On Wed, Mar 30, 2005 at 10:42:36PM +0200, Henrik Nordstrom wrote: > On Wed, 30 Mar 2005, Sergey Shepshelevich wrote: > > >But do exists any other documentation about what acl types allowed with > >delay_access ? > >In another words which acls are fast ? > > It's easier to see it the other way around: Any acl where Squid needs to > make a lookup of any kind to an external resource is slow, and can not > reliably be used in most access directives except for http_access. > > >delay_access and external acl used together in our organization > >(Alex Grigoriev said that it worked). > > It can be made to work with some restrictions by using http_access to make > the lookup, cached by the ttl and then available most of the time in > delay_access. If I understand your the config looked like external_acl_type quota_aclext ttl=15 negative_ttl=15 %LOGIN %SRC %DST /usr/local/libexec/squid/quota.pl acl users_quota external quota_aclext ## work around way. ## pass overquota and not overquota users http_access allow auth_required users_quota http_access allow auth_required !users_quota ## delay_class 1 1 delay_parameters 1 100/100 delay_access 1 allow !users_quota delay_access 1 deny all But will I get perfomance bootleak in calculating delay pools ? I suppose squid will use users_quota value calculated in http_access. Therefore it will check this acl per eAch URL request. After ttl recalculated it. Is it bad for proxy perfomance ? Do you know other rules like http_access that can be used together with external_acl ? I found no info about it. The second way, generate file with overquota users and attach it following acl: acl auth_overquoted proxy_auth "_path_/overquoted" delay_class 1 1 delay_parameters 1 100/100 delay_access 1 allow auth_overquoted delay_access 1 deny all But I should in this case do squid -k restart every 15 minutes. Is second way good way ? -- Sergey Shepshelevich Ulyanovsk State Technical University NOC, System administrator
