RE: [squid-users] Regex url lists and DNS blacklist acls

Thanks for the reply Henrik.

As utils like squidguard/dansguardian are able to handle regex files
with good performance, I was hoping to achieve the same with asqredir or
similar light tools.

I assume Squid caches any external regex_url file?

I'll go ahead and see if I can get dnsbl_redir and perhaps asqredir to
work as external ACL helpers and do some testing to see if there is any
performance gain from it.

Thanks again.

Regards,
Thomas

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Friday, September 01, 2006 12:07 AM
To: Thomas Nilsen
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Regex url lists and DNS blacklist acls

tor 2006-08-31 klockan 15:06 +0200 skrev Thomas Nilsen:

> The shadowserver.org and bleedingsnort.com lists could easily be
> integrated as dstdomain acl, but the malware.com.br is a regex_url
> list and I don't want to take the performance hit using a regex_url
> acl. So the idea was to try and use a redirector like asqredir for the

> regex_url files.

regex performance is about the same I am afraid.. the problem is not
where they are implemented but the fact that regex patterns is not well
structured so the whole list must be searched all the time...

> I also want to use the dnsbl_redir to check dns blacklists (which
> potentially could replace the dstdomain acl as well if that is of any
> performance benefit).

I would recommend implementing that using an external ACL instead of of
a redirector. Much better performance.

> Problem is to use the two redirectors at the same time.

Not really a problem. Look in the archives (search for Open2). But I
wouldn't recommend it in this case as an external acl is much better
design.

> I expect the dnsbl_redir has a lower overhead as a helper application
> than asqredir would if changed into a external acl helper, or does
> that not matter? Have anyone tried this?

external acls have a very noticeable performance benefit compared to
redirectors at large thanks to the lookup cache available in the
external acl construct.

Regards
Henrik

DISCLAIMER:
This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
Received on Fri Sep 01 2006 - 00:23:08 MDT