Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 10844 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Proxy

Daniel Schatz

Hi,

on my UTM 9.505-4 i have the following lines all over the web-protection log:

httpproxy[4888]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 137 (Input/output error)"

we use the Web-Protection as parent Proxy four our internal squid-cache. the web-protection has no Cache, no blocked-sites, no authentication, no request-logging and works in non-transparent mode. its basically only for AV scanning on http and https. all the Caching, site-blocking and authentication happens on the squid Proxy.

the log-entries on the UTM are accompanied with the following log-lines in squid Proxy:

kid1| TCP connection to (Sophos-utm-ip)/8080 failed
kid1| TCP connection to (Sophos-utm-ip)/8080 failed
kid1| TCP connection to (Sophos-utm-ip)/8080 failed
kid1| TCP connection to (Sophos-utm-ip)/8080 failed
kid1| Detected DEAD Parent: (Sophos-utm-ip)
kid1| TCP connection to (Sophos-utm-ip)/8080 failed
kid1| TCP connection to (Sophos-utm-ip)/8080 failed
kid1| Detected REVIVED Parent: (Sophos-utm-ip)

everytime this happens, users experience great delays in web-Surfing. sites not responding and so on...it just happens for a few seconds before everything goes back to normal.

if we let squid handle all the Surfing without UTM as parent proxy the Problem is gone. so it's def an UTM issue.

squid config line for parent proxy:

cache_peer (Sophos-utm-ip) parent 8080 0 no-query no-digest default
never_direct allow all

any ideas?

best regards, daniel



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    we still have this Problem and Users are unable to browse the web!
    most websites take ages to open or don't open at all.
    funny enough, if you go into the browser adress line and hit enter again (request the website a second time) it usually comes up pretty quick.
    Still our squid proxy only writes in log that TCP connection to Sophos Web-Protection Port fails.
    If i restart the web-protection on the Sophos UTM it usually runs fine for a few minutes and then the problem comes back.
    If i bypass the Sophos Web-Protection our Squid-Proxy delivers every website immediatly and without any delay.
    If i use Trend-Micro Viruswall as Upstream Proxy instead of Sophos Web-Protection it runs perfectly fine.
    It's not a problem of our squid proxy or the any other network infrastructure, it cleary is a UTM Problem.
    We use SSL Scanning and Web-Protection in Standard (non transparent) Mode. UTM Version is 9.701-6

    In Sophos Web-Protection i have the following log repeating in loops:

    2020:02:28-09:41:24 asg-2 httpproxy[10846]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1117" message="Write error on the epoll handler 902 (Broken pipe)"
    2020:02:28-09:41:54 asg-2 httpproxy[10846]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1117" message="Write error on the epoll handler 928 (Broken pipe)"
    2020:02:28-09:42:16 asg-2 httpproxy[10846]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 7 bytes (HPE_INVALID_CONSTANT: invalid constant string)"
    2020:02:28-09:43:50 asg-2 httpproxy[10846]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1694" message="Read error on the http handler 927 (Input/output error)"
     
    2020:02:28-09:45:36 asg-2 httpproxy[10846]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 289 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
    2020:02:28-09:45:36 asg-2 httpproxy[10846]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd9be9800" function="read_request_headers" file="request.c" line="1615" message="unable to parse a http message on handler 1118 (Success)"
     
    Is this a Bug, and if yes when will it finally be fixed? Could it be a corruption of the AV pattern files? Please help!
    Thanks in advance,
    Daniel
  • 0 in reply to Daniel Schatz

    What does Sophos Support say about this, Daniel?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data
Unfiltered HTML