Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 47 replies
  • Subscribers 1 subscriber
  • Views 28884 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Timeout while reading response from Server"

UweT
Hi there,

Astaro's web filter is getting a pain in the neck. It causes more and more frustration.

Right now we have a class of students in a room who have to do an exam/a test online using www.coa2.co.uk (Java based).

Some students want to finish the test, some others want to access the website and the Astaro comes up with a client error window in the browser: "Timeout while reading response from Server".

Reviewing the web filter log I even see different URLs having that problem: 


2012:02:03-11:23:18 disgwac httpproxy[6111]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="172.16.2.42" dstip="194.168.43.38" user="" statuscode="502" cached="0" profile="REF_KbKfywLeRp (School)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xa3a1330" url="www.coa2.co.uk/.../" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error="Timeout while reading response from Server"

2012:02:03-11:23:18 disgwac httpproxy[6111]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.17.9.11" dstip="67.195.187.57" user="" statuscode="502" cached="0" profile="REF_mLsJvVcVuk (WLAN-CommunityRoom)" filteraction="REF_iKcUWRpPYS (CommunityRoom_Action)" size="5293" request="0x6d301a30" url="prod1.rest-notify.msg.yahoo.com/.../uta_siebert

2012:02:03-11:24:51 disgwac httpproxy[6111]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.16.2.129" dstip="94.100.179.72" user="asachechelashvili" statuscode="502" cached="0" profile="REF_KbKfywLeRp (School)" filteraction="REF_jufcKIaXDn (Students_Action)" size="4835" request="0x8432d1a8" url="jim12.mail.ru/connect


These are just 3 examples of many lines repeating in similar form.

The website above I had/have already excluded from everything: AV Scanning, URL ContentFiltering... but it doesn't help.

Do you have any suggestions?

Sincerely,
Uwe


This thread was automatically locked due to age.
  • 0
    are you using the local cff database?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Did you ever resolve this?  We are experiencing the same problem.
  • 0
    statuscode="502"

    If a reboot doesn't solve that, and you aren't having the issue with lots of sites, then the simplest is to avoid the proxy for that.  In "Transparent" mode, add a DNS Host for the FQDN to the 'Skip transparent mode destination hosts/nets' on the 'Advanced' tab.  In "Standard" mode, the skip has to be done in the client - in Windows, add appropriate entries to the Exceptions in 'Proxy Profile'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    aha..there's already a full exception built in..[:)]  it worked fine until v9 hence the report.  come on i'm not going to throw something up here unless i've thoroughly checked things out.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to BAlfson
    We are running transparent so I added the DNS Host entry "prod2.rest-notify.msg.yahoo.com" to the skip list and we continue to get see these messages: 

    2012:03:21-22:35:12 ASGHOSTNAME1 httpproxy[15988]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.200" dstip="216.155.195.253" user="" statuscode="502" cached="0" profile="REF_HFhtDafqWq (ADSSO)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5185" request="0x531a7018" url="prod2.rest-notify.msg.yahoo.com/.../YAHOO_ACCT_NAME


    What am I doing wrong?
  • 0
    Add IP 216.155.195.253 - 
    -Skip transparent mode destination hosts/nets' on the 'Advanced' tab 
    or 
    - Web Security > Web Filtering > Exceptions
  • 0 in reply to profesor
    I just tried both methods (skip list and adding a web filtering exceptions).  The ASG is insistent on capturing that traffic.  It's strange as I have other skips/exceptions in both sections that work just fine.
  • 0
    For me, prod1.rest-notify.msg.yahoo.com resolves to 67.195.187.57, so you may need both prod1 and prod2 DNS hosts.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I appreciate ya'lls help with this!  I've added both DNS hosts (Prod1 and Prod2).  No joy.  [:S]
  • 0
    what version of astaro?  System stats?  Astaro modules in use?  user counts?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Cookie Information Banner