Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 8057 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy Stops Responding

strsmatt
Hello

I've opened a case with Sophos premium support, but I thought I'd post the problem here as well to see if anyone has any suggestions.

A few times per day we're getting "Proxy server not responding". I managed to catch it in the live log today, and this is the last few lines before it stops responding:

2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="464" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3384" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 1746 (Input/output error)"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 971 (Input/output error)"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 448 (Input/output error)"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_network_filter" file="confd-client.c" line="1851" message="failed to get network: Operation not permitted (req=[{ "id": 399308, "method": "get_object", "params": [ "" ] }])"
..... [few more of the same]
2015:04:27-11:40:37 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="133" message="reloading ATP pattern"


Clients are configured to use the utm as a proxy, and transparently, but both have problems.

Any ideas appreciated!

Matt


This thread was automatically locked due to age.
  • 0
    Those log lines look like what it prints when the httpproxy starts up, not the last lines before failure.  Unless the failure is related the the proxy restarting for some reason.
  • 0
    2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_network_filter" file="confd-client.c" line="1851" message="failed to get network: Operation not permitted (req=[{ "id": 399308, "method": "get_object", "params": [ "" ] }])"
    About 6 lines of these is what I get right before the crash/connection losses,
    To me, it looked like the cause, but I am not sure
  • 0
    Hello

    I've opened a case with Sophos premium support, but I thought I'd post the problem here as well to see if anyone has any suggestions.

    A few times per day we're getting "Proxy server not responding". I managed to catch it in the live log today, and this is the last few lines before it stops responding:

    2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="464" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
    2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3384" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
    2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 1746 (Input/output error)"
    2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 971 (Input/output error)"
    2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 448 (Input/output error)"
    2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_network_filter" file="confd-client.c" line="1851" message="failed to get network: Operation not permitted (req=[{ "id": 399308, "method": "get_object", "params": [ "" ] }])"
    ..... [few more of the same]
    2015:04:27-11:40:37 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="133" message="reloading ATP pattern"


    Clients are configured to use the utm as a proxy, and transparently, but both have problems.

    Any ideas appreciated!

    Matt


    I would start a ticket.  Is this a utm appliance or your own hardware?  if so what are the stats of the hardware?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    I would start a ticket.  Is this a utm appliance or your own hardware?  if so what are the stats of the hardware?


    It's a SG230.. not sure what the specs are for that, but don't think it's maxing out on anything judging by the graphs:

    http://i.imgur.com/pcGKJT4.png
  • 0
    ok how many users and what are your reporting settings?  If you have it set to retain as much as you can set it to that is going to make searches take a while.  if it is at defaults that's different...[:)]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    In Logging & Reporting -> Log Settings it's set to 'never delete log files', then at 90% to delete oldest log files.

    in Reporting Settings, everything is set to 3 months.

    I think these are default?


    In terms of users, we're authenticating against an AD domain with 1500 users in, but max concurrent users is way smaller - probably in the region of 300ish?

    Concurrent connections are well within the quoted capacity of the appliance: http://i.imgur.com/I6N2RQ2.png
  • 0
    get a support ticket started...cannot tell you anything more than that..sorry..

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Strsmatt,
    Can you keep this topic updated if you started the ticket?

    I got the same issue as home user, and I would like to see this issue resolved too [;)]

    Kind regards,
    Frank
  • 0 in reply to William Warren
    get a support ticket started...cannot tell you anything more than that..sorry..


    Thanks anyway William [:)]

    I'll post back with any developments!

    Matt
  • 0 in reply to strsmatt
    I would be interested in any update on this problem. Since updating to 9.310.11 I can no longer enable the web proxy in transparent mode as I get the passthrough6.fw-notify.net error and the proxy shutsdown.

    2015:04:30-15:20:09 huginn httpproxy[15951]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="464" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
    2015:04:30-15:20:09 huginn httpproxy[15951]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3384" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
    2015:04:30-15:20:09 huginn httpproxy[15951]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="295" message="caching templates"
    2015:04:30-15:20:09 huginn httpproxy[15951]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="298" message="reading profiles"
    2015:04:30-15:20:09 huginn httpproxy[15951]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_network_filter" file="confd-client.c" line="1851" message="failed to get network: Operation not permitted (req=[{ "id": 69, "method": "get_object", "params": [ "" ] }])"
    2015:04:30-15:20:10 huginn httpproxy[15951]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="aptpscanner.c" line="176" message="ATP loaded"
    2015:04:30-15:20:11 huginn httpproxy[15951]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="337" message="notifiying argos daemon
    2015:04:30-15:20:11 huginn httpproxy[15951]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="argos_notify" file="httpproxy.c" line="199" message="connect: Connection refused"
    2015:04:30-15:20:11 huginn httpproxy[15951]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="343" message="finished startup"
Unfiltered HTML