Search squid archive

Re: Regex url lists and DNS blacklist acls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



tor 2006-08-31 klockan 15:06 +0200 skrev Thomas Nilsen:

> The shadowserver.org and bleedingsnort.com lists could easily be
> integrated as dstdomain acl, but the malware.com.br is a regex_url list
> and I don't want to take the performance hit using a regex_url acl. So
> the idea was to try and use a redirector like asqredir for the regex_url
> files.

regex performance is about the same I am afraid.. the problem is not
where they are implemented but the fact that regex patterns is not well
structured so the whole list must be searched all the time...

> I also want to use the dnsbl_redir to check dns blacklists (which
> potentially could replace the dstdomain acl as well if that is of any
> performance benefit).

I would recommend implementing that using an external ACL instead of of
a redirector. Much better performance.

> Problem is to use the two redirectors at the same time.

Not really a problem. Look in the archives (search for Open2). But I
wouldn't recommend it in this case as an external acl is much better
design.

> I expect the dnsbl_redir has a lower overhead as a helper
> application than asqredir would if changed into a external acl helper,
> or does that not matter? Have anyone tried this?

external acls have a very noticeable performance benefit compared to
redirectors at large thanks to the lookup cache available in the
external acl construct.

Regards
Henrik

Attachment: signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux