Page 1 of 1

Redirects in virtual hosts maxing out CPU

Posted: 2020/10/07 09:02:38
by lukewood
Hi,

I am running Apache 2.4.6 with PHP 7.0.33 and MariaDB version 5.5.65 on Centos 7.8.2003. I am using redirects in virtual hosts to direct the naked domain and http to https:/www.

I am finding that the CPU is maxing out. If I disable the redirects, the CPU returns to normal. My config is as follows:
<VirtualHost *:80>
ServerName www.domain.my
Redirect "/" "https://www.domain.my/"
</VirtualHost>

<VirtualHost *:443>
ServerName www.domain.my
<Directory /srv/www/domain.my/html>
Options FollowSymLinks Indexes MultiViews
Require all granted
AllowOverride All
</Directory>
DocumentRoot /srv/www/domain.my/html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.domain.my.2019.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain.my.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/www.domain.my.2019.ca-bundle
</VirtualHost>

<VirtualHost *:80>
ServerName domain.my
Redirect "/" "https://domain.my/"
</VirtualHost>

<VirtualHost *:443>
ServerName domain.my
<Directory /srv/www/domain.my/html>
Options FollowSymLinks Indexes MultiViews
Require all granted
AllowOverride All
</Directory>
DocumentRoot /srv/www/domain.my/html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.domain.my.2019.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain.my.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/www.domain.my.2019.ca-bundle
</VirtualHost>

Is there a better way to handle these redirects that is less resource intensive? Sorry if I am asking something basic but any help would be appreciated.

Kind regards,

Luke

Re: Redirects in virtual hosts maxing out CPU

Posted: 2020/10/07 09:45:09
by KernelOops
I think redirect works by providing the reason code, like this:

Code: Select all

Redirect 301 / "https://www.domain.my/"
or you could use another common method with rewriterules:

Code: Select all

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.my/$1 [R,L]

Re: Redirects in virtual hosts maxing out CPU

Posted: 2020/10/07 12:11:16
by lukewood
Hi KernelOops,

Thanks for your reply. I have changed the configuration based on your suggestion:

<VirtualHost *:80>
ServerName www.domain.my
Redirect 301 / "https://www.domain.my/"
</VirtualHost>

<VirtualHost *:443>
ServerName www.domain.my
<Directory /srv/www/domain.my/html>
Options FollowSymLinks Indexes MultiViews
Require all granted
AllowOverride All
</Directory>
DocumentRoot /srv/www/domain.my/html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.domain.my.2019.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain.my.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/www.domain.my.2019.ca-bundle
</VirtualHost>

<VirtualHost *:80>
ServerName domain.my
Redirect 301 / "https://www.domain.my/"
</VirtualHost>

<VirtualHost *:443>
ServerName domain.my
Redirect 301 / "https://www.domain.my/"
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.domain.my.2019.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain.my.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/www.domain.my.2019.ca-bundle
</VirtualHost>

It is working fine but the survey is maxing out. It seems strange as the redirects are there just incase someone types them in incorrectly.

Kind regards,

Luke

Re: Redirects in virtual hosts maxing out CPU

Posted: 2020/10/07 12:53:49
by TrevorH
Look at your logs. Is it looping re-requesting pages?

Re: Redirects in virtual hosts maxing out CPU

Posted: 2020/10/07 20:21:26
by KernelOops
I think the issue is with your ServerNames. I see the following:

ServerName www.domain.my (80)
ServerName www.domain.my (443)
ServerName domain.my (80)
ServerName domain.my (443)

What is more typical, is to use one domain and all others are defined as aliases. Try a setup that looks like this:

Code: Select all

<VirtualHost *:80>
ServerName domain.my
ServerAlias www.domain.my
UseCanonicalName Off
Redirect 301 / "https://www.domain.my/"
</VirtualHost>

<VirtualHost *:443>
ServerName domain.my
ServerAlias www.domain.my
UseCanonicalName Off

<Directory /srv/www/domain.my/html>
  Options FollowSymLinks Indexes MultiViews
  AllowOverride All
</Directory>

DocumentRoot /srv/www/domain.my/html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.domain.my.2019.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain.my.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/www.domain.my.2019.ca-bundle
</VirtualHost>

PS:
Obviously you need to re-issue the certificates to include both domains (domain.my & www.domain.my)

I also removed "Require all granted".

Re: Redirects in virtual hosts maxing out CPU

Posted: 2020/10/08 07:06:42
by lukewood
Thanks, this is what I am looking for. I had issues when I tried to implement the changes but I will try again. Thanks so much.

Re: Redirects in virtual hosts maxing out CPU

Posted: 2020/11/03 01:14:38
by lukewood
I just thought I would follow up in case this helps anyone else. I was mistaken - the virtual hosts weren't causing my CPU to max out at all. It was the PetalBot that was draining all the resources. I blocked them by adding the following to my .htaccess:

BrowserMatchNoCase "PetalBot" bad_bot
BrowserMatchNoCase "Aspeigel" bad_bot
Order Deny,Allow
Deny from env=bad_bot

Others to consider in fault finding are:

BrowserMatchNoCase "AhrefsBot" bad_bot
BrowserMatchNoCase "aiHitBot" bad_bot
BrowserMatchNoCase "baidu" bad_bot
BrowserMatchNoCase "Baiduspider" bad_bot
BrowserMatchNoCase "Barkrowler/0.9" bad_bot
BrowserMatchNoCase "BLEXBot" bad_bot
BrowserMatchNoCase "DeuSu" bad_bot
BrowserMatchNoCase "DotBot" bad_bot
BrowserMatchNoCase "Exabot" bad_bot
BrowserMatchNoCase "flang.dejanseo" bad_bot
BrowserMatchNoCase "FlipboardProxy" bad_bot
BrowserMatchNoCase "HTTrack" bad_bot
BrowserMatchNoCase "ia_archiver" bad_bot
BrowserMatchNoCase "MetaURI" bad_bot
BrowserMatchNoCase "mj12bot" bad_bot
BrowserMatchNoCase "SemrushBot" bad_bot
BrowserMatchNoCase "SeznamBot" bad_bot
BrowserMatchNoCase "spbot" bad_bot
BrowserMatchNoCase "spider" bad_bot
BrowserMatchNoCase "yandex" bad_bot
BrowserMatchNoCase "Adsbot/3.1" bad_bot
BrowserMatchNoCase "HeartRails_Capture" bad_bot