[squid-users] ipv6 acl access not working properly

anwesh tiwari anwesh_tiwari at yahoo.com
Thu Sep 28 16:10:02 UTC 2017

Ipv6 acl is not working as expected, if the ipv6 address of domain is unrouteable and it fallbacks to ipv4 even when its denied.

Details :
What I am trying to achieve :  I want to disable all IPv4 domain access from proxy and disable all ipv4 connections.

Here is my directives just before http_access deny all line in default squid conf.

dns_v4_first off
acl to_ipv6 dst ipv6
http_access deny !to_ipv6
http_access allow to_ipv6 
When I browse this site using proxy

This site has ipv6 AAAA record but thats is not routed when I check. 

Here is the log 
1506526125.315    327 <publicIP> TCP_MISS/200 2486 GET http://www.whatismyipv6.com/ - HIER_DIRECT/ text/html
1506526126.259    632 <publicIP> TCP_MISS/200 31738 GET http://www.whatismyipv6.com/World-IPv6-Day.jpg - HIER_DIRECT/ image/jpeg

The log shows that squid is able to browse the site which is explicitly denied by http_access directive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170928/b6f7d970/attachment.html>

More information about the squid-users mailing list