I allow users to maintain their own shared flat file of domains that wish to allow.
My backend checks to see if a change has been made (every 5 minutes) and if a change has been made, the new list is deployed and 'squid -k reconfigure' issued. This only occurs if a change is required and all my large files are precompiled databases. I have witnessed no negative performance hits and had no user complaints. That said I wouldn't want to be doing it more than once every five minutes at most. Currently it occurs maybe 5-6 times a day. Jay -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rick Matthews Sent: Friday, 7 March 2003 2:23 AM To: Jerry Murdock Cc: [EMAIL PROTECTED] Subject: RE: SquidGuard & NT Groups Nice system! The fact that you allow it to run the -k reconfigure whenever it is required tells me that the reconfigure does not produce an unacceptable performance hit. (Am I reading too much into it?) I know you must be using the .db files? What can you tell me about the user impact of a -k reconfigure on a production system? Thanks! Rick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Jerry Murdock > Sent: Thursday, March 06, 2003 9:24 AM > To: Rick Matthews > Cc: [EMAIL PROTECTED] > Subject: Re: SquidGuard & NT Groups > > > I do a -k reconfigure, but only when the groups actually change, not with > every xx minute update. > > The flow is basically: > > enumerate group1 > compare to existing userlist1 file > if != then write new userlist1 and set reconfigure flag > repeat for group2, group3, etc > if reconfigure flag set then do -k reconfigure > > Most are set to check every 30 minutes, combined with a Webmin option to > "Update Now" when really necessary. > > Jerry > > ----- Original Message ----- > From: "Rick Matthews" <[EMAIL PROTECTED]> > To: "Jerry Murdock" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Thursday, March 06, 2003 10:09 AM > Subject: RE: SquidGuard & NT Groups > > > > > My current method of a cron job enumerating the relevant groups into a > > > squidguard userlist file every x minutes is relatively efficient and > > > simple. It's not sexy, but it works if you can live with a little > > > latency. > > > > Hey, I like it! :) > > > > Is it necessary to 'squid -k reconfigure', or does squidGuard re-read > > the userlist files periodically? > > > > Rick > > > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of Jerry Murdock > > > Sent: Thursday, March 06, 2003 7:36 AM > > > To: [EMAIL PROTECTED]; Henrik Nordstrom; Phil Crooker > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: SquidGuard & NT Groups > > > > > > > > > Squid doesn't really know about groups at all., and never gets a "list > of > > > groups" back from the helper. It only knows the OK/ERR status a > generic > > > external_acl helper returns based on arbitrary parameters. > > > > > > Passing a single group on to Squidguard would be limited, I rarely > have > > > instances where a single group is sufficient. > > > > > > If this were to be truly useful, there would have to be a mechanism > for > > > Squid to enumerate the user's groups and pass the info onto > Squidguard. I > > > don't really think squid should be doing this much work "for" a > helper. > > > Do we want a list of 100 groups going to the helper for every request? > > > Squid could be trained to only pass "relevant" groups, but that is > more > > > mucking around in squid. > > > > > > IMO, the most efficient, clean, and flexible method would be for > > > squidguard to support some form of external group helper. > > > > > > My current method of a cron job enumerating the relevant groups into a > > > squidguard userlist file every x minutes is relatively efficient and > > > simple. It's not sexy, but it works if you can live with a little > > > latency. > > > > > > Jerry > > > > > > ----- Original Message ----- > > > From: "Jay Turner" <[EMAIL PROTECTED]> > > > To: "Henrik Nordstrom" <[EMAIL PROTECTED]>; "Phil Crooker" > > > <[EMAIL PROTECTED]> > > > Cc: <[EMAIL PROTECTED]> > > > Sent: Thursday, March 06, 2003 5:20 AM > > > Subject: RE: SquidGuard & NT Groups > > > > > > > > > > Not even via wb_group somehow? > > > > > > > > -----Original Message----- > > > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, 6 March 2003 3:38 PM > > > > To: [EMAIL PROTECTED]; Phil Crooker > > > > Cc: [EMAIL PROTECTED] > > > > Subject: Re: SquidGuard & NT Groups > > > > > > > > > > > > On Thursday 06 March 2003 01.42, Jay Turner wrote: > > > > > > > > > Is there no way squid could be modified to pass group information > > > > > through to the redirector? > > > > > > > > Not easily. Squid does not actually know the group. > > > > > > > > What could work is to have Squid tag the request if it matches a > > > > certain http_access rule, and have this tag sent to redirectors. > > > > > > > > Regards > > > > Henrik > > > > > > > > > > > > > > > > > > > > > > > >
