Daniel Zilli wrote:
> Hi,
>
> A doubt here. Which kind of acl should I choose to process a blacklist (around
> 1000 entries) ?
>
> I know the different between srcdomain, dstdomain, srcdom_regex and
> dstdom_regex, but which one is faster ?
>
Any with _regex is currently SLOW. I prefer not to use it for any
Any acting on data retrieved anyway for the request is FAST (src,
dstdomain, dst).
Others slowed by a DNS lookup, which may be cached from a previous use
until DNS TTL is over (srcdomain)
FastEST of the lot is src followed closely by dstdomain. As they require
NO additonal lookups and differ only on int vs string comparison. dst is
close behind with one DNS lookup which is just moved forward from near
the outbound send (should only effect DENIED requests which would not
have to do that later lookup).
A GOOD dtsdom_regexp would naturally fit in between dstdomain and dst.
But squid apparently does not have a good regexp (I have not looked at
it myself yet, just heard the screams of admin who tried it large-scale).
Amos
Received on Fri Aug 31 2007 - 07:00:48 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:04 MDT