On 02/03/2013 08:02 AM, Matthew Goff wrote:
Ah...But is it floating on the web to be found by Google?;) I
searched off and on a little for a way to easily tie Squid to MySQL
and I found lots of people asking but very little practical examples
beyond user authentication using the supplied demo script.
I'm curious how much caching would really be necessary in the helper
program though given that Squid already caches external ACL lookup
results on its own. I haven't seen any slowdown using this on my own
LAN, but that's a fairly small traffic sample.
My end goal was something using as few external library dependencies
as possible in a compiled language, so I can say I achieved that at
least. I really was just tired of the whole process of: ssh, su, edit,
reload, test -- each time I needed to block a new domain one of my
kids stumbled on;) The SQL tie-in is also nice because it can be
managed by so many different tools so you can create portal pages or
small GUI tools to allow less technical users to update their lists
without worrying about what file on disk to edit and what commands to
run afterwards.
Every solution will have pros and cons, just have to pick the best one
for your own use case:)
Indeed.
Well if you are here you can always ask and I do my best if I can.
Portability is very good.
I have used ruby since it's very intuitive to me.
The only systems I couldn't use Ruby was embedded.
Cache for external ACL is better limited to something.
Also the external ACL caches by IP or URL or couple together.
The application is caching in the block\search level which is far more
advanced and low level then squid helper cache.
Since squid dosn't have a "domain" a "path" etc.. in the interface the
app should do that.
Since I have used only a list of domains and partial url's path there is
a pretty good reason for that.
In almost any case other options then static DB is better.
There are couple solutions which offers just that for free.
There were couple guys here who talked about MYSQL as ACL backend but
nobody sketched a design for that.
If you do have something in mind for LDAP or MYSQL scheme which a
application can use to check for ACLs I will be more then happy to think
about it.
The current options are:
- squidGuard static DB by category.
- other weight categorizing such as -127 bad +127 ok and the user
choose the level he wants to be on or assigned a number.
This is a problem since many will refer a malware site as -127 while
adult content as -120 or what so ever.
Eliezer
