[7.080] HTTP Proxy - Time events do not work correctly [CONFIRMED]

[JuergenH]

Hi.

A new Thread for an old problem.
Time events in HTTP Proxy Profiles (transparent proxy) are without any function in my case.

Here my configuration:

Time Event definitions:

Time-EveryDay-0-00-7-00 [Recurring event]
From 00:00 until 07:00 on Mon, Tue, Wed, Thu, Fri, Sat, Sun
Täglich 0:00 - 7:00

Time-Fr-Sa-Evening [Recurring event]
From 23:00 until 23:59 on Fri, Sat
Freitag, Samstag Spaetabend

Time-So-Do-Evening [Recurring event]
From 22:00 until 23:59 on Mon, Tue, Wed, Thu, Sun
Sonntag-Donnerstag Spaetabend


HTTP Profile filter action:

Filter-Protect
Mode: Whitelist
Anti-Virus scanning Dual Scan, Single Scan

(No HTTP access allowed - so it is simple to check, no effect by adding one URL to "allow this URLs/sites" - a must be in 7.011 )


Filter assignments:

HTTP-Protect-Time1
User/Groups NONE !!
Time-EveryDay-0-00-7-00
Filter Action: Filter-Protect

HTTP-Protect-Time2
User/Groups NONE !!
Time-So-Do-Evening
Filter Action: Filter-Protect

HTTP-Protect-Time3
User/Groups NONE !!
Time-Fr-Sa-Evening
Filter Action: Filter-Protect


Proxy Profile:

HTTP-Surf-Protect []
Transparent mode enabled
Source networks: HL_Surf_Protect (a Group of IP-Numbers)
Filter Assigments:
HTTP-Protect-Time1
HTTP-Protect-Time2
HTTP-Protect-Time3
Fallback action: Default content filter action


The filter action "filter-protect" is never used !
In all cases only the default filter action ist used.


If i change the time event in one of the filter assignements to "Allways" the filter "filter-protect" is used correct.

No time filter is used correct.

To Tom Kistner:
I canceled the users/groups in the filter assignements, you said it must work now - but it doesn't work.

I think the configuration ist correct, isn't it?

Regards Juergen

[Gert Hansen]

Hi Juergen,

can you please attach the file or the content of the following config file
/var/chroot-http/etc/httpproxy.ini

thanks
Gert

[JuergenH]

Hi Gert.

I have problems with upload, i copied the content here.
(I know the blacklist0 - blacklist2 in action_REF_DefaultHTTPCFFAction will not work. I tested to reproduce my high level packet filters)

If you want i can send you a mail with the file.

regards Juergen


[global]
listenport = 8080
debug = none
deferlength = 1048576
deferagents = ozilla
undefercontent = text/*;image/*;script/*;audio/*;video/*;application/x-flash;application/flash;application/x-shockwave;application/shockwave;application/pn-real;application/x-pn-real;application/real;application/x-real;application/vnd.ms.wms-hdr.asfv1;application/mpeg;application/audio;application/video;application/sound;application/x-audio;application/x-video;application/x-mpeg;application/x-sound;application/quicktime;application/x-quicktime;application/mms;application/x-mms;application/x-msdownload
noscancontent = audio/*;video/*;application/x-flash;application/flash;application/x-shockwave;application/shockwave;application/pn-real;application/x-pn-real;application/real;application/x-real;application/vnd.ms.wms-hdr.asfv1;application/mpeg;application/audio;application/video;application/sound;application/x-audio;application/x-video;application/x-mpeg;application/x-sound;application/quicktime;application/x-quicktime;application/mms;application/x-mms;application/x-mms-framed;application/x-rtsp-tunnelled
modulepath = /usr/lib
usefwnotify = 1
fqdn = firewall.hl.mdv
configprefix=/etc

[diskcache]
maxcachesize = 50097
maxobjectsize = 3795
usecache = 1

[threads]
maxthreads = 50
maxunused = 5

[scanners]
pcrescanner.so=1
regexscanner.so=1
fileextensionscanner.so=1
#ncorescanner.so=1
clamscanner.so=1
cssscanner.so=1
scr_scanner.so=1

[headers]
remove_response = vary
remove_request = accept-encoding;te

[aua]
port=15723
addr=127.0.0.1
ttl=360
size=2048

[ntlm]
msdomain=
mshost=FIREWALL
port=1337
addr=db_host.local

[parent]
status=0
addr=
port=
useauth=0



[ssl]
keyfile=/etc/ssl/key.pem
certfile=/etc/ssl/cert.pem
certstore=/etc/ssl/certs
ciphers=ALL:!ADH:!MD5:!LOW:!EXP:@STRENGTH
strictssl=0

[profile_0]
networks=192.168.18.180/32;192.168.18.80/32;192.168.18.2/32;192.168.18.78/32;192.168.18.3/32;192.168.18.79/32;192.168.18.4/32;192.168.18.1/32;192.168.18.77/32;
auth=none
filterassign=assign_REF_wJQFodfVnB;assign_REF_XVLi WrhNyU;assign_REF_qQRoyYmnSo;
defaultaction=action_REF_DefaultHTTPCFFAction
ssl=1
plain=1
accesslog=1

[profile_1]
networks=192.168.18.55/32;192.168.18.241/32;192.168.18.60/32;192.168.18.51/32;192.168.18.61/32;192.168.18.50/32;192.168.18.56/32;
auth=none
filterassign=assign_REF_UoVJUyqNNY;
defaultaction=action_REF_EqKBoJONAC
ssl=1
plain=1
accesslog=1

[profile_2]
networks=192.168.18.0/24;
auth=none
filterassign=assign_REF_DefaultHTTPCFFProfile;
defaultaction=action_REF_DefaultHTTPCFFAction
ssl=1
plain=1
accesslog=1

[assign_REF_DefaultHTTPCFFProfile]
filteraction=action_REF_DefaultHTTPCFFAction
aaa=

[assign_REF_UoVJUyqNNY]
filteraction=action_REF_EqKBoJONAC
aaa=

[assign_REF_qQRoyYmnSo]
filteraction=action_REF_xNGBYmppCI
time=time_REF_IybdboODMe
aaa=

[assign_REF_XVLiWrhNyU]
filteraction=action_REF_xNGBYmppCI
time=time_REF_rYsJWkMuuo
aaa=

[assign_REF_wJQFodfVnB]
filteraction=action_REF_xNGBYmppCI
time=time_REF_bFxgVykXcD
aaa=

[time_REF_IybdboODMe]
event=recurring
start=23:00:00
end=23:59:00
weekdays=5;6;

[time_REF_bFxgVykXcD]
event=recurring
start=00:00:00
end=07:00:00
weekdays=1;2;3;4;5;6;7;

[time_REF_rYsJWkMuuo]
event=recurring
start=22:00:00
end=23:59:00
weekdays=1;2;3;4;7;

[action_REF_EqKBoJONAC]
defaultallow=1
blockedurlcats=1920;
fileext=
avengines=css;clam;
maxscansize=52428800
targetservices=80;443;389;8080;21;3840-4840;4444;

[action_REF_xNGBYmppCI]
defaultallow=0
allowedurlcats=
fileext=
avengines=css;clam;
maxscansize=52428800
targetservices=80;443;389;8080;21;3840-4840;4444;

[action_REF_DefaultHTTPCFFAction]
defaultallow=1
blacklist0=10.128.128.0/24
blacklist1=192.168.16.0/24
blacklist2=192.168.1.0/24
blockedurlcats=0210;0220;0230;0240;0310;0320;0330; 0340;0510;0710;0720;0730;1410;1420;1430;1810;1920;
fileext=msi;com;bat;vbx;hta;inf;jse;wsh;vbs;vbe;ln k;chm;pif;reg;scr;cmd;
avengines=css;clam;
maxscansize=52428800
targetservices=80;443;389;8080;21;3840-4840;4444;

[exception_0]
domain0=windowsupdate.com
domain1=microsoft.com
skipav=1
skipext=1

[exception_1]
domain0=apple.com
skipav=1
skipext=1

[exception_2]
domain0=adobe.com
domain1=netbeans.org
domain2=symantecliveupdate.com
domain3=ps3.update.playstation.net
domain4=download.astaro.de
domain5=img.darktown.to
domain6=freedb.freedb.org
skipav=1
skipext=1
skipurl=1
skipcontent=1

[exception_3]
domain0=hanisauland.de
domain1=travian.de
skipurl=1
skipcontent=1

[JuergenH]

Hi Gert.

It is now 1:45 AM - i tested more and more (with a glas of red wine).

I found the following:

I disabled the both filter assignements
HTTP-Protect-Time2 [time_REF_rYsJWkMuuo] and
HTTP-Protect-Time3 [time_REF_rYsJWkMuuo]

and played with HTTP-Protect-Time1 [time_REF_bFxgVykXcD]

I found:

real-Time= 1:40 AM, Time-Dashboard=0:40 corresponding time event Start time = 2:45 -> The time event Filter is active!!
(I reside in Time Zone Europe/Berlin (exact Münster): GMT+1, i think this is the difference between the real time and the dashboard-time)

real-Time= 1:41 AM, Time-Dashboard=0:41 corresponding time event Start time = 2:40 -> The time event Filter is NOT active!!

So the ASG have a time problem (in the wrong direction).
I have to add 2 hours (twice the difference to GMT ??) to the time-filter start and end time??

Please check.

Good night
best regards Juergen

[JuergenH]

Hi Gert.

Please let me add the following information:

The packet filter works with the correct time in the time event packet filters!

So i have to define now (until the system will work correct) two different time event definitions
one for the packet filters (with the real time) and
one for the HTTP-Proxy Profile (real-time + 2 h).

I hope these information can help you.

Regards Juergen

[JuergenH]

First Test: no success.

[tom]

Confirmed. We're now looking for the source of the problem.

[Arthur]

Any Progress on this bug? I cannot get any timed event to work in web proxy even if I make it all 24 hours.
Thanks
Art

[JuergenH]

The main problem is solved. Ths solution is part of V7.100.

There are still two Problems (I know):
- time events dont work on sunday - this is actual in progress
- no chance to define a time filter that includes 23:59:00 - 23:59:59

regards Juergen

[Arthur]

Today is Sunday, so Sunday is not functional??
tommorrow it will work??
Art