Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.205] HTTP proxy - restarted

Every now and then I notice that my users are getting increasingly annoyed by "The proxy server is not responding" message from IE. So I did some logging, and it seems that the HTTP proxy is shutting down and restarting by itself.
2014:09:04-19:55:24 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_loop" file="epoll.c" line="859" message="starting exit cleanup" 

2014:09:04-19:55:24 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scan_exit" file="scanner.c" line="577" message="scanner subsystem shutting down" 
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scan_exit" file="scanner.c" line="583" message="scanner subsystem shut down" 
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_exit" file="epoll.c" line="680" message="epoll subsystem shutting down" 
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_exit" file="epoll.c" line="695" message="epoll subsystem shut down" 
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="disk_cache_exit" file="diskcache.c" line="44" message="writing cache index" 
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="disk_cache_exit" file="diskcache.c" line="46" message="writing cache index done" 
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="378" message="shutdown finished, exiting" 
2014:09:04-19:55:27 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="271" message="reading configuration" 
2014:09:04-19:55:27 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="583" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known" 
2014:09:04-19:55:27 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3308" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080" 
2014:09:04-19:55:28 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="292" message="reading profiles" 
2014:09:04-19:55:28 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="aptpscanner.c" line="171" message="ATP loaded" 
2014:09:04-19:55:28 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_load_list" file="scr_scanner.c" line="1305" message="failed to load list" 
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs01.astaro.com' access time: 55ms" 
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs02.astaro.com' access time: 71ms" 
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs03.astaro.com' access time: 271ms" 
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs04.astaro.com' access time: 52ms" 
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs05.astaro.com' access time: 52ms" 
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs06.astaro.com' access time: 340ms" 
2014:09:04-19:55:30 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs07.astaro.com' access time: 254ms" 
2014:09:04-19:55:30 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs08.astaro.com' access time: 533ms" 
2014:09:04-19:55:30 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs09.astaro.com' access time: 134ms" 
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs10.astaro.com' access time: 644ms" 
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs11.astaro.com' access time: 40ms" 
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs12.astaro.com' access time: 39ms" 
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs13.astaro.com' access time: 188ms" 
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs14.astaro.com' access time: 336ms" 
2014:09:04-19:55:32 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs15.astaro.com' access time: 387ms" 
2014:09:04-19:55:32 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs16.astaro.com' access time: 538ms" 
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs17.astaro.com' access time: 572ms" 
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs18.astaro.com' access time: 366ms" 
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs19.astaro.com' access time: 44ms" 
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs20.astaro.com' access time: 57ms" 
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="129" message="reloading ATP pattern" 
2014:09:04-19:55:34 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs21.astaro.com' access time: 51ms" 
2014:09:04-19:55:34 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs22.astaro.com' access time: 43ms" 
2014:09:04-19:55:34 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="147" message="reloading ATP pattern finished" 
2014:09:04-19:55:34 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs23.astaro.com' access time: 181ms" 
2014:09:04-19:55:35 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs24.astaro.com' access time: 971ms" 
2014:09:04-19:55:37 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs26.astaro.com' access time: 535ms" 
2014:09:04-19:55:37 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs27.astaro.com' access time: 49ms" 
2014:09:04-19:55:38 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs28.astaro.com' access time: 196ms" 
2014:09:04-19:55:40 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="avirascanner_log" file="avirascanner.c" line="89" message="Successfully initialized Avira SAVAPI library 1.5.1, expires 20150331, AVE 8.3.24.20, VDF 7.11.170.170 (7213450 signatures)" 
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="saviscanner.c" line="256" message="Successfully loaded SAVI threat data, engine 3.53.1, threat data 5.03 from 9/7/2014 (7252355 detected threats)" 
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="342" message="finished startup" 
2014:09:04-19:55:46 UTM httpproxy[15574]: Integrated HTTP-Proxy (c) 2007-2014 Sophos Ltd, Release 144.g33f1438 
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="711" message="reloading config" 
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="583" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known" 
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3308" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080" 
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="752" message="Releasing unused memory" 
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="755" message="reloading config done, new version 69"  
2014:09:04-19:55:48 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="711" message="reloading config" 
2014:09:04-19:55:49 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="583" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known" 
2014:09:04-19:55:49 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3308" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080" 
2014:09:04-19:55:51 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="752" message="Releasing unused memory" 
2014:09:04-19:55:51 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="755" message="reloading config done, new version 70" 
2014:09:04-19:55:54 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="129" message="reloading ATP pattern" 
2014:09:04-19:55:54 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="147" message="reloading ATP pattern finished"

This is what I can see in the log besides normal web browsing.
Does anybody know why this is happening?

Thanks.


This thread was automatically locked due to age.
  • No one else has responded, and I'm not seeing this at any of my clients.  I bet you have a hardware problem, but you should get Sophos Support involved.

    Cheers - Bob
  • No one else has responded, and I'm not seeing this at any of my clients.  I bet you have a hardware problem, but you should get Sophos Support involved.

    Cheers - Bob

    Thanks for the reply, but the product is running on a VMware Workstation server, which rules out any hardware problem.
    Unfortunately, a home user license can't get me any support, so I've gotta solve this myself.
    But I will try a clean installation to see if that'll squash this problem. Furthermore, the physical NICs are Intel based, and a bug seems to be going around the forum about the Intel NIC driver crashes in 9.205... link
    Do you think this could be connected to the problem?
  • Define the NICs as VMXNET3 in VMware, and that should alleviate any problems related to the other patients.

    Sorry for any short responses.  Posted from my iPhone.
  • You said you are running as a virtual appliance. Your VMs are seen as either Intel 1000 virtual or vmxnet virtual nic. Your physical can be Realtek or whatever. It doesn't really matter as they are emulated and the middleware layer is playing the role rather than the physical nic. Using Workstation you can nest ESXi on completely unsupported physical nics because of the same reason - middleware.  

    And your failed messages are coming at IPv6 address. I wonder why.

    I don't know if you can't but:
    If the /etc/sysconfig/network  NETWORKING_IPV6=yes
     change the line to:
    NETWORKING_IPV6=no

    I am in bed now and to lazy to get up and test on my fw
  • It does not appear to me that the httpproxy process is crashing - it looks like it is being purposefully restarted.  I don't know why - almost all config changes don't do a restart.

    I would look at that first line "starting exit cleanup" and then search all other logs at the same timestamp to see if you can find something that would cause it to want to restart.
  • I have a customer site or two where the HTTP Proxy restarts on it's own when it detects that it is using too much memory (older 220 appliance, for example) -- I started a case with Sophos for them regarding the issue when I saw it and that was the explanation I got.  It doesn't happen often enough to cause them any problems.
  • Ahh yes, forgot about that.  It can happen and be a little misleading.

    There is a memory manager that watches to see if too much memory is being used.  If it detects the system has run out of memory it kills the process that uses the most, which on most systems is the httpproxy.  The proxy might not be the problem, but it is the symptom.

    It WILL appear in one of the logs that it has done this.

    Make sure you are running the latest version.  If you are using a VM or your own box, give it more memory.