[squid-users] Large text ACL lists

Sat Oct 1 01:16:30 UTC 2016

Also if you are going to use Squid Native ACL blacklists and reload 
while you are updating, its a good idea to have a parent proxy 
configured, so that your traffic/users wont be interrupted, squid will 
default to the next available proxy while its unavailable/reloading the 
blacklists and forward traffic to it, otherwise your proxy will be down 
during the reload process and your users will be without the ability to 
surf.

On 9/30/2016 8:02 PM, Darren wrote:
> One further question
>
> If I have to reload the ACL lists do I restart squid or is there a way 
> to update without impacting the users to much?
>
> In some of the scenarios, some acl lists may change frequently
>
> thanks again.
>
>
>
> Sent from Mailbird 
> <http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird>
>>
>> On 1/10/2016 6:05:05 AM, Darren <darren.j.breeze.ml at gmail.com> wrote:
>>
>> Hi
>>
>> My main issue with squid guard is that when I try and block say 
>> www.facebook.com and the user goes to https://www.facebook.com, 
>> squidguard only sees the initial CONNECT as the target IP so doesn't 
>> match against the domain entry.
>>
>> If squidguard did a reverse DNS lookup, I could keep using that more 
>> complex filtering solution. That is where the dstdomain acl is a 
>> better option but has the ram overhead.
>>
>> Time for some experimentation
>>
>> thanks again for the feedback
>>
>>
>>
>>
>> Sent from Mailbird 
>> <http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird>
>>>
>>> On 30/09/2016 7:21:53 PM, Yuri Voinov <yvoinov at gmail.com> wrote:
>>>
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>
>>> Amos, I'm afraid that this is not a solution. Block lists have 
>>> become so
>>> huge that only their compression and / or placement in an external
>>> database (as Marcus) can save the situation.
>>>
>>>
>>> 30.09.2016 12:59, Amos Jeffries пишет:
>>> > On 30/09/2016 6:58 p.m., Darren wrote:
>>> >> Thank you Amos
>>> >>
>>> >> The resources I save not running multiple Squidguards will make more
>>> >> ram available as you say and having a simpler setup is never a bad
>>> >> thing either.
>>> >>
>>> >> Just to clarify, so when squid fires up, it caches the ACL file into
>>> >> ram in it's entirety and then does some optimizations? If that is
>>> >> the case I would need to budget the ram to allow for this.
>>> >
>>> > Not quite. Squid still reads the files line by line into a memory
>>> > structure for whatever type of ACL is being loaded. That is part 
>>> of why
>>> > its so much slowe to load than the helpers (which generally do as you
>>> > describe).
>>> >
>>> > The optimizations are type dependent and fairly simplistic. Ignoring
>>> > duplicate entries, catenating regex into bigger " A|B " patterns 
>>> (faster
>>> > to check against), etc.
>>> >
>>> > Amos
>>> >
>>> > _______________________________________________
>>> > squid-users mailing list
>>> > squid-users at lists.squid-cache.org
>>> > http://lists.squid-cache.org/listinfo/squid-users
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2
>>>
>>> iQEcBAEBCAAGBQJX7kq8AAoJENNXIZxhPexGH+cH/jmZsQlcZgXpwt62pHDtHp4t
>>> TWDnhr5KOfHv+GFeBUmJYuD2nn8wefb5KUUhea5fdpRAeDihFDQDPQDwAnaC/E5q
>>> FzE68zh+nF13xVwTW9/5mQhK75G17mOGJPGFPn1ZUC3lf/Q2JCOhWB+0MFilXXcQ
>>> /ptCeQII/E8oXaiBOvHPzasOp6eDnu/m51q0DnkfoUceEWap9W0rY/vKxwL32FI9
>>> fjqoZGGBPt3FDczjb8/9X6trqeGBwUl4PKSTE4JSdyU6z52evaCSsVbEgAmw+LjI
>>> ELCBPOuU7buFxNjCSNLVhDNQeZJFJxPV8Oh/OcDQZQDhdUYliEwRke5Sz+Rz37k=
>>> =hFD2
>>> -----END PGP SIGNATURE-----
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
--

Signed,

Benjamin E. Nichols
http://www.squidblacklist.org

1-405-397-1360 - Call Anytime.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160930/91043397/attachment.html>