Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 3991 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

httpproxy not working right?

darrellr_01
I am nearly completely unable to browse the web when Web Filtering is enabled with 9.314.13 installed.  I have rebooted twice since installation.  Browsing is normal when I disable Web Filtering.  As soon as it is re-enabled, browsing goes to crap (never finishes loading a page).  I will begin scouring the logs, but thought I would check and see if you guys had seen this after updating.  This is for a home user license, so no support.


This thread was automatically locked due to age.
  • 0
    Found several entries, it is definitely related to the update today.  Log entries are a lot of these starting right after update this morning:

    7/31/15 
    4:59:11.000 PM
    2015:07:31-16:59:11 sophosutm httpproxy[9942]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="384" message="shutdown finished, exiting"
    host = sophosutm source = sophos-utm sourcetype = syslog
    7/31/15 
    4:59:11.000 PM
    2015:07:31-16:59:11 sophosutm httpproxy[9942]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="disk_cache_exit" file="diskcache.c" line="46" message="writing cache index done"
    host = sophosutm source = sophos-utm sourcetype = syslog
    7/31/15 
    4:59:11.000 PM
    2015:07:31-16:59:11 sophosutm httpproxy[9942]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="disk_cache_exit" file="diskcache.c" line="44" message="writing cache index"
    host = sophosutm source = sophos-utm sourcetype = syslog
    7/31/15 
    4:59:11.000 PM
    2015:07:31-16:59:11 sophosutm httpproxy[9942]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_exit" file="epoll.c" line="687" message="epoll subsystem shut down"
    host = sophosutm source = sophos-utm sourcetype = syslog
    7/31/15 
    4:59:11.000 PM
    2015:07:31-16:59:11 sophosutm httpproxy[9942]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_exit" file="epoll.c" line="670" message="epoll subsystem shutting down"
    host = sophosutm source = sophos-utm sourcetype = syslog
    7/31/15 
    4:59:11.000 PM
    2015:07:31-16:59:11 sophosutm httpproxy[9942]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scan_exit" file="scanner.c" line="908" message="scanner subsystem shut down"
    host = sophosutm source = sophos-utm sourcetype = syslog
    7/31/15 
    4:59:10.000 PM
    2015:07:31-16:59:10 sophosutm httpproxy[9942]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scan_exit" file="scanner.c" line="902" message="scanner subsystem shutting down"
    host = sophosutm source = sophos-utm sourcetype = syslog
    7/31/15 
    4:59:10.000 PM
    2015:07:31-16:59:10 sophosutm httpproxy[9942]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_loop" file="epoll.c" line="850" message="starting exit cleanup"
    host = sophosutm source = sophos-utm sourcetype = syslog
  • 0
    A couple of others have reported similar, which were resolved by fresh install, then restoring config-backup.  First try restoring a config-backup and see if just that helps.  If you are using syslog, which the sourcetype indicates, you can also try disabling syslog (Logging & Reporting > Log Settings > Remote Syslog Server) temporarily and see if it helps.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    I'm not worried about receiving the syslog messages, but it definitely points to an issue.  I restored the config from this morning prior to the update and will see if that fixes the issue.  I am not seeing the id="0003" messages currently and browsing seems better.  Thanks for the help thus far.  I remember seeing someone stating they had to restore a backup this morning...
  • 0
    Not better after all.  Loads of errors:
     7/31/15
    5:40:24.000 PM 
    2015:07:31-17:40:24 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="580" message="reloading config"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:40:24.000 PM 
    2015:07:31-17:40:24 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 31"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:39:50.000 PM 
    2015:07:31-17:39:50 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 280 (Input/output error)"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:39:50.000 PM 
    2015:07:31-17:39:50 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 176 (Input/output error)"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:39:50.000 PM 
    2015:07:31-17:39:50 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 127 (Input/output error)"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:39:50.000 PM 
    2015:07:31-17:39:50 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 124 (Input/output error)"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:39:50.000 PM 
    2015:07:31-17:39:50 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 177 (Input/output error)"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:39:50.000 PM 
    2015:07:31-17:39:50 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 178 (Input/output error)"


    Also, that reloading config stuff is repeating every few seconds:

     7/31/15
    5:43:25.000 PM 
    2015:07:31-17:43:25 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 32"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:40:24.000 PM 
    2015:07:31-17:40:24 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 31"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:39:24.000 PM 
    2015:07:31-17:39:24 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 30"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:37:23.000 PM 
    2015:07:31-17:37:23 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 29"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:37:22.000 PM 
    2015:07:31-17:37:22 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 29"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:37:22.000 PM 
    2015:07:31-17:37:22 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 26"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:37:18.000 PM 
    2015:07:31-17:37:18 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 24"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:36:58.000 PM 
    2015:07:31-17:36:58 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 23"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:36:52.000 PM 
    2015:07:31-17:36:52 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 22"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:36:46.000 PM 
    2015:07:31-17:36:46 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 21"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:36:44.000 PM 
    2015:07:31-17:36:44 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 20"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:36:43.000 PM 
    2015:07:31-17:36:43 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 19"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:35:38.000 PM 
    2015:07:31-17:35:38 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 17"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:35:33.000 PM 
    2015:07:31-17:35:33 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 16"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:35:33.000 PM 
    2015:07:31-17:35:33 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 15"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:35:32.000 PM 
    2015:07:31-17:35:32 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 15"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:35:32.000 PM 
    2015:07:31-17:35:32 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 15"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:35:26.000 PM 
    2015:07:31-17:35:26 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 14"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog

    7/31/15
    5:29:39.000 PM 
    2015:07:31-17:29:39 sophosutm httpproxy[8209]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="636" message="reloading config done, new version 11"

        host = sophosutm
        source = sophos-utm
        sourcetype = syslog
  • 0
    I will just disable web filtering for now as I don't really have time to rebuild the silly thing.  This sort of thing is just really not acceptable and I am quite disappointed in Sophos.  If this were in my enterprise environment, it would have been ripped out long ago with the update record this year.  However, since I am paying nothing for it right now, it can stay.
  • 0
    Okay, I am also seeing a lot of messages similar to this:

    sophosutm ulogd[5200]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="x.x.x.x" dstip="y.y.y.y (external dns)" proto="17" length="28" tos="0x00" prec="0x00" ttl="64" srcport="45772" dstport="53" info="nf_ct_dns: dropping packet: Inappropriately formated record: Only -13 left for type and class

    Not sure how much of this is useful or just noise.  There are occurring every 15 seconds.
  • 0
    mangled DNS requests.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    I have the similar issue. I can't  browsing on the web. Don't know what to do. Waiting for the solution.
  • 0
    It is odd, though, that they are exactly 15 seconds apart.  When sniffing, there is nothing in the packet that suggests DNS other than the proto/port.  Something is up.  I did not have time to blow it away and rebuild this weekend, but that will be my next step.  Since it is a VM (esxi 5.5), I am hopeful it doesn't mess up the interface numbering and whatnot.  Any tips on avoiding that potential mess?
  • 0
    Reinstall, restore, everything is working a bit better.  However, I am still seeing the port 53 requests every 15 seconds like clockwork.  I will open a new thread.
Unfiltered HTML