Re: acl performance

From: Luke Howard <>
Date: Tue, 2 Jul 96 10:26:16 +1000

> Eg/ If an ISP wants to setup a link to a School, they can maintain
> a list of banned sites (pref in a seperate conf file)

We are exactly such an ISP, and I guess this would be a useful

At the moment, our blocklist management software (CensorMan)
stores filters separately (using NetInfo) and then exports
them to a Squid configuration file.


victoria[10:22:11]~$ nidump -r /filters/schnet/ .
name = http;
    name = /;
    by = "Joe user";
    comment = "Filter for Playboy";
    generic = "";
    on = "1996.01.19T05:48-0000";
    port = 80;
    until = "1996.01.14T05:48-0000";


acl bpr_http proto HTTP
# (more filters)
# Filter for Playboy
# /filters/schnet/\/
acl domain
http_access deny bpr_http

in squid.conf.

A question re. ACL lists -- if it searches the list sequentially, and if
a match is found (ie. let all requests NOT coming from
in) then will those sites see improved performance? If the ACL entry
is at the head of the linked list, you'd assume so, but I haven't
had a look at the code yet.

Point being, sites that don't have any filtering done can hopefully
not have to have each request checked against the entire ACL list.

-- Luke
Received on Mon Jul 01 1996 - 17:27:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:33 MST