[squid-users] How to make squid use ipv4 only for connecting to websites

Robert Senger rs-squid at lists.microscopium.de
Fri Oct 18 14:17:51 UTC 2019

Hi there,

I am running squid on a dual stacked host. Both ipv4 and ipv6
connectivity is fully functional.

Now there's a group of clients that should be configured to load
websites via ipv4 only.

  acl proxy-extra localip fd10:96e4:b552::43
  acl proxy-extra localip

I know there's an acl that can be used to identify ipv6 destinations.

  acl to_ipv6 dst ipv6

I tried to block outgoing ipv6 with 
  always_direct deny to_ipv6

but that makes dual stacked websites completely unreachable, no
fallback etc.

The only way I found so far is to set an invalid ipv6 outgoing address:

  tcp_outgoing_address fd20::1  proxy-extra
  tcp_outgoing_address proxy-extra

where fd20::1 simply does not exist on the host system.

This shows the results I want when browsing to test sites like 
http://ipv6-test.com (ipv4 connectivity only).

But I am not sure if setting invalid addresses is really desirable...

So, is there a better / more elegant way to tell squid to use ipv4 only
when serving request for certain clients? 



Robert Senger

More information about the squid-users mailing list