On Sun, 09 Jun 2013 12:29:37 +0300 Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > I have seen http://www.squidblacklist.org/ which is a very nice idea > but I am wondering if squid.conf and other squid products are the > good choice for any place. > > For a mission critical proxy server you will need to prevent any > "reload" of the proxy which can cause a *small* download corruption. > I know that admins most of the time don't think about reload of a > process but it can cause some department in the enterprise a problem. > From the ISP point of view you must prevent any problem to the > client. > The timeout period experienced while reloading a squid proxy with, say, an acl like squid-prime.acl which has around 1 million urls or more in it. Certainly does result in a temporary disruption of service, however. I believe one easy solution to this may be to simply temporarily redirect your web traffic to another squid proxy while you are reloading -k reload or even restarting squid for a temporary period of say a couple of minutes as this period usually does not take more than a minute or so. Or rather you could just have siblings or a parent proxy. When sibling or parent proxy is unavailable while reloading squid for the filters, the other proxy would bypass the sibling reloading and "go direct". I know this works for a squid proxy sibling or parent that is unreachable. I havent tested if it works for a reloading squid yet, But I will do this today. Also if you have a solution that works, please share a link with us. - Signed, Fix Nichols http://www.squidblacklist.org
