What are the issues?   

In rare cases, users of Imunify360, versions 4.9.2 and up, may experience issues with Webshield stability.

These issues are related to peculiarities of ip utility output, so servers having bondings with VLANs will not generate upstreams.conf. After the upgrade, attempting to restart Webshield leads to undetected interfaces, and Webshield refuses to start.

Indicators

The issue can be identified by the presence of the following entries in /var/log/imunify360/console.log:

• im360.subsys.webshield.Error: failed to enable webshield
  
  
• imunify360-webshield: nginx: [emerg] open() "/etc/imunify360-webshield/upstreams.conf" failed (2: No such file or directory) in /etc/imunify360-webshield/webshield.conf:102

or by complaints from users, who receive 521 errors on their sites when using Cloudflare.

Mitigating the issues

Imunify360 version 4.9.6 and 4.10.0 contain the necessary fixes, and will be available soon.

To mitigate the issue in the meantime, if you have bonding VLAN interface, we recommend:

1. Replacing the file /usr/share/imunify360-webshield/build_upstreams with one you can download here: build_upstreams
   
   
2. Making sure that execution bit is set for the file build_upstreams:

# chmod +x /usr/share/imunify360-webshield/build_upstreams

3. Restart the Webshield service and check that it is back online:
   
   

# systemctl restart imunify360-webshield 

Fixing them immediately

If you don’t want to wait until the rollout process is complete, and you wish to upgrade to Imunify360 version 4.9.6 immediately, run the following commands:

# wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh

# bash imunify-force-update.sh

Stay In Touch

If you encounter any problems with this issue fix, please send a comment or request to our Imunify support team via https://cloudlinux.zendesk.com/hc/requests/new.