Cloudflare Teams Access HTTPS Inspection Causing Stream Failures Across Wide Range of Sites

The only reference I could find to this curl error is attached after the line break. There is a chance that root cause may be an interaction triggered when sites behind Cloudflare are accessed by clients using the Warp client where the traffic is being inspected and HTTPS is being proxied. I cannot be certain of this, but in all cases I have seen the impacted sites are behind cloudflare.

The problem:
A constant nuisance with enabling HTTPS inspection of traffic through the Warp client is that even after whitelisting business sites and identifying and whitelisting where certificate pinning is being employed is that a large number of sites continue to fail which would be bad policy to whitelist. Examples are large download sites (repositories, etc.).

This is encountered occasionally with other tooling, but is encountered most often when scripting downloads with curl. Using Homebrew (https://brew.sh) is an example of where this frequently occurs. Downloads fail with the curl error: curl: (92) HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)

The Warp client must be disabled and the operation (installation, etc.) retried for the downloads to succeed. The sites triggering this, e.g. github.com & chromedriver.storage.googleapis.com are not good candidates to whitelist and would be considered an exposure if not inspected.

I believe disabling HTTP2 for curl in all cases works as well. If this is an issue with certain tools it would be nice for the Warp client to support whitelisting an executable - though this too would be annoying when curl is updated.

Does anyone know what could be causing this?


Continuing the discussion from Cache revalidation race condition results in HTTP stream failure:

Why Wait
Don’t wait for an answer, find it fast! Search for #CommunityTip error:
Example: #CommunityTip 521

Test Before You Post
Unsure of the issue? Test before posting using the Cloudflare Diagnostic Center: Diagnostic Center | Check SSL and Test Website Security | Cloudflare