This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with HTTPS Inspection Error: Read error on the http handler (Input/output error)

I've recently switched to full HTTPS inspection in the Web Filter. Seems to work reasonably well, in that I've only had to make a relative few exceptions to SSL Scanning so far. However, since enabling HTTPS decryption I've noticed regularly occurring entries in my Web Filter log like these:

2015:06:23-22:54:48 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 141 (Input/output error)"

2015:06:23-22:54:48 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 123 (Input/output error)"


My question: How can I go about troubleshooting the cause of these errors? I think they could be resolved with an exception to SSL Scanning for some source/destination, but the logs don't give any info regarding that. Everything on my endpoints seem to be working just fine, so no clues there either.

Version = 9.312-8
Proxy Mode = Transparent
Default Authentication = None

Thanks!
-Tim


This thread was automatically locked due to age.
  • Are there any website entries immediately prior to these errors?
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • Yes, there are, but there doesn't seem to be any consistency between them in that it isn't the same sites each time. Also, I'm not sure if they are directly related. When I sit and watch, occasionally there are times when it seems no traffic is passing the filter, yet the error is generated about every 10 seconds. For example, here's a snippet from the logs when it threw the error for about a minute with no other site entries showing up in between.

    2015:06:23-23:29:29 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 89 (Input/output error)"
    2015:06:23-23:29:39 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 89 (Input/output error)"
    2015:06:23-23:29:49 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 89 (Input/output error)"
    2015:06:23-23:30:09 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 88 (Input/output error)"
    2015:06:23-23:30:19 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 86 (Input/output error)"
    2015:06:23-23:30:29 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 86 (Input/output error)"
    2015:06:23-23:30:39 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 86 (Input/output error)"
    2015:06:23-23:30:49 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 86 (Input/output error)"
    2015:06:23-23:30:59 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 86 (Input/output error)"
    2015:06:23-23:31:09 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 86 (Input/output error)"
    2015:06:23-23:31:19 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 86 (Input/output error)"
    2015:06:23-23:31:29 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 89 (Input/output error)" 
  • See https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/46830, probably related in some way.  Looks to be a code bug.  Are you using 9.312 or 9.313?  These's several issues with the web proxy in these versions.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • Yes, it was 9.312-8. Just updated to 9.313-3 last night and the error persists. Thanks!
  • Can confirm that, ticket already open and not yet any reply [:(]
  • Edit: with 9.314 all my issues like  I/O or worker Errors are resolved

    Fix [34788]: HTTP Proxy: segfault in tcmalloc::ThreadCache
    Fix [34975]: HTTP Proxy: core dump kernel_vsyscall
    Fix [35018]: HTTP Proxy: EpollWorker segfault in kernel_vsyscall
  • Sorry to bring up an old thread but this error is back and is really messing with a lot of my apps on my iphone. Good example is the Amazon app. when you go to search something it throws an error saying that it cannot connect. The log looks like this. 

     

    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 149 (Input/output error)"

    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 140 (Input/output error)"

    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 151 (Input/output error)"
     
    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 132 (Input/output error)"
     
    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 141 (Input/output error)"
     
    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 138 (Input/output error)"
     
  • Version?  Last date Up2Dated?  Last date rebooted?  When did this problem begin?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • im on 9.506 and this happens with SSL inspection running on youtube & youtube for kids IOS application(s). Something changed inside these apps and they no longer let SSL interception occur. seeing this more and more with googles applications. The QUIC (HSTS) protocol breaks Captive portal, Redirection now with Google Chrome 63x no longer works on the XG 17.02.

    I run an XG125W at home and the youtube apps used to work great with safe search etc. now the kids can only use youtube through safari on their iPADs, which is the workaround I have put in place.

  • Hi Bob,

     

    not sure if you can help but our company is running into the same problem when using an own developed app.

    Checking with developers every domain (incl. subdomains) has been allowed in the webfilter and firewall allows everything at the moment.

    Error in webfilter log:

    fw httpproxy[4898]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 5 (Input/output error)"

     

    Because of this the login to our app is not possible. And no clue what to allow in order to get app running properly.

    We are using Sophos UTM 9 as a sevice from Amazon.

    Firmware: 9.506-2

    Last reboot: today

     

    Thanks,
    Dominik