>>> Henrik Nordstrom <henrik@henriknordstrom.net> 3/28/2007 2:04:40 AM
>>>
tis 2007-03-27 klockan 18:12 -0400 skrev Chris Rosset:
>>> Hello,
>>>
>>> I am still having a issue with high CPU usage.
>>> In a previous post it was suggested that my ACL (which is 8k+
lines)
>8k+ lines of what?
>for both Squid and SquidGuard it's important you use the correct acl
>type for the structured data such as host names, domains etc, and
only
>use regex patterns as a last resort.
>The problem with regex is
>a) It's CPU intensive to evaluate as the whole list has to be
evaluated
>on each request only to find that it doesn't match any of the
patterns..
>b) Quite memory hungry.
>The other ACL types works much more efficiently thanks to their data
>being structured allowing the patterns to be sorted and searched
>efficiently.
>Regards
>Henrik
Hi Henrik,
I remember your last email pointed me towards looking at the ACL's,
sounds like the url_regex are most intensive since they pattern match
on the whole url?
For more info on what i have
We have a few ACL's most are not more then a few hundred lines
but the one big one we have is 8200 lines, mostly spam, spyware, porn
sites.
acl never-allow-url dstdom_regex -i
"/usr/local/squid/etc/FilterLists/never-allow-url"
deny_info ERR_BW_CONTENT_SUPPRESSED never-allow-url
and the entries in this acl are all like
\.100percentcash.com$
I tried installing squidguard, but had problems installing so far,
maybe i could try squirm, jesred or just recompile with
--enable-gnuregex
Or any other reccomendation?
Thanks very much
-Chris
Received on Wed Mar 28 2007 - 13:49:31 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:02 MDT