[squid-users] ipv6 acl access not working properly
anwesh tiwari
anwesh_tiwari at yahoo.com
Thu Sep 28 16:10:02 UTC 2017
Ipv6 acl is not working as expected, if the ipv6 address of domain is unrouteable and it fallbacks to ipv4 even when its denied.
Details :
What I am trying to achieve : I want to disable all IPv4 domain access from proxy and disable all ipv4 connections.
Here is my directives just before http_access deny all line in default squid conf.
dns_v4_first off
acl to_ipv6 dst ipv6
http_access deny !to_ipv6
http_access allow to_ipv6
When I browse this site using proxy
http://whatismyipv6.com
This site has ipv6 AAAA record but thats is not routed when I check.
Here is the log
1506526125.315 327 <publicIP> TCP_MISS/200 2486 GET http://www.whatismyipv6.com/ - HIER_DIRECT/216.64.158.90 text/html
1506526126.259 632 <publicIP> TCP_MISS/200 31738 GET http://www.whatismyipv6.com/World-IPv6-Day.jpg - HIER_DIRECT/216.64.158.90 image/jpeg
The log shows that squid is able to browse the site which is explicitly denied by http_access directive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170928/b6f7d970/attachment.html>
More information about the squid-users
mailing list