<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

Webshield Refusing To Start On Servers Having Bondings With VLAN

Jul 17, 2020 5:28:44 PM / by Dmitry Tkachuk

 
Webshield Refusing To Start On Servers Having Bondings With VLAN 

What are the issues?   


In rare cases, users of Imunify360, versions 4.9.2 and up, may experience issues with Webshield stability.

These issues are related to peculiarities of ip utility output, so servers having bondings with VLANs will not generate upstreams.conf. After the upgrade, attempting to restart Webshield leads to undetected interfaces, and Webshield refuses to start.

 

Indicators


The issue can be identified by the presence of the following entries in
/var/log/imunify360/console.log:

  • im360.subsys.webshield.Error: failed to enable webshield

  • imunify360-webshield: nginx: [emerg] open() "/etc/imunify360-webshield/upstreams.conf" failed (2: No such file or directory) in /etc/imunify360-webshield/webshield.conf:102


or by complaints from users, who
receive 521 errors on their sites when using Cloudflare.

 

Mitigating the issues

 

Imunify360 version 4.9.6 and 4.10.0 contain the necessary fixes, and will be available soon.

 

Imunify360 v4.9.6

Imunify360 v4.10.0

Release ETA: Jul 21-22, 2020

Available for beta customers

 

Note: The automatic rollout may take a few days.

 

To mitigate the issue in the meantime, if you have bonding VLAN interface, we recommend:

  1. Replacing the file /usr/share/imunify360-webshield/build_upstreams with one you can download here: build_upstreams

  2. Making sure that execution bit is set for the file build_upstreams:

# chmod +x /usr/share/imunify360-webshield/build_upstreams

  1. Restart the Webshield service and check that it is back online:

# systemctl restart imunify360-webshield 

Fixing them immediately

 

If you don’t want to wait until the rollout process is complete, and you wish to upgrade to Imunify360 version 4.9.6 immediately, run the following commands:


# wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh

# bash imunify-force-update.sh

 

Stay In Touch

If you encounter any problems with this issue fix, please send a comment or request to our Imunify support team via https://cloudlinux.zendesk.com/hc/requests/new.

 

Topics: Imunify360, security fix, Developer Blog

Dmitry Tkachuk

Written by Dmitry Tkachuk

Imunify Security, Product Manager

    Subscribe to Email Updates

    Ready to try Imunify?

    30-DAY TRIAL

    Recent Posts