Web Application Firewall & Reverse Proxy

 View Only
  • 1.  Connection abandonement not working

    Posted Jun 19, 2017 10:54 AM

    Hi,

    we have Bandwidth Gain mode enabled and also included the following line in the local policy:

    <Cache>
    delete_on_abandonment(yes)

     

    However, when I start a large download (eg releases.ubuntu.com/zesty/ubuntu-17.04-desktop-i386.iso), then cancel this download in the browser again, and go to "Statistics > Sessions > Active Sessions", I can still see the connection and the server bytes are increasing for multiple minutes. Even an ICAP scan is performed in the end.

    How can we force the proxy to immediately abandon the connection when it is canceled by the client? Are we misunderstanding delete_on_abandonment(yes)?

    Can you reproduce this behaviour on your appliance? We are running SGOS 6.6.5.6.



  • 2.  RE: Connection abandonement not working

    Posted Jun 21, 2017 12:47 AM

    Hi Fida,

     

            Checked on 6.6.5.8 but the connection is getting closed. Looks like 6.6.5.6 seems to be not there in download list. Can you try on 6.6.5.8 and see whether this is still happening?



  • 3.  RE: Connection abandonement not working

    Posted Jun 21, 2017 05:49 AM

    Hi Aravind,

    ok, thanks for the pointer. We will update to 6.6.5.9 (since 6.6.5.8 is not recommended) and try again. Do you have access to the bug database and can look up if B#247011 in component ICAP is the cause of this problem ("The appliance server connection did not close when the client application closed the connection. This occurred in ICAP response mode with scanning enabled.")?
    This bug was apparently fixed in 6.6.5.8 and we do have ICAP response scanning enabled.

     



  • 4.  RE: Connection abandonement not working

    Posted Jun 22, 2017 03:02 AM

    Hi Fida,

     

                Looks like the bug you have mentioned is the one related to this. This mentions about a Client Worker lockup pending the ICAP scan. Which also means, that the SW will continue to download the files till it can be scanned. 6.6.5.9 would be better choice.



  • 5.  RE: Connection abandonement not working

    Posted Jun 26, 2017 04:01 AM

    We updated to 6.6.5.9 and the connections are getting closed now. Thanks.

    Now we also know the issue for some other of our problems >:-|