Re: Squid available from outside

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 18 Mar 1999 01:35:08 +0100

Simon Bryan wrote:

> could I do something like
> acl US src 'our ip address range'
> http_access deny !US

Yes.

> If so would this slow down Squid much?

No. src type ACLs with a few IP address ranges are very fast.

> Is Squid likely to slow noticeably from a large number of ACL's?

It very much depends on how you use them, and which types of ACLs.

> If so what would that large number be?

It depends. Anywhere in the range 2 to several thousand depending on acl
types and contents, and how you use them.

Squid uses short-circuit logic so in many cases it is possible to speed
up ACL processing by adding a few more ACL rules to bypass more complex
checks on common types of requests.

> BTW I have sorted out the time restrictions I was trying to do with
> CRON (they worked) but the acl time rules are much smoother,
> once you work out the sequence and the rules about ANDing and
> ORing!

Yes, isn't it. Any ideas on a good way to explain of how this AND/OR
works? There are many questions on how Squid ACLs work when combined,
and I have not found any good way to explain it other than that it is
simple AND/OR logic (the logic is simple, the effects are complex).

---
Henrik Nordstrom
Spare time Squid hacker
Received on Wed Mar 17 1999 - 17:40:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:19 MST