squidGuard has no problem handling a banned sites list of 64.000 entries
with a high request rate provided you primarily use domain and url list.
The upcoming 1.1.0 (soon) will include support for prebuilt databases,
making the redirector start and be ready for requests instantly.
A nice side effect of prebuilt databases is that entries may be added and
deleted in runtime without any kind of signaling or restart.
Se http://info.ost.eltele.no/freeware/squidGuard/
P�l
-------------------------------------------------------------
Addr: P�l Baltzersen, ElTele �st AS, Fredrik Selmers vei 2,
P.O. Box 6299 Etterstad, N-0603 Oslo, Norway
Phone: +47 23 18 10 00 Direct: +47 23 18 11 74
Fax: +47 23 18 10 01 Mobile: +47 93 08 11 74
Mail: pb@ost.eltele.no pal.baltzersen@ost.eltele.no
>>> Dancer <dancer@zeor.simegen.com> 01:54:32 20.08.99 >>>
Luigi Giacobbe wrote:
>
> Hello,
>
> The problem is quite simple to explain... but not to resolve ;)
>
> 600 networks with 8 clients (minimum) to connect to Internet through a proxy
> (or a pool) and a banned sites list of 64.000 entries.
> Filter the list is the biggest problem. I solve it (I hope)with a redirector
> that queries a DB to allow or not access.
>
> The design, I would like is something like this :
>
> + --INTERNET-+
> | |
> +-----+-----+ +----+--- +
> + Proxy 1 + + Proxy 2 +
> + FILTER + + FILTER +
> +-----+-----+ +----+----+
> | |
> ------+------------------+-------
> | |
> +-----+-----+ +----+--- +
> + Proxy 3 + + Proxy 4 +
> + CACHE + + CACHE +
> +-----+-----+ +----+----+
>
> The Proxies 3 and 4 act like caching, there are no redirector process there.
> Clients only connect to Proxies 3 and 4.
> If the requested object is not found then Proxies 3 and 4 ask to Proxies 1
> and 2.
> Proxies 1 and 2 acts as filter. There are redirector process on them.
> Proxies 3 and 4 have a big cache (18 GB each) and proxies 1 and 2 a small (3
> GB each).
> With this design, Filter should be support a minder load.
> First results arent bad but ... there are problems with CGI (poor
> performance).
> Like told in "the Tutorial on Configuring Hierarchical Squid Caches", Parent
> should NOT handle CGI and other non-cachable requests.
> But if I told the cache Proxies 3 and 4 to take directly the CGI requests,
> there is a potential hole in the filter policy.
> Any idea , suggestion ?
>
> Last question :
> When a request arrives, what does the proxy do ?
> Does it look in his cache for the object or does it invoke the redirector
> first ?
>
> thanks for help
>
> L. Giacobbe
Redirectors are called first for incoming HTTP and ICP requests.
D
Received on Sun Aug 22 1999 - 00:50:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:05 MST