EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: Kajowas on Thursday 30 January 2014, 09:37:24 pm



Title: EFW 3.0 - web filter update is working or not?
Post by: Kajowas on Thursday 30 January 2014, 09:37:24 pm
I download and installed the new endian firewall community 3.0.

I see that they changed the web filter program, now it is c-icap (before was used dansguardian)

Now I don't know if the filter lists are updated automatically or not, I set the "daily" update of them but on "last update" I read always: unknown.

Even if I force the update, the text is always "unknown".

Is there a way (a command) to force the update via ssh?
I checked cron jobs but I don't find anything related to c-icap, is it a bug?


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: eric78 on Tuesday 04 February 2014, 05:15:11 pm
Hi,
I have the same problem. Have you found a solution ?
Thanks,


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: kikilinux on Tuesday 04 February 2014, 05:18:26 pm
Hi
Me too, i have the same problem too.



Title: Re: EFW 3.0 - web filter update is working or not?
Post by: ghenton on Tuesday 04 February 2014, 05:47:35 pm
add me to the list, does not appear to be working,

Gerry


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: ghenton on Tuesday 04 February 2014, 06:39:39 pm
I tried with "not transparent" proxy and I got a successful update

but still doesn't appear to filter

Gerry


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: kikilinux on Sunday 09 February 2014, 04:14:13 am
Is it too hard to resolve this BUG ????  >:(
why nobody fixes this bug ??!!!!!!!!!!!!!!!!!!!


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Tuesday 11 February 2014, 01:43:19 am
So 3.0 still not ready then?


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: leonardocoelho on Wednesday 12 February 2014, 12:55:33 am
Try to login using ssh and then:

root@efw-1392123015:~#job
[efw-1392123015] job> restart urlfilterlistsupdate

the job will be restart and the list will be update at least for me it's working


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: thaobn20 on Thursday 13 February 2014, 12:59:08 pm
Try to login using ssh and then:

root@efw-1392123015:~#job
[efw-1392123015] job> restart urlfilterlistsupdate

the job will be restart and the list will be update at least for me it's working

don't work :(, log proxy don't see everything, i can't block or filter web.....


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Friday 14 February 2014, 08:49:55 am
Has anyone else tried this and can confirm working or not???


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Saturday 15 February 2014, 01:56:57 am
Ok I have updated and after a few tries I was able to get the content filter to update.  If only I could get the web proxy to start now?????


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: ghenton on Tuesday 18 February 2014, 07:49:59 am
I did a quick look at the squid.conf file and it does not appear that the web filter is in any way working. There is a tab in the efw gui but if you look into /etc/squid/squid.conf there is some config stuff for c-icap anti-virus but nothing for web filtering.

Gerry


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Wednesday 19 February 2014, 03:29:30 am
is your proxy working Ghenton??


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Thursday 20 February 2014, 01:56:58 am
Ok proxy issue resolved in the last update have to check on the content filter now.


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Thursday 20 February 2014, 04:53:04 am
url content filer appears not to be working.


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: thaobn20 on Thursday 20 February 2014, 09:28:37 pm
How do you it?
In proxy log, i don't see url or filter web


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: ghenton on Friday 21 February 2014, 03:56:16 pm
as far as I can see the squid and c-icap modules are loaded, but  my proxy logs are empty. I have jumped ship until this is resolved.





Title: Re: EFW 3.0 - web filter update is working or not?
Post by: kieronrob on Friday 21 February 2014, 04:43:50 pm
Hi,

A simple question, but have you enabled logging under the proxy? The menu is under Proxy ---> Log settings.

If these are enabled then you should see usage by ip address and URL

Regards,

Kieron


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: ghenton on Saturday 22 February 2014, 02:30:41 pm
yes proxy logging is on
no log is blank
I do have activity on other logs anti-virus, intrusion, etc.




Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Tuesday 25 February 2014, 09:17:43 am
Ok after a little mix up (my fault) I verified that the content filter is in fact working.


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: mhLearn on Tuesday 25 February 2014, 02:45:12 pm
Hi guys,

I have the same issue, after turned on the http proxy, all clients can't access internet. This used to be working fine on 2.5.1 and 2.5.2, but after upgraded to 3.0 on last week, it's not working anymore.

Checked the proxy log file, it's empty even have it turned on.

Checked the squid log, below lines are repeating,

FATAL: No valid signing SSL certificate configured for http_port 0.0.0.0:8080
Squid Cache (Version 3.3.8): Terminated abnormally.
CPU Usage: 0.087 seconds = 0.056 user + 0.031 sys
Maximum Resident Size: 23888 KB
Page faults with physical i/o: 25

Anyone can help? Thanks


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Wednesday 26 February 2014, 01:21:51 am
It was resolved by the last update.


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: mhLearn on Wednesday 26 February 2014, 09:44:41 pm
hi dda,

it was not. i did the upgrade again on today, but problem remained. seems like there is some problem during upgrade.

squid-3.3.8-7.endian21.i586.rpm ######################################## [100%]
error: Failed to download packages:
error:     @yahoo.com:community@updates.endian.org/devel/pool/squid-3.3.8-7.endian21.i586.rpm: Unexpected size (expected 3175465, got 237568)


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Thursday 27 February 2014, 03:27:08 am
Page faults with physical i/o: 25  ----This sounds like a hard drive problem no??


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Thursday 27 February 2014, 03:29:14 am
Look at this thread with an error I got see if it helps you.
http://www.efwsupport.com/index.php/topic,3942.msg10638.html#msg10638


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: kieronrob on Thursday 27 February 2014, 07:20:06 pm
Hi all,

I have been getting this same error when trying to update the content filter - sometimes it works first time and sometimes it doesn't.

I put another EFW in front of the one that was not updating and found that the site that the script calls for updates is more often than not refusing connections as it is overloaded.

The only possible way round this is to manually update and keep trying till you get a connaction. It's not elegant and we can hope the website improves its connectivity or webserver.

As it is a free service, it doesn't mean there are any guarantees on availability.

Perhaps someone can have a look at the script and see if it can be modified to try another service or do it manually from downloaded lists?



Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Friday 28 February 2014, 01:48:31 am
I just realized mine hasn't updated since the 23rd of February.  I switched it to hourly so hopefully it will sort out itself.  Its free so we can't complain too much.  I am on a shoestring budget but hope to switch to a paid version at some point so until then I will have to grin and bear it.


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: phqr58 on Monday 03 March 2014, 11:51:12 am
I did an installation of Endian 3.0 (EFW_COMMUNITY-devel-3.0.0-201401151045) from zero.
The Proxy and I-cap filter the pages.
My problem is when I enable PROXY, transpartente or not, it takes 1.45 minutes to establish contact with any website. disable the proxy the display page without delay.
Unable to browse the internet, if every time I click on a link must wait until 1.45minutos in most cases.


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: kieronrob on Wednesday 05 March 2014, 12:26:45 am
phqr58,

How many users are behind the proxy?


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: fporta044 on Thursday 06 March 2014, 01:21:04 am
Hello,
i have this error

-----------------------------------------------------------------------------------------------
Using certificate in /var/efw/proxy/https_cert
FATAL: No valid signing SSL certificate configured for http_port 0.0.0.0:8080
Squid Cache (Version 3.3.8): Terminated abnormally.
-----------------------------------------------------------------------------------------------

last iso updated installed (today 05 march 2014) from scratch
squid version is: 3.3.8.7

Can someone help me?


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: mhLearn on Thursday 06 March 2014, 01:49:46 pm
Look at this thread with an error I got see if it helps you.
h.t.t.p://www-efwsupport.com/index.php/topic,3942.msg10638.html#msg10638


hi,

after many tries, finally able to upgraded the squid, then updated the web filter, and web proxy service was running. Access internet was ok thereafter, but access policy and allowed tcp port control was't working.

but then after restarted the efw, everything is not working anymore. Web proxy service is not running anymore.  Headache


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: thaobn20 on Thursday 06 March 2014, 02:25:40 pm
Update Squid success working good

Step 1:

Code:
rm -rf /usr/share/squid/errors/sr*

Step 2:
Code:
efw-upgrade -s
select 2
enter you username Register Endian.com ==> enter

Update success EFW working good!


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Friday 07 March 2014, 02:55:52 am
I have been having a similar problem and I have to go and reapply the access policies under proxy and it immediately starts to work.  Do you have any denials in your access policies?


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: mhLearn on Tuesday 18 March 2014, 08:48:16 pm
after deleted all the web filter rules and access policy and re-created, things were working fine, Web Proxy service was running (under Status), but after it was restarted, then web proxy service was not running anymore, and had to turned off the http proxy in order to get internet access. Anymore suggestion to get the web proxy running?


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Wednesday 19 March 2014, 12:46:42 am
Mine is working fine after an update a few weeks back,did you download the last update on the development channel?


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: mhLearn on Friday 21 March 2014, 12:33:42 pm
yes did that, but still helpless. Maybe have to do fresh installation to try if the problem still persist.


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Saturday 22 March 2014, 01:36:26 am
What kind of authentication are you running?


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: mhLearn on Tuesday 25 March 2014, 06:32:15 pm
authentication was disabled under access policy.


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: dda on Wednesday 26 March 2014, 01:09:28 am
Is it transparent or non transparent.  I think it should be transparent.


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: mhLearn on Thursday 27 March 2014, 01:31:53 pm
transparent. according to feedback in Jira endian, they are in the progress to fix this issue


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: bnhansen on Thursday 08 May 2014, 11:40:09 am
Does anyone know if this problem has been resolved - i.e. squid not running properly (error message is No valid signing SSL certificate configured for http_port 0.0.0.0:8080).  Although Web Proxy says on Status it's running, if the zone is set to transparent no clients can browse the internet.

Trying to restart squid gives the following log:

/etc/init.d/squid restart
Stopping squid:                                            [FAILED]
Starting squid:                                            [FAILED]
2014/05/07 21:36:36| Startup: Initializing Authentication Schemes ...
2014/05/07 21:36:36| Startup: Initialized Authentication Scheme 'basic'
2014/05/07 21:36:36| Startup: Initialized Authentication Scheme 'digest'
2014/05/07 21:36:36| Startup: Initialized Authentication Scheme 'negotiate'
2014/05/07 21:36:36| Startup: Initialized Authentication Scheme 'ntlm'
2014/05/07 21:36:36| Startup: Initialized Authentication.
2014/05/07 21:36:36| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2014/05/07 21:36:36| Processing: shutdown_lifetime 1 seconds
2014/05/07 21:36:36| Processing: icp_port 0
2014/05/07 21:36:36| Processing: workers 1
2014/05/07 21:36:36| Processing: http_port 0.0.0.0:8080 ssl-bump cert=/var/efw/proxy/https_cert generate-host-certificates=on
2014/05/07 21:36:36| Processing: http_port 0.0.0.0:18080 intercept ssl-bump cert=/var/efw/proxy/https_cert generate-host-certificates=on
2014/05/07 21:36:36| Starting Authentication on port 0.0.0.0:18080
2014/05/07 21:36:36| Disabling Authentication on port 0.0.0.0:18080 (interception enabled)
2014/05/07 21:36:36| Disabling IPv6 on port 0.0.0.0:18080 (interception enabled)
2014/05/07 21:36:36| Processing: https_port 0.0.0.0:18081 intercept ssl-bump cert=/var/efw/proxy/https_cert generate-host-certificates=on
2014/05/07 21:36:36| Starting Authentication on port 0.0.0.0:18081
2014/05/07 21:36:36| Disabling Authentication on port 0.0.0.0:18081 (interception enabled)
2014/05/07 21:36:36| Disabling IPv6 on port 0.0.0.0:18081 (interception enabled)
2014/05/07 21:36:36| Processing: ssl_bump none localhost
2014/05/07 21:36:36| Processing: acl bypass_windows dstdomain "/etc/squid/acls/https_bypass_rules.acl"
2014/05/07 21:36:36| Processing: ssl_bump none bypass_windows
2014/05/07 21:36:36| Processing: ssl_bump server-first all
2014/05/07 21:36:36| Processing: acl https_proto proto https
2014/05/07 21:36:36| Processing: always_direct allow https_proto
2014/05/07 21:36:36| Processing: sslproxy_cert_error allow all
2014/05/07 21:36:36| Processing: sslproxy_flags DONT_VERIFY_PEER
2014/05/07 21:36:36| Processing: acl no_cache_domains dstdomain "/etc/squid/acls/dst_nocache.acl"
2014/05/07 21:36:36| Processing: cache deny no_cache_domains
2014/05/07 21:36:36| Processing: cache_effective_user squid
2014/05/07 21:36:36| Processing: cache_effective_group squid
2014/05/07 21:36:36| Processing: pid_filename /var/run/squid.pid
2014/05/07 21:36:36| Processing: cache_mem 40 MB
2014/05/07 21:36:36| Processing: cache_dir rock /var/spool/squid 500 max-size=32768
2014/05/07 21:36:36| Processing: error_directory /usr/share/squid/errors/en
2014/05/07 21:36:36| Processing: icon_directory /usr/share/squid/icons
2014/05/07 21:36:36| Processing: max_filedesc 90793
2014/05/07 21:36:36| Processing: server_persistent_connections off
2014/05/07 21:36:36| Processing: half_closed_clients off
2014/05/07 21:36:36| Processing: buffered_logs on
2014/05/07 21:36:36| Processing: cache_log /dev/null
2014/05/07 21:36:36| Processing: cache_access_log /dev/null
2014/05/07 21:36:36| Processing: cache_store_log none
2014/05/07 21:36:36| Processing: log_mime_hdrs off
2014/05/07 21:36:36| Processing: forwarded_for delete
2014/05/07 21:36:36| Processing: auth_param basic program /usr/lib/squid/basic_ncsa_auth /var/efw/proxy/ncsausers
2014/05/07 21:36:36| Processing: auth_param basic children 20
2014/05/07 21:36:36| Processing: auth_param basic realm Proxy Server
2014/05/07 21:36:36| Processing: auth_param basic credentialsttl 60 minutes
2014/05/07 21:36:36| Processing: acl for_auth_users proxy_auth REQUIRED
2014/05/07 21:36:36| Processing: acl from_all                src all
2014/05/07 21:36:36| Processing: acl to_all                  dst all
2014/05/07 21:36:36| Processing: acl from_localhost          src 127.0.0.1/32
2014/05/07 21:36:36| Processing: acl CONNECT                 method CONNECT
2014/05/07 21:36:36| Processing: acl to_http_port            port 80
2014/05/07 21:36:36| Processing: acl to_https_port           port 10443
2014/05/07 21:36:36| Processing: acl to_proxy_port           port 8080
2014/05/07 21:36:36| Processing: acl to_blue_interface    dst 10.0.0.1
2014/05/07 21:36:36| Processing: acl to_orange_interface    dst 192.168.10.1
2014/05/07 21:36:36| Processing: acl to_green_interface    dst 192.168.1.28
2014/05/07 21:36:36| Processing: acl from_blue          src "/etc/squid/acls/blue_subnets.acl"
2014/05/07 21:36:36| Processing: acl to_blue            dst "/etc/squid/acls/blue_subnets.acl"
2014/05/07 21:36:36| Processing: acl from_orange          src "/etc/squid/acls/orange_subnets.acl"
2014/05/07 21:36:36| Processing: acl to_orange            dst "/etc/squid/acls/orange_subnets.acl"
2014/05/07 21:36:36| Processing: acl from_green          src "/etc/squid/acls/green_subnets.acl"
2014/05/07 21:36:36| Processing: acl to_green            dst "/etc/squid/acls/green_subnets.acl"
2014/05/07 21:36:36| Processing: acl allowed_ports       port "/etc/squid/acls/ports.acl"
2014/05/07 21:36:36| Processing: acl allowed_sslports    port "/etc/squid/acls/sslports.acl"
2014/05/07 21:36:36| Processing: acl within_timeframe_rule0 time MTWHFAS 00:00-24:00
2014/05/07 21:36:36| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2014/05/07 21:36:36| Processing: refresh_pattern .            0 20% 4320
2014/05/07 21:36:36| Processing: cache deny      from_localhost
2014/05/07 21:36:36| Processing: cache deny      CONNECT
2014/05/07 21:36:36| Processing: cache allow     from_all
2014/05/07 21:36:36| Processing: acl cachemanageracl proto cache_object
2014/05/07 21:36:36| Processing: http_access allow cachemanageracl from_localhost
2014/05/07 21:36:36| Processing: http_access deny cachemanageracl
2014/05/07 21:36:36| Processing: snmp_port 3401
2014/05/07 21:36:36| Processing: acl snmppublic snmp_community public
2014/05/07 21:36:36| Processing: snmp_access allow snmppublic from_localhost
2014/05/07 21:36:36| Processing: snmp_access deny from_all
2014/05/07 21:36:36| Processing: http_access allow   from_localhost
2014/05/07 21:36:36| Processing: http_access allow   from_green to_green_interface to_http_port
2014/05/07 21:36:36| Processing: http_access allow   from_green to_green_interface to_https_port
2014/05/07 21:36:36| Processing: http_access allow   CONNECT from_green to_green_interface to_https_port
2014/05/07 21:36:36| Processing: http_access deny    to_blue_interface to_https_port
2014/05/07 21:36:36| Processing: http_access deny    to_blue_interface to_proxy_port
2014/05/07 21:36:36| Processing: http_access deny    to_orange_interface to_https_port
2014/05/07 21:36:36| Processing: http_access deny    to_orange_interface to_proxy_port
2014/05/07 21:36:36| Processing: http_access deny    to_green_interface to_https_port
2014/05/07 21:36:36| Processing: http_access deny    to_green_interface to_proxy_port
2014/05/07 21:36:36| Processing: http_access deny    !allowed_ports !allowed_sslports
2014/05/07 21:36:36| Processing: http_access deny    CONNECT !allowed_sslports
2014/05/07 21:36:36| Processing: http_access allow   within_timeframe_rule0
2014/05/07 21:36:36| Processing: http_access deny    from_all
2014/05/07 21:36:36| Processing: http_reply_access allow from_localhost
2014/05/07 21:36:36| Processing: http_reply_access allow   within_timeframe_rule0
2014/05/07 21:36:36| Processing: http_reply_access deny from_all
2014/05/07 21:36:36| Processing: maximum_object_size 1024 KB
2014/05/07 21:36:36| Processing: minimum_object_size 0 KB
2014/05/07 21:36:36| Processing: cache_mgr brenda.neilsonhansen@foxdenfarm-usa.com
2014/05/07 21:36:36| Processing: visible_hostname off
2014/05/07 21:36:36| Processing: icap_enable on
2014/05/07 21:36:36| Processing: icap_service_revival_delay 30
2014/05/07 21:36:36| Processing: icap_service_failure_limit -1
2014/05/07 21:36:36| Processing: icap_preview_enable on
2014/05/07 21:36:36| Processing: icap_preview_size    128
2014/05/07 21:36:36| Processing: icap_send_client_ip  on
2014/05/07 21:36:36| Processing: icap_send_client_username  on
2014/05/07 21:36:36| Processing: include /etc/squid/squid.conf.d/*.conf
2014/05/07 21:36:36| Processing Configuration File: /etc/squid/squid.conf.d/clamav.conf (depth 1)
2014/05/07 21:36:36| Processing: icap_service service_av_req reqmod_precache icap://127.0.0.1:1344/clamd_scan bypass=off
2014/05/07 21:36:36| Processing: icap_service service_av respmod_precache icap://127.0.0.1:1344/clamd_scan bypass=on
2014/05/07 21:36:36| Processing Configuration File: /etc/squid/squid.conf.d/empty.conf (depth 1)
2014/05/07 21:36:36| Processing Configuration File: /etc/squid/squid.conf.d/urlfilter.conf (depth 1)
2014/05/07 21:36:36| Processing: adaptation_access service_av deny cachemanageracl
2014/05/07 21:36:36| Processing: adaptation_access service_av_req deny cachemanageracl
2014/05/07 21:36:36| Processing: adaptation_access service_av allow   within_timeframe_rule0
2014/05/07 21:36:36| Processing: adaptation_access service_av_req allow   within_timeframe_rule0
2014/05/07 21:36:36| Processing: adaptation_access service_av deny all
2014/05/07 21:36:36| Processing: adaptation_access service_av_req deny all
2014/05/07 21:36:36| WARNING: max_filedescriptors disabled. Operating System setrlimit(RLIMIT_NOFILE) is missing.
2014/05/07 21:36:36| Initializing https proxy context
2014/05/07 21:36:36| Initializing http_port 0.0.0.0:8080 SSL context
2014/05/07 21:36:36| Using certificate in /var/efw/proxy/https_cert
FATAL: No valid signing SSL certificate configured for http_port 0.0.0.0:8080
Squid Cache (Version 3.3.8): Terminated abnormally.
CPU Usage: 0.034 seconds = 0.023 user + 0.011 sys
Maximum Resident Size: 24080 KB
Page faults with physical i/o: 0
root@efw-1399453170:~ #


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: TheEricHarris on Thursday 22 May 2014, 01:34:23 am
Ugh, is content filter not working?  I'm trying to get my custom profiles setup.  I block everything with "**" in the Deny list and then add the websites in the Allowed list that I only want them to access.  Doesn't work.

The help menu doesn't work, 404 error. 


Get a ton of these in /var/log/messages:
May 21 09:31:59 gw1 httpd: [Wed May 21 09:31:58 2014] [error] [client 172.30.100.40] File does not exist: /home/httpd/html/images/bubble_green_sign.png
May 21 09:30:43 gw1 httpd: [Wed May 21 09:30:42 2014] [error] [client 172.30.100.40] File does not exist: /home/httpd/html/include/updates.css

Why so many bugs?


Title: Re: EFW 3.0 - web filter update is working or not?
Post by: nickchacha on Saturday 06 December 2014, 11:22:25 pm
Did anyone got this Unknown Last Update fix.
Am stuck on it and would appropriate if someone can assist with the best solution