The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning about APF + How to Disable?

Discussion in 'General Discussion' started by mygregory, Aug 13, 2004.

  1. mygregory

    mygregory Active Member

    Joined:
    May 28, 2004
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    I was recommended APF as a firewall and I implemented it religiously using the recommended settings seen elsewhere in the forum. It runs fine and has done for months and appeared to give no problems HOWEVER:

    The server in question is tested every couple of minutes by way of a short graphic file being downloaded from several remote hosts in a testing program. The remote hosts only access on port:80 which is of course open and suposedly un-interfered with by APF.

    What this shows is that with APF running the server times out very occasionally (about 1%)on a request for the graphic. with APF stopped no such timeouts occur. The server gives 100% availability with APF turned OFF.

    Any ideas why Port 80 traffic should occasionally be influenced by APF?

    MORE IMPORTANTLY DOES ANYONE OUT THERE NO HOW TO STOP APF FROM INITIALIZING AND STARTING ITSELF along with other daily crontab tasks (4:02 am) ?
    It is not listed in chkconfig it is not listed in the dail crontabs. HOW DO I STOP APF initializing once a day?

    Any ideas much appreciated.

    Gregory :confused:
     
  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Hello and welcome to the hand holding forums where we waste our time edumacating the general public about simple tasks, most of which is un-releated to cpanel! Glad to have you on board!

    First of all, check crontab -e and cat /etc/crontab. If APF isn't listed in ntsysv, have a look in your /etc/rc.local. If you set the script up, you should have an idea of where all the bits and pieces are, shouldn't you ? If you have any of rfx's script installed such as bfd this may also be starting apf. What i'd recommend is just rm -rf /etc/apf and unplug your server from the switch, as well as the power outlet.

    Thats my .02 cents.
     
  3. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Can anyone else confirm Gregory's experience? Who knows, there may be some truth in it. :cool:
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Never come across it. However, what do you have set for the following:
    Playing with that may help. Also:
    disabling that may also help in your situation.

    To prevent apf restarting make sure you:
    chkconfig apf off
    rm /etc/cron.daily/fw
     
  5. mygregory

    mygregory Active Member

    Joined:
    May 28, 2004
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Thanks

    Haze:

    1) The reason I posted was to warn Cpanel users of a matter which is of use to Cpanel users like myself many of whom have installed APF directly as a result of this forum. The post is therefore relevant. Until now the problem has been reconfirmed again and again. I will be sure of it at the end of the month because it affects just 1% of requests related or unrelated to the same hosts requesting again and again. Though others undertaking similar testing will be useful. It is worth everybody knowing. How on earth APF is having an affect on 1% of HTTP requests to port 80, is entirely beyond my understanding and makes little sense. Clearly it should not do so. But switch it on and after a while a timeout appears. Switch it off: no problems.

    2) The reason I thought I might throw in a question about disabling APF permenantly was that I could not find it listed in any of the usual places, including crontab and the init files. In fact I had missed it in my haste the initialization script is in etc/init.d. sorry about that, Mistakes do happen.

    Again my apologies for this mistake and thank you for your reply, however none of these two points merit the tone of the response.

    Gregory :)
    (General Public)
     
    #5 mygregory, Aug 14, 2004
    Last edited: Aug 14, 2004
  6. mygregory

    mygregory Active Member

    Joined:
    May 28, 2004
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Could this be it...

    Thanks for this knowledgeable and useful input Chirpy.

    I have not altered the preroute.rules file and was not directed to do so by any of the sources for APF install information.

    By default it comes as so:

    # Default Type of Service (TOS)
    #
    # 8: Maximum Throughput - Minimum Delay
    # 4: Minimize Delay - Maximize Reliability
    # 16: No Delay - Moderate Throughput - High Reliability
    #
    #

    THEREFORE with no DEF_TOS parameter set at all.

    Could this really have something to do with it? Am I correct in saying that the file comes with DEF_TOS set by default?

    As far as :

    # These are sysctl hook changes intended to help mitigate syn-flood
    # attacks by lowering syn retry, syn backlog & syn time-out values.
    # [0 = Disabled / 1 = Enabled]
    SYSCTL_SYN="1"

    is concerned I simply cannot find it. It is not in my sysctl.rules file. should it be there?

    I am quite sure I left these files as is and the file dating shows that as well

    Gregory :eek:
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Aha! I'd guess that you're running an old version of APF. I'd suggest that you upgrade to v0.9.4 (current). Be aware that upgrading simply overwrites your configuration, so keep a safe copy of your conf.apf allow and deny files before upgrading.
     
  8. picoyak

    picoyak Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Agreed. And if you believe you truly have found a bug or operational flaw with APF, please tell Ryan at his forums, or via some other method. I'm sure he's interested :)
     
  9. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    I appologize for the mannor in which I spoke.

    Its just that lately there have been an large amount of posts from people with no clue as to what they are doing. I just feel that sometimes people should be required to pass a test or be licensed in order to do some of the things they do.

    As it is an APF issue, i just felt it had no place here. Sure it may be running on a cpanel machine, but its got absolutely nothing to do with cpanel.

    After all, if you install a game on microsoft windows form say "ABC Software" and the game doesn't load up.. who do you contact? The game developers? perhaps! or microsoft? Don't think so.

    As suggested above, i'd upgrade the version of APF. And be cautious of the new configuration settings. If you can't figure out what they mean ( google.com or even rfx forums is a great place to research ) then its probably best to leave them disabled.
     
Loading...

Share This Page