Aller au contenu


CSFE_SVC_ERROR HTTP response status 502


  • Veuillez vous connecter pour répondre
4 réponses à ce sujet

#1 EdG973

EdG973

    Membre avancé

  • Membres
  • 64 messages

Posté 28 octobre 2019 - 17:36

Bonjour,

J'ai installé Zimbra 8.8.12 et un reverse proxy https (apache) en façade pour l'accès webmail depuis internet.

Je note des messages d'erreurs de type uniquement depuis l'accès du reverse proxy apache:
network service error has occurred.
method: SearchRequest
msg: A network service error has occurred.
code: CSFE_SVC_ERROR
detail: HTTP response status 502

Il semble que ce soit du au DoSFilter de Zimbra.
J'ai bien rajouté mon reverse proxy apache dans la whiteliste zimbra (zimbraHttpThrottleSafeIPs)

Mes paramètres DosFilter sont :
$ zmprov gacf | grep zimbraHttpDosFilterDelayMillis
zimbraHttpDosFilterDelayMillis: -1
$ zmprov gacf | grep zimbraHttpDosFilterMaxRequestsPerSec
zimbraHttpDosFilterMaxRequestsPerSec: 30
$ zmprov gacf | grep zimbraInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating
zimbraInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating: 15
$ zmprov gacf | grep zimbraInvalidLoginFilterMaxFailedLogin
zimbraInvalidLoginFilterMaxFailedLogin: 10

Lorsque le message "network service error has occurred." apparaît, il suffit d'attendre quelques secondes pour pouvoir visualiser le mail sur lequel l'erreur est apparue.
Ce n'est pas bloquant, mais c'est irritant pour les utilisateurs...

Est-ce quelqu'un aurait trouvé une solution pour ne plus avoir ce type de blocage ?

#2 Zimbra Guy

Zimbra Guy

    Zimbra Jedi

  • Modérateurs
  • 5 633 messages
  • LocalisationPlanète Terre

Posté 28 octobre 2019 - 19:07

Bonjour,

dans un premier pouvez-vous indiquer le type d'installation : mono ou multi serveurs.
Ceci a son importance dans la mesure où les IP présenté par le proxy ne sont pas forcément
celles avec laquelle arrivent les utilisateurs.
Que disent également les logs Zimbra ?


   Cordialement,
Guy Carré, professionel certifié Zimbra, Contributeur Zimbra
tel : +33 (0)6 63 18 08 XX / mail : guy.carre+zimbrafr@libremail.fr
http://www.scalesi.fr/

#3 EdG973

EdG973

    Membre avancé

  • Membres
  • 64 messages

Posté 29 octobre 2019 - 13:28

Bonjour,

Merci pour votre réponse.

Il s'agit d'une installation mono serveur, version open source.
Voici les logs au moment une erreur survient (l'ip du proxy est x.x.x.241 et l'ip du poste client est x.x.x.65) :

# tailf access_log.2019-10-29
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:16:49 +0000] "GET https://x.x.x.241/se...=16961&part=2.6 HTTP/1.0" 200 17275 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 2
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:16:49 +0000] "GET https://x.x.x.241/se...16961&part=2.18 HTTP/1.0" 200 14567 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 2
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:16:49 +0000] "GET https://x.x.x.241/se...=16961&part=2.3 HTTP/1.0" 200 10208 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 1
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:16:49 +0000] "GET https://x.x.x.241/se...16961&part=2.19 HTTP/1.0" 200 7580 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 1
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:16:49 +0000] "GET https://x.x.x.241/se...16961&part=2.15 HTTP/1.0" 200 13883 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 1
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:16:49 +0000] "GET https://x.x.x.241/se...16961&part=2.11 HTTP/1.0" 200 1566 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 1
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:17:01 +0000] "POST https://x.x.x.241/se...archConvRequest HTTP/1.0" 200 1744 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 22
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:17:01 +0000] "GET https://x.x.x.241/se...=16960&part=2.2 HTTP/1.0" 200 99654 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 8
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:17:03 +0000] "POST https://x.x.x.241/se...archConvRequest HTTP/1.0" 200 1736 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 19
x.x.x.65, x.x.x.241 - - [29/Oct/2019:12:17:34 +0000] "GET https://x.x.x.241/js...?v=190819071639 HTTP/1.0" 200 232089 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" 13



# tailf zmmailboxd.out
2019-10-29 09:16:49.273:INFO:oejs.DoSFilter:qtp1258084361-3799:https:https://x.x.x.241/service/home/~/?auth=co&loc=fr&id=16961&part=2.15: Ignoring malformed remote address x.x.x.65, x.x.x.241
2019-10-29 09:16:49.273:INFO:oejs.DoSFilter:qtp1258084361-3799:https:https://x.x.x.241/service/home/~/?auth=co&loc=fr&id=16961&part=2.15: Ignoring malformed remote address x.x.x.65, x.x.x.241
2019-10-29 09:16:49.286:INFO:oejs.DoSFilter:qtp1258084361-7319:https:https://x.x.x.241/service/home/~/?auth=co&loc=fr&id=16961&part=2.11: Ignoring malformed remote address x.x.x.65, x.x.x.241
2019-10-29 09:16:49.286:INFO:oejs.DoSFilter:qtp1258084361-7319:https:https://x.x.x.241/service/home/~/?auth=co&loc=fr&id=16961&part=2.11: Ignoring malformed remote address x.x.x.65, x.x.x.241
2019-10-29 09:17:01.841:INFO:oejs.DoSFilter:qtp1258084361-7319:https:https://x.x.x.241/service/soap/SearchConvRequest: Ignoring malformed remote address x.x.x.65, x.x.x.241
2019-10-29 09:17:01.841:INFO:oejs.DoSFilter:qtp1258084361-7319:https:https://x.x.x.241/service/soap/SearchConvRequest: Ignoring malformed remote address x.x.x.65, x.x.x.241
2019-10-29 09:17:01.916:INFO:oejs.DoSFilter:qtp1258084361-7319:https:https://x.x.x.241/service/home/~/?auth=co&loc=fr&id=16960&part=2.2: Ignoring malformed remote address x.x.x.65, x.x.x.241
2019-10-29 09:17:01.916:INFO:oejs.DoSFilter:qtp1258084361-7319:https:https://x.x.x.241/service/home/~/?auth=co&loc=fr&id=16960&part=2.2: Ignoring malformed remote address x.x.x.65, x.x.x.241
2019-10-29 09:17:03.859:INFO:oejs.DoSFilter:qtp1258084361-7319:https:https://x.x.x.241/service/soap/SearchConvRequest: Ignoring malformed remote address x.x.x.65, x.x.x.241
2019-10-29 09:17:03.859:INFO:oejs.DoSFilter:qtp1258084361-7319:https:https://x.x.x.241/service/soap/SearchConvRequest: Ignoring malformed remote address x.x.x.65, x.x.x.241

# tailf trace_log.2019_10_29
09:17:03.878:qtp1258084361-7319:https:https://x.x.x.241/service/soap/SearchConvRequest RESPONSE 200 text/javascript; charset=utf-8
09:17:03.878:qtp1258084361-7317 CLOSED HttpConnection@6e4ae7df[DecryptedEndPoint@5c3cc901{/x.x.x.240:44272<->8443,CLOSED,in,OSHUT,-,-,19/60000,HttpConnection}->SelectChannelEndPoint@6031089a{/x.x.x.240:44272<->8443,CLOSED,ISHUT,OSHUT,-,-,0/60000,SslConnection}{io=1/1,kio=-1,kro=-1}][p=HttpParser{s=CLOSE,620 of 620},g=HttpGenerator@34a16fc4{s=START},c=HttpChannelOverHttp@2342f74c{r=1,c=false,a=IDLE,uri=null}][b=null]
09:17:03.878:qtp1258084361-7317 CLOSED SslConnection@2da74a66{NEED_UNWRAP,eio=-1/-1,di=-1} -> HttpConnection@6e4ae7df[DecryptedEndPoint@5c3cc901{/x.x.x.240:44272<->8443,CLOSED,in,OSHUT,-,-,19/60000,HttpConnection}->SelectChannelEndPoint@6031089a{/x.x.x.240:44272<->8443,CLOSED,ISHUT,OSHUT,-,-,0/60000,SslConnection}{io=1/1,kio=-1,kro=-1}][p=HttpParser{s=CLOSE,620 of 620},g=HttpGenerator@34a16fc4{s=START},c=HttpChannelOverHttp@2342f74c{r=1,c=false,a=IDLE,uri=null}][b=null]
09:17:34.940:qtp1258084361-7320 OPENED SslConnection@58c0fee{NEED_UNWRAP,eio=-1/-1,di=-1} -> HttpConnection@69515eb2[DecryptedEndPoint@5454623f{/x.x.x.240:44278<->8443,Open,in,out,-,-,1/60000,HttpConnection}->SelectChannelEndPoint@17103e3e{/x.x.x.240:44278<->8443,Open,in,out,-,-,1/60000,SslConnection}{io=0/0,kio=0,kro=0}][p=HttpParser{s=START,0 of 0},g=HttpGenerator@42a35745{s=START},c=HttpChannelOverHttp@2735c380{r=0,c=false,a=IDLE,uri=null}][b=null]
09:17:34.940:qtp1258084361-7320 OPENED HttpConnection@69515eb2[DecryptedEndPoint@5454623f{/x.x.x.240:44278<->8443,Open,in,out,-,-,1/60000,HttpConnection}->SelectChannelEndPoint@17103e3e{/x.x.x.240:44278<->8443,Open,in,out,-,-,1/60000,SslConnection}{io=0/0,kio=0,kro=0}][p=HttpParser{s=START,0 of 0},g=HttpGenerator@42a35745{s=START},c=HttpChannelOverHttp@2735c380{r=0,c=false,a=IDLE,uri=null}][b=null]
09:17:34.948:qtp1258084361-7320:https:https://x.x.x.241/js/TinyMCE_all.js.zgz?v=190819071639 REQUEST x.x.x.240 GET ZM_TEST=true; ZM_AUTH_TOKEN=0_3587630c698758870da4cac369723b4f2aaf5d19_69643d33363a31613061306330662d366161662d343037652d393366382d6336396330616436626366653b6578703d31333a313537323532343134303032363b747970653d363a7a696d6272613b753d313a613b7469643d393a3133303334373236333b76657273696f6e3d31343a382e382e31325f47415f333739343b637372663d313a313b; JSESSIONID=fgytsg3u5d637wlnjc7sawgg; Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0
09:17:34.960:qtp1258084361-7320:https:https://x.x.x.241/js/TinyMCE_all.js.zgz?v=190819071639 RESPONSE 200 text/javascript
09:17:34.960:qtp1258084361-7317 CLOSED HttpConnection@69515eb2[DecryptedEndPoint@5454623f{/x.x.x.240:44278<->8443,CLOSED,ISHUT,OSHUT,-,-,13/60000,HttpConnection}->SelectChannelEndPoint@17103e3e{/x.x.x.240:44278<->8443,CLOSED,ISHUT,OSHUT,-,-,0/60000,SslConnection}{io=0/0,kio=-1,kro=-1}][p=HttpParser{s=CLOSED,0 of 0},g=HttpGenerator@42a35745{s=START},c=HttpChannelOverHttp@2735c380{r=1,c=false,a=IDLE,uri=null}][b=null]
09:17:34.960:qtp1258084361-7317 CLOSED SslConnection@58c0fee{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@69515eb2[DecryptedEndPoint@5454623f{/x.x.x.240:44278<->8443,CLOSED,ISHUT,OSHUT,-,-,13/60000,HttpConnection}->SelectChannelEndPoint@17103e3e{/x.x.x.240:44278<->8443,CLOSED,ISHUT,OSHUT,-,-,0/60000,SslConnection}{io=0/0,kio=-1,kro=-1}][p=HttpParser{s=CLOSED,0 of 0},g=HttpGenerator@42a35745{s=START},c=HttpChannelOverHttp@2735c380{r=1,c=false,a=IDLE,uri=null}][b=null]
09:17:40.596:qtp1258084361-7309 CLOSED HttpConnection@36cd0f26[SelectChannelEndPoint@32f28da0{/127.0.0.1:58820<->8080,CLOSED,ISHUT,OSHUT,-,-,0/60000,HttpConnection}{io=1/1,kio=-1,kro=-1}][p=HttpParser{s=CLOSE,0 of -1},g=HttpGenerator@73cf879b{s=START},c=HttpChannelOverHttp@64cf4a60{r=9,c=false,a=IDLE,uri=null}][b=null]

# tailf nginx.access.log
x.x.x.241:36634 - - [29/Oct/2019:09:16:49 -0300]  "GET https://x.x.x.241/se...=16961&part=2.6 HTTP/1.1" 200 17906 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"
x.x.x.241:36620 - - [29/Oct/2019:09:16:49 -0300]  "GET https://x.x.x.241/se...16961&part=2.18 HTTP/1.1" 200 15197 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"
x.x.x.241:36632 - - [29/Oct/2019:09:16:49 -0300]  "GET https://x.x.x.241/se...=16961&part=2.3 HTTP/1.1" 200 10837 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"
x.x.x.241:36622 - - [29/Oct/2019:09:16:49 -0300]  "GET https://x.x.x.241/se...16961&part=2.19 HTTP/1.1" 200 8208 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"
x.x.x.241:36616 - - [29/Oct/2019:09:16:49 -0300]  "GET https://x.x.x.241/se...16961&part=2.15 HTTP/1.1" 200 14513 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"
x.x.x.241:36620 - - [29/Oct/2019:09:16:49 -0300]  "GET https://x.x.x.241/se...16961&part=2.11 HTTP/1.1" 200 2179 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"
x.x.x.241:36624 - - [29/Oct/2019:09:17:01 -0300]  "POST https://x.x.x.241/se...archConvRequest HTTP/1.1" 200 2022 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"
x.x.x.241:36624 - - [29/Oct/2019:09:17:01 -0300]  "GET https://x.x.x.241/se...=16960&part=2.2 HTTP/1.1" 200 100414 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"
x.x.x.241:36624 - - [29/Oct/2019:09:17:03 -0300]  "POST https://x.x.x.241/se...archConvRequest HTTP/1.1" 200 2056 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"
x.x.x.241:36626 - - [29/Oct/2019:09:17:34 -0300]  "GET https://x.x.x.241/js...?v=190819071639 HTTP/1.1" 200 232508 "https://x.x.x.241/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" "x.x.x.240:8443" "x.x.x.240:443"

Cordialement,

#4 Zimbra Guy

Zimbra Guy

    Zimbra Jedi

  • Modérateurs
  • 5 633 messages
  • LocalisationPlanète Terre

Posté 30 octobre 2019 - 09:44

Bonjour,

d'après ce que vous avez posté cela ne semble pas correspondre à l'erreur typique du DoSFilter quand celui-ci bloque l'IP.
Avez-vous lu cet article : https://wiki.zimbra.com/wiki/DoSFilter

Cordialement,
Guy Carré, professionel certifié Zimbra, Contributeur Zimbra
tel : +33 (0)6 63 18 08 XX / mail : guy.carre+zimbrafr@libremail.fr
http://www.scalesi.fr/

#5 EdG973

EdG973

    Membre avancé

  • Membres
  • 64 messages

Posté 30 octobre 2019 - 17:21

Bonjour,

Merci, effectivement l'erreur semble être en lien avec zimbraHttpDosFilterMaxRequestsPerSec (qui est à 30 par défaut)

Je l'ai mis à 100.

Cordialement,




0 utilisateur(s) li(sen)t ce sujet

0 membre(s), 0 invité(s), 0 utilisateur(s) anonyme(s)