[9.060][BUG] HTTP Proxy Broken Pipe And Timeout Errors are back

Hi, first let me say that I find the proxy response a lot better in this version than the 9.0x tree. Having said that, there are certain periods where the proxy stops responding for no apparent reason. So looking at the logs it appears that we had some regression and http://www.astaro.org/closed-forums-read-only/utm-9-betas/utm-9-public-beta-closed/43208-http-proxy-timeout-broken-pipe-consolidation.html problem is back[:(]

gatekeeper:/var/log # grep -c "Broken pipe" /var/log/http.log

112

gatekeeper:/var/log # grep -c Timeout /var/log/http.log

316

Here are a few lines from the http.log also

cat http.log |grep "Broken pipe"

2013:01:24-16:40:00 gatekeeper httpproxy[32708]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.0.11" dstip="173.194.43.37" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x9e71ae0" url="http://i1.ytimg.com/vi/0pcUEKIthoU/default.jpg" exceptions="av" error="Broken pipe" country="United States" category="177" reputation="unverified" categoryname="Content Server" content-type="image/jpeg" application="youtube"
2013:01:24-16:40:00 gatekeeper httpproxy[32708]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9b63860" function="tunnel_response_send_chunk" file="tunnel.c" line="265" message="write: Broken pipe"
2013:01:24-16:40:00 gatekeeper httpproxy[32708]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.0.11" dstip="173.194.43.37" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2586" request="0x9b63860" url="http://i2.ytimg.com/vi/98mCq7CbZvU/mqdefault.jpg" exceptions="av" error="Broken pipe" country="United States" category="177" reputation="unverified" categoryname="Content Server" content-type="image/jpeg" application="youtube"

and the timeouts

2013:01:24-10:21:23 gatekeeper httpproxy[12146]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.0.11" dstip="207.46.125.65" user="" statuscode="504" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2476" request="0x9346510" url="http://by2msg4020818.gateway.messenger.live.com/gateway/gateway.dll?Action=poll&Lifespan=60&SessionID=1046072096.996363977" exceptions="av,content,url,mime,fileextension" error="Timeout while reading response from Server"

All the timeouts are on the same live.com server so the server maybe down.

Regards
Bill

Parents

0 Scott_Klassen over 12 years ago

There's bad entries in domain_regex_slist_init (check always allow and always block lists) within the profile you're using. The * is not supported.

Edit: Some clarification. * Can be utilized if used properly in a regex. Plain entries such as *.domain.tld can be problematic now.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 arch113 over 12 years ago in reply to Scott_Klassen

I dont personally have anything with a * in it, but one of the default exceptions does..  The Nokia Ovi Suite/Store      has this: ^https?://[A-Za-z0-9.-]*\.ovi\.com/

Adobe, Apple and Window Update also contain the *

Turning them off doesnt help.  I also turned of anti virus scanning, and removed URL filtering, and it still doesnt work.

I assume the Mantis ID above doesnt really relate to my problem?

There's bad entries in domain_regex_slist_init (check always allow and always block lists) within the profile you're using.  The * is not supported.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 arch113 over 12 years ago in reply to arch113

Updated to 9.080  and I still have the same problem...

I dont personally have anything with a * in it, but one of the default exceptions does..  The Nokia Ovi Suite/Store      has this: ^https?://[A-Za-z0-9.-]*\.ovi\.com/

Adobe, Apple and Window Update also contain the *

Turning them off doesnt help.  I also turned of anti virus scanning, and removed URL filtering, and it still doesnt work.

I assume the Mantis ID above doesnt really relate to my problem?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 arch113 over 12 years ago in reply to arch113

Updated to 9.080  and I still have the same problem...

I dont personally have anything with a * in it, but one of the default exceptions does..  The Nokia Ovi Suite/Store      has this: ^https?://[A-Za-z0-9.-]*\.ovi\.com/

Adobe, Apple and Window Update also contain the *

Turning them off doesnt help.  I also turned of anti virus scanning, and removed URL filtering, and it still doesnt work.

I assume the Mantis ID above doesnt really relate to my problem?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Billybob over 12 years ago in reply to arch113
Hi, Scott is referring to web protection->web filtering ->url filtering tab. Look for older expressions in your webadmin by clicking on where the arrow is pointing in screenshot below. Seems like you have expressions like
*.access2myspace.com
*net10wireless.com

etc. Just remove the asterisk or remove the expression. The problem is in the way the expressions are imported from previous versions. The system won't let you add any new ones in the future. There is some discussion on the import function here https://community.sophos.com/products/unified-threat-management/astaroorg/f/80/t/64865
Regards
Bill
- 11.jpg
- View
- Hide
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 arch113 over 12 years ago in reply to Billybob
I removed them all, now I dont get any errors in the live log, but the proxy still doesnt work.

Hi, Scott is referring to web protection->web filtering ->url filtering tab. Look for older expressions in your webadmin by clicking on where the arrow is pointing in screenshot below. Seems like you have expressions like
*.access2myspace.com
*net10wireless.com

etc. Just remove the asterisk or remove the expression. The problem is in the way the expressions are imported from previous versions. The system won't let you add any new ones in the future. There is some discussion on the import function here http://www.astaro.org/beta-versions/utm-9-1-public-beta/46021-9-060-feature-url-filtering-exceptions-not-imported-previous-version.html
Regards
Bill
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Billybob over 12 years ago in reply to arch113

Hi, I think at this point it probably would be a good idea for you to start a new thread. I think your configuration not being imported correctly because it has asterisk (*) in it is a bug in itself.

So if you don't mind, start a new thread and explain your situation one more time and then post the lines that you have already posted above. Also post the logs after you have deleted the exceptions showing the proxy starting correctly but you still not being able to browse because the two things maybe related.

Regards
Bill
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

[9.060][BUG] HTTP Proxy Broken Pipe And Timeout Errors are back

Submitted a Tech Support Case lately from the Support Portal?