[squid-users] Policy with multiple ACL calls

[Andrey K]

Hello,

I'd be curious to know, is the dstdomain ACL evaluated once per transaction
or every time it occurs in the policy?

For example, in the following simplified policy, will the Squid go through
the long list of bank-sites once or six times?

  acl bank-sites dstdomain bank-sites.txt
  acl user1 proxy_auth user1
  acl user2 proxy_auth user2
  acl user3 proxy_auth user3

  http_access allow user1 bank-sites
  http_access allow user2 bank-sites
  http_access deny  user3 bank-sites

  ssl_bump splice    user1 bank-sites
  ssl_bump bump      user2 bank-sites
  ssl_bump terminate user3 bank-sites

I believe that the ACL is calculated only once and the result is reused.

How do you think, would it be more efficient to use annotations, like in
the following example?

  acl bank-sites dstdomain bank-sites.txt
  acl user1 proxy_auth user1
  acl user2 proxy_auth user2
  acl user3 proxy_auth user3

  acl annotate_banks annotate_client categories+=bank
  acl is_bank note categories bank

  # evaluate bank-sites just once and annotate a connection
  http_access deny bank-sites annotate_banks !all

  http_access allow user1 is_bank
  http_access allow user2 is_bank
  http_access deny  user3 is_bank

  ssl_bump splice    user1 is_bank
  ssl_bump bump      user2 is_bank
  ssl_bump terminate user3 is_bank

Kind regards,
    Ankor.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20260319/b8b7cd23/attachment.htm>