ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0006791ClearOSapp-web-proxy - Web Proxypublic2016-01-01 06:262018-02-20 18:15
Reporteruser2 
Assigned Touser2 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionwon't fix 
PlatformOSOS Version
Product Version6.7.0 
Target Version6.9.0 UpdatesFixed in Version 
Summary0006791: Avast antivirus hammers web proxy with loop error
DescriptionThe Avast antivirus engine gets itself into a loop in the web proxy. This not only degrades proxy performance, but also creates very large /var/log/squid/cache.log files.

Is this related:
https://forum.avast.com/index.php?topic=90129.0 [^]
Additional InformationWork arounds.

To identify workstations running Avast, search the log files for entries of traffic browsing port 8080 that don't originate from the server...for example, if your server was 192.168.1.1:

1453207399.270 120000 192.168.1.96 TCP_MISS/000 0 GET http://192.168.1.1:8080/ [^] - DIRECT/192.168.1.1 -

you will see lines like this for the recursives, but you will also se other traffic like this:

1453207399.287 120046 192.168.1.159 TCP_MISS/000 0 GET http://192.168.1.1:8080/ [^] - DIRECT/192.168.1.123 -

This also may work:

grep "http://192.168.1.1:8080" [^] /var/log/squid/access.log | grep -v "DIRECT/192.168.1.1 "

(Notice the space at the end of the "DIRECT/192.168.1.1 " portion)

In this case, 192.168.1.123 is your culprit machine. Your options are to remove Avast from this workstation or to create a custom firewall rule so that it will bypass the proxy (see: https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_custom_firewall_module_examples [^])
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0002831)
bchambers (administrator)
2016-03-15 10:50

The two workaround suggested (remove Avast and allow desktop running Avast to bypass proxy) don't work if you have a 'public' network where users bring their own laptops and connect to your network. In connecting, they can inadvertently bring down web access for all. Yikes.

Open ticket for just this scenario.

I found this suggestion:

In /etc/dansguardian-av/lists/bannedregexpheaderlist, add the following line:
User-Agent: avast.*
And then restart the ClearOS content filter:
service dansguardian-av restart

But I'm not sure it was reported to work.
(0002851)
bchambers (administrator)
2016-03-15 11:06

Possible solution???

...
follow_x_forwarded_for webconfig_lan
follow_x_forwarded_for deny all
...
(0003131)
dloper (administrator)
2016-04-28 13:26

If the client is using transparent mode you can use the custom firewall to block directed access to port 8080 on the LAN segment with a rule similar to:

iptables -t mangle -I PREROUTING -i eth1 -p tcp --destination-port 8080 -s ! 10.10.10.1 -j DROP # Drop 8080 queries from external

Or

iptables -t mangle -I PREROUTING -i eth1 -p tcp --dport 8080 -j DROP
(0003281)
bchambers (administrator)
2016-05-20 07:50

Alternative work around...move DG port to something other than 8080.

For now, you need to edit two files:

/etc/dansguardian-av/dansguardian.conf
filterport = 8080

and

 /usr/clearos/apps/firewall/deploy/firewall.lua
local SQUID_FILTER_PORT = "8080"

Change the 8080 references to an alt port...eg. 8081.

Restart services:

service dansguardian-av restart
service firewall restart
(0004431)
dcclayton (reporter)
2016-12-21 07:12

There is a very similar issue with Webroot AV which tries to look at an AWS hosted domain.
(0007161)
user2
2018-02-20 18:15

Upgrade to ClearOS 7. The version of Squid in ClearOS 6 does not mitigate this issue.

- Issue History
Date Modified Username Field Change
2016-01-01 06:26 user2 New Issue
2016-01-01 06:27 user2 Status new => confirmed
2016-01-21 08:54 dloper Additional Information Updated View Revisions
2016-02-16 12:55 user2 Target Version 6.7.0 Updates => 6.8.0 Updates
2016-03-15 10:50 bchambers Note Added: 0002831
2016-03-15 11:01 bchambers Note Added: 0002841
2016-03-15 11:01 bchambers Note Deleted: 0002841
2016-03-15 11:06 bchambers Note Added: 0002851
2016-04-28 13:26 dloper Note Added: 0003131
2016-05-20 07:50 bchambers Note Added: 0003281
2016-12-21 07:12 dcclayton Note Added: 0004431
2017-03-21 08:42 user2 Target Version 6.8.0 Updates => 6.9.0 Updates
2018-02-20 18:15 user2 Note Added: 0007161
2018-02-20 18:15 user2 Status confirmed => resolved
2018-02-20 18:15 user2 Resolution open => won't fix
2018-02-20 18:15 user2 Assigned To => user2
2018-02-20 18:15 user2 Status resolved => closed