Anonymous | Login | 2024-12-22 05:38 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0006791 | ClearOS | app-web-proxy - Web Proxy | public | 2016-01-01 06:26 | 2018-02-20 18:15 | ||||
Reporter | user2 | ||||||||
Assigned To | user2 | ||||||||
Priority | normal | Severity | minor | Reproducibility | have not tried | ||||
Status | closed | Resolution | won't fix | ||||||
Platform | OS | OS Version | |||||||
Product Version | 6.7.0 | ||||||||
Target Version | 6.9.0 Updates | Fixed in Version | |||||||
Summary | 0006791: Avast antivirus hammers web proxy with loop error | ||||||||
Description | The Avast antivirus engine gets itself into a loop in the web proxy. This not only degrades proxy performance, but also creates very large /var/log/squid/cache.log files. Is this related: https://forum.avast.com/index.php?topic=90129.0 [^] | ||||||||
Additional Information | Work arounds. To identify workstations running Avast, search the log files for entries of traffic browsing port 8080 that don't originate from the server...for example, if your server was 192.168.1.1: 1453207399.270 120000 192.168.1.96 TCP_MISS/000 0 GET http://192.168.1.1:8080/ [^] - DIRECT/192.168.1.1 - you will see lines like this for the recursives, but you will also se other traffic like this: 1453207399.287 120046 192.168.1.159 TCP_MISS/000 0 GET http://192.168.1.1:8080/ [^] - DIRECT/192.168.1.123 - This also may work: grep "http://192.168.1.1:8080" [^] /var/log/squid/access.log | grep -v "DIRECT/192.168.1.1 " (Notice the space at the end of the "DIRECT/192.168.1.1 " portion) In this case, 192.168.1.123 is your culprit machine. Your options are to remove Avast from this workstation or to create a custom firewall rule so that it will bypass the proxy (see: https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_custom_firewall_module_examples [^]) | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0002831) bchambers (administrator) 2016-03-15 10:50 |
The two workaround suggested (remove Avast and allow desktop running Avast to bypass proxy) don't work if you have a 'public' network where users bring their own laptops and connect to your network. In connecting, they can inadvertently bring down web access for all. Yikes. Open ticket for just this scenario. I found this suggestion: In /etc/dansguardian-av/lists/bannedregexpheaderlist, add the following line: User-Agent: avast.* And then restart the ClearOS content filter: service dansguardian-av restart But I'm not sure it was reported to work. |
(0002851) bchambers (administrator) 2016-03-15 11:06 |
Possible solution??? ... follow_x_forwarded_for webconfig_lan follow_x_forwarded_for deny all ... |
(0003131) dloper (administrator) 2016-04-28 13:26 |
If the client is using transparent mode you can use the custom firewall to block directed access to port 8080 on the LAN segment with a rule similar to: iptables -t mangle -I PREROUTING -i eth1 -p tcp --destination-port 8080 -s ! 10.10.10.1 -j DROP # Drop 8080 queries from external Or iptables -t mangle -I PREROUTING -i eth1 -p tcp --dport 8080 -j DROP |
(0003281) bchambers (administrator) 2016-05-20 07:50 |
Alternative work around...move DG port to something other than 8080. For now, you need to edit two files: /etc/dansguardian-av/dansguardian.conf filterport = 8080 and /usr/clearos/apps/firewall/deploy/firewall.lua local SQUID_FILTER_PORT = "8080" Change the 8080 references to an alt port...eg. 8081. Restart services: service dansguardian-av restart service firewall restart |
(0004431) dcclayton (reporter) 2016-12-21 07:12 |
There is a very similar issue with Webroot AV which tries to look at an AWS hosted domain. |
(0007161) user2 2018-02-20 18:15 |
Upgrade to ClearOS 7. The version of Squid in ClearOS 6 does not mitigate this issue. |
Issue History | |||
Date Modified | Username | Field | Change |
2016-01-01 06:26 | user2 | New Issue | |
2016-01-01 06:27 | user2 | Status | new => confirmed |
2016-01-21 08:54 | dloper | Additional Information Updated | View Revisions |
2016-02-16 12:55 | user2 | Target Version | 6.7.0 Updates => 6.8.0 Updates |
2016-03-15 10:50 | bchambers | Note Added: 0002831 | |
2016-03-15 11:01 | bchambers | Note Added: 0002841 | |
2016-03-15 11:01 | bchambers | Note Deleted: 0002841 | |
2016-03-15 11:06 | bchambers | Note Added: 0002851 | |
2016-04-28 13:26 | dloper | Note Added: 0003131 | |
2016-05-20 07:50 | bchambers | Note Added: 0003281 | |
2016-12-21 07:12 | dcclayton | Note Added: 0004431 | |
2017-03-21 08:42 | user2 | Target Version | 6.8.0 Updates => 6.9.0 Updates |
2018-02-20 18:15 | user2 | Note Added: 0007161 | |
2018-02-20 18:15 | user2 | Status | confirmed => resolved |
2018-02-20 18:15 | user2 | Resolution | open => won't fix |
2018-02-20 18:15 | user2 | Assigned To | => user2 |
2018-02-20 18:15 | user2 | Status | resolved => closed |