[squid-users] dansguardian as a patch for Squid

> I reckon you'd need to talk to Dan, eh? ;-)

Yep.

>
> Seriously though, Robert has done some cool stuff with inline content
> modification in his filters branches, and Moez made a patch to that to
> modify URLs that worked quite well. So the framework for doing it in
> Squid is almost ready for primetime, as far as I know.

Sounds a bit patchy to me. 'take this then patch that then add this then
patch in DG'. I'm not trying to be negative, but my aim currently with DG
is ease of installation. squid is avaiable as an rpm. DG2 will be available
as an rpm. (DG1 currently required nb++ library which would be hard to
rpm it).

The other problem with patching is that major changes to squid source
/could/ cause incompatabilities. The current design is far neater in this
respect. Another thing to remember that currently DG works with any proxy,
and some people prefer using opps. I would have to provide a patch for
oops as well if I was to keep those people happy.

However I have no real problem with doing so. Time and the necessary hooks
are the only things holding me back (or slowing me down).

>
> I guess it's up to someone to go to the trouble to write the code...

I'll go to the trouble, however, probably the best way would be if squid
provided an interface like a redirector, but have it maintain a pool of
processes that grown and shrink on demand as the blocking time for a filter
would be hugely greater than, say, squidGuard.

This I would be /VERY/ interested in and IMHO is a feature that is missing
from squid that would help people write nice filters very easily.

This interface would make squid send the client request and web server
response to the 'filter redirector' along with other information. The
filter then would respond to squid with what to do or similar. This would
need to be a provision in the main tree for ease of installation by users.

So, squid authors, whaddya think? Would you like to discuss an interface
design?

>
> Ronald wrote:
>
> > Hi there,
> >
> >
> >
> > I am looking for content based filtering in Squid. Of course I can do
> > this using dansguardian. But my feeling is that I have to pay the
> > performance for that. Because dansguardian parses http and again Squid
> > does the same. Why do not have dansguardian as a patch to Squid. So that
> > performance can be slightly improved by parsing http once. Any views in
> > this ?
> >

The performance drop due to parsing the http headers (remember squid only
looks at the headers) is minimal. Headers are not long. I would not expect
a noticable improvement in speed. Most of the time is spent either
filtering the content (which a plugin/patch would also have to do) and
actually shuffling the data around.

As a 'filter redirector' plugin the speed of the non-filtered content (gifs,
jpegs etc) would be doubled as it would not need to go from squid to dg then
to browser and would go direct. This is to say it would in theory take
half as much cpu usage which on my 2Mb link and squid on a P166 never gets
over 20% so the limiting factor is the link in this case. So again, a
speed increase may not be noticed.

> >
> >
> > Regards,
> >
> > Ronald

-- 
Daniel Barron
(Visit http://dansguardian.org/ - True web content filtering for all)