Hi list,

I have run into a slight problem with a squid setup on a Trustix 2.0 box =
here and haven't
been able to find a clue yet what might be causing it.

In order to deny the internal clients access to a given number of sites =
we have added=20
some acls to the squid.conf.


acl url-deny dstdomain "/etc/squid/url-deny"
acl ip-deny dst "/etc/squid/ip-deny"

....

http_access deny url-deny
http_access deny ip-deny
http_access allow all=20


The corresponding files look like this (details changed, obviously):

ip-deny (1 entry):
1.1.1.1

url-deny (5-10 entries):
url1.com
..url2.org
url3.it


Currently accessing the internet using lynx with the proxy configured =
running on the same
machine (so no networking problems here involved atm). As long as URL =
blocking is active
it takes roughly 5-10 secs before the site even starts loading (no =
activity in access.log too,
with tail -f running), no matter which site I try to connect to. Once I =
am on the site, everything=20
run smoothly, hardly any delays at all.

As soon as url blocking is deactivated and squid restarted everything =
works like a charm.
No 5-10 secs delays at all.

I understand that some ACLs (according to the FAQ) can cause delays due =
to reverse
DNS lookups and similar things. Does anything like that apply to dst and =
dstdomain as well?

And if so, is there any way around it?


Torsten