Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 5 subscribers
  • Views 17777 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filter log only shows Input/Output Errors

Andrew Parker

I'm running UTM9.502-4. I've been trying to fine tune some web filtering exceptions after enabling Scan and Decrypt in Transparent mode. This caused a lot of iOS apps not work, which I've gathered is a normal occurrence because of cert pinning in the apps.

I've been looking at the log to figure out what to add an exception for, but all I'm seeing are Input/Output errors like this:

2017:08:28-16:28:29 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:30 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:30 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:35 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:35 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:36 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:36 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2458 (Input/output error)"

2017:08:28-16:28:36 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2458 (Input/output error)"

2017:08:28-16:28:36 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2458 (Input/output error)"

2017:08:28-16:28:36 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2458 (Input/output error)"

2017:08:28-16:28:36 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:36 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:36 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:41 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2452 (Input/output error)"

2017:08:28-16:28:42 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2452 (Input/output error)"

2017:08:28-16:28:42 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2452 (Input/output error)"

2017:08:28-16:28:42 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2452 (Input/output error)"

2017:08:28-16:28:42 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:42 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:42 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:42 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2458 (Input/output error)"

2017:08:28-16:28:47 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

2017:08:28-16:28:47 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1586" message="Read error on the http handler 2407 (Input/output error)"

I had to hook my iPhone up to a Burp proxy to discover that an exception for inbox.google.com was required for the gmail app to work.

This is making it near impossible to figure out the exceptions I need to add. Is this a bug?



This thread was automatically locked due to age.
Parents
  • 0

    Hi Andrew,
    we had similar entries in the Web Protection Live Log.
    In addition, our CPU utilization on both cores increased to ~99.8% (SG125 with FW v9.502-4).
    The evaluation with "top" over the CLI resulted in 150 - 180% CPU usage for httpproxy.

    Our solution was to import the UTM certificate into Firefox. (We use Web Proxy with authentication and SSL scan).
    After importing the certificate the UTM behaved normal again and the output of top over the CLI also showed moderate values (around 30 - 60%) for httpproxy.

    Furthermore, we have defined an exception for the corresponding service (on localhost) in the Internet options.


    Many greetings

    DSC

Reply
  • 0

    Hi Andrew,
    we had similar entries in the Web Protection Live Log.
    In addition, our CPU utilization on both cores increased to ~99.8% (SG125 with FW v9.502-4).
    The evaluation with "top" over the CLI resulted in 150 - 180% CPU usage for httpproxy.

    Our solution was to import the UTM certificate into Firefox. (We use Web Proxy with authentication and SSL scan).
    After importing the certificate the UTM behaved normal again and the output of top over the CLI also showed moderate values (around 30 - 60%) for httpproxy.

    Furthermore, we have defined an exception for the corresponding service (on localhost) in the Internet options.


    Many greetings

    DSC

Children
  • 0 in reply to Daniel Schwechheimer

    Thanks for the reply Daniel.  I have already imported the certificate on my iPhone.  I enabled the trust settings, but some apps still don't work because of certificate pinning.  So I need to add exceptions for those urls, but the log is not showing any useful information when I'm using my iPhone.  My CPU usage is low so that's not a problem.

  • 0 in reply to Andrew Parker

    Andrew Parker said:

    Thanks for the reply Daniel.  I have already imported the certificate on my iPhone.  I enabled the trust settings, but some apps still don't work because of certificate pinning.  So I need to add exceptions for those urls, but the log is not showing any useful information when I'm using my iPhone.  My CPU usage is low so that's not a problem.

    Hi Andrew,
    sorry I can't help you anymore.

    Maybe Bob reads this thread and has some useful suggestions.

    Many greetings

    DSC

Unfiltered HTML