Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2661 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weird file="p0f-client.c" errors

jazzoberoi
Hi, Been getting the following entries in my Web Filtering log polluting it and i don't know what it means.. can anyone please shed some light ? 


2015:03:21-11:39:49 DVicSophosUTM01-1 httpproxy[11817]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe49ba000" function="read_request_headers" file="request.c" line="1649" message="request misses host part"

2015:03:21-11:41:16 DVicSophosUTM01-1 httpproxy[11817]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xbb9c000" function="p0f_read_response" file="p0f-client.c" line="162" message="p0f: no matching host"

2015:03:21-11:41:27 DVicSophosUTM01-1 httpproxy[11817]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x11121800" function="p0f_read_response" file="p0f-client.c" line="162" message="p0f: no matching host"

2015:03:21-11:41:28 DVicSophosUTM01-1 httpproxy[11817]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4053000" function="p0f_read_response" file="p0f-client.c" line="162" message="p0f: no matching host"

2015:03:21-11:41:30 DVicSophosUTM01-1 httpproxy[11817]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4cd4800" function="p0f_read_response" file="p0f-client.c" line="162" message="p0f: no matching host"

2015:03:21-11:41:33 DVicSophosUTM01-1 httpproxy[11817]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe43a2000" function="p0f_read_response" file="p0f-client.c" line="162" message="p0f: no matching host"

2015:03:21-11:41:36 DVicSophosUTM01-1 httpproxy[11817]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xcb2c800" function="p0f_read_response" file="p0f-client.c" line="162" message="p0f: no matching host"

2015:03:21-11:41:42 DVicSophosUTM01-1 httpproxy[11817]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="connect_server" file="dns.c" line="1192" message="loopback detected"


This thread was automatically locked due to age.
  • 0
    What happens if you disable 'Detect HTTP loopback' on the 'Misc' tab of 'Filtering Options'?

    Cheers - Bob
  • 0 in reply to BAlfson
    Hi,

    Bob.. did that. It got rid of the Loopback error messages but still getting the below:

    2015:03:22-22:01:31 DVicSophosUTM01-1 httpproxy[10600]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd0d30800" function="p0f_read_response" file="p0f-client.c" line="162" message="p0f: no matching host" 


    Also, what am i missing by not detecting for loopback ?
  • 0
    That hasn't been seen anywhere before - I guess that "request misses host part" means that one of your devices is sending something on port 80 that is not a properly-formed web request and that the Proxy is running in Transparent mode.

    If you need a DNAT on port 80, you will get Loopback errors unless you disable that check.  Otherwise, it should be left checked.

    Cheers - Bob
  • 0 in reply to BAlfson
    Hi Bob,

    Thanks for helping me out here :0

    I am running in transparent mode. However, do not DNAT on port 80. I gues the user portal is the only thing that runs on 80 atm.

    Also, i keep getting the following 3 errors repeatedly.



    2015:03:23-14:45:33 DVicSophosUTM01-1 httpproxy[10600]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1098" message="Write error on the epoll handler 608 (Connection reset by peer)" 

    2015:03:23-14:45:34 DVicSophosUTM01-1 httpproxy[10600]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1098" message="Write error on the epoll handler 857 (Broken pipe)"

    2015:03:23-14:45:38 DVicSophosUTM01-1 httpproxy[10600]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd0d30800" function="p0f_read_response" file="p0f-client.c" line="162" message="p0f: no matching host" 
  • 0
    Note: p0f is system that detect what OS a client is running.  It gets printed in the log and is used for device-specific authentication.

    However I don't think you specifically have a p0f error.  Rather, I think several things are printing error messages due to bad traffic seen by the proxy.

    I'd look to see if any of the surrounding message (eg the proxy logs themselves) show errors (look at error="").  This will link the subsystem error messages you see here with the request source and destination.