lör 2012-06-30 klockan 00:46 +0300 skrev Eliezer Croitoru:
> while reading on squid-users i understood that dstdomain acl is faster
> then regex but i dont really know how they defer from each other on the
> implementation.
dstdomain is sortable which allows for efficient lookup algorithms to be
used. In Squid we use a splay tree for dstdomain based on reverse domain
names.
> also i have noticed in the dev list that was discussed about acl that do
> not match change of code but i kind of lost it.
?
> i'm almost sure i have read something about rfc for acl and i have seen
> that exist this "http://www.ietf.org/rfc/rfc2086.txt" rfc but not really
> sure where to start.
You need to start by defining your ACL requirements, what is it you need
to protect/limit and based on what?
> if anyone can give me some leads on even how to start thinking about acl
> logic\pseudo or a document that talks about acls logic i will be more
> then just happy.
ACL is a quite wide concept. And the acl term in Squid is not what you
normally consider an acl. Instead http_access is more of an ACL than the
acl directive. The Squid acl directive is a selector/match, not an ACL
There is too many ways to express ACLs, but a common form is like Squid
http_access lists.
Ordered list of
selectors -> permission
where some implementations use the first matching entry (all selectors
match), some the last.
http://en.wikipedia.org/wiki/Access_control_list has some introduction
and links to further readin on ACLs in general.
Received on Fri Jun 29 2012 - 22:58:47 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 30 2012 - 12:00:06 MDT