[squid-users] ipv6 acl access not working properly
anwesh_tiwari at yahoo.com
Thu Sep 28 16:10:02 UTC 2017
Ipv6 acl is not working as expected, if the ipv6 address of domain is unrouteable and it fallbacks to ipv4 even when its denied.
What I am trying to achieve : I want to disable all IPv4 domain access from proxy and disable all ipv4 connections.
Here is my directives just before http_access deny all line in default squid conf.
acl to_ipv6 dst ipv6
http_access deny !to_ipv6
http_access allow to_ipv6
When I browse this site using proxy
This site has ipv6 AAAA record but thats is not routed when I check.
Here is the log
1506526125.315 327 <publicIP> TCP_MISS/200 2486 GET http://www.whatismyipv6.com/ - HIER_DIRECT/220.127.116.11 text/html
1506526126.259 632 <publicIP> TCP_MISS/200 31738 GET http://www.whatismyipv6.com/World-IPv6-Day.jpg - HIER_DIRECT/18.104.22.168 image/jpeg
The log shows that squid is able to browse the site which is explicitly denied by http_access directive.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users