Re: Squid available from outside

No simple way to explain, I just use the firm of French Squid
Engineers - MS SUckett and See. Thanks for the help and advice.

Date sent: Thu, 18 Mar 1999 01:35:08 +0100
Subject: Re: Squid available from outside
To: sbryan@olmc.nsw.edu.au
From: Henrik Nordstrom <hno@hem.passagen.se>
Copies to: squid-users@ircache.net

> Simon Bryan wrote:
>
> > could I do something like
> > acl US src 'our ip address range'
> > http_access deny !US
>
> Yes.
>
> > If so would this slow down Squid much?
>
> No. src type ACLs with a few IP address ranges are very fast.
>
> > Is Squid likely to slow noticeably from a large number of ACL's?
>
> It very much depends on how you use them, and which types of ACLs.
>
> > If so what would that large number be?
>
> It depends. Anywhere in the range 2 to several thousand depending on acl
> types and contents, and how you use them.
>
> Squid uses short-circuit logic so in many cases it is possible to speed
> up ACL processing by adding a few more ACL rules to bypass more complex
> checks on common types of requests.
>
> > BTW I have sorted out the time restrictions I was trying to do with
> > CRON (they worked) but the acl time rules are much smoother,
> > once you work out the sequence and the rules about ANDing and
> > ORing!
>
> Yes, isn't it. Any ideas on a good way to explain of how this AND/OR
> works? There are many questions on how Squid ACLs work when combined,
> and I have not found any good way to explain it other than that it is
> simple AND/OR logic (the logic is simple, the effects are complex).
>
> ---
> Henrik Nordstrom
> Spare time Squid hacker
>

--
Simon Bryan                    sbryan@olmc.nsw.edu.au
Information Technology Manager sbryan@mpx.com.au
OLMC Parramatta