On Sun, Oct 19, 2008 at 04:51:16PM +1300, Amos Jeffries wrote: >> >> Fair test would be reversing the hostname, which is very cheap operation. ;) > > No. Because most users will not write their ACL regex normally, and the > regex has to match a forward-coded domain anyway. The squid algorithm > works on forward-coded domains. > > A fair test, therefore uses each methods native comparison style from > forward-coded domains as input. dstdomain does not even really use the > terminator equivalent to $ in its matches, though it is assumed. No, the idea was to test best case scenario. Atleast for me. > Your initial claim was that simply assembling the regex was faster than > dstdomain comparison. Sorry, you must have been reading this thread too fast. Me: "Sometimes you just need to block more specific URLS" "how to use them efficiently IF NEEDED" It was the OTHER Henrik who was curious about dstdomain/regex speed. :-) > You implied it very strongly with your statement that we should stop > recommending dstdomain for domain-only ACL. The informed developers have > never said NO regex. Only pointed out uses where its not worth using. Never I have said that you should stop using dstdomain? What statement specifically are you referring to? I was merely pointing out that "avoid regex" was a bit too generic response, when someone asked about high-speed ACLs. We don't know if the original poster needed them. If you need to block specific URLs, obviously you can't just start using dstdomain instead.
