On Wed, 2 Dec 2009 18:27:36 -0500, Mike Marchywka <marchywka@xxxxxxxxxxx> wrote: > ---------------------------------------- >> Date: Thu, 3 Dec 2009 00:00:29 +0100 >> From: jip@xxxxxxx >> To: squid3@xxxxxxxxxxxxx >> CC: squid-users@xxxxxxxxxxxxxxx >> Subject: Re: Using MySQL for ips acl and urls >> >> Amos Jeffries escribió: >>> On Wed, 02 Dec 2009 20:36:38 +0100, José Illescas Pérez >>> wrote: >>>> Hello, >>>> >>>> I'm interesed in install squid for my organization. >>>> >>>> I want to configure large acl's of ip lists, 20.000 more o less. >>>> >>>> Can I use external acl with MySQL for create this acl ip list?. What's >>>> the performance in this case?. >>>> >>>> I want to configure large acl of url lists in MySQL too, for example a >>>> blacklist with categories. What's the performance in this case?. >>>> >>>> Perhaps, is more convenient use squidguard for blacklist of urls and >>>> create the group categories. Any ideas?. >>>> >>>> Greetings. >>> >>> Individual IPs with individual blocklists? this is extremely >>> inefficient. >>> >>> If you must, you can easily use external_acl_type to pull details from >>> mysql during live traffic processing. Speed depends on the query >>> efficiency >>> and network lag to mysql server. > > We have java servers for related tasks that maintain in memory hashtables > for these lists. if DB is not too dynamic this works well. You may need to > either signal > server to invalidate in-memory acl cache or have > short expirations if db is more volatile but has can be > much faster than db look up on remote machine. > NP: that is close to how external_acl_works. Slow remote lookup on first request followed by fast local cache lookup for next N requests. Except the signalling being a -k reconfigure for Squid. Amos
