[squid-users] problem with squidGuard redirect page after upgrading squid
Marcus Kool
marcus.kool at urlfilterdb.com
Thu Jan 7 12:56:56 UTC 2016
On 01/07/2016 12:31 AM, Jason Haar wrote:
> On 06/01/16 00:04, Amos Jeffries wrote:
>> Yes. Squid always has been able to given enough RAM. Squid stores most
>> ACLs in memory as Splay trees, so entries are sorted by frequency of use
>> which is dynamically adapted over time. Regex are pre-parsed and
>> aggregated together for reduced matching instead of re-interpreted and
>> parsed per-request.
> Great to hear. I've got some 600,000+ domain lists (ie dstdomain) and
> 60,000+ url lists (ie url_regex) acls, and there are a couple of
> "gotchas" I've picked up during testing
Squid has regex optimisation that was donated by me and is essentially a
copy of what was already working a long time in ufdbGuard.
regexes are unlimited by the POSIX standard so you can have an
"unlimited" (limited by hardware resources) number of regexes.
> 1. at startup squid reports "WARNING: there are more than 100 regular
> expressions. Consider using less REs". Is that now legacy and ignorable?
> (should that be removed?). Obviously I have over 60,000 REs
> 2. making any change to squid and restarting/reconfiguring it now means
> I'm seeing a 12sec outage as squid reads those acls off SSD
> drives/parses them/etc. With squidguard that outage is hidden because
> squidguard uses indexed files instead of the raw files and that
> parsing/etc can be done offline. That behavioral change is pretty
> dramatic: making a minor, unrelated change to squid now involves a
> 10+sec outage (instead of <1sec). I'd say "outsourcing" this kind of
> function to another process (such as url_rewriter or ICAP) still has
> it's advantages ;-)
ufdbGuard is 98% compatible with squidGuard, is free open source
software with regular updates.
ufdbGuard is also very fast due to a new database format optimised
for URLs.
As with squidGuard, when a new config is loaded by ufdbGuard, the web proxy
keeps on working without any interruption for the end user.
Can you explain what the huge number of regexes is used for ?
Marcus
More information about the squid-users
mailing list