This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LOTS of blocks and epoll.c errors

Hi,

Home install of UTM 9.711-5 64-bit

Just recently I've noticed that I'm seeing a lot of name="web request blocked" action="block" error="Connection to server timed out" entries in the web filtering logs.  99% of the time they are preceded by a log entry saying message="Write error on the epoll handler 82 (Broken pipe)".  

These are appearing on domains that are in the proxy exception list, and some (not all) are reachable if I browse to them directly, and have only started appearing in the last week or so.  I don't see any significant changes in the configuration audit over the last month.

Can anyone help on where to start troubleshooting this?

Excerpt from log showing behaviour:

2022:09:28-00:54:01 picoutm httpproxy[5333]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 87 (Broken pipe)"
2022:09:28-00:54:01 picoutm httpproxy[5333]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.0.55" dstip="84.53.156.20" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterNetwo (Not for kids)" filteraction="REF_HttCffBlockUnsuiConte (Block Unsuitable Content)" size="517" request="0xda9c0000" url="https://bag.itunes.apple.com/" referer="" error="Connection timed out" authtime="0" dnstime="8" aptptime="119" cattime="0" avscantime="0" fullreqtime="127204854" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2022:09:28-00:57:15 picoutm httpproxy[5333]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.0.32" dstip="157.240.225.20" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6757" request="0xdaec2300" url="https://edge-mqtt.facebook.com/" referer="" error="" authtime="0" dnstime="31378" aptptime="86" cattime="0" avscantime="0" fullreqtime="6350031" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2022:09:28-00:57:30 picoutm httpproxy[5333]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 89 (Broken pipe)"
2022:09:28-00:57:30 picoutm httpproxy[5333]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.0.32" dstip="34.102.155.183" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xdae7d800" url="https://fsc.fitbit.com/" referer="" error="Connection timed out" authtime="0" dnstime="24246" aptptime="169" cattime="0" avscantime="0" fullreqtime="127275253" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2022:09:28-00:57:58 picoutm httpproxy[5333]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.0.32" dstip="172.217.169.10" user="" group="" ad_domain="" statuscode="504" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdb007c00" url="https://youtubei.googleapis.com/" referer="" error="Connection to server timed out" authtime="0" dnstime="30915" aptptime="140" cattime="134" avscantime="0" fullreqtime="60571676" device="0" auth="0" ua="" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" country="United States"
2022:09:28-00:58:41 picoutm httpproxy[5333]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.40" dstip="142.250.200.35" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (Not for kids)" filteraction="REF_HttCffBlockUnsuiConte (Block Unsuitable Content)" size="724" request="0xdfbdea00" url="http://ocsp.pki.goog/gtsr1/MEwwSjBIMEYwRDAHBgUrDgMCGgQUMJHC1g%2BC6hie2xOwdV2bBG5n8FAEFOSvKyZxGitIJ4UvUmYs7%2FCJE3E%2BAg0CA7xTWWs0xxj1AVBm" referer="" error="" authtime="0" dnstime="72546" aptptime="2139" cattime="32462" avscantime="950" fullreqtime="151593" device="0" auth="0" ua="com.apple.trustd/2.2" exceptions="patience" category="175" reputation="trusted" categoryname="Software/Hardware" country="United States" application="ocsp" app-id="835" sandbox="-" content-type="application/x-x509-ca-cert"
2022:09:28-01:06:19 picoutm httpproxy[5333]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 82 (Broken pipe)"
2022:09:28-01:06:19 picoutm httpproxy[5333]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.0.32" dstip="92.123.142.218" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xdb036e00" url="https://weather-data.apple.com/" referer="" error="Connection timed out" authtime="0" dnstime="182890" aptptime="163" cattime="0" avscantime="0" fullreqtime="127468615" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2022:09:28-01:07:16 picoutm httpproxy[5333]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 83 (Broken pipe)"
2022:09:28-01:07:16 picoutm httpproxy[5333]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.0.40" dstip="92.123.142.232" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterNetwo (Not for kids)" filteraction="REF_HttCffBlockUnsuiConte (Block Unsuitable Content)" size="517" request="0xf0e4e00" url="https://init-p01md.apple.com/" referer="" error="Connection timed out" authtime="0" dnstime="8" aptptime="115" cattime="0" avscantime="0" fullreqtime="127262708" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2022:09:28-01:09:15 picoutm httpproxy[5333]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 89 (Broken pipe)"
2022:09:28-01:09:15 picoutm httpproxy[5333]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.0.40" dstip="104.82.149.182" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterNetwo (Not for kids)" filteraction="REF_HttCffBlockUnsuiConte (Block Unsuitable Content)" size="517" request="0xdfbdd500" url="https://apps.mzstatic.com/" referer="" error="Connection timed out" authtime="0" dnstime="52484" aptptime="164" cattime="0" avscantime="0" fullreqtime="127336389" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2022:09:28-01:12:37 picoutm httpproxy[5333]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 89 (Broken pipe)"
2022:09:28-01:12:37 picoutm httpproxy[5333]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.0.32" dstip="92.123.143.106" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xdae7bc00" url="https://weather-data.apple.com/" referer="" error="Connection timed out" authtime="0" dnstime="161206" aptptime="110" cattime="0" avscantime="0" fullreqtime="127431153" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2022:09:28-01:12:56 picoutm httpproxy[5333]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.0.32" dstip="157.240.225.20" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7178" request="0xdfbdea00" url="https://edge-mqtt.facebook.com/" referer="" error="" authtime="0" dnstime="25680" aptptime="92" cattime="0" avscantime="0" fullreqtime="25982522" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
2022:09:28-01:18:33 picoutm httpproxy[5333]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 82 (Broken pipe)"
2022:09:28-01:18:33 picoutm httpproxy[5333]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.0.32" dstip="104.82.170.4" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xdb038a00" url="https://gspe19-ssl.ls.apple.com/" referer="" error="Connection timed out" authtime="0" dnstime="2" aptptime="159" cattime="0" avscantime="0" fullreqtime="127247909" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"

Thanks in advance :)



This thread was automatically locked due to age.
Parents Reply Children