I have a couple of questions regarding Squid (2.5S3 + patches) and TCP_DENIED on my Linux (RedHat v7.3) system.
This is a prohibition I have in my config file: acl imrworldwide dstdomain .imrworldwide.com http_access deny imrworldwide Below are excerpts from my log file, showing the prohibition in use. Now my questions: 1. Why does it take so long to do the denial? I would think that the denial would be nearly instantaneous given that no network I/O needs to be done. The client requested a destination, that destination is disallowed, the denial is issued to the client; end of story. The 18ms I can understand, but times up to 930ms leave me scratching my head. 2. How does Squid know the size of the object being denied? Again, the client has requested a prohibited domain. I wouldn't think that Squid would even care if the domain was valid or not, let alone know the size of the object requested. Would someone please educate me on how Squid is doing denials? Thanks. ------------- 1057497998.865 18 192.168.0.4 TCP_DENIED/403 1389 GET http://server-us.imrworldwide.com/c1.js - NONE/- text/html 1057498000.262 112 192.168.0.4 TCP_DENIED/403 1407 GET http://server-us.imrworldwide.com/cgi-bin/count? - NONE/- text/html 1057498042.562 212 192.168.0.4 TCP_DENIED/403 1389 GET http://server-us.imrworldwide.com/c1.js - NONE/- text/html 1057498044.711 200 192.168.0.4 TCP_DENIED/403 1407 GET http://server-us.imrworldwide.com/cgi-bin/count? - NONE/- text/html 1057498079.593 452 192.168.0.4 TCP_DENIED/403 1389 GET http://server-us.imrworldwide.com/c1.js - NONE/- text/html 1057498081.667 386 192.168.0.4 TCP_DENIED/403 1407 GET http://server-us.imrworldwide.com/cgi-bin/count? - NONE/- text/html 1057498219.140 930 192.168.0.4 TCP_DENIED/403 1389 GET http://server-us.imrworldwide.com/c1.js - NONE/- text/html 1057498220.339 197 192.168.0.4 TCP_DENIED/403 1407 GET http://server-us.imrworldwide.com/cgi-bin/count? - NONE/- text/html 1057498310.943 670 192.168.0.4 TCP_DENIED/403 1389 GET http://server-us.imrworldwide.com/c1.js - NONE/- text/html 1057498312.743 491 192.168.0.4 TCP_DENIED/403 1407 GET http://server-us.imrworldwide.com/cgi-bin/count? - NONE/- text/html