New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Beta status #328
Comments
now you reached beta .. did you notice this idea from 303 ... thought of a variation on this which might be easier. |
I reckon that could work. :-) |
to reinstall, do I just secure the config and auxiliary ymls, run the install, then copy them back? |
Yep, that should do it. Or even just replacing out all the existing PHP files in the vault with fresh copies from the repository should do it too, seeing as they're the only files likely to be causing the problems here in this case. |
done, will recheck commonclasses and signatures after next update |
blocking from an auxiliary rule works, but no log created in the vault. I have an aux rule which turns off logging which shoudnt have been tripped. If it was using "either conditions" instead of "all conditions" it would explain it |
forget it, looks like I had taken turned off logging in the config |
tracking page - the expiry date/time of a tracked IP changes to 7 days from the point a valid transaction goes through for that IP. It only changes once each day. Note it says 6 days. The last infraction was 2 days ago
|
Behaviour replicated and confirmed at my end. It shouldn't be doing that, so I guess, this is a bug. Investigating the cause now. |
Okay; That particular bug should be fixed now. Thanks for spotting this. :-) |
updated - will verify tomorrow |
expiry date bug confirmed fixed |
log view from tracking not present with logfile{yyyy}{mm}.log |
sorry, signature update still failing, reinstalled a few days ago the security extras module updated OK |
Hm.. Very strange. :-/ I'll keep looking into it. |
I haven't yet identified the reason why it isn't updating properly, but I've made a change to the way it presents those failures, at least: When there's a checksum failure, it'll now display the expected and the actual checksum, to allow us to compare the difference for the failed update (in case this might reveal something about the nature of the failure in the future). Anyway.. Will reply again when I'm able to get a bit further with it. |
hope it helps ... |
It does. :-) Found the problem. Committing in a patch now. |
Done. :-) Let me know how it goes. It should work properly now. '^^ |
yeah - fixed! |
The problem was the exact paths cited in the metadata for the signature files for where exactly the upstream exists. At some point between updating the updater and where we are now, I'd moved the signature files into their own directory, and renamed the directory for the Common Classes Package, but hadn't updated those paths as cited in the metadata accordingly, so when the updater tried to update those components, it requested the old path instead of the new one, and GitHub returned some 404 errors instead of the expected data, thus resulting in the failure. The checksums quoted in the above reply clued me in to the problem, as it looked like checksums I'd seen before for one of GitHub's 404 messages. Not sure how I managed to forget to update those paths, and I'm pretty sure I could actually remember updating them already, but after suspecting something like that from seeing the checksums and then checking the metadata, I noticed that it was still using the old paths. The fix just updates the paths to point to where they're supposed to be pointing now (changes can be checked by checking the commit which references this issue above). Maybe what I remember is updating the wrong copy of the upstream metadata (seeing as I have several copies installed at my machine for various stages of testing, implementing new features, QA, etc)? I'm not sure. In any case.. I've definitely updated the correct copy now and committed/pushed those changes, and if it's also now updating properly accordingly.. all good, I guess..? '^^ On the bright side, it further demonstrates the usefulness of checksums, I guess, considering we wouldn't want to be overwriting good files with a bunch of 404 messages. |
Changelog excerpt: - Adjusted minimum value for some port directives from 1 to 0.
Changelog excerpt: - Adjusted minimum value for some port directives from 1 to 0.
Changelog excerpt: - Adjusted minimum value for some port directives from 1 to 0.
Changelog excerpt: - Adjusted minimum value for some port directives from 1 to 0.
Memcached port problem should be fixed now. :-) |
As long as the statistic in question has been configured to be tracked (since v3, specific individual statistics can be turned on/off now, unlike in v2/v1, whereby statistics could only be turned on/off as a whole rather than individually), then it should continually increment each time the event in question occurs (e.g., two IPv4 block events should show as 2, then 3 on the next event, 4 on the next and so on). If it's just showing as 1 all the time, then that is definitely wrong behaviour. Testing at my end locally, it appears to be working correctly (i.e., wrong behaviour not replicated at my end). Is it possible that the cache might've been reset, and you're seeing it reach 1 anew, after having been reset? I think you suggested earlier (at least, pretty sure it was you; might've be someone else maybe; was a while back now) the idea of backing up the cache to a file periodically, in order to restore data, in case it's reset like that. Had some issues before, but might need to reexplore that idea again soon, I think. |
👍
That could work. I'll look into that tonight or tomorrow. |
I have statistics set on for IPv4 blocks, and off for passed requests. It seems to be stuck at 1, I dont think its the cache clearing because when that happens the start date is reset, which it hasnt. Volumes have been very low too. It could be the stats were all on originally, so thats where the 1 came from, I turned off passed request, and thats stopped everything? The memcached setup worked, and it accepts and blocks a GET. However tracking is empty, and the memcached tab on the Cache menu page is empty. I reset it no cache, repeated the same process and tracking is set. So I suspect the memcached data is not being updated? |
have dumped the memcached keys and it looks like the entries are there ... worth noting the v2 entries are also there without the leading CIDRAM so it seems it must be a retrieval problem? |
re stats problem - I turned on reporting valid requests and it accumulated OK to show 1. Its been like that for 24 hours, that also is not showing anything beyond 1! I looked up the memcached contents of the cache that are not being shown in the frontend |
So.. Due to changes to the way that caching works in v3, unlike with v1/v2, expiry times for existing cache entries can't be manipulated quite as easily as before anymore. We needed to be able to manipulate expiry times for situations such as extending the time for which an IP address is banned, increasing/decreasing tracking times for existing entries, etc. To resolve that problem, as well as the tracking information for an IP, v3 also now has a "MinimumTime" cache entry which corresponds to the main IP tracking cache entry. The purpose for the "MinimumTime" cache entry isn't to tell CIDRAM the actual time when an IP tracking entry expires, but rather, to tell CIDRAM the minimum amount of time required before it should expire, in lieu of not being able to calculate it from the actual existing information anymore. Generally, it should either correspond to the default tracktime as defined by the configuration, or be something greater, for in the event that the time was extended for whatever reason. Anyway, in terms of implications for actual users, it shouldn't matter at all. It just means we'll be seeing 2 things at the cache page now instead of just 1 per each IP address being tracked.
Definitely weird. :-/ Looking over the existing code, there aren't any glaringly obvious problems AFAICT. Always possible I might just not be seeing it yet though. I'd hoped to set my CIDRAM dev installation at my new dev machine to using Memcached tonight in order to actually test this problem for myself directly, but.. uh oh.. looks like Memcached isn't working at all at my new dev machine at the moment, unfortunately. I'll need to figure out what's going on there first, I guess. (Previous dev machine had APCu, Memcached, SQL Server, SQLite, and a few other things all running together without any problem. New dev machine, currently, has APCu, SQL Server, and SQLite running, but no working Memcached, Redis, or other stuff yet). Hopefully shouldn't take too long to sort out. |
Definitely seems that way. After all.. if the cache entries are there, as you can see them listed, but just not being reflected correctly at the actual statistics page, that does seem like a retrieval problem. But, having not found anything which should be able to cause that.. I'm not 100% sure. Anyway, I'll reply back as soon as/if I can figure something out. |
No progress on that front yet (been unexpectedly busy with offline stuff the past few days). Still on the current to-do list though. |
Bobuam problem causing php errors #8 {main} |
Committed a patch just now. Let me know how it goes. :-) |
very quick thank you ! |
that block I just tested produced 2 Access Denied messages. A large font at the top, then another smaller font, then my message. |
concerned that with multiple overlapping posts the issues may be unclear ? |
Although there are still chores/tasks listed here which haven't been finished yet, v3 is technically stable now (no more backwards-incompatible changes anticipated), and the chores/tasks remaining aren't too numerous, so I'm going to go ahead and create a stable "v3.0.0" tag now. v3 was first branched (i.e., when it was first split from v2) February 14th 2022, and it's now already January 24th 2023. I'm not particularly fond of the idea of the beta period exceeding an entire year (because it can affect deployment for some users, e.g., those that install/update via Composer, those that can't update between versions using the front-end updater due to relying instead on platforms which handle updates from the platforms themselves, but which are only able to install/update when new stable version tags are available and etc), and I'm a little concerned that if I don't create that tag/release now, we'll see that entire year threshold come to pass. What does creating that tag now actually mean for those remaining chores/tasks?Nothing. They're still on the to-do list, and I still hope to get them done. We'll keep these issues open, and I'll work through it all as time permits, same as was already the case, tag or no tag. All it really means is that some changes may appear alongside slightly higher version numbers (e.g., v3.0.1, v3.1.0, etc). ;-) Duplicating this comment at #327, too, as it's relevant to both issues. |
I think I might've figured out what was causing the problem with the statistics before, where it would always just show as 1. Working on a fix now. |
Done. |
Yeah - fixed ! |
Closing in deference to #327. |
common classes failing, when I did the main update. This is a change, common classes wasnt being updated with the main program.
tried an independant update of common classes and signatures having restarted, same checksum failure
will do a reinstall when I have more time.
The text was updated successfully, but these errors were encountered: