[squid-users] Large text ACL lists
Darren
darren.j.breeze.ml at gmail.com
Sat Oct 1 01:02:15 UTC 2016
One further question
If I have to reload the ACL lists do I restart squid or is there a way to update without impacting the users to much?
In some of the scenarios, some acl lists may change frequently
thanks again.
Sent from Mailbird [http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird]
On 1/10/2016 6:05:05 AM, Darren <darren.j.breeze.ml at gmail.com> wrote:
Hi
My main issue with squid guard is that when I try and block say www.facebook.com and the user goes to https://www.facebook.com, squidguard only sees the initial CONNECT as the target IP so doesn't match against the domain entry.
If squidguard did a reverse DNS lookup, I could keep using that more complex filtering solution. That is where the dstdomain acl is a better option but has the ram overhead.
Time for some experimentation
thanks again for the feedback
Sent from Mailbird [http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird]
On 30/09/2016 7:21:53 PM, Yuri Voinov <yvoinov at gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Amos, I'm afraid that this is not a solution. Block lists have become so
huge that only their compression and / or placement in an external
database (as Marcus) can save the situation.
30.09.2016 12:59, Amos Jeffries пишет:
> On 30/09/2016 6:58 p.m., Darren wrote:
>> Thank you Amos
>>
>> The resources I save not running multiple Squidguards will make more
>> ram available as you say and having a simpler setup is never a bad
>> thing either.
>>
>> Just to clarify, so when squid fires up, it caches the ACL file into
>> ram in it's entirety and then does some optimizations? If that is
>> the case I would need to budget the ram to allow for this.
>
> Not quite. Squid still reads the files line by line into a memory
> structure for whatever type of ACL is being loaded. That is part of why
> its so much slowe to load than the helpers (which generally do as you
> describe).
>
> The optimizations are type dependent and fairly simplistic. Ignoring
> duplicate entries, catenating regex into bigger " A|B " patterns (faster
> to check against), etc.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJX7kq8AAoJENNXIZxhPexGH+cH/jmZsQlcZgXpwt62pHDtHp4t
TWDnhr5KOfHv+GFeBUmJYuD2nn8wefb5KUUhea5fdpRAeDihFDQDPQDwAnaC/E5q
FzE68zh+nF13xVwTW9/5mQhK75G17mOGJPGFPn1ZUC3lf/Q2JCOhWB+0MFilXXcQ
/ptCeQII/E8oXaiBOvHPzasOp6eDnu/m51q0DnkfoUceEWap9W0rY/vKxwL32FI9
fjqoZGGBPt3FDczjb8/9X6trqeGBwUl4PKSTE4JSdyU6z52evaCSsVbEgAmw+LjI
ELCBPOuU7buFxNjCSNLVhDNQeZJFJxPV8Oh/OcDQZQDhdUYliEwRke5Sz+Rz37k=
=hFD2
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161001/b9b63181/attachment.html>
More information about the squid-users
mailing list