2012/9/23 Eliezer Croitoru <eliezer@xxxxxxxxxxxx>: > On 9/23/2012 3:52 PM, E.S. Rosenberg wrote: >> >> 1. Can (potentially) reloading squid (service squid3 reload or >> /etc/init.d/squid3 reload) this often have a negative impact? or bad >> side effects? >> 2. Such reloads according to my logic would have to be coordinated >> between all processes that may be editing acls, correct? > > Hey Eliyahu, > > Reloading every 5 minutes is a very BAD idea. > It can cause slowdowns and other stuff to respond bad. > > I remember your code in PHP? > > Instead of writing ACLs into squid.conf and included files it will be better > to use an EXTERNAL_ACL that can be updated automaticly and do not be needed > to restart. > > what kind of ACLs are you talking about exactly? Lists of users, users that browse through ISP A, and users that browse thought ISP B, users that are blocked etc. > think in mind that you can write you own settings file\db and to work with. > > if it's LDAP\mysql\RADUIS It can be done easily. The info on which ISP a user is supposed to use at the moment is "partially" in LDAP (ie. determined by location in tree or membership of a unix group, I'd like to change it to being an attribute for each user). We also have a RADIUS server which basically acts as a frontend to LDAP for some RADIUS based products, it seems that leveraging RADIUS would provide other advantages if I also leverage the reporting feature to count users' traffic.... Thanks, Eli > > I have just worked on a framework of EXTERNAL_ACL that allows you high > concurrency and working with DB and what ever needed to check ACLS. > > If you have more specific data on the ACLs I will be happy to look at it and > see if there is a simple way for my framework to give you what you need. > > Eliezer > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il
