[squid-users] Large text ACL lists

Benjamin E. Nichols webmaster at squidblacklist.org
Sat Oct 1 01:11:55 UTC 2016


I would recommend you stop squid and start it, simply doing a -k 
reconfigure is a bad idea, because sometimes squid will not reload the 
new blacklists, I have no idea why it is unpredictable in this manner or 
if they have fixed this problem, I didnt write the software, but what I 
do know, in my experience, is that the most reliable way to ensure the 
lists actually get reloaded when using large acl domain lists in the 
manner you are, is to stop squid3 and start , which is also kinda lame 
because it takes longer, but its sure to work.

Anyway thats my two cents.


On 9/30/2016 8:02 PM, Darren wrote:
> One further question
>
> If I have to reload the ACL lists do I restart squid or is there a way 
> to update without impacting the users to much?
>
> In some of the scenarios, some acl lists may change frequently
>
> thanks again.
>
>
>
> Sent from Mailbird 
> <http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird>
>>
>> On 1/10/2016 6:05:05 AM, Darren <darren.j.breeze.ml at gmail.com> wrote:
>>
>> Hi
>>
>> My main issue with squid guard is that when I try and block say 
>> www.facebook.com and the user goes to https://www.facebook.com, 
>> squidguard only sees the initial CONNECT as the target IP so doesn't 
>> match against the domain entry.
>>
>> If squidguard did a reverse DNS lookup, I could keep using that more 
>> complex filtering solution. That is where the dstdomain acl is a 
>> better option but has the ram overhead.
>>
>> Time for some experimentation
>>
>> thanks again for the feedback
>>
>>
>>
>>
>> Sent from Mailbird 
>> <http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird>
>>>
>>> On 30/09/2016 7:21:53 PM, Yuri Voinov <yvoinov at gmail.com> wrote:
>>>
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>
>>> Amos, I'm afraid that this is not a solution. Block lists have 
>>> become so
>>> huge that only their compression and / or placement in an external
>>> database (as Marcus) can save the situation.
>>>
>>>
>>> 30.09.2016 12:59, Amos Jeffries пишет:
>>> > On 30/09/2016 6:58 p.m., Darren wrote:
>>> >> Thank you Amos
>>> >>
>>> >> The resources I save not running multiple Squidguards will make more
>>> >> ram available as you say and having a simpler setup is never a bad
>>> >> thing either.
>>> >>
>>> >> Just to clarify, so when squid fires up, it caches the ACL file into
>>> >> ram in it's entirety and then does some optimizations? If that is
>>> >> the case I would need to budget the ram to allow for this.
>>> >
>>> > Not quite. Squid still reads the files line by line into a memory
>>> > structure for whatever type of ACL is being loaded. That is part 
>>> of why
>>> > its so much slowe to load than the helpers (which generally do as you
>>> > describe).
>>> >
>>> > The optimizations are type dependent and fairly simplistic. Ignoring
>>> > duplicate entries, catenating regex into bigger " A|B " patterns 
>>> (faster
>>> > to check against), etc.
>>> >
>>> > Amos
>>> >
>>> > _______________________________________________
>>> > squid-users mailing list
>>> > squid-users at lists.squid-cache.org
>>> > http://lists.squid-cache.org/listinfo/squid-users
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2
>>>
>>> iQEcBAEBCAAGBQJX7kq8AAoJENNXIZxhPexGH+cH/jmZsQlcZgXpwt62pHDtHp4t
>>> TWDnhr5KOfHv+GFeBUmJYuD2nn8wefb5KUUhea5fdpRAeDihFDQDPQDwAnaC/E5q
>>> FzE68zh+nF13xVwTW9/5mQhK75G17mOGJPGFPn1ZUC3lf/Q2JCOhWB+0MFilXXcQ
>>> /ptCeQII/E8oXaiBOvHPzasOp6eDnu/m51q0DnkfoUceEWap9W0rY/vKxwL32FI9
>>> fjqoZGGBPt3FDczjb8/9X6trqeGBwUl4PKSTE4JSdyU6z52evaCSsVbEgAmw+LjI
>>> ELCBPOuU7buFxNjCSNLVhDNQeZJFJxPV8Oh/OcDQZQDhdUYliEwRke5Sz+Rz37k=
>>> =hFD2
>>> -----END PGP SIGNATURE-----
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
--

Signed,

Benjamin E. Nichols
http://www.squidblacklist.org

1-405-397-1360 - Call Anytime.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160930/4e7a7bcb/attachment-0001.html>


More information about the squid-users mailing list