And putting in just ACL's for the IP numbers is not good enough? Do you
have to put in the domains?
On Mon, 31 Jan 2000, Clifton Royston wrote:
> On Tue, Feb 01, 2000 at 01:33:28PM +1100, Marc-Adrian Napoli wrote:
> > How many domains do you have listed there? We have quite a few.. but they're
> > all on the 203.17.36.0 block. Do you think that leaving just the acl to deny
> > the 203.17.36. will suffice or i should add in all our domains?
>
> I'm using the syntax to load them from an external text file:
>
> acl lava_domains dstdomain "/usr/local/etc/squid/lavadomains"
>
> along with the following (relevant portions excerpted)...
>
> acl lava_dests dst x.y.z.0/255.255.252.0
> acl lava_dests dst x.w.v.0/255.255.248.0
> ...
>
> no_cache deny lava_dests
> no_cache deny lava_domains
> always_direct allow lava_dests
> always_direct allow lava_domains
>
> lavadomains is nearly 800 lines, so I'm sure I'm taking a big
> performance hit on that. However, if I don't use the domain ACL, I'm
> concerned about the possibility of sporadically getting pages for a
> customer web site put into the cache. In that case, Murphy's Law says
> that customer will then update their site and flip out when they don't
> see it reflected in their browser immediately, due to the cache serving
> the stale pages.
>
> -- Clifton
>
> --
> Clifton Royston -- LavaNet Systems Architect -- cliftonr@lava.net
> "An absolute monarch would be absolutely wise and good.
> But no man is strong enough to have no interest.
> Therefore the best king would be Pure Chance.
> It is Pure Chance that rules the Universe;
> therefore, and only therefore, life is good." - AC
>
-----------------------------------------------------
Brian Feeny (BF304) signal@shreve.net
318-222-2638 x 109 http://www.shreve.net/~signal
Network Administrator ShreveNet Inc. (ASN 11881)
Received on Wed Feb 23 2000 - 19:11:47 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:30 MST