On Wed, Mar 30, 2005 at 10:42:36PM +0200, Henrik Nordstrom wrote:
> On Wed, 30 Mar 2005, Sergey Shepshelevich wrote:
>
> >But do exists any other documentation about what acl types allowed with
> >delay_access ?
> >In another words which acls are fast ?
>
> It's easier to see it the other way around: Any acl where Squid needs to
> make a lookup of any kind to an external resource is slow, and can not
> reliably be used in most access directives except for http_access.
>
> >delay_access and external acl used together in our organization
> >(Alex Grigoriev said that it worked).
>
> It can be made to work with some restrictions by using http_access to make
> the lookup, cached by the ttl and then available most of the time in
> delay_access.
If I understand your the config looked like
external_acl_type quota_aclext ttl=15 negative_ttl=15 %LOGIN %SRC %DST /usr/local/libexec/squid/quota.pl
acl users_quota external quota_aclext
## work around way.
## pass overquota and not overquota users
http_access allow auth_required users_quota
http_access allow auth_required !users_quota
##
delay_class 1 1
delay_parameters 1 100/100
delay_access 1 allow !users_quota
delay_access 1 deny all
But will I get perfomance bootleak in calculating delay pools ?
I suppose squid will use users_quota value calculated in http_access. Therefore
it will check this acl per eAch URL request. After ttl recalculated it. Is it
bad for proxy perfomance ?
Do you know other rules like http_access that can be used together with external_acl ?
I found no info about it.
The second way, generate file with overquota users and attach it following acl:
acl auth_overquoted proxy_auth "_path_/overquoted"
delay_class 1 1
delay_parameters 1 100/100
delay_access 1 allow auth_overquoted
delay_access 1 deny all
But I should in this case do squid -k restart every 15 minutes.
Is second way good way ?
-- Sergey Shepshelevich Ulyanovsk State Technical University NOC, System administratorReceived on Thu Mar 31 2005 - 07:53:33 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:03 MST