Re: [squid-users] Large ACL problem

From: Chris Rosset <Chris.Rosset@dont-contact.us>
Date: Mon, 02 Apr 2007 15:11:21 -0400

Thanks very much for your help!
 the dstdomain change solved my CPU usage prob.

>>> Chris Robertson <crobertson@gci.net> 3/28/2007 2:48:28 PM >>>
Chris Rosset wrote:
> Hi Henrik,
>
> >I remember your last email pointed me towards looking at the ACL's,

>> sounds like the url_regex are most intensive since they pattern
match
>> on the whole url?
>
>> For more info on what i have
>> We have a few ACL's most are not more then a few hundred lines
>
>> but the one big one we have is 8200 lines, mostly spam, spyware,
porn
>> sites.
>
> acl never-allow-url dstdom_regex -i
> "/usr/local/squid/etc/FilterLists/never-allow-url"
> deny_info ERR_BW_CONTENT_SUPPRESSED never-allow-url
>
> and the entries in this acl are all like
> \.100percentcash.com$
>

>acl never-allow-domain dstdomain
>"/usr/local/squid/etc/FilterLists/never-allow-domain"
>deny-info ERR_BW_CONTENT_SUPPRESSED never-allow-domain

>With a file content of...

>.100percentcash.com
>(etc.)

>... and obviously a matching http_access deny rule would perform the
>same task, with much lower CPU utilization.

>> I tried installing squidguard, but had problems installing so far,
>> maybe i could try squirm, jesred or just recompile with
>> --enable-gnuregex
>> Or any other reccomendation?
>>
>> Thanks very much
>> -Chris
>>

>Chris
Received on Mon Apr 02 2007 - 13:12:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT