Surf Protection works as a remote service, Astaro together with Cobion provides several database servers distributed over the world which host the categorization database. This database is daily maintained and includes ~2 billion entries, the reason that it is so big is that we categorize individual objects and not just URLs.
If you request an URL via an ASL with SP it will make a categorization check against this database which we then base our desicion on. The desicion could be to block the entire site or just parts which violate your policy. The URL/category information will be keep in a cache for 24 hours so we don't have to make this lookup every time.
The lookup takes approx. the same time a DNS lookup takes and is done parallel to the DNS lookup, which means you will see no slowdown. We also see that once the cache is established a very high number of categorization requests can be answered by the cache, as high as 90+%.
not really, since the size of the cache is a bigger issue [:)]. The cache gets filled up and oldest entries are thrown out long before they get too old. Besides, I surely think that the people from Astaro tested this before setting it to 24h. Perhaps you would like to share with us the reasons for thinking that 24h is not a good value?
OK, Padre. The reason for my question is that sometimes the cobion-request takes more than one second. Customers recognize that with SP the internet is "slower" than without. Because of that delay. OK, normally you have a fast route to a cobion-server, but sometimes not. So a big cache would be fine. I think the internet doesn't "change" faster than 5 days (if you know what I mean).
Would be greate if I could change that value to find a compromise between the cobion-delay and the actuality of the cache.
As previously stated, the cache entry get pushed out of the queue (because of cache SIZE) before it expires, so even if you would prolong the validity you would still have the same number of lookups.
I think that the cache size is more a license issue since if there were no limit you could download the whole cobion database and then use that instead of their service. I think that they would object to that [;)]
