Thread Info
  • State Not Answered
  • Replies 10 replies
  • Subscribers 0 subscribers
  • Views 2068 views
  • Users 0 members are here
Options
Suggested

[DUPE] [7.360] CPU pegged at 51% since starting https scanning

RFCat_vk_01
Hi,
lucky I have dual core cpu. The graph and webadmin summary page show the cpu at 51%, while top (webadmin tools) doesn't show any high usage processes.
 
I tried disabling https scanning for short while to see what happened, maybe I need disable it for about 10mins to see what happens.
 
Ian M
Parents Reply Children
  • 0 in reply to William Warren
    A reboot reduced the CPU to normal until I tried to use https again. The sites wouldn't connect and cpu went to 60%. I need to do some more testing tonight my time.
     
    For the moment I have disabled HTTP scanning.
     
    William, while the https scanning process might require a resources while a session is in progress, it isn't releasing resources correctly after a session has closed.
     
    Ian M
  • 0 in reply to RFCat_vk_01
    A reboot reduced the CPU to normal until I tried to use https again. The sites wouldn't connect and cpu went to 60%. I need to do some more testing tonight my time.
     
    For the moment I have disabled HTTP scanning.
     
    William, while the https scanning process might require a resources while a session is in progress, it isn't releasing resources correctly after a session has closed.
     
    Ian M

    exactly..the proxy is maintaining an open connection on one end or both ends which means it must maintain the cryptography of the connection..get a few of those hanging around and cpu gets chewed up due to the overhead.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    William... sure, it will take up a bit more resources.  But accessing ONE site with ONE user behind it causes this to happen.. there is a bug, for sure.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Yes there has been a bug in the ssl termination which created a loop. this should be fixed in 7.380. 
    regards
    Gert
  • 0 in reply to Gert Hansen
    Hi,
    I know I should be posting this in the confirmed bug thread, but what the heck.

    From testing I have done so far today the bug appears to have been fixed.
    The CPU load didn't appear to increase greatly if at all when I logged onto my web banking site.

    Next issue is how to convince the various IE incarnations around here to work correctly now that I know the https works.

    Well done.

    Ian M
Cookie Information Banner