Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
tranvi2013-11-15 09:20:06
Squid
tranvi, 2013-11-15 09:20:06

Why does Squid 2.7 crash when given a large external rules file for url_regex?

There is squid 2.7 running on Ubuntu. The computer has 2 gigabytes of RAM. On average, over 5 years of work, the black list of sites has been filled with about 1,500 sites. Entertainment, social networks, porn... Broken into categories, the maximum list - 700 sites.

A file with a categorical order came from a higher organization: to filter the attached list, and a file with a list of 10 megabytes, 552,000 sites long.

The first attempt to make a solution in the forehead through:

acl url_blnav url_regex "/home/....../domains.txt"
http_access deny url_blnav

led to the fact that the squid ate 4.5 gigabytes of virtual memory for the list and went into a deep swap, completely ceasing to respond to requests.

I reduced the list to 380 thousand sites by removing sites with common words, such as sex porno erotic, etc. Then I tried splitting the file into parts - this reduces memory consumption (up to 2.5 gig), but still does not fit into the RAM. As a result, the squid still goes into the swap and shuts up. on my usual rules, the squid occupied ~ 650-700 megabytes of memory.

How can I put a blocklist for 380,000 sites into a squid?

Add memory - I can not. I can’t discuss the issue of reducing the number of sites (there is so much heresy where 100% people won’t go) either.

separate question - whether the upgrade on a squid 3.3 or 3.2 will help?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
L
lutskyy, 2013-11-15
@tranvi

As far as I remember, squid will create a separate acl in memory for each line in domains.txt. You can try to use SquidGuard ( http://www.squidguard.org/ ) it is just for working with large lists.

Report
A
AlexRay, 2013-11-15
@AlexRay

Perhaps in this situation it makes sense to make a whitelist instead of a blacklist? Or, in general, do filtering not using squid, but, for example, using dns, which squid accesses.

Report
S
Sergey, 2013-11-15
@bondbig

Upgrading to 3.x is the first thing I would do. 2.x is very outdated. With a probability of 0.8 your problem will be solved by an upgrade.

Similar questions
M
Maxim2015-11-18 15:19:11
Where can I get libssl.so.32? 3Reply
R
ramserak2015-11-20 13:22:37
How in iptables to allow access past squid to a specific ip address on the local network? 3Reply
P
phoptik2012-06-13 15:29:04
User speed limit on the gateway (Ubuntu server, ufw, squid, dansguardian). How? 1Reply
O
O. J2015-12-24 18:22:36
How to change page content on the fly using Privoxy? 2Reply
V
Vyacheslav Grachunov2018-06-07 23:24:17
What is more suitable for the implementation of "preproxy" and how best to do it? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question