RE: [squid-users] Squid dstdomain ACL
This is a discussion on RE: [squid-users] Squid dstdomain ACL within the Squid Users forums, part of the Web Server and Related Forums category; > On Fri, 12 Dec 2003, Mike McCall wrote: >=20 > > All, > > > > I have ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-12-2003
|
|||
|
|||
RE: [squid-users] Squid dstdomain ACL
> On Fri, 12 Dec 2003, Mike McCall wrote:
>=20 > > All, > > > > I have a fairly busy cache using native squid ACLs to block=20 > access to=20 > > certain sites using the dstdomain ACL type. This is fine=20 > for denying=20 > > access to sites like www.playboy.com, but doesn't work when=20 > people use=20 > > google's cache of pages and google images, since the domain becomes=20 > > www.google.com. > > > > My question; is there an ACL that will deny both=20 > > http://www.playboy.com and=20 > > http://www.google.com/search?q=3Dcac....playboy.com/? > > > > I know regexes might be able to do this, but will there be a=20 > > performance hit? >=20 > You have (at least) two options: >=20 > 1) use the 'url_regex' type to block hostnames that appear=20 > anywhere in the URL, like: >=20 > acl foo url_regex www.playboy.com >=20 > The "performance hit" depends on the size of your regex=20 > list and the load on > Squid. If Squid is not currently running at, say mor than=20 > 50% of CPU usage, > you'll probably be fine. >=20 >=20 > 2) Use a similar ACL to block all google cache queries: >=20 > acl foo url_regex google.com.*cache: >=20 > Duane W. Thanks Duane. Unfortunately, my domains list is HUGE (~600,000 domains) = and the cache already runs at 50-95% CPU during the day, most of which I = assume is due to the huge domains list. If I were to lose the dstdomain ACL = and only use url_regex, would performance stay where it is? Sadly, I can't = use the second option you mention because google's cache is useful for other non-offensive websites. Mike 
|
Linear Mode
