Roger Pe?a Escobio wrote:
> and for dstdomain?
> I'm a lot of dstdomain in the ACLs and I'm looking , like Jeffrey,
> that the performans is going down
If you have a large dstdomain blocklist it may help a little to split
the list based on top level domains or specific words.
Another one which may help is to allow the most popular "goood" sites
before you block bad sites
# Allow most frequently used "nice" domains.
acl dst_niceones dstdomain "/usr/local/sbin/etc/niceones.domains
http_access allow dst_niceones
# Deny blocked "com" domains
acl dst_com dstdomain com
acl dst_com_blocked dstdomain "/usr/local/squid/etc/com_blocked.domains"
http_access deny dst_com dst_com_blocked
# Allow the other non-blocked "com" domains
http_access allow dst_com
# Deny blocked "word1" domains
acl dst_word1 dstdom_regex word1
acl dst_word1_blocked dstdomain "/usr/local/squid/etc/word1.domains"
http_access deny dst_word1 dst_word1_blocked
Also make sure your domain list is NOT sorted on reverse domain name as
that would yield the worst splay tree. Have the domain list in
dictionary sorted order or random order.
--- Henrik Nordstrom Spare time Squid hackerReceived on Sun Feb 28 1999 - 13:35:35 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:47 MST