over %60 of log entries from MWG have status_code=0
We've been trying to get to the bottom of this for over a month now. Effects both HTTP and HTTPS traffic. Over %60 of all logs have a status code of 0. We received an explanation from McAfee, but the explanation made absolutely no sense. Even after asking for clarification, the explanation doesn't make sense (I think it could be a language barrier.)
I wanted to check here before escalating the issue with McAfee.
Can anyone explain why the logs have this status code of 0?
Re: over %60 of log entries from MWG have status_code=0
Being curious I quickly checked some of my own access.log files and indeed found many of those myself. They all have a common pattern: they all are HTTP/2.0 and 0 bytes to client. Therefore I think they were all cancled.