Re: ACL ban list ?...

Jamie Wilson wrote:
>
> At 10:30 PM 4/21/98 +1000, you wrote:
> >Zeus V. Panchenko wrote:
> >>
> >> Hi,
> >> I'm new here. Please excuse me if the question is already discussed ...
> >>
> >> I need to put BIG (several hundreds entries) ban list of sites,
> >> I don't want users to access ...
> >>
> >> How will it affect the work of Squid?
> >
> >Badly, depending on the exact number of the entries, the available CPU
> >cycles, and the type of access controls.
> >
> >Use a redirector. See the documentation for a discussion on how they
> >work.
>
> I would be interested in hearing of any out-of-the-ordinary (ie, URL
> re-writing to take advantage of mirrors) uses of the redirector facility,
> and how it's working for people.

I set these up as a matter of routine on all the proxies that I
administer. It works well.

> We currently have a custom written proxy that does a number of checks on
> each URL ("child-safety" settings, time controls, etc.) based on the user
> accessing the URL. At first glance I think it would be necessary to modify
> squid to pass a bit more information to the redirector, but that shouldn't
> be a major task.
>
> Any general comments on this? I'm quite sure squid's up to the task, as
> long as our redirector is zippy enough.

My rule of thumb is: Do whatever you want, but do it in 15ms or less.
I would like extra information passed. For example, the name that a user
proxy-authenticated under (actually, I've not tried this, so maybe it
already is) passed in the field normally reserved for ident.

We do much the same things with squid as you do with your custom proxy.
The magic is almost all in the redirector.

D

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT d- s++: a C++++$ UL++++B+++S+++C++H++U++V+++$ P+++$ L+++ E-
W+++(--)$ N++ w++$>--- t+ 5++ X+() R+ tv b++++ DI+++ e- h-@ 
------END GEEK CODE BLOCK------