[squid-users] Large text ACL lists

Darren darren.j.breeze.ml at gmail.com
Fri Sep 30 05:58:32 UTC 2016


Thank you Amos

The resources I save not running multiple Squidguards will  make more ram available as you say and having a simpler setup is never a bad thing either.

Just to clarify, so when squid fires up, it caches the ACL file into ram  in it's entirety and then does some optimizations? If that is the case I would need to budget the ram to allow for this.

This sounds great and I get the bonus reverse DNS on dstdomain acls too, something Squidgard didn't do.

happy days

thanks

Darren B.





Sent from Mailbird [http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird]
On 30/09/2016 10:42:15 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
On 29/09/2016 10:44 p.m., Darren wrote:
> Hi All
>
> I have been tinkering with Squidguard for a while, using it to manage
> ACL lists and time limits etc.
>
> While it works OK, it's not in active development and has it's
> issues.
>
> What are the limitations with just pumping ACL lists directly into
> Squid and letting it do all the work internally without running a
> team of squidguards?

CPU mostly. The helpers will use Nx the RAM for N helpers, so Squid
technically uses less that way. But since Squid workers are internally
single-threaded the CPU time takes from the processing of things through
the lists does slow down the workers handling other transactions. There
is also the time on startup for loading the data into memory. With big
data lists both of those differences can be noticable.

There are some RAM differences purely due to the storage formats. We
have not particularly optimized Squid ACLs recently for large data sets.

>
> how efficient is squid now at parsing the text files directly, will i
> Need more ram as the list grows? Is it slower or are their
> optimizations that I can do?
>

You will. Regardless of whether you use a helper or Squid.

Optimizations center around reducing the list sizes, removing
duplication, overlaps and dead entries.

For regex ACLs compacting the patterns down helps a lot. Squid will do
that itself now but is not very smart about it, so manual optimizations
still can have big impact.


Amos

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160930/61ac4163/attachment.html>


More information about the squid-users mailing list