One of the modules that I use is the enhanced firewall log. It is currently at version 1.4.3 and it enhances the normal log viewer and allows you to sort on different values and adds color coding to the entries.
This module has worked fine for me up until today. I was having some issues reaching some sites on the Internet and it appeared the firewall was the issue. I logged into the Smoothwall and it was slow to respond. The box had an uptime of a little over 9 months so I decided to reboot it. After the reboot was complete the firewall log was giving me an HTTP 500 error. Every other page was fine.
The error log showed:
Premature end of script headers: firewalllog.dat, at /httpd/cgi-bin/logs.cgi/firewalllog.dat line 409
After some Internet searching I found the following link in the Smoothwall communities.
Copy and paste of relevant information that fixed my problem.
he enhanced firewall logs mod with the CIDR capabilities assumes that all of the data the first field of the ipblock file will be numeric but it doesn't test it... my fix adds two lines and gets us around this problem... at least at the stage of reading the data from the ipblock file
in /httpd/cgi-bin/logs.cgi/firewalllog.dat, near line 57, you should find
# Added by fwlogmod use Socket; use Net::CIDR; # END added by fwlogmod
right after that, add
use Scalar::Util qw(looks_like_number);
so the block looks like this (until the maintainer possibly adds this to their released code)
# Added by fwlogmod use Socket; use Net::CIDR; # END added by fwlogmod use Scalar::Util qw(looks_like_number);
then down near line 217 you should find
open (ACTIVEBLOCKFILE, "/var/smoothwall/ipblock/config"); @ll=; close(ACTIVEBLOCKFILE); foreach $lll (@ll) { chomp($lll); @ittt=split(/,/,$lll); $cidrstr= $ittt[0];
between those last two lines, add
next if !looks_like_number($ittt[0]); ## make sure it is a number!
so the whole block now looks like this
open (ACTIVEBLOCKFILE, "/var/smoothwall/ipblock/config"); @ll=; close(ACTIVEBLOCKFILE); foreach $lll (@ll) { chomp($lll); @ittt=split(/,/,$lll); next if !looks_like_number($ittt[0]); ## make sure it is a number! $cidrstr= $ittt[0];
save and done... now if the first field of the ipblock file is not numeric, your firewall log viewer won't blow up on you.
No comments:
Post a Comment