What are the issues?
In rare cases, users of Imunify360, versions 4.9.2 and up, may experience issues with Webshield stability.
These issues are related to peculiarities of ip utility output, so servers having bondings with VLANs will not generate upstreams.conf. After the upgrade, attempting to restart Webshield leads to undetected interfaces, and Webshield refuses to start.
The issue can be identified by the presence of the following entries in /var/log/imunify360/console.log:
- im360.subsys.webshield.Error: failed to enable webshield
- imunify360-webshield: nginx: [emerg] open() "/etc/imunify360-webshield/upstreams.conf" failed (2: No such file or directory) in /etc/imunify360-webshield/webshield.conf:102
or by complaints from users, who receive 521 errors on their sites when using Cloudflare.
Mitigating the issues
Imunify360 version 4.9.6 and 4.10.0 contain the necessary fixes, and will be available soon.
Note: The automatic rollout may take a few days.
To mitigate the issue in the meantime, if you have bonding VLAN interface, we recommend:
- Replacing the file /usr/share/imunify360-webshield/build_upstreams with one you can download here: build_upstreams
- Making sure that execution bit is set for the file build_upstreams:
# chmod +x /usr/share/imunify360-webshield/build_upstreams
- Restart the Webshield service and check that it is back online:
# systemctl restart imunify360-webshield
Fixing them immediately
If you don’t want to wait until the rollout process is complete, and you wish to upgrade to Imunify360 version 4.9.6 immediately, run the following commands:
# wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh
# bash imunify-force-update.sh
Stay In Touch
If you encounter any problems with this issue fix, please send a comment or request to our Imunify support team via https://cloudlinux.zendesk.com/hc/requests/new.