Re: [squid-users] reading external acl from squid.conf

From: Amos Jeffries <>
Date: Wed, 17 Aug 2011 12:04:14 +1200

 On Wed, 17 Aug 2011 09:14:44 +0930, Brett Lymn wrote:
> On Wed, Aug 17, 2011 at 11:30:39AM +1200, Amos Jeffries wrote:
>> If you need something more dynamic or real-time, use
>> external_acl_type
>> to run a script.
> Out of interest, what are the performance implications of doing this?
> Are the external_acl_type scripts like other helpers and forked at
> startup?

 Yes. Just like auth helpers. With the same types of impact as Basic
 auth when the credentials are given.

 Performance on individual requests is directly slower by the amount of
 lookup time, as you would expect. These are cached for some TTL value
 (configurable). sso impact is variable relative to the permutations for
 input format passed to the helper.

 Overall Squid speed has very little performance impact. Since the
 requests are handled in parallel one left waiting simply frees up CPU
 for others. But the FD and RAM usage are related to total request
 handling time. So their requirements are relative to the response speed
 of the script. You don't want it taking many seconds/minutes to respond.
 Then there are the malloc implementations that explode virtual memory
 whenever fork() is run by a large in-RAM process like Squid.

Received on Wed Aug 17 2011 - 00:04:17 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 17 2011 - 12:00:02 MDT