Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Re: HTTP Proxy high cpu usage
« on: March 14, 2013, 12:06:41 pm »
Hi -
Hopefully this won't be seen as hi-jacking the thread, but I have what may be a related problem -
When i add a tar.gz file in the categorized list page, the lists are added to the squid acls (and can be seen in /etc/squid3/squid.conf).
However, if I restart squid (either by /etc/init.d/zentyal squid restart or via the Dashboard button) the categorized list acls disappear,
although the domain and mime-type acls remain.
This came about when I tried to write a script to automatically update the categorized list 'domain' and 'url' files - after updating the files
I restarted squid, but then the blacklisting no longer worked; investigation showed that the acls were no longer present in squid.conf).
I also noticed the presence of optimized .squid files - how would I regenerate this after updating the list file ?
Regards,
Yatsura.
Hopefully this won't be seen as hi-jacking the thread, but I have what may be a related problem -
When i add a tar.gz file in the categorized list page, the lists are added to the squid acls (and can be seen in /etc/squid3/squid.conf).
However, if I restart squid (either by /etc/init.d/zentyal squid restart or via the Dashboard button) the categorized list acls disappear,
although the domain and mime-type acls remain.
This came about when I tried to write a script to automatically update the categorized list 'domain' and 'url' files - after updating the files
I restarted squid, but then the blacklisting no longer worked; investigation showed that the acls were no longer present in squid.conf).
I also noticed the presence of optimized .squid files - how would I regenerate this after updating the list file ?
Regards,
Yatsura.
2
Installation and Upgrades / Re: HTTP Proxy implementation and a possible bug
« on: November 30, 2012, 04:12:52 pm »
>Well, that's the drawback when one topic covers multiple points
Indeed. Mea Culpa.
I'll mark this topic 'solved' and open a ticket after confirming whether the bug truly exists.
Thanks,
Yatsura
Indeed. Mea Culpa.
I'll mark this topic 'solved' and open a ticket after confirming whether the bug truly exists.
Thanks,
Yatsura
3
Installation and Upgrades / Re: HTTP Proxy implementation and a possible bug
« on: November 30, 2012, 03:11:07 pm »
There is still the 'network policy with empty network object is applied to all' issue 
Any info on that ?
Yatsura
Any info on that ?
Yatsura
4
Installation and Upgrades / Re: HTTP Proxy implementation and a possible bug
« on: November 30, 2012, 08:58:57 am »
I had manually restarted the HTTP Proxy, both via the Dashboard and using the commandline, with no change in behavior.
So anyway, last night I rebooted the server - and now it works (I get the Zentyal "Access Denied" page).
Go figure.
Thanks,
Yatsura.
So anyway, last night I rebooted the server - and now it works (I get the Zentyal "Access Denied" page).
Go figure.
Thanks,
Yatsura.
5
Installation and Upgrades / Re: HTTP Proxy implementation and a possible bug
« on: November 29, 2012, 10:41:14 am »
>Regarding Squid error page: waiting for, perhaps, some changes in Zentyal, you can still use (however not using Zentyal GUI) Squid capability to customize error pages (in
>/usr/share/squid/errors/)
>BTW, are you using transparent proxy ?
>I'm asking because as far as I understand, error should not be 403 but rather Squid related error... I've some doubt...
Yes, I am using transparent proxy.
I don't know why I get 403 rather than the proper squid error - If I can resolve this, then I will be happy with the user feedback from
the squid error pages (and no need for Dansguardian error page).
I will investigate further when I have time.
Thanks,
Yatsura.
>/usr/share/squid/errors/)
>BTW, are you using transparent proxy ?
>I'm asking because as far as I understand, error should not be 403 but rather Squid related error... I've some doubt...
Yes, I am using transparent proxy.
I don't know why I get 403 rather than the proper squid error - If I can resolve this, then I will be happy with the user feedback from
the squid error pages (and no need for Dansguardian error page).
I will investigate further when I have time.
Thanks,
Yatsura.
6
Installation and Upgrades / Re: HTTP Proxy implementation and a possible bug
« on: November 29, 2012, 10:15:48 am »
Hi Christian,
My apologies for the '2 folds' post. Both parts were raised by the upgrade of the HTTP Proxy module.
1. Yes, I was requesting a change to provide the user-feedback that the old version provided and which is missing in the new version.
The actual implementation method is unimportant to me, but it was the implementation change that caused the loss of feedback.
2. Yes, I "have policy based on network object that is applied for all network members if this network object is empty."
>Is it correct? And this is fixed if you add one (even dummy) object.
Yes and yes.
Yatsura.
My apologies for the '2 folds' post. Both parts were raised by the upgrade of the HTTP Proxy module.
1. Yes, I was requesting a change to provide the user-feedback that the old version provided and which is missing in the new version.
The actual implementation method is unimportant to me, but it was the implementation change that caused the loss of feedback.
2. Yes, I "have policy based on network object that is applied for all network members if this network object is empty."
>Is it correct? And this is fixed if you add one (even dummy) object.
Yes and yes.
Yatsura.
7
Installation and Upgrades / Re: Zentyal 3.0 and Xen Hypervisor 4.1
« on: November 29, 2012, 09:41:14 am »
I'd just like to second the Proxmox recommendation. I use Zentyal as a Proxmox guest and am very happy with the results.
It is worth noting that you cannot implement a Zentyal firewall appliance using an OpenVZ container however,
since the Proxmox kernel does not include all the necessary modules.
It works fine as a full KVM guest though.
Yatsura.
It is worth noting that you cannot implement a Zentyal firewall appliance using an OpenVZ container however,
since the Proxmox kernel does not include all the necessary modules.
It works fine as a full KVM guest though.
Yatsura.
8
Installation and Upgrades / [SOLVED] HTTP Proxy implementation and a possible bug
« on: November 29, 2012, 09:34:51 am »
Hi,
I recently upgraded my HTTP Proxy module from 3.0 to 3.0.2 and it seems that the way that domain-category filtering is implemented has been changed.
Previously, the domain category lists were linked to via the Dansguardian configuration list files, so that when the user attempted to browse to a domain in
a blocked category they were shown a friendly Dansguardian 'blocked' page explaining why they were being blocked (local admin policy) and in which
domain category the blocked site was included.
Now the blocked domains are added to Squid's acl configuration, so when the user attempts to browse to a domain in a blocked category they receive
an abrupt '403 Forbidden' message from their browser, which means they cannot tell whether the site is blocked due to local policy, or whether the site itself
is broken.
While this change may be more efficient in operation, it is definitely a backwards step in system usability and if possible I would like to vote for a return to
the previous implementation.
Now for the bug report:
I have at the top of my access-policy list, a policy for the network object 'Banned' which applies the 'Deny All' action.
Most of the time, the 'Banned' object has no members and when this is the case http access is blocked for all sites for all users.
The above configuration worked fine with Http Proxy module version 3.0.
Adding a dummy member to the 'Banned' object seems to make everything work as expected.
Regards,
Yatsura.
I recently upgraded my HTTP Proxy module from 3.0 to 3.0.2 and it seems that the way that domain-category filtering is implemented has been changed.
Previously, the domain category lists were linked to via the Dansguardian configuration list files, so that when the user attempted to browse to a domain in
a blocked category they were shown a friendly Dansguardian 'blocked' page explaining why they were being blocked (local admin policy) and in which
domain category the blocked site was included.
Now the blocked domains are added to Squid's acl configuration, so when the user attempts to browse to a domain in a blocked category they receive
an abrupt '403 Forbidden' message from their browser, which means they cannot tell whether the site is blocked due to local policy, or whether the site itself
is broken.
While this change may be more efficient in operation, it is definitely a backwards step in system usability and if possible I would like to vote for a return to
the previous implementation.
Now for the bug report:
I have at the top of my access-policy list, a policy for the network object 'Banned' which applies the 'Deny All' action.
Most of the time, the 'Banned' object has no members and when this is the case http access is blocked for all sites for all users.
The above configuration worked fine with Http Proxy module version 3.0.
Adding a dummy member to the 'Banned' object seems to make everything work as expected.
Regards,
Yatsura.
9
Installation and Upgrades / Re: Proxy filter stops working after restart [SOLVED]
« on: March 08, 2011, 01:24:51 pm »
Version 2.05 seems to have fixed the problem 
Thanks Jose !
Thanks Jose !
Quote
From the changelog:
2.0.5 - Fixed bug that could delete the default profile file list
10
Installation and Upgrades / Re: Proxy filter stops working after restart [SOLVED]
« on: January 21, 2011, 05:09:31 pm »
Forgot to mention - you may still have it in your apt cache.
Look in /var/cache/apt/archives
Look in /var/cache/apt/archives
11
Installation and Upgrades / Re: Proxy filter stops working after restart [SOLVED]
« on: January 21, 2011, 04:42:32 pm »
The Zentyal 2.0 ppa is here:
https://launchpad.net/~zentyal/+archive/2.0/+packages
You can find old packages by changing the filter to 'any status'.
The .deb for ebox-squid 2.0.2 is here:
https://launchpad.net/~zentyal/+archive/2.0/+files/ebox-squid_2.0.2_all.deb
https://launchpad.net/~zentyal/+archive/2.0/+packages
You can find old packages by changing the filter to 'any status'.
The .deb for ebox-squid 2.0.2 is here:
https://launchpad.net/~zentyal/+archive/2.0/+files/ebox-squid_2.0.2_all.deb
12
Installation and Upgrades / Re: Proxy filter stops working after restart [SOLVED]
« on: January 21, 2011, 02:22:15 pm »
>Are you using special characters for the lists names?
No - I'm using the same ShallaList as the OP, from http://www.shallalist.de/
(http://www.shallalist.de/Downloads/shallalist.tar.gz)
As far as I can tell, it doesn't contain any strange characters.
No - I'm using the same ShallaList as the OP, from http://www.shallalist.de/
(http://www.shallalist.de/Downloads/shallalist.tar.gz)
As far as I can tell, it doesn't contain any strange characters.
13
Installation and Upgrades / Re: Proxy filter stops working after restart [SOLVED]
« on: January 20, 2011, 12:27:02 pm »
Hi -
I upgraded my previously working ebox-squid to 2.0.3 and I am now seeing the behavior described above.
Restarting the http-proxy service (either by rebooting the system, selecting 'restart' from the dashboard or
executing '/etc/init.d/ebox squid restart' ) deletes the entire contents of /etc/dansguardian/extralists.
The GUI still shows the correct configuration but no filtering occurs.
During the restart, the following is displayed:
"Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm
line 34."
Any assistance would be greatly appreciated.
UPDATE: I rolled back to ebox-squid 2.0.2 (found the .deb on the ppa) and everything works OK again.
Thanks.
I upgraded my previously working ebox-squid to 2.0.3 and I am now seeing the behavior described above.
Restarting the http-proxy service (either by rebooting the system, selecting 'restart' from the dashboard or
executing '/etc/init.d/ebox squid restart' ) deletes the entire contents of /etc/dansguardian/extralists.
The GUI still shows the correct configuration but no filtering occurs.
During the restart, the following is displayed:
"Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm
line 34."
Any assistance would be greatly appreciated.
UPDATE: I rolled back to ebox-squid 2.0.2 (found the .deb on the ppa) and everything works OK again.
Thanks.
Pages: [1]