On Mon, 7 Jun 1999, Simon Bryan wrote:
> Is there a maximum number of ACL rules I should use?
> Is there a maximum number of entries I should put in a regex or other acl file?
> Is it better to run an external redirector program?
I use an external redirector that I wrote in PERL to do the job.
There is a redirector written in C called Squirm that should work very
well.
The only drawback I've seen to this is when a denied page is accessed
and redirected page is shown instead, the redirected page gets cached
in place of the "real" page. My redirector can let certain users be
able to view any page without restriction (via identd currently,
though I may do proxy_auth soon), and they end up getting the
redirected page instead of the "real" page until they do a
shift-reload in Navigator. At that point, any of the "denied" users
will then be able to see the information because an "allowed" user
caused it to get cached. :-(
In other words, if someone visits http://www.denied.com and your
redirector then returns http://www.yoursite.com/blocked.html instead,
Squid creates a cache object for http://www.denied.com with the data
for http://www.yoursite.com/blocked.html in its place, which is wrong,
IMHO.
I'm going to try (keyword "try") to go through the Squid source to
find a way to fix this, since I don't think those redirected pages
should be cached in that way. Unless, of course, someone already
knows of any easy way to fix this. :-)
Of course, none of this is a problem at all if you don't allow/deny
certain material for different users.
-- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net
FreeBSD: The fastest and most stable server OS on the planet.
For Intel x86 and Alpha architectures (SPARC under development).
( http://www.freebsd.org )
"One should admire Windows users. It takes a great deal of
courage to trust Windows with your data."
Received on Sun Jun 06 1999 - 21:08:30 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:46 MST