Search squid archive

Re: Acl for domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel Zilli wrote:
Hi,

A doubt here. Which kind of acl should I choose to process a blacklist (around
1000 entries) ?
I know the different between srcdomain, dstdomain, srcdom_regex and
dstdom_regex, but which one is faster ?


Any with _regex is currently SLOW. I prefer not to use it for any

Any acting on data retrieved anyway for the request is FAST (src, dstdomain, dst).

Others slowed by a DNS lookup, which may be cached from a previous use until DNS TTL is over (srcdomain)


FastEST of the lot is src followed closely by dstdomain. As they require NO additonal lookups and differ only on int vs string comparison. dst is close behind with one DNS lookup which is just moved forward from near the outbound send (should only effect DENIED requests which would not have to do that later lookup).


A GOOD dtsdom_regexp would naturally fit in between dstdomain and dst. But squid apparently does not have a good regexp (I have not looked at it myself yet, just heard the screams of admin who tried it large-scale).

Amos

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux