[squid-users] Squid doesn't execute url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf
Alex Rousskov
rousskov at measurement-factory.com
Tue Feb 12 04:37:05 UTC 2019
On 2/11/19 5:01 PM, Amos Jeffries wrote:
> On 12/02/19 6:11 am, Alex Rousskov wrote:
>> On 2/2/19 12:37 PM, eliezer at ngtech.co.il wrote:
>>> Can we change the default from "startup=0" to "startup=1" ?
>>
>> We obviously can. The real question is whether we should. AFAICT, the
>> default changed to zero in commit 48d54e4. In that commit message, I did
>> not find an explanation of _why_ the default was changed
> The default being 0 was extra performance tuning
When there is a trade-off (e.g., with detecting misconfigurations), the
choice of the default should not be driven by performance optimizations
or special deployment environments IMO -- those who need to optimize
performance or accommodate special environments can and should tune
their squid.conf settings explicitly instead of relying on defaults.
>> Before we restart changing defaults, we should agree on some principles
>> that should guide us in selecting the right default. Please feel free to
>> propose/defend them if you want to work on this change. Here is an
>> example of a possible principle we could use for situations where the
>> default option value is not clear/obvious:
>> * The default should maximize the chance that a misconfiguration is
>> discovered at startup time (rather than at runtime).
> * the default should not induce overly much RAM usage.
> * the default should not cause unnecessary processes to run.
The last two are too obvious to be practically useful AFAICT: Clearly,
we do not want "overly much" or "unnecessary" of anything.
> ** Default 0 (current status-quo) assumption is that the admin might
> configure a helper that is never used.
> ** Default of 1 that all helpers are needed, but maybe fast enough not
> to need many forks().
> ** Default 2+ that traffic load and helper usage is going to be high
> with all helpers handling a lot of I/O.
Yes, but those use cases are not principles that can guide us towards
selecting the right default. Clearly, any reasonable default value will
match some use case or another.
Also, "configure a helper that is never used" is arguably a
misconfiguration (that we should, to the extent possible, highlight
rather than conceal).
There is another general principle that says "Admin should only pay for
the features they enable", but it does not help in this particular
situation AFAICT because the admin _is_ configuring the helper
explicitly, so we have the right to charge the admin for that (by
increasing startup costs).
Alex.
More information about the squid-users
mailing list