Web Proxy CPU High Load

marcelofares · July 7, 2015, 2:19am

Hello guys

I’m having problems with my WebProxy.

I have a ROUTERBOARD 2011uas-rm. I use Hotspot to authenticate my clients on the network. I am having trouble activating the webproxy Transparent with high CPU load usage. I searched the internet about this and could not find consistent answers.

I need to enable webproxy precisely to account for pages accessed by my clients with this application (webproxy log). Does anyone have any tips to solve this problem of CPU?

miasik · July 7, 2015, 8:43am

May be proxy open and you serve externals?

marcelofares · July 7, 2015, 11:21am

I did not understand your question.
I am not a service provider. This is an medium-sized hotel.
I just activated the web proxy to achieve capture pages that my clients use, just that.

miasik · July 7, 2015, 1:01pm

Proxy have any user authorization or allowed IP restrictions?
Check incoming connections to proxy.

marcelofares · July 7, 2015, 2:09pm

I do not have ips addresses restricted to the proxy, there is no restriction, just activated the proxy function to achieve access the pages browsed by my clients. No extra configuration is made

marcelofares · July 7, 2015, 2:41pm

If I increase the CPU Frequency, it would help? I have seen reports that disable SNMP and increase CPU Frequency can help stabilize the RouterBoard.

Feklar · July 7, 2015, 4:50pm

Chances are if you do not have any restrictions on the proxy either via the firewall or the proxy rules, you have an external bot(s) using your proxy causing the CPU load to be that high. You need to lock down the proxy so that only people from your hotspot can access it and use it, the easiest way would be to do that via the firewall.

/ip firewall filter
add chain=input comment="Accept Established" connection-state=established
add chain=input comment="Accept related" connection-state=related
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add chain=input comment="Accept from known" src-address-list=known
add chain=input in-interface=<LAN Interface> dst-port=8080 protocol=tcp
add action=drop chain=input comment="Drop everything else"

Be careful to add your management IP(s) to the address list “known” and/or management interface before setting up the rules, especially the last one if you want to retain access to the router.

bajodel · July 7, 2015, 4:51pm

How much traffic are you handling?
if you temporarily disable Web proxy how behave the rb?

marcelofares · July 8, 2015, 11:02pm

Feklar:

Chances are if you do not have any restrictions on the proxy either via the firewall or the proxy rules, you have an external bot(s) using your proxy causing the CPU load to be that high. You need to lock down the proxy so that only people from your hotspot can access it and use it, the easiest way would be to do that via the firewall.
/ip firewall filter
add chain=input comment="Accept Established" connection-state=established
add chain=input comment="Accept related" connection-state=related
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add chain=input comment="Accept from known" src-address-list=known
add chain=input in-interface=<LAN Interface> dst-port=8080 protocol=tcp
add action=drop chain=input comment="Drop everything else"
Be careful to add your management IP(s) to the address list “known” and/or management interface before setting up the rules, especially the last one if you want to retain access to the router.

I just created this firewall rule to block any connection to the Internet (the outside world - Port 8080) to avoid reports extra in the generation of the Web Proxy. Until now the CPU is stable, it does not appear to have more peak load problems. I’ll keep watching.