Apache HTTP Proxy Creates Huge Download Traffic From Update Servers

[mathisbilgi 0]

Hi all,

My customer has 10,000 device(windows client and windows servers) managed by ESMC. Each device fetch updates from single Apache Http Proxy.

However, Apache Http Proxy downloads 80 GB from eset update servers per day. Is there a recommendation for apache config? or anyting else? Thank you

 

[MartinK 378]

Is it somehow possible to find out what files are actually downloaded? I would also recommend to double check that proxy has enough disk space in it's ProgramData cache directory. Also it might be useful to enable more detailed logging, as described in https://httpd.apache.org/docs/2.4/mod/mod_cache.html#status which might indicate problem with caching if present.

Could you also describe environment in more details, for example version of products? Asking, because older products (v5) do not support caching.

[Marcos 5,074]

New products should download updates mainly from update.eset.com but in your case it's various um??.eset.com servers. Please provide also logs collected with ESET Log Collector from one of the clients.

[jcook 1]

We have noticed exactly the same problem with one of our customers. And he could easily reproduce it in a lab with recommended ESET setup. 

One observation is that all update calls to hxxp://update.eset.com/ are redirected by that server to umXX.eset.com servers. So the files are downloaded from those umXX servers.  But identical .nup files on those servers are not seen as identical by the proxy. Meaning the cache for a .nup file is only hit if-and-only-if it comes from the same umXX server.

So, if you have for example 10 clients asking updates, via the proxy, to hxxp://update.eset.com/, then in practice only a fraction is hitting the cache due to the round-robin redirect policy from hxxp://update.eset.com/.

I hope you are able to reproduce and fix this asap because, well, ... our customer uses satellite connections, so it hurts ... a lot.

[Palmolive 0]

I have the exact same problem as well. I even tried moving the proxy off the main ESMC server and on to a dedicated server and its still doing the same thing.  

[jcook 1]

There is another problem that makes the downloads so big: Every day large 'updates' are being downloaded.  You can easily test that. Make sure your client is up to date. Then disconnect them from the proxy (eg pull out network cable). Wait 1 day. Open the Eset client and get ready to force refreshing the updates. Start making a screen video, put the network cable back in and hit the refresh update button.  

You will notice the first a small download is fetched, which is normal after 12 hours (a level 3 update). But immediately after that a very large download comes in (a Level 1 download). You might say this can happen, bit this happens every single day.

ESET needs to fix this urgently, because their small updates was one of the last USP. I would hate to loose that.

 

Edited February 20, 2020 by jcook

[MichalJ 434]

@jcook & @Palmolive I have briefly checked it with our senior development staff and according to them we are not aware of those issues. Therefore, to perform proper diagnostic before investigation I have to kindly ask you to contact our technical support, and provide whatever evidence you have (for example the screen videos you have mentioned). 

We will for sure analyze those issues. You can send me your ticket number, and person from ESET who has responded to you on your ticket for easier identification. 

Thank you,

Michal