[squid-users] Disable IPV6 for certain destinations only?
Stuart Henderson
stu at spacehopper.org
Wed Apr 19 08:08:14 UTC 2023
On 2023-04-18, Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote:
> Hi!
>
> We're using squid-6, currently v4 only. The use case for us is mostly
> our users using our proxy to retrieve full text publications of
> several thousand medical journals... via IPv4.
>
> The publishers "know" our IPv4 range for the proxies and allow us to
> download freely. What they don't (yet) know is our ipv6 range.
>
> Thus arises the need to "fall back" to ipv4 in the unlikely case some
> publisher already has ipv6, we connect via ipv6 and suddenly are not
> allowed to download the publications.
>
> Is there an acl for that kind of need?
I guess you want something akin to Postfix's smtp_dns_reply_filter but
most software doesn't have anything similar.
Without code changes, the simplest quick fix may be to add a static
'reject' route to the IPv6 block used by this publisher on the proxy (it
could be kept up-to-date by a dns lookup script). That's less of a
liability than forcing resolution to a particular IP.
More information about the squid-users
mailing list