[squid-users] problem with squidGuard redirect page after upgrading squid
Amos Jeffries
squid3 at treenet.co.nz
Tue Jan 5 11:04:09 UTC 2016
On 5/01/2016 10:39 p.m., Jason Haar wrote:
> On 31/12/15 23:43, Amos Jeffries wrote:
>> But that said; everything SG provides a current Squid can also do
>> (maybe better) by itself.
> Hi Amos
>
> Are you saying the squid acl model can support (say) 100M acl lists? The
> main feature of the squidguard redirector was that it had indexed files
> that allowed for rapid searching for matches - is this done within squid
> now? (presumably it wasn't some time ago?). If so, is that done in
> memory or via the acl files? (ala SG) - the former means a much slower
> squid startup?
>
Yes. Squid always has been able to given enough RAM. Squid stores most
ACLs in memory as Splay trees, so entries are sorted by frequency of use
which is dynamically adapted over time. Regex are pre-parsed and
aggregated together for reduced matching instead of re-interpreted and
parsed per-request.
SquidGuard is from the era when servers only had 100's MB of RAM, not
tens of GB. So storing things on disk in files made sense. With OS level
file caching in memory that can look like fast ACLs - but in reality it
is still slower than directly accessing the listed value in RAM where
the entries are stored in a format that can be quickly tested against
the on-wire protocol data, not to mention the Squid<->helper protocol
overheads.
Amos
More information about the squid-users
mailing list