Re: [squid-users] Defining BL's via acls
Joseph L. Casale wrote: What kind of performance issues should I expect if I remove squidGuard and simply make a series of acl's pointing to shalla bl files directly then denying them with http_access deny statements? Depends on your chosen ACL type and the number of patterns. Many regex may be slower than DG, many dstdomain or dst may improve response time. Given the size of the shalla lists, what would any seasoned squid admins expect as a scalability threshold on this approach? Thanks! jlc Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11 Current Beta Squid 3.1.0.3
RE: [squid-users] Defining BL's via acls
>Depends on your chosen ACL type and the number of patterns. >Many regex may be slower than DG, many dstdomain or dst may improve >response time. It looks like the lists are far too large for any regex type acls but the acl dstdomain "file" is causing me issues with the way the shalla lists are formatted, some urls are complete and some aren't and the incomplete sites do not have begin with a "." so they aren't matched, any way around this? I don't know why squidgaurd is broken in all three of my setups, maybe an issue with the rpmforge package? No one has a 1.4 rpm and I won't compile on these production systems :( Later this week, I will try to fire up a vm with CentOS and test it out. Thanks! jlc
Re: [squid-users] Defining BL's via acls
On Tue, Jan 06, 2009 at 11:49:57PM -0700, Joseph L. Casale wrote: > >Depends on your chosen ACL type and the number of patterns. > >Many regex may be slower than DG, many dstdomain or dst may improve > >response time. > > It looks like the lists are far too large for any regex type acls but > the acl dstdomain "file" is causing me issues with the way the > shalla lists are formatted, some urls are complete and some aren't and > the incomplete sites do not have begin with a "." so they aren't matched, > any way around this? > > I don't know why squidgaurd is broken in all three of my setups, maybe > an issue with the rpmforge package? No one has a 1.4 rpm and I won't compile > on these production systems :( Later this week, I will try to fire up a > vm with CentOS and test it out. When using dstdomain with a lot of entries (million), a squid "reload" might take tens of seconds. During this time it will refuse clients, which is not nice. I don't think this has been fixed yet in any branch?
Re: [squid-users] Defining BL's via acls
2009/1/7 Henrik K : > > When using dstdomain with a lot of entries (million), a squid "reload" might > take tens of seconds. During this time it will refuse clients, which is not > nice. That sounds not good. How about squid's rotating logs, will it also refuse clients at that time? Ralf.
