<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Also if you are going to use Squid Native ACL blacklists and
reload while you are updating, its a good idea to have a parent
proxy configured, so that your traffic/users wont be interrupted,
squid will default to the next available proxy while its
unavailable/reloading the blacklists and forward traffic to it,
otherwise your proxy will be down during the reload process and
your users will be without the ability to surf.</p>
<p><br>
</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 9/30/2016 8:02 PM, Darren wrote:<br>
</div>
<blockquote
cite="mid:a7d4ee77-25f0-4bec-aba5-c74336798e70@getmailbird.com"
type="cite">
<div id="__MailbirdStyleContent" style="font-size:
10pt;font-family: arial;color: #000000"> One further question
<div><br>
</div>
<div>If I have to reload the ACL lists do I restart squid or is
there a way to update without impacting the users to much?</div>
<div><br>
</div>
<div>In some of the scenarios, some acl lists may change
frequently</div>
<div><br>
</div>
<div>thanks again.</div>
<div><br>
</div>
<div><br>
<div><br>
</div>
<div class="mb_sig">Sent from <a moz-do-not-send="true"
href="http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird"
target="_blank">Mailbird</a></div>
</div>
<blockquote class="history_container" type="cite"
style="border-left-style: solid;border-width: 1px;margin-top:
20px;margin-left: 0px;padding-left: 10px;min-width: 500px">
<p style="color: #AAAAAA; margin-top: 10px;">On 1/10/2016
6:05:05 AM, Darren <a class="moz-txt-link-rfc2396E" href="mailto:darren.j.breeze.ml@gmail.com"><darren.j.breeze.ml@gmail.com></a>
wrote:</p>
<div id="__MailbirdStyleContent" style="font-size:
10pt;font-family: arial;color: #000000">Hi
<div><br>
</div>
<div>My main issue with squid guard is that when I try and
block say <a class="moz-txt-link-abbreviated" href="http://www.facebook.com">www.facebook.com</a> and the user goes to
<a class="moz-txt-link-freetext" href="https://www.facebook.com">https://www.facebook.com</a>, squidguard only sees the initial
CONNECT as the target IP so doesn't match against the
domain entry.</div>
<div><br>
</div>
<div>If squidguard did a reverse DNS lookup, I could keep
using that more complex filtering solution. That is where
the dstdomain acl is a better option but has the ram
overhead.</div>
<div><br>
</div>
<div><span style="font-size: 10pt;line-height: 1.5">Time for
some experimentation</span></div>
<div><span style="font-size: 10pt;line-height: 1.5"><br>
</span></div>
<div><span style="font-size: 10pt;line-height: 1.5">thanks
again for the feedback</span></div>
<div><br>
</div>
<div><br>
</div>
<div><br>
<div><br>
</div>
<div class="mb_sig">Sent from <a moz-do-not-send="true"
href="http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird"
target="_blank">Mailbird</a></div>
</div>
<blockquote class="history_container" type="cite"
style="border-left-style: solid;border-width:
1px;margin-top: 20px;margin-left: 0px;padding-left:
10px;min-width: 500px">
<p style="color: #AAAAAA; margin-top: 10px;">On 30/09/2016
7:21:53 PM, Yuri Voinov <a class="moz-txt-link-rfc2396E" href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a> wrote:</p>
<br>
-----BEGIN PGP SIGNED MESSAGE-----
<br>
Hash: SHA256
<br>
<br>
Amos, I'm afraid that this is not a solution. Block lists
have become so
<br>
huge that only their compression and / or placement in an
external
<br>
database (as Marcus) can save the situation.
<br>
<br>
<br>
30.09.2016 12:59, Amos Jeffries пишет:
<br>
> On 30/09/2016 6:58 p.m., Darren wrote:
<br>
>> Thank you Amos
<br>
>>
<br>
>> The resources I save not running multiple
Squidguards will make more
<br>
>> ram available as you say and having a simpler
setup is never a bad
<br>
>> thing either.
<br>
>>
<br>
>> Just to clarify, so when squid fires up, it
caches the ACL file into
<br>
>> ram in it's entirety and then does some
optimizations? If that is
<br>
>> the case I would need to budget the ram to allow
for this.
<br>
>
<br>
> Not quite. Squid still reads the files line by line
into a memory
<br>
> structure for whatever type of ACL is being loaded.
That is part of why
<br>
> its so much slowe to load than the helpers (which
generally do as you
<br>
> describe).
<br>
>
<br>
> The optimizations are type dependent and fairly
simplistic. Ignoring
<br>
> duplicate entries, catenating regex into bigger " A|B
" patterns (faster
<br>
> to check against), etc.
<br>
>
<br>
> Amos
<br>
>
<br>
> _______________________________________________
<br>
> squid-users mailing list
<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
<br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJX7kq8AAoJENNXIZxhPexGH+cH/jmZsQlcZgXpwt62pHDtHp4t
<br>
TWDnhr5KOfHv+GFeBUmJYuD2nn8wefb5KUUhea5fdpRAeDihFDQDPQDwAnaC/E5q
<br>
FzE68zh+nF13xVwTW9/5mQhK75G17mOGJPGFPn1ZUC3lf/Q2JCOhWB+0MFilXXcQ
<br>
/ptCeQII/E8oXaiBOvHPzasOp6eDnu/m51q0DnkfoUceEWap9W0rY/vKxwL32FI9
<br>
fjqoZGGBPt3FDczjb8/9X6trqeGBwUl4PKSTE4JSdyU6z52evaCSsVbEgAmw+LjI
<br>
ELCBPOuU7buFxNjCSNLVhDNQeZJFJxPV8Oh/OcDQZQDhdUYliEwRke5Sz+Rz37k=
<br>
=hFD2
<br>
-----END PGP SIGNATURE-----
<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote>
</div>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
Signed,
Benjamin E. Nichols
<a class="moz-txt-link-freetext" href="http://www.squidblacklist.org">http://www.squidblacklist.org</a>
1-405-397-1360 - Call Anytime.</pre>
</body>
</html>