Hi list,
I have run into a slight problem with a squid setup on a Trustix 2.0 box here and haven't
been able to find a clue yet what might be causing it.
In order to deny the internal clients access to a given number of sites we have added
some acls to the squid.conf.
acl url-deny dstdomain "/etc/squid/url-deny"
acl ip-deny dst "/etc/squid/ip-deny"
...
http_access deny url-deny
http_access deny ip-deny
http_access allow all
The corresponding files look like this (details changed, obviously):
ip-deny (1 entry):
1.1.1.1
url-deny (5-10 entries):
url1.com
.url2.org
url3.it
Currently accessing the internet using lynx with the proxy configured running on the same
machine (so no networking problems here involved atm). As long as URL blocking is active
it takes roughly 5-10 secs before the site even starts loading (no activity in access.log too,
with tail -f running), no matter which site I try to connect to. Once I am on the site, everything
run smoothly, hardly any delays at all.
As soon as url blocking is deactivated and squid restarted everything works like a charm.
No 5-10 secs delays at all.
I understand that some ACLs (according to the FAQ) can cause delays due to reverse
DNS lookups and similar things. Does anything like that apply to dst and dstdomain as well?
And if so, is there any way around it?
Torsten
Received on Wed Feb 25 2004 - 02:29:18 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST