[squid-users] is it possible to pass the destination ip address to external_acl_type program ?

Amos Jeffries squid3 at treenet.co.nz
Wed Nov 11 19:50:15 UTC 2015

On 12/11/2015 8:42 a.m., Dieter Bloms wrote:
> Hello,
> I want to write a little script for an external_acl_type to block access
> to many ip addresses.
> As far as I can see %DST contains the fqdn of the destination and not
> the ip address.
> I know that I can do dns lookups in my script, but I think squid does it
> anyway, so it may be faster to pass the ip address to the external helper.
> So is there any undocumented parameter like %DSTIP or something like
> that ?

You need Squid-4 which allows any of the logformat codes.

However, be aware that there is no server outgoing IP until the server
connection has aleady been opened and used to send the request.
Until that point, there is just a potential set of maybe's, represented
by the domain name.


More information about the squid-users mailing list