On 4/20/05, Henrik Nordstrom <hno@xxxxxxxxxxxxxxx> wrote: > > The rest are url_regex which involve urls or ports (for the CONNECT) > > later defined in the http_access rules. So essentially we have a > > population of users and we want to restrict what they can access > > depending on what group they're in. Group membership is determined by > > ldap lookups. > > Why url_regex? > > For CONNECT there is exacly zero reasons to use url_regex. > > In terms of CPU usage url_regex is several orders of magnitude heavier > than the other acl types. I'll take a look at it. I think it was to keep the format simpler because the majority of the acls are url_regexes. But I don't think this is the problem. > > > Never any problems with CPU usage, these are like dual p3 1.3 Ghz, so > > it's more than enough muscle. > > Squid only runs on one CPU. What means that 50% CPU usage reported on your > system is 100% CPU usage by Squid.. It's essentially 1% of 1 CPU usage. I haven't looked at how the ACLs are evaluated and if re-ordering them would help. Is this a worthwhile idea? Thien