Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 21 replies
  • Subscribers 0 subscribers
  • Views 7085 views
  • Users 0 members are here
Options
Suggested

[8.930][BUG] HTTP Proxy messed up, fills up log partition

Sascha Paris
The http proxy seems to have some kind of hiccups. The Proxy fills up the whole logpartition with following entries: 

2012:04:13-22:06:31 asg01 httpproxy[4908]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfc7c708" function="send_response_body" file="response.c" line="587" message="send: Input/output error"

2012:04:13-22:06:31 asg01 httpproxy[4908]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfc7c708" function="ssl_log_errors" file="ssl.c" line="54" message="C 192.168.10.208: 3899882352:error:140D00CF:SSL routines:SSL_write[:P]rotocol is shutdown:ssl_lib.c:983:"

2012:04:13-22:06:31 asg01 httpproxy[4908]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfc7c708" function="send_response_body" file="response.c" line="587" message="send: Input/output error"

2012:04:13-22:06:31 asg01 httpproxy[4908]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfc7c708" function="ssl_log_errors" file="ssl.c" line="54" message="C 192.168.10.208: 3899882352:error:140D00CF:SSL routines:SSL_write[:P]rotocol is shutdown:ssl_lib.c:983:"

2012:04:13-22:06:31 asg01 httpproxy[4908]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfc7c708" function="send_response_body" file="response.c" line="587" message="send: Input/output error"

2012:04:13-22:06:31 asg01 httpproxy[4908]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfc7c708" function="ssl_log_errors" file="ssl.c" line="54" message="C 192.168.10.208: 3899882352:error:140D00CF:SSL routines:SSL_write[:P]rotocol is shutdown:ssl_lib.c:983:"

2012:04:13-22:06:31 asg01 httpproxy[4908]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfc7c708" function="send_response_body" file="response.c" line="587" message


But everything - even surfing over the webproxy - still works. I had now since 8.930 update twice times to stop the httpproxy and delete the logfile (size 16GB) [:S]
Parents
  • 0
    Sascha,

    the packet dumps you were sending me did not contain any SSL traffic. Can you please:
    - restart the HTTP proxy to ensure its initial state is clean
    - start a new capture for SSL traffic (port 443) only for the suspected client IP address
    - try to reproduce the triggering situation by booting Ubuntu or what ever
    When done please send me again the resulting packet dump and the corresponding http.log.

    Thanks in advance,
    mlenk
Reply
  • 0
    Sascha,

    the packet dumps you were sending me did not contain any SSL traffic. Can you please:
    - restart the HTTP proxy to ensure its initial state is clean
    - start a new capture for SSL traffic (port 443) only for the suspected client IP address
    - try to reproduce the triggering situation by booting Ubuntu or what ever
    When done please send me again the resulting packet dump and the corresponding http.log.

    Thanks in advance,
    mlenk
Children
No Data
Unfiltered HTML