Re: [squid-users] Redirector help

From: Henrik Nordstrom <[email protected]>
Date: Tue, 23 Mar 2004 00:24:31 +0100 (CET)

On Mon, 22 Mar 2004, Bruno Lustosa wrote:

> Perfect! I moved all my url blacklist to main squid.conf file, and wrote
> an acl to filter ads and another to filter spyware.
> I just missed that deny_info directive. Now it's working fine, marking
> things as denied. Big thank you!

Nice to see that you managed to get out of one seemingly common pitfalls
in Squid usage: overrating the use of redirector helpers.

Squid access controls are very powerful both in terms of function and
speeed while the redirector interface is rather weak and not designed for
access controls. Still many people seems to think the redirector interface
is the best place for access controls..

Yes, ther was a time when the Squid access controls was quite weak both in
performance and some aspects of functionality, but this was many years ago
(Squid-1.x timeframe). Then some people got the brilliant idea of
hooking into the (slow) redirector interface of Squid to do very complex
access controls and managed to show they could do those very complex cases
faster and from this somehow the idea stuck that access controls is
faster/more powerful in redirectors (which they are not).

The redirector interface is best left doing what it is intended for doing:
Redirecting requests matching certain patterns to local mirrors and the
like, not access controls.

Regards
Henrik
Received on Mon Mar 22 2004 - 17:58:06 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST