This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF site with protection not loading

Hi all,

I have a public web site published over http on the WAF with a custom protection profile. This was setup months ago and has been fine.

All of a sudden today the website isn't loading properly (blank screen) and when it does load it works for a bit then hangs or takes ages to load.

I've had to take the protection profile completely off now it's fine.

I thought this might be down to some definitions from sophos but looking in the logs can't see any blocked attacks only lots of 304 messages.

I don't want to have no protection on this but it's having an effect on customers. Any ideas?

Thanks
Ross

This thread was automatically locked due to age.

Parents

0 BarryG over 10 years ago

Hi,

Please post the full log (not live log) entries for the 304 errors.

Also consider opening a support case.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 Ross86 over 10 years ago in reply to BarryG

Hi,

Please post the full log (not live log) entries for the 304 errors.

Also consider opening a support case.

Barry

Hi Barry,

I've just raised a support case as well, but here is the specific error I was getting when testing and getting a timeout:

/var/log/reverseproxy.log:2014:11:20-09:21:45 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="0" user="-" host="my test laptop IP" method="GET" statuscode="304" reason="-" extra="-" exceptions="-" time="12423" url="/Style Library/Customer Core Styles/Styles/Images/start-of-data-bg.png" server="website address" referer="http://website address/Learners/Pages/LearnerHome.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.12.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C25%7C47; __atuvs=546daffb893ae67600b" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:21:45 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="0" user="-" host="my test laptop IP" method="GET" statuscode="304" reason="-" extra="-" exceptions="-" time="11980" url="/PublishingImages/CACHE Skinny Man Woman blue.jpg" server="website address" referer="http://website address/Learners/Pages/LearnerHome.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.12.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C25%7C47; __atuvs=546daffb893ae67600b" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:21:45 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="0" user="-" host="my test laptop IP" method="GET" statuscode="304" reason="-" extra="-" exceptions="-" time="14015" url="/Style Library/Customer Core Styles/Styles/Images/external-link-icon.png" server="website address" referer="http://website address/Learners/Pages/LearnerHome.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.12.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C25%7C47; __atuvs=546daffb893ae67600b" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:21:45 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="0" user="-" host="my test laptop IP" method="GET" statuscode="304" reason="-" extra="-" exceptions="-" time="14687" url="/Style Library/Customer Core Styles/Styles/Images/cache-links-share.gif" server="website address" referer="http://website address/Learners/Pages/LearnerHome.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.12.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C25%7C47; __atuvs=546daffb893ae67600b" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:24:21 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="56182" user="-" host="my test laptop IP" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="180461083" url="/Qualifications/Pages/QualHome.aspx" server="website address" referer="http://website address/AboutCACHE/Pages/Senior-Management.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.10.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C23%7C47; __atuvs=546daffb893ae676009" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:24:54 UTM-2 reverseproxy: [Thu Nov 20 09:24:54.635210 2014] [proxy_http:error] [pid 5598:tid 4113406832] (70007)The timeout specified has expired: [client my test laptop IP:59774] AH01102: error reading status line from remote server 10.0.0.65:443

/var/log/reverseproxy.log:2014:11:20-09:24:54 UTM-2 reverseproxy: [Thu Nov 20 09:24:54.635272 2014] [proxy:error] [pid 5598:tid 4113406832] [client my test laptop IP:59774] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync

/var/log/reverseproxy.log:2014:11:20-09:24:54 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="Website IP" size="434" user="-" host="my test laptop IP" method="POST" statuscode="502" reason="-" extra="-" exceptions="-" time="464154520" url="/Microsoft-Server-ActiveSync" server="REF_RevFroMdm" referer="-" cookie="-" set-cookie="-"

Thanks
Ross
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Ross86 over 10 years ago in reply to BarryG

Hi,

Please post the full log (not live log) entries for the 304 errors.

Also consider opening a support case.

Barry

Hi Barry,

I've just raised a support case as well, but here is the specific error I was getting when testing and getting a timeout:

/var/log/reverseproxy.log:2014:11:20-09:21:45 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="0" user="-" host="my test laptop IP" method="GET" statuscode="304" reason="-" extra="-" exceptions="-" time="12423" url="/Style Library/Customer Core Styles/Styles/Images/start-of-data-bg.png" server="website address" referer="http://website address/Learners/Pages/LearnerHome.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.12.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C25%7C47; __atuvs=546daffb893ae67600b" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:21:45 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="0" user="-" host="my test laptop IP" method="GET" statuscode="304" reason="-" extra="-" exceptions="-" time="11980" url="/PublishingImages/CACHE Skinny Man Woman blue.jpg" server="website address" referer="http://website address/Learners/Pages/LearnerHome.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.12.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C25%7C47; __atuvs=546daffb893ae67600b" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:21:45 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="0" user="-" host="my test laptop IP" method="GET" statuscode="304" reason="-" extra="-" exceptions="-" time="14015" url="/Style Library/Customer Core Styles/Styles/Images/external-link-icon.png" server="website address" referer="http://website address/Learners/Pages/LearnerHome.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.12.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C25%7C47; __atuvs=546daffb893ae67600b" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:21:45 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="0" user="-" host="my test laptop IP" method="GET" statuscode="304" reason="-" extra="-" exceptions="-" time="14687" url="/Style Library/Customer Core Styles/Styles/Images/cache-links-share.gif" server="website address" referer="http://website address/Learners/Pages/LearnerHome.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.12.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C25%7C47; __atuvs=546daffb893ae67600b" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:24:21 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="website IP" size="56182" user="-" host="my test laptop IP" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="180461083" url="/Qualifications/Pages/QualHome.aspx" server="website address" referer="http://website address/AboutCACHE/Pages/Senior-Management.aspx" cookie="__utma=206048129.138176272.1406536229.1416435885.1416474620.7; __utmz=206048129.1416474620.7.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmb=206048129.10.10.1416474620; __utmt=1; __utmc=206048129; __atuvc=0%7C43%2C0%7C44%2C0%7C45%2C0%7C46%2C23%7C47; __atuvs=546daffb893ae676009" set-cookie="-"

/var/log/reverseproxy.log:2014:11:20-09:24:54 UTM-2 reverseproxy: [Thu Nov 20 09:24:54.635210 2014] [proxy_http:error] [pid 5598:tid 4113406832] (70007)The timeout specified has expired: [client my test laptop IP:59774] AH01102: error reading status line from remote server 10.0.0.65:443

/var/log/reverseproxy.log:2014:11:20-09:24:54 UTM-2 reverseproxy: [Thu Nov 20 09:24:54.635272 2014] [proxy:error] [pid 5598:tid 4113406832] [client my test laptop IP:59774] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync

/var/log/reverseproxy.log:2014:11:20-09:24:54 UTM-2 reverseproxy: id="0299" srcip="my test laptop IP" localip="Website IP" size="434" user="-" host="my test laptop IP" method="POST" statuscode="502" reason="-" extra="-" exceptions="-" time="464154520" url="/Microsoft-Server-ActiveSync" server="REF_RevFroMdm" referer="-" cookie="-" set-cookie="-"

Thanks
Ross
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data