Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 23 December 2024, 12:42:11 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Endian 3.0 + I-cap + Webfilter = 100 CPU
0 Members and 6 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian 3.0 + I-cap + Webfilter = 100 CPU  (Read 65715 times)
helvan
Jr. Member
*
Offline Offline

Posts: 3


« on: Thursday 20 February 2014, 04:14:02 am »

Made a clear instalation Endian 3.0 to migrate the existing endian firewall 2.5.1
My scenario:
+ / -: 200 users with no transparent proxy
Two user groups in Active Directory where one group has access to everything.
The second group involves the proxy filters where there locks pornography ... social networks ... etc. ..
I found that in version 3.0 the dansguardian was discontinued and now it is responsible C-icap for webfiltering.

After configuring everything, when I put on production, after the 5m CPU server is glued to the icap service and no one can do anything.

The rules were downloaded and confirmed, I disabled anti-virus .. etc ... and I created a rule in webfilter which pass all for everything .. and as such, works well ... only when I force the lands limited to using the filters group.

Someone already found this problem, and have no idea how to fix it?

thank you
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #1 on: Thursday 20 February 2014, 04:54:49 am »

Is your filter actually working?? Mine and several other people say it is not.
Logged
helvan
Jr. Member
*
Offline Offline

Posts: 3


« Reply #2 on: Thursday 20 February 2014, 08:28:34 pm »

HI,

Yes, filters work but fow a few minutes, because the cpu server overload after a few minutes (2/3m).
Logged
jomoryja
Jr. Member
*
Offline Offline

Posts: 9


« Reply #3 on: Monday 24 February 2014, 09:30:12 pm »

Hello,

I have the same issue.
I have a test server with 8 cores and only 2 users for testing.
When I surfed to a gaming site (spel.nl) the load for all 8 cores went to 100% for 10 seconds.

So far I found out that de-selecting porn in the webfilter results that the load goes down from 100 to 30%.

Greetings Jos


Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #4 on: Tuesday 25 February 2014, 03:38:41 am »

Did you guys download the last update?
Logged
helvan
Jr. Member
*
Offline Offline

Posts: 3


« Reply #5 on: Tuesday 25 February 2014, 10:28:25 pm »

I install the version 3.0 only.

Have any updates this version?

How i update this version?
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #6 on: Wednesday 26 February 2014, 01:21:11 am »

There is an update since then that seemed to have solved the problems. 
efw-upgrade -s
Logged
skybast
Jr. Member
*
Offline Offline

Posts: 2


« Reply #7 on: Saturday 26 July 2014, 08:30:20 pm »

Hello,

I have exactly the same problem with a new install of Endian 3.0

I made the install 3 times and still the same result : I-cap + Webfilter = 100 CPU

Any idea?
Logged
gsv
Full Member
***
Offline Offline

Posts: 16


« Reply #8 on: Tuesday 13 January 2015, 02:12:28 am »

I have the machine in production for a year now.
Same problem with web filter.
When i choose porn filter the CPU is at the max, with one client, with 2 clients, etc.
I give up for the moment Smiley.
Logged
Palima
Jr. Member
*
Offline Offline

Posts: 1


« Reply #9 on: Monday 16 March 2015, 07:17:30 pm »

Same Problem here - still no solution?  Huh

I had I-Cap on IpCop-Copfilter and it worked flawless Sad
Logged
phqr58
Full Member
***
Offline Offline

Gender: Male
Posts: 31


« Reply #10 on: Saturday 04 April 2015, 03:26:13 pm »

Enable event notification can help determine if ENDIAN is being attacked by ssh.
If web proxy is enabled, the CPU reach over 100%( four 4 CPU), can be observed in the system tab, hardware information. three facilities that I have, two I had to disable web proxy. in my case it's no problem for many users.
note that if changes are made directly with VI to /etc/squid/squid.conf these are lost when you change the WebGUI.
Logged
phqr58
Full Member
***
Offline Offline

Gender: Male
Posts: 31


« Reply #11 on: Saturday 04 April 2015, 03:32:32 pm »

DAVEVO Davevo publishes this solution:

I made the change and gave me problems "cache_dir aufs /var/spool/squid 40000 16 256" by
cache_dir rock /var/spool/squid 50000 max-size=32768 (this original ENDIAN 3.0)

hosts_file /etc/hosts
dns_nameservers x.x.x.x x.x.x.x
cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 50 KB
cache_dir aufs /var/spool/squid 40000 16 256
cache_mem 100 MB
logfile_rotate 10
memory_pools off
maximum_object_size 50 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off

It is now lightening fast! Hope that helps someone else...
Logged
cocoalcazar
Full Member
***
Offline Offline

Posts: 42



« Reply #12 on: Friday 25 September 2015, 01:19:50 am »

any other option?, CLEARS THE CONFIGURATION VIA WEB
Logged
skybast
Jr. Member
*
Offline Offline

Posts: 2


« Reply #13 on: Tuesday 12 January 2016, 08:34:32 pm »

I disabled ISP on port 80 and port 443 in the section Outgoing traffic firewall and everything became more fluid.  Shocked
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.156 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com