Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 4 subscribers
  • Views 38863 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with HTTPS Inspection Error: Read error on the http handler (Input/output error)

tMorrill
I've recently switched to full HTTPS inspection in the Web Filter. Seems to work reasonably well, in that I've only had to make a relative few exceptions to SSL Scanning so far. However, since enabling HTTPS decryption I've noticed regularly occurring entries in my Web Filter log like these: 

2015:06:23-22:54:48 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 141 (Input/output error)"

2015:06:23-22:54:48 utm httpproxy[5307]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 123 (Input/output error)"


My question: How can I go about troubleshooting the cause of these errors? I think they could be resolved with an exception to SSL Scanning for some source/destination, but the logs don't give any info regarding that. Everything on my endpoints seem to be working just fine, so no clues there either.

Version = 9.312-8
Proxy Mode = Transparent
Default Authentication = None

Thanks!
-Tim


This thread was automatically locked due to age.
  • 0 in reply to Dominik Schlager-Weidinger

    Hallo Dominik and welcome to the UTM Community!

    Did you have this problem with earlier versions of UTM?  Do you have the same problem with different browsers?

    Have you tried If this is your own app, why not skip the proxy for accessing it?  First, you might try skipping Certificate checks for it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    thanks for your help on this. I have added an exception to avoid the web filtering.

    Now I'm facing issue with another app. It require websockets.

    I already created an exception for the complete domain (kahoot.it) but I still can see that something from this app is going through the webfilter.

    wss://play.kahoot.it/cometd
    wss://kahoot.it/cometd

     

    Is there any other place where to set this properly?

    Thanks,
    Dominik

  • 0 in reply to Dominik Schlager-Weidinger

    What are you seeing in the Web Filtering log, Dominik?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I see something like this in the log:

    2018:01:15-16:13:03 fw httpproxy[546]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1588" message="Read error on the http handler 72 (Input/output error)"

    For me it looks like that it is network connection issue.

    Test website is also showing network error.

     

    This is what the app requires:

    kahoot.uservoice.com/.../168876-what-network-security-settings-does-kahoot-requir

  • 0 in reply to Dominik Schlager-Weidinger

    Yes, the same as the original poster in this thread.

    In Transparent mode, you will want to skip the Proxy for DNS Hosts:

    • create.kahoot.it
    • play.kahoot.it
    • kahoot.it
    • test.kahoot.it

    And for a DNS Group:

    • media.kahoot.it

    Any better luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to J F

    this error is back. I reset the UTM and did a fresh install and all was working well but after a week or so this problem showed up again and slowly chokes off different websites to where different devices on the network can't communicate outside the network. This problem seems to come on after the UTM runs a while. Any help would be great. 

Unfiltered HTML