VA Apache HTTP Proxy Errors

[Timotheus 0]

I recently migrated to ESET PROTECT Virtual Appliance from ESMC.

I had not been using the HTTP Proxy, but chose to install it when finishing the installation.

Clients cannot get modules from the server.

The apache error log shows errors like this:

[Mon Dec 28 16:11:49.896463 2020] [access_compat:error] [pid 2663] [client xxx.xxx.xxx.xxx:61361] AH01797: client denied by server configuration: proxy:http:/update.eset.com/ep7-dll-rel-sta/mod_049_horusdb_11471/em049_64_l0.dll.nup

As was noted in another thread, "http:/update..." cannot be correct. But I have no idea why a slash should be missing.

Does anybody know where this might be coming from?

[MartinK 378]

Could you please clarify that you have upgrade appliance to latest version using "migration" mechanisms? Asking to be sure you are using latest version of both appliance and Apache packages as available there.

Regarding issue with slashes, if I recall correctly, we have encountered it also with Windows variant, where it has been mitigated by adding directive:

MergeSlashes OFF

into Apache configuration file, which is in appliance located in:

/etc/httpd/conf.d/proxy.conf

Could you possibly try to modify configuration, restart proxy service (systemctl restart httpd) and verify? Also is this issue persistent or it happens only randomly? In your case it was mostly random...

[Timotheus 0]

Greetings Martin,

Thanks for getting back to me on this.

Regarding the "migration", I did my best to follow the instructions on migrating the VA according to "ESET PROTECT VA upgrade/migration". When I got to the end of the process I had this moment of "Oh, that is where this was leading me." I felt like I had done what was wanted, but not understanding the process when you are following the instructions can cause mistakes that go undetected. But that said, I think it worked.

The VA has the following characteristics:

OS Type    Linux
OS Version    7.9.2009
OS Name    CentOS

ESET Management Agent    8.0.2216.0
ESET PROTECT Server    8.0.2216.0
ESET Rogue Detection Sensor    1.1.615.1

 

I inserted the directive in the proxy.conf and now (last half hour) I am not seeing the AH01797 errors. Or any other errors for that matter.

In the httpd/access_log I am seeing lines like this:

xxx.xxx.xxx.xxx - - [29/Dec/2020:11:20:31 +0100] "GET hxxp://i5.c.eset.com:80/v1/auth/4076C93323263A9A5E59/updlist/32/eid/108026/lid/108029 HTTP/1.1" 200 62 "-" "-"

The IP address is from my test pc that is set to use the VA proxy for updates. Am I correct in assuming that things are working properly now? Can I now use the proxy for all of my PCs or should I look somewhere else to verify that it is working properly?

Best regards!

[MartinK 378]

On 12/29/2020 at 11:24 AM, Timotheus said:

The IP address is from my test pc that is set to use the VA proxy for updates. Am I correct in assuming that things are working properly now? Can I now use the proxy for all of my PCs or should I look somewhere else to verify that it is working properly?

Best regards!

I would just double check that ESET products can successfully update before enabling globally, to be sure you won't have issues with this, as it is most crucial for security to have access to latest updates and possibly also communication with eset services.