tor 2006-08-31 klockan 15:06 +0200 skrev Thomas Nilsen: > The shadowserver.org and bleedingsnort.com lists could easily be > integrated as dstdomain acl, but the malware.com.br is a regex_url list > and I don't want to take the performance hit using a regex_url acl. So > the idea was to try and use a redirector like asqredir for the regex_url > files. regex performance is about the same I am afraid.. the problem is not where they are implemented but the fact that regex patterns is not well structured so the whole list must be searched all the time... > I also want to use the dnsbl_redir to check dns blacklists (which > potentially could replace the dstdomain acl as well if that is of any > performance benefit). I would recommend implementing that using an external ACL instead of of a redirector. Much better performance. > Problem is to use the two redirectors at the same time. Not really a problem. Look in the archives (search for Open2). But I wouldn't recommend it in this case as an external acl is much better design. > I expect the dnsbl_redir has a lower overhead as a helper > application than asqredir would if changed into a external acl helper, > or does that not matter? Have anyone tried this? external acls have a very noticeable performance benefit compared to redirectors at large thanks to the lookup cache available in the external acl construct. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel