Service Pack 3 was built on the Service Pack 2 release of Excelerator 2.2. For a list of the issues that were addressed in preceding service packs, see the following:
The following table summarizes the main issues that were addressed in Service Pack 3:
300840 |
URL Rewriter |
Fixed UrlInfo::ParseAbsoluteUrl to properly initialize a scheme to http when it is missing for the URL rewriter. Previously, when the URL rewriter encountered an invalid location header (one without a valid scheme, such as 'Location: //images.oprah.com/index.html') it page faulted when attempting to access the scheme field that had not been initialized. |
301087 |
Media Player |
Fixed the Media Player plug-in to show the stream if authentication is enabled. Previously, when a redirect was sent to the Identity Broker for user identity verification, the player did not send the redirected request and hung. |
300803 |
Filtering Bypass |
Fixed cbypass.cfg to work for all entries. |
321383 |
FTP Revalidate Time |
Fixed FTP revalidate time to go beyond 6 hours. |
300878 |
LDAP Authentication |
Fixed search base list to cycle through when a user tries to authenticate. |
300648 |
Filtering Categories |
Fixed 2.2 filtering categories to not corrupt after restarting. |
300691 |
Error Processing |
Fixed 301 redirect to properly handle by fixing ProcessReplyBody() to pass through the headers when a 301, 302, 303, or 307 reply without a content length header is received. Also, fixed ClientReplyAborted() to treat a RST as if it were a FIN if a 301, 302, 303, or 307 reply without any content (to deal with the HTTP/1.0 case) is received. Previously, the origin was sending a 301 redirect, but no Content-Length header. After several seconds, the origin sent a packet containing the text tcp disconnect that had the RST bit set. The request was retried several times and finally aborted the connection to the browser. |
301135 |
Filtering Bypass |
Fixed cbypass.cfg settings to effectively bypass Websense. |
300965 |
TCP Settings |
Set cache TCPKeepaliveInterval to zero (disabled) by default and altered the Reset GUI button to reset to zero (instead of the previous default of 5). Also verified that setting the TCPKeepaliveInterval to zero now functions with the 2.2 TCP stack. |
301675 |
Logging Restarts |
Fixed the background process that is restarting logging after a failure to not restart logging on services that are not running. Previously, restarting logging led to cases where logging was active on a stopped service and trapped the box if logging failed. |
301892 |
Site Download |
Site download caused box to abend. |
302181 |
Mini-Web Server |
Fixed the mini web server to properly initialize the appropriate length fields in the production version. Previously, the constructor had the initialization of several length fields commented out in the production version. |
324321 |
WCCP |
Fixed WCCP using multicast to register with the router. The new stack has some additional code in UDPRegister that checks to ensure that the application is registering only a local address. Unfortunately, the code does not take into account an application that wants to register a multicast address. Until the stack is fixed, the address family field is cleared before calling UDPRegister() as a workaround. |
301503 |
Refering Rule Files |
Fixed the refering rule file to be downloaded if the URL path or refering control URL changes. Also, fixed the code to delete the downloaded rule file (.ref) when referercontrol is disabled so it is forced to download a new rule file when referercontrol is re-enabled. |
302298 |
URL Overrides |
Fixed UrlOverrides to not register with ORAPI if the UrlOverrideList is empty. Previously, Excelerator returned 502 bad gateway out for every request because an empty UrlOverrideList was always created (even when UrlOverrides were not enabled). The empty UrlOverride filter with ORAPI registered and enabled the flag that instructs proxy to resolve DNS names. |
301221 |
Page Fault |
Fixed page fault in MSM.NLM MSMCombineFrags. Added a use count on the bufSegment that sets to one when a segment is placed on the send list, increments when any portion of an ECB's bufSegment's memory is handed in response to TCPGetSendCallBack(), decrements when SendDone() is called (because the ECB now tracks the offset and length of the data it contains), and decrements when the ACK is processed. Only the bufSegment is freed when the use count goes to zero, which prevents the memory pointed to by an ECB from being freed prematurely. Previously, the send list was not being locked while there were outstanding sends. |
300794 |
Real Proxy |
Fixed abend in rmproxy.dll. |
302782 |
Real Proxy |
RealMedia Administrator console causes abend. |
301504 |
Refering Wildcards |
Fixed wildcard support in the referer. Also, fixed the file parsing routine to handle blank lines correctly. |
301903 |
Multipart Range Requests |
Fixed a log corruption when creating a buffer for the response headers of a multipart range request. Previously, two sets of /r/n were not accounted for. |
328135 |
Memory Allocation Page Faults |
Fixed CFile to handle the case where memory allocations fail. Previously, CFile::CFile was allocating memory to copy the directory and path information but not checking to see if the alloc succeeded. |
303429 |
Refering Control |
Referer control will cause crash if both the URL and the Enable settings are applied at the same time. |
301503 |
Referer Rule File |
Referer rule file is not downloaded if the URL path changes. |
303397 |
Filtering |
Filter categories get reset to default after reboot. |
303010 |
N2H2 Filtering |
Certain sites are not getting blocked all the time. |
328370 |
Page Fault in JVM |
Fixed the health invoke method to display the help message for anything other than just health. Previously, a page fault occurred in JVM.NLM after typing "health /?". |
327129 |
Admin Tool Access |
Fixed Admin Tool so it can be accessed even if Websense is downed. |
297654 |
Importing PFX Files |
Fixed Java_com_novell_appliance_server_CacheApplianceConfigure_GetCertificateInfoX() to pass a 2K buffer (instead of 1K) into GetCertificateInfo(). Previously, couldn't import a .pfx file that IE 6.0 could import because the passed buffer was too small. |
295459 |
Filter Bypass |
Previously, the filter bypass was not working in transparent mode because the bypass code was checking the TCP destination address:port, which is the origin server's address:port. |
303816 |
Multiple Referer Wildcards |
Multiple referrers with wildcards fail. |
296148 |
Filter Override |
Changed code to allow http, ftp, and gopher schemes. Previously, schemes like ftp:// and gopher:// weren't allowed in 2.2 (even though they were allowed in 2.1). |
303386 |
Ethernet Speed/Duplex |
Previously we were unable to set the speed/duplex on certain Ethernet cards. |
301496 |
Quicktime Causes Pagefault |
Quicktime caused abend in both 2.1 and 2.2 every 24 hours. |
303575 |
Real Player In HTTP Mode |
Added logic to the word parsing code to prevent it from doing the RAM file parsing when it is HTTP tunneling. Previously, forward proxy HTTP didn't work with Real Player in HTTP mode. |
296790 |
Log Button |
Fixed the log button. Previously, after enabling logging and refreshing the GUI, the log button was grayed out on the transparent panel. |
301544 |
LDAP Searching |
Large LDAP searches previously failed. |
303472 |
SSLizer and Port 80 |
Fixed redirection to allow for a non-standard accelerator port. Previously, running the accelerator on a port other than 80 caused the redirection to an SSL service to fail because the accelerator port was not being removed from the URI (which caused an SSL connection attempt to a listener that was not setup for SSL). |
328645 |
Authentication Dialog |
Fixed the browser to display authentication dialog using forward proxy with authentication. |
301504 |
Referer Wildcards |
Wildcards in referer header are not functioning properly. |
287268 |
Exporting WCCP Group Addresses |
Fixed code to correctly fill the groupaddress in the current.nas file (or any exported nas file). Previously, this happened using the GUI only (CLI worked). |
300373 |
Certificate Errors |
Updated the cli to return an error if setting the LDAP secure certificate name to NULL. |
295226 |
Licensing |
Changed code so that customers is warned to add new licenses before rebooting. |
303472 |
Ports and Destination URLs |
Changed the code to add a port to the destination URL. Previously, authentication redirects contained four additional characters on a Secure Excelerator service.The URL length was being calculated with the Secure Excelerator port included, but the port was not being added to the URL. |
333672 |
502 Bad Gateway |
Modified the code to look for a '<' at the beginning of a line and to treat it as if it were preceded by a blank line. Previously, a site was not sending the required blank line between the HTTP headers and the data. |
305121 |
409 Error Conflicts |
Updated the 409 error message to better identify the issue to the user. Previously, 409 conflict errors are being reported on servers with limited memory that are running filtering because filtering cannot swap in a page from disk. Purging cache or disabling and re-enabling filtering are short-term remedies. However, adding memory to the system is a better solution. |
303575 |
Forward Proxy |
Forward proxy doesn't work with Real Player in HTTP mode. |
305353 |
Wildcard Referer Matching |
Multiple referrers that reference the same object are in conflict. |
334724 |
Out of Memory Errors |
Fixed the site download code to use more memory on systems that have more RAM. Previously, received Out of Memory error when trying to pre-populate content because the amount of RAM that can be used by a system for site download was limited. |
305886 |
Annotator |
Annotator doesn't support bind-user authentication profiles. |
295163 |
DNS resolv.cfg |
Resolv.cfg not getting updated with DNS settings consistently. |
306757 |
Trailer Headers Causing Abend |
Fixed the header processing code to ignore a trailer header in a non-chunked reply. Previously, a Web server was violating the HTTP specification in two ways: 1) it was sending an HTTP/1.1 reply to an HTTP/1.0 request, 2) it was sending back a trailer header for a non-chunked reply. |
334339 |
IP ACL List |
Enabling IP ACL list on Excelerator disables monitoring in System Controller. |
306792 |
Authorization Timeout |
Changed volauth.exe timeout from 1s to 3s. |
338199 |
LDAP Authentication |
Fixed LDAP authentication with HTTPS web sites. |
305592 |
Command Line Interface |
No CLI after adding multiple subnets to an interface. |
