Re: [squid-users] is it bad to constantly reload squid.conf

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 26 Nov 2009 11:13:05 +1300

squid wrote:
> Amos Jeffries wrote:
>> Jeff Peng wrote:
>>> You will 'squid -k reconfig' for reloading the new config file.
>>> This is safe enough form what I checked in the sources years ago.
>>> But if you reconfig it too frequently, I don't know the result.
>>>
>>> Regards.
>> Squid will not accept new requests for the period it takes to reload the
>> config, restart the helpers, and write the cache index to disk and read
>> it back in again.
>>
>> Amos
>>
>>> ---------- Original Message ----------
>>> From: squid <squid_at_manning.nottingham.sch.uk>
>>> To: Squid Users <squid-users_at_squid-cache.org>
>>> Subject: [squid-users] is it bad to constantly reload squid.conf
>>> Date: Wed, 25 Nov 2009 11:17:25 +0000
>>>
>>> Hello,
>>>
>>> My question is, would it be 'bad' to reload squid.conf, up to 100 times
>>> within a very short space of time? If so, is there a 'better' way of
>>> getting Squid to acknowledge changes made to an ACL?
>>>
>>> I work in a school and have created an ACL which reads in pupils network
>>> ids from an external text file this then allows them to access the web.
>>> The contents of this file are dynamic and pupils ids are added via a php
>>> script after they agree to abide by the schools internet policy.
>>>
>>> Currently, every time a new user is added to the list the squid
>>> configuration file is reloaded. It is possible that this may happen many
>>> times (up to 100) within a few seconds.
>>>
>>> I'm a bit of a newbie to all of this so apologies if i'm going over old
>>> ground..
>>>
>>> Many Thanks
>>>
>>>
>>> ____________________________________________________________
>>> Doctoral Degrees Online
>>> Explore our directory of degrees. Move ahead with a Doctorate Degree!
>>> http://thirdpartyoffers.netzero.net/TGL2231/c?cp=TKgjATv5Q0NTriuO2FbeHQAAJz4_zcPXSKpk-wtwPtDFgJ8JAAQAAAAFAAAAALx0kz4AAAMlAAAAAAAAAAAAAAAAAAkSEAAAAAA=
>>
>
> Thank you both for your replies.
>
> The worst case was that reloading the config this way would cause squid
> to fail. From what I understand about the reply from Amos, the way squid
> would behave when handling these multiple reloads may create a situation
> where a user has been added onto the ACL but Squid has failed to reload
> properly, causing the user to be denied access to the web. In that

No. Whenever you do a "-k reconfigure" on squid it completely stops
accepting new requests / TCP connections and pauses currently active
requests until the reconfigure finishes.

We are working on various solutions to reduce the impact of that, but
all Squid releases up to and including 3.1 have this problem.

> instance - is there a better way to make Squid aware of changes to an
> ACL as they happen or is reloading the only way?

You need external_acl_type with a helper script that checks the file in
real-time and returns "OK" or "ERR" about whether they are allowed
access. Zero Squid reconfigurations needed once running.
http://www.squid-cache.org/Doc/config/external_acl_type/

Amos

-- 
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.15
Received on Wed Nov 25 2009 - 22:13:15 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 26 2009 - 12:00:03 MST