Re: [squid-users] what are the Pros and cons filtering urls using squid.conf?

From: Squidblacklist <webmaster_at_squidblacklist.org>
Date: Sun, 9 Jun 2013 09:42:47 -0700

On Sun, 9 Jun 2013 09:14:37 -0700
Squidblacklist <webmaster_at_squidblacklist.org> wrote:

> On Sun, 09 Jun 2013 09:59:54 -0600
> Alex Rousskov <rousskov_at_measurement-factory.com> wrote:
>
> > On 06/09/2013 03:29 AM, Eliezer Croitoru wrote:
> >
> > > Would you prefer a filtering based on a reload or a persistent DB
> > > like mongoDB or tokyo tyrant?
> >
> > I would prefer to improve Squid so that reconfiguration has no
> > disrupting effects on traffic, eliminating the "reload is disruptive
> > for Squid but not for my ICAP service" difference.
> >
> > There are many important differences between ACL lists, eCAP
> > adapters, and ICAP services. Reconfiguration handling should not be
> > one of them.
> >
> >
> > Cheers,
> >
> > Alex.
> >
> >
>
> This should be easily achieved by simply spawning a second squid
> process. to temporarily handle the traffic while the primary squid is
> reloading the conf.
>
> Similar to how it works if you had a parent proxy that was reloading,
> the sibling ignores it and bypasses it until it returns to normal
> operation.
>
> Im not a programmer, ive no idea how the devels would implement it,
> but thats an idea.
>
> Signed,
>
> Fix Nichols
>
> http://www.squidblacklist.org
>

Acuallly, this can easily be done with a simple bash script.
I just jotted this down so dont take it verbatum, but it gives you the
basic idea how simple it really would be to write a script to achieve
this.

Just temporarily changing your iptables to redirect to a temporary
squidbox until the reload is completed, then reloading your normal
iptables rules to redirect back to the other squid once the reload is
finished.

-----------------------------------------------------------------
#/bin/bash
#Firewall rules to redirect to temporary , second squid process.
#
iptables-restore < iptables.temp.rules ;
#Execute second instance of squid
/path/to/squid3/squid3 -c /someplace/alternate.conf ;
squid3-k reconfigure ;
#reload normal iptables rules
iptables-restore < iptables.normal.rules ;
#EOF
------------------------------------------------------------------

But I think rather, just setting two instances of squid proxy, or two
servers w/e, settimg up a parent and sibling proxy would be easier and
less complicated. Since the child proxy will bypass the parent while
its reloading the conf anyway and illiminating any downtime you might
have.

-
Signed,

Fix Nichols

http://www.squidblacklist.org
Received on Sun Jun 09 2013 - 16:43:04 MDT

This archive was generated by hypermail 2.2.0 : Sun Jun 09 2013 - 12:00:04 MDT