Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 3357 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Corrupted HTTP response

Simone Giordano

Hi

We are experiencing corrupted HTTP responses while consuming web-services. Our application do thousands of requests to a remote database; the requests are made with SOAP protocol and the result is an XML document. The channel is an unsecure HTTP transport. The application do the requests in keep-alive mode, so only one socket is opened for all requests.

This is what happens:

 

<s:Envelope xmlns:s="schemas.xmlsoap.org/.../"><s:Body><ExecuteQueryResponse xmlns="webservices.farmadati.it"><ExecuteQueryResult xmlns:a="schemas.datacontract.org/.../FDIWebServices" xmlns:i="www.w3.org/.../a:NumRecords><a:OutputValue>&lt; version="1.0" encoding="UTF-8"?&gt;&#xD;
&lt;TableResult&gt;&#xD;
&lt;Product&gt;&#xD;
&lt;FDI_T416&gt;034623278VF&lt;/FDI_T416&gt;&#xD;
&lt;FDI_T291&gt;034623278&lt;/FDI_T291&gt;&#xD;
&lt;FDI_T292&gt;VF&lt;/FDI_T292&gt;&#xD;
&lt;FDI_T293&gt;2007-03-06&lt;/FDI_T293&gt;&#xD;
&lt;FDI_T294&gt;R&lt;/FDI_T294&gt;&#xD;
&lt;FDI_T295&gt;GU&lt;/FDI_T295&gExecuteQueryResult></ExecuteQueryResponse></s:Body></s:Envelope>_T297&gt;2007&lt;/FDI_T297&gt;&#xD;
&lt;/Product&gt;&#xD;
&lt;/TableResult&gt;</a:OutputValue><a:Page>1</a:Page><a:RecordsPerPage>100</a:RecordsPerPage></ExecuteQueryResult></ExecuteQueryResponse></s:Body></s:Envelope>

 

Randomly last 64 bytes of the response are write in the middle of the message, corrupting the response.

The issue happens after hundreds of continuous request.

We think it's caused by Sophos because bypassing it, all works fine.

The corrupted messages has been taken at transport level, there is no transformation made by software. Server side there is a public IIS used by thousand of customers.

The software run on Windows 2016 with last service pack; Sophos XG is model 135 with firmware SFOS 17.1.1 MR-1.

 

We have already made an HTTP exception, disabled IPS, disabled AV, changed AV scanning model, tried all command line flags. Nothing.

Can anyone help us? Any suggestion?

 

Thank you for support

S.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    has this process ever worked or did it just start? What does the daily report show for memory and CPU stats.

    Have you logged a fault with Sophos because the issue looks like a memory fault to me?

    Ian

  • 0 in reply to rfcat_vk

    Now I'm sure that the issue is caused by Sophos XG proxy.

    I've installed a third-party VPN client on server and I've routed the traffic through the tunnel. All works fine!

    So following this guide:

    https://community.sophos.com/kb/en-us/128173

    I've completely disabled the proxy for the server (my previous mistake was that I have to uncheck HTTP Scan and Web Policy at the same time) and now all works fine also with Sophos XG.

    I think there is a bug in web proxy with multiple web requests in keep-alive mode. Now I'm going to open a support case.

    S.

Reply
  • 0 in reply to rfcat_vk

    Now I'm sure that the issue is caused by Sophos XG proxy.

    I've installed a third-party VPN client on server and I've routed the traffic through the tunnel. All works fine!

    So following this guide:

    https://community.sophos.com/kb/en-us/128173

    I've completely disabled the proxy for the server (my previous mistake was that I have to uncheck HTTP Scan and Web Policy at the same time) and now all works fine also with Sophos XG.

    I think there is a bug in web proxy with multiple web requests in keep-alive mode. Now I'm going to open a support case.

    S.

Children
No Data