On 06/11/2013 09:09 AM, Jose-Marcio Martins wrote:
> On 06/11/2013 12:50 PM, Marcus Kool wrote:
>
>>
>> There is a big misunderstanding:
>> in the old days when the only URL filter was squidguard, Squid had the be reloaded in order for
>> squidguard to reloads its database.
>> And when Squid reloads, *everything* pauses.
>> _But things have changed since then_:
>> - ICAP-based URL filters can reload a URL database without Squid reloading
>> - ufdbGuard, which is a URL redirector just like squidGuard, can also reload a URL database without
>> Squid reloading.
>>
>> The above implies that ICAP-based filters and ufdbGuard are a good alternatives for squidguard or
>> filtering by ACLs.
>
> ...
>
>> ufdbGuard loads the URL database in memory and is multithreaded.
>
> OK. Ok if can handle 50000 queries per second.
>
> So my question is... a more direct and precise question, just about ufdbGuard. While ufdbGuard reloads its URL database, does it pauses answering queries ? If yes, how long does it takes ?
ufdbGuard does not pause answering queries from Squid during a reload since that would pause Squid and is considered an interruption of service.
ufdbGuard releases the current URL database, loads a new configuration and loads a new URL database in 10 seconds on average.
ufdbGuard has a configurable behaviour in this 10-second interval and does either one of:
- allow all URLs; send immediately an "OK" back to Squid (default)
- allow all URLs but also introduce artifical delays when sending replies back to Squid.
The effect is that traffic is slowed down and the total number of unfiltered URLs is reduced.
- deny all URLs; send immediately and "not OK" back to Squid. The end user receives a message like "try again in a few moments".
The last option is for the admins who need maximum control and are afraid that users or applications can benefit from the URL filter passing all URLs for 10 seconds.
Marcus
Received on Tue Jun 11 2013 - 12:37:13 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 11 2013 - 12:00:13 MDT