Search squid archive

Fw: [squid-users] Sporadic high CPU usage, no traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Henrik Nordstrom" <hno@xxxxxxxxxxxxxxx>
To: "Chris Robertson" <crobertson@xxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Thursday, November 04, 2004 11:35 PM
Subject: RE: [squid-users] Sporadic high CPU usage, no traffic

Here's the proposed solution for site blocking (using url_regex):
(www\.)?gamesondemand\.yahoo\.com/
(www\.)?bpssoft\.com/powertools/library\.htm
(www\.)?www2\.photeus\.com(:[0-9]+)?/~ewot/

The real solution is to not use url_regex, and when you need to use it use it on as few requests as possible.

url_regex should be viewed as a "last resort" acl when none of the other ACLs can be used.

In most cases dstdom acls is what should be used.

url_regex scales very badly with the number of patterns and is a preformance killer.

dstdom scales very well with the number of blocked sites and easily copes with very large lists. Basically only the startup time is dependent on the number of entries in a dstdom list.

In terms of filtering Squid really lacks the "urllist" type of acl available in SquidGuard. Squid only has equivalences of "domainlist"
(dstdomain) and "expressionlist" (url_regex) and a few minor variants thereof.


Regards
Henrik


Can you explain whether it is still acceptable to create a file with a number of dstdomain entries in it, with one acl (see 1 below), or is it better from a performance point of view to create a number of specific dstdomain acl's to cover blocked sites (see 2 below)?
I've already read in some previous questions that using url_regex (which is what I am currently using, should be used as a last resort, but just wanted to clarify the above.


1. acl blockedsites dstdomain "/etc/squid/blockedsites"
http_access deny blockedsites

# blockedsites file has e.g. .playboy.com .penthouse.com etc.

2. acl blockedsites dstdomain .playboy.com .penthouse.com
http_access deny blockedsites



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux