2 SG550, webproxy stop working, unable to parse

WWe have 2 SG550 (9.707-5) which recently have problems with the web proxy.  Currently, web surfing is no longer possible when the web proxy is enabled. For the users (~600), the browser then only spins in the blank, the searched website is not displayed. As soon as the webproxy is deactivated, everything runs again immediately.
The webproxy runs in transparent mode.
We have already deactivated https scanning for test purposes. We have also deactivated the virus scan.

Here is a log of the web proxy, when the problem occurs

2022:01:12-14:22:09 firewall-1 httpproxy[27600]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 96 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
2022:01:12-14:22:09 firewall-1 httpproxy[27600]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x32a37500" function="read_request_headers" file="request.c" line="1623" message="unable to parse a http message on handler 8508 (Resource temporarily unavailable)"
2022:01:12-14:22:09 firewall-1 httpproxy[27600]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"

We are stumped and really stuck here.
Thanks in advance for your inputs!

Parents
  • For us, we did see it on another machine yesterday at around the same time as seen in the logs here. I had a long remote call with sophos yesterday and support managed to gather logs. No further info though.

    It seems to have stopped for good at 18:15 yesterday for us. As far as I can see there was a pattern update at that time.

    Is it working now for anybody else?

  • today it goes after I switch from Transparent mode to Standard mode and back to Transparent mode.
    However, it does not feel smooth.
    There are still many of these messages

    sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 891 bytes (HPE_INVALID_METHOD: invalid HTTP method)"

    this does not really feel safe

Reply
  • today it goes after I switch from Transparent mode to Standard mode and back to Transparent mode.
    However, it does not feel smooth.
    There are still many of these messages

    sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 891 bytes (HPE_INVALID_METHOD: invalid HTTP method)"

    this does not really feel safe

Children
  • I doubt at this moment that the errors are even related to the issue. I think it is just the only thing that appered in the logs at the time of the webproxy error. So far I have gotten no info from Sophos what the underlying issue was.

    Have seen the issue on different machines at the same time. There has to have been something wrong with a pattern update I think

    Anyone from Sophos here that knows what went down?