One further question If I have to reload the ACL lists do I restart squid or is there a way to update without impacting the users to much?
In some of the scenarios, some acl lists may change frequently thanks again. Sent from Mailbird [http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird] On 1/10/2016 6:05:05 AM, Darren <darren.j.breeze...@gmail.com> wrote: Hi My main issue with squid guard is that when I try and block say www.facebook.com and the user goes to https://www.facebook.com, squidguard only sees the initial CONNECT as the target IP so doesn't match against the domain entry. If squidguard did a reverse DNS lookup, I could keep using that more complex filtering solution. That is where the dstdomain acl is a better option but has the ram overhead. Time for some experimentation thanks again for the feedback Sent from Mailbird [http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird] On 30/09/2016 7:21:53 PM, Yuri Voinov <yvoi...@gmail.com> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Amos, I'm afraid that this is not a solution. Block lists have become so huge that only their compression and / or placement in an external database (as Marcus) can save the situation. 30.09.2016 12:59, Amos Jeffries пишет: > On 30/09/2016 6:58 p.m., Darren wrote: >> Thank you Amos >> >> The resources I save not running multiple Squidguards will make more >> ram available as you say and having a simpler setup is never a bad >> thing either. >> >> Just to clarify, so when squid fires up, it caches the ACL file into >> ram in it's entirety and then does some optimizations? If that is >> the case I would need to budget the ram to allow for this. > > Not quite. Squid still reads the files line by line into a memory > structure for whatever type of ACL is being loaded. That is part of why > its so much slowe to load than the helpers (which generally do as you > describe). > > The optimizations are type dependent and fairly simplistic. Ignoring > duplicate entries, catenating regex into bigger " A|B " patterns (faster > to check against), etc. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJX7kq8AAoJENNXIZxhPexGH+cH/jmZsQlcZgXpwt62pHDtHp4t TWDnhr5KOfHv+GFeBUmJYuD2nn8wefb5KUUhea5fdpRAeDihFDQDPQDwAnaC/E5q FzE68zh+nF13xVwTW9/5mQhK75G17mOGJPGFPn1ZUC3lf/Q2JCOhWB+0MFilXXcQ /ptCeQII/E8oXaiBOvHPzasOp6eDnu/m51q0DnkfoUceEWap9W0rY/vKxwL32FI9 fjqoZGGBPt3FDczjb8/9X6trqeGBwUl4PKSTE4JSdyU6z52evaCSsVbEgAmw+LjI ELCBPOuU7buFxNjCSNLVhDNQeZJFJxPV8Oh/OcDQZQDhdUYliEwRke5Sz+Rz37k= =hFD2 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
