[squid-users] Re" Defining BL's via acls

From: Chuck Kollars <ckollars9_at_yahoo.com>
Date: Wed, 7 Jan 2009 09:53:49 -0800 (PST)

> What kind of performance issues should I expect if I remove squidGuard
> and simply make a series of acl's pointing to shalla bl files directly
> then denying them with http_access deny statements?

I have to admit I don't know specific numbers as I don't know anyone that's actually tried it. The conventional wisdom in the DansGuardian world though is don't do this! While realtime BLs work well for batch processes like email exchange, and while realtime BLs have the advantage of instant updates, their net effect on interactive processes like web browsing is making all the delays visible to users.

Requiring access to some file on some remote site for every web request can double or triple the load on your Internet drop. Unless the remote site is consistently very very fast, there will be a noticeable delay for every browser request. And because nowadays what looks to the user like "one webpage" typically has tens of requests behind it, the delays can easily add up to half a minute for a typical webpage.

You'd also be introducing an external dependency in your setup. That may not sound like a big deal ...until you get a rash of calls from angry users who can't access the web and find out the problem is with the remote site and there's nothing you can do about it.

thanks! -Chuck Kollars

      
Received on Wed Jan 07 2009 - 17:54:01 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 07 2009 - 12:00:02 MST