[squid-users] Disable IPV6 for certain destinations only?
Adam Majer
amajer at suse.de
Tue Apr 18 08:35:03 UTC 2023
On 4/18/23 09:38, Ralf Hildebrandt wrote:
> Thus arises the need to "fall back" to ipv4 in the unlikely case some
> publisher already has ipv6, we connect via ipv6 and suddenly are not
> allowed to download the publications.
>
> Is there an acl for that kind of need?
Hi,
The main thing about acl is that acl == access control list and it's
there to filter if some client is allowed to access the destination and
not so much in in specifying the route the request follows. The request
follows the default outbound connection.
So, I don't think this is the right mechanism and I don't believe it
exists. There is only this, and it's just flat option that will connect
with IPv4 first, for everything. It will hide issues with dual stack sites.
http://www.squid-cache.org/Doc/config/dns_v4_first/
The correct way of doing this is to,
1. contact the journal providers that are causing issues ... you
cannot find problems until someone reports them, so if you are doing
IPv4 only, you will not be part of the solution :-)
2. don't use the above option
3. if you need to workaround the problem temporarily, add the IPv4
only address to the /etc/hosts of the proxy server(s). This will resolve
the address to your override. You can also do this with a local
recursive DNS server (like Bind) too.
I believe option #3 is the answer to your request. But do that on a
temporarily basis, while actively fixing the issue with the journal,
because it will cause mystery issues in the future, when the journal
access domain is moved to a different IPv4 ;)
- Adam
More information about the squid-users
mailing list