On Sat, 18 May 2013 14:58:42 +1200
Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 18/05/2013 5:53 a.m., Helmut Hullen wrote:
> > Hallo, csn233,
> >
> > Du meintest am 18.05.13:
> >
> >> SG has numerous problems which caused it not to do what it's
> >> supposed to, including that "emergency" mode thing. Here are some
> >> things to consider:
> >> 1) a BIG blacklist is overhyped - when I had a good look at our
> >> requirements, there was only a small percentage of those websites
> >> we actually wanted to block, the rest were either squatting
> >> websites or non-existent, or not relevant. Squid could blacklist
> >> (eg ACL DENY) those websites natively with a minimum of fuss.
> > May be - it does a good job even with these unnecessary entries.
>
> If the list is that badly out of date it will also be *missing* a
> great deal of entries.
>
>
> >
> >> 2) SG has not been updated for 4 or 5 years, if that's your latest
> >> version, you are still out of date.
> > I can't see a big need for updating. Software really doesn't need
> > changes ("updates") every month or so.
>
> For regular software yes. But security software which has set itself
> out as enumerating badness/goodness for a control method needs
> constant updates.
>
> >
> >> More to the point, you will not find much help now. or anyone to
> >> fix it even if you could prove it's a bug.
> > "That depends!" - I know many colleagues who use "squidguard" since
> > years; the program doesn't need much help.
>
> During which time a lot of things have progressed. Squid has gained a
> lt of ACL types, better regex handling, better memory management, and
> an external ACL helpers interface (which most installations of SG
> should really be using).
>
>
> Which brings me back to my question of what SG was being used for. If
> it is something which the current Squid are capable of doing without
> SG then you maybe can gain better traffic performance simply by
> removing SG from the software chain. Like csn233 found it may be
> worth it.
>
> Amos
>
I agree with Mr. Jeffries , and allow me to also add
that squidblacklist.org offers acl blacklists that work fine with
squid, without the use of third party add ons, if you want less
complications due to excessive setups with third party add ons, come
check it out. (shameless self promotion) http://squidblacklist.org
So long as you are using squid3.x and not some ancient version of
squid, you should have no issues with large blacklists in squid. And
the reasoning is that a more recently released versions of squid is not
bound by the issues with large acl lists that affected earlier
versions, these issues are as I understand the primary reason people
were using third party add ons for large blacklists, so correct me if
I am wrong, but, you might not need bother with any of them, depending
on your needs.
-
Signed,
Fix Nichols
http://www.squidblacklist.org
Received on Sat May 18 2013 - 04:59:02 MDT
This archive was generated by hypermail 2.2.0 : Sat May 18 2013 - 12:00:17 MDT