Performance hasn't been a problem on the reconfigure. In practice it generally doesn't change that often. These are largely for hundreds of users or less. Might well be different for higher user counts.
Jerry ----- Original Message ----- From: "Rick Matthews" <[EMAIL PROTECTED]> To: "Jerry Murdock" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, March 06, 2003 1:22 PM Subject: RE: SquidGuard & NT Groups > Nice system! > > The fact that you allow it to run the -k reconfigure whenever it is > required tells me that the reconfigure does not produce an unacceptable > performance hit. (Am I reading too much into it?) I know you must > be using the .db files? What can you tell me about the user impact > of a -k reconfigure on a production system? > > Thanks! > Rick > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Jerry Murdock > > Sent: Thursday, March 06, 2003 9:24 AM > > To: Rick Matthews > > Cc: [EMAIL PROTECTED] > > Subject: Re: SquidGuard & NT Groups > > > > > > I do a -k reconfigure, but only when the groups actually change, not with > > every xx minute update. > > > > The flow is basically: > > > > enumerate group1 > > compare to existing userlist1 file > > if != then write new userlist1 and set reconfigure flag > > repeat for group2, group3, etc > > if reconfigure flag set then do -k reconfigure > > > > Most are set to check every 30 minutes, combined with a Webmin option to > > "Update Now" when really necessary. > > > > Jerry > > > > ----- Original Message ----- > > From: "Rick Matthews" <[EMAIL PROTECTED]> > > To: "Jerry Murdock" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Thursday, March 06, 2003 10:09 AM > > Subject: RE: SquidGuard & NT Groups > > > > > > > > My current method of a cron job enumerating the relevant groups into a > > > > squidguard userlist file every x minutes is relatively efficient and > > > > simple. It's not sexy, but it works if you can live with a little > > > > latency. > > > > > > Hey, I like it! :) > > > > > > Is it necessary to 'squid -k reconfigure', or does squidGuard re-read > > > the userlist files periodically? > > > > > > Rick > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] Behalf Of Jerry Murdock > > > > Sent: Thursday, March 06, 2003 7:36 AM > > > > To: [EMAIL PROTECTED]; Henrik Nordstrom; Phil Crooker > > > > Cc: [EMAIL PROTECTED] > > > > Subject: Re: SquidGuard & NT Groups > > > > > > > > > > > > Squid doesn't really know about groups at all., and never gets a "list > > of > > > > groups" back from the helper. It only knows the OK/ERR status a > > generic > > > > external_acl helper returns based on arbitrary parameters. > > > > > > > > Passing a single group on to Squidguard would be limited, I rarely > > have > > > > instances where a single group is sufficient. > > > > > > > > If this were to be truly useful, there would have to be a mechanism > > for > > > > Squid to enumerate the user's groups and pass the info onto > > Squidguard. I > > > > don't really think squid should be doing this much work "for" a > > helper. > > > > Do we want a list of 100 groups going to the helper for every request? > > > > Squid could be trained to only pass "relevant" groups, but that is > > more > > > > mucking around in squid. > > > > > > > > IMO, the most efficient, clean, and flexible method would be for > > > > squidguard to support some form of external group helper. > > > > > > > > My current method of a cron job enumerating the relevant groups into a > > > > squidguard userlist file every x minutes is relatively efficient and > > > > simple. It's not sexy, but it works if you can live with a little > > > > latency. > > > > > > > > Jerry > > > > > > > > ----- Original Message ----- > > > > From: "Jay Turner" <[EMAIL PROTECTED]> > > > > To: "Henrik Nordstrom" <[EMAIL PROTECTED]>; "Phil Crooker" > > > > <[EMAIL PROTECTED]> > > > > Cc: <[EMAIL PROTECTED]> > > > > Sent: Thursday, March 06, 2003 5:20 AM > > > > Subject: RE: SquidGuard & NT Groups > > > > > > > > > > > > > Not even via wb_group somehow? > > > > > > > > > > -----Original Message----- > > > > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > > > > > Sent: Thursday, 6 March 2003 3:38 PM > > > > > To: [EMAIL PROTECTED]; Phil Crooker > > > > > Cc: [EMAIL PROTECTED] > > > > > Subject: Re: SquidGuard & NT Groups > > > > > > > > > > > > > > > On Thursday 06 March 2003 01.42, Jay Turner wrote: > > > > > > > > > > > Is there no way squid could be modified to pass group information > > > > > > through to the redirector? > > > > > > > > > > Not easily. Squid does not actually know the group. > > > > > > > > > > What could work is to have Squid tag the request if it matches a > > > > > certain http_access rule, and have this tag sent to redirectors. > > > > > > > > > > Regards > > > > > Henrik > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
