RE: [squid-users] Using MySQL for ips acl and urls from Mike Marchywka on 2009-12-02 (squid-users)

From: Mike Marchywka <marchywka_at_hotmail.com>
Date: Wed, 2 Dec 2009 18:27:36 -0500

----------------------------------------
> Date: Thu, 3 Dec 2009 00:00:29 +0100
> From: jip_at_jccm.es
> To: squid3_at_treenet.co.nz
> CC: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Using MySQL for ips acl and urls
>
> Amos Jeffries escribió:
>> On Wed, 02 Dec 2009 20:36:38 +0100, José Illescas Pérez
>> wrote:
>>> Hello,
>>>
>>> I'm interesed in install squid for my organization.
>>>
>>> I want to configure large acl's of ip lists, 20.000 more o less.
>>>
>>> Can I use external acl with MySQL for create this acl ip list?. What's
>>> the performance in this case?.
>>>
>>> I want to configure large acl of url lists in MySQL too, for example a
>>> blacklist with categories. What's the performance in this case?.
>>>
>>> Perhaps, is more convenient use squidguard for blacklist of urls and
>>> create the group categories. Any ideas?.
>>>
>>> Greetings.
>>
>> Individual IPs with individual blocklists? this is extremely inefficient.
>>
>> If you must, you can easily use external_acl_type to pull details from
>> mysql during live traffic processing. Speed depends on the query efficiency
>> and network lag to mysql server.

We have java servers for related tasks that maintain in memory hashtables for these lists. if DB is not too dynamic this works well. You may need to either signal
server to invalidate in-memory acl cache or have
short expirations if db is more volatile but has can be
much faster than db look up on remote machine.

>>
>> If you find that too slow look at ufdbGuard.
>>
>> Amos
>>
>
> We have five or six ip groups, with permissions in categories of
> blacklist for each group. Each group contains between 1,000 and 10,000
> ip addresses.
>
> The blacklist categories can be urlblacklist, for example.
>
> Where can I configure this, in squid or squidguard?.
>
> Greetings.
>
> --
> _ ____ ____ __ __
> | |/ ___/ ___| \/ | Jose Illescas Perez. Linux User #73559
> _ | | | | | | |\/| | TFNO: +34 925 266 219 FAX: +34 925 266 300
> | |_| | |__| |___| | | | El Webteam de http://www.jccm.es
> \___/ \____\____|_| |_| Junta de Comunidades de Castilla-La Mancha

_________________________________________________________________
Get gifts for them and cashback for you. Try Bing now.
http://www.bing.com/shopping/search?q=xbox+games&scope=cashback&form=MSHYCB&publ=WLHMTAG&crea=TEXT_MSHYCB_Shopping_Giftsforthem_cashback_1x1
Received on Wed Dec 02 2009 - 23:27:43 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 03 2009 - 12:00:01 MST