This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with HTTPS Inspection Error: Read error on the http handler (Input/output error)

I've recently switched to full HTTPS inspection in the Web Filter. Seems to work reasonably well, in that I've only had to make a relative few exceptions to SSL Scanning so far. However, since enabling HTTPS decryption I've noticed regularly occurring entries in my Web Filter log like these:

2015:06:23-22:54:48 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 141 (Input/output error)"

2015:06:23-22:54:48 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 123 (Input/output error)"


My question: How can I go about troubleshooting the cause of these errors? I think they could be resolved with an exception to SSL Scanning for some source/destination, but the logs don't give any info regarding that. Everything on my endpoints seem to be working just fine, so no clues there either.

Version = 9.312-8
Proxy Mode = Transparent
Default Authentication = None

Thanks!
-Tim


This thread was automatically locked due to age.
Parents
  • Edit: with 9.314 all my issues like  I/O or worker Errors are resolved

    Fix [34788]: HTTP Proxy: segfault in tcmalloc::ThreadCache
    Fix [34975]: HTTP Proxy: core dump kernel_vsyscall
    Fix [35018]: HTTP Proxy: EpollWorker segfault in kernel_vsyscall
  • Sorry to bring up an old thread but this error is back and is really messing with a lot of my apps on my iphone. Good example is the Amazon app. when you go to search something it throws an error saying that it cannot connect. The log looks like this. 

     

    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 149 (Input/output error)"

    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 140 (Input/output error)"

    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 151 (Input/output error)"
     
    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 132 (Input/output error)"
     
    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 141 (Input/output error)"
     
    2017:11:29-09:16:41 julian httpproxy[5166]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 138 (Input/output error)"
     
  • Version?  Last date Up2Dated?  Last date rebooted?  When did this problem begin?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    not sure if you can help but our company is running into the same problem when using an own developed app.

    Checking with developers every domain (incl. subdomains) has been allowed in the webfilter and firewall allows everything at the moment.

    Error in webfilter log:

    fw httpproxy[4898]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 5 (Input/output error)"

     

    Because of this the login to our app is not possible. And no clue what to allow in order to get app running properly.

    We are using Sophos UTM 9 as a sevice from Amazon.

    Firmware: 9.506-2

    Last reboot: today

     

    Thanks,
    Dominik

  • Hallo Dominik and welcome to the UTM Community!

    Did you have this problem with earlier versions of UTM?  Do you have the same problem with different browsers?

    Have you tried If this is your own app, why not skip the proxy for accessing it?  First, you might try skipping Certificate checks for it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    thanks for your help on this. I have added an exception to avoid the web filtering.

    Now I'm facing issue with another app. It require websockets.

    I already created an exception for the complete domain (kahoot.it) but I still can see that something from this app is going through the webfilter.

    wss://play.kahoot.it/cometd
    wss://kahoot.it/cometd

     

    Is there any other place where to set this properly?

    Thanks,
    Dominik

  • What are you seeing in the Web Filtering log, Dominik?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I see something like this in the log:

    2018:01:15-16:13:03 fw httpproxy[546]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 72 (Input/output error)"

    For me it looks like that it is network connection issue.

    Test website is also showing network error.

     

    This is what the app requires:

    kahoot.uservoice.com/.../168876-what-network-security-settings-does-kahoot-requir

  • Yes, the same as the original poster in this thread.

    In Transparent mode, you will want to skip the Proxy for DNS Hosts:

    • create.kahoot.it
    • play.kahoot.it
    • kahoot.it
    • test.kahoot.it

    And for a DNS Group:

    • media.kahoot.it

    Any better luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Yes, the same as the original poster in this thread.

    In Transparent mode, you will want to skip the Proxy for DNS Hosts:

    • create.kahoot.it
    • play.kahoot.it
    • kahoot.it
    • test.kahoot.it

    And for a DNS Group:

    • media.kahoot.it

    Any better luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data