638 2637 2636 2635 2634 2633 2632 2631 2630 2629 2628 2627 2626 2624) is running...
# /etc/init.d/clamd status
clamd (pid 7180) is running...
=====================================

maybe the port where the proxy work (3128) is not a default ???
I believe that the problem is with antivir, but I can't found it (yet).

mmmm... that is bad !! :-(
(0007871)
marioeirea   
2012-05-16 06:21   
Setting the following values in /etc/dansguardian/dansguardian.conf fixed it for me:

maxchildren = 400
minchildren = 32
minsparechildren = 15
preforkchildren = 8
maxsparechildren = 64
maxagechildren = 4000

Looks like these values where changed from 2.5 going forward, severely reduces the number of connections that can be open at the same time. Change it in the tmpl file if you want the values to stick.
(0007875)
victorhugops   
2012-05-26 18:08   
Hi,

that is interesting too
http://bugs.endian.com/view.php?id=3432 [^]

In my case, when the user visit a streaming site..
the havp take many time (and all threads) to process each one of that connections.

:-(
(0007923)
anand_apscan   
2012-06-20 07:32   
Hi,

I am using endian for the first time, i dont have much idea abt endian,
someone please help me how to edit $MAXCHILDREN value in /etc/dansguardian/dansguardian.conf.tmpl file.

maxchildren = $MAXCHILDREN
minchildren = $MINCHILDREN
minsparechildren = $MINSPARECHILDREN
preforkchildren = $PREFORKCHILDREN
maxsparechildren = $MAXSPARECHILDREN
maxagechildren = $MAXAGECHILDREN
(0008022)
fqureshi   
2012-08-27 02:02   
@ anand_apscan

You can do the following:

nano /usr/lib/efw/dansguardian/default/settings
change the values as below:

MAXCHILDREN=500
MINCHILDREN=128
MINSPARECHILDREN=32
PREFORKCHILDREN=16
MAXSPARECHILDREN=256
MAXAGECHILDREN=10000


Also if you are facing slow browsing issue change the following values:

nano /var/efw/havp/settings

change 2 values as below

MAXSERVERS=150
SERVERNUMBER=50
(0008331)
ipanema211   
2012-11-22 20:43   
I have reason to believe it has something to do with havp

/var/efw/havp/settings does not exists on my 2.5.1 and creating it does not solve the problem. Changing the dansguardian settings to above didn't do the trick for me neither.
Disabling anti virus on all content filter profiles solved the performance issue