RE: [squid-users] Using MySQL for ips acl and urls

On Wed, 2 Dec 2009 18:27:36 -0500, Mike Marchywka <marchywka_at_hotmail.com>
wrote:
> ----------------------------------------
>> Date: Thu, 3 Dec 2009 00:00:29 +0100
>> From: jip_at_jccm.es
>> To: squid3_at_treenet.co.nz
>> CC: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Using MySQL for ips acl and urls
>>
>> Amos Jeffries escribió:
>>> On Wed, 02 Dec 2009 20:36:38 +0100, José Illescas Pérez
>>> wrote:
>>>> Hello,
>>>>
>>>> I'm interesed in install squid for my organization.
>>>>
>>>> I want to configure large acl's of ip lists, 20.000 more o less.
>>>>
>>>> Can I use external acl with MySQL for create this acl ip list?.
What's
>>>> the performance in this case?.
>>>>
>>>> I want to configure large acl of url lists in MySQL too, for example
a
>>>> blacklist with categories. What's the performance in this case?.
>>>>
>>>> Perhaps, is more convenient use squidguard for blacklist of urls and
>>>> create the group categories. Any ideas?.
>>>>
>>>> Greetings.
>>>
>>> Individual IPs with individual blocklists? this is extremely
>>> inefficient.
>>>
>>> If you must, you can easily use external_acl_type to pull details from
>>> mysql during live traffic processing. Speed depends on the query
>>> efficiency
>>> and network lag to mysql server.
>
> We have java servers for related tasks that maintain in memory
hashtables
> for these lists. if DB is not too dynamic this works well. You may need
to
> either signal
> server to invalidate in-memory acl cache or have
> short expirations if db is more volatile but has can be
> much faster than db look up on remote machine.
>

NP: that is close to how external_acl_works. Slow remote lookup on first
request followed by fast local cache lookup for next N requests. Except the
signalling being a -k reconfigure for Squid.

Amos
Received on Thu Dec 03 2009 - 00:14:01 MST