[squid-users] Anybody still using src_as and dst_as ACLs?

[Alex Rousskov]

On 2024-06-16 19:46, Jonathan Lee wrote:
> I use them for ipv6 blocks they seem to work that way in 5.8

Just to double check that we are on the same page here, please share an 
example (or two) of your src_as or dst_as ACL definitions (i.e., "acl 
... dst_as ..." or similar lines). I do _not_ need the corresponding 
directives that use those AS-based ACLs (e.g., "http_access deny..."), 
just the "acl" lines themselves.

As an added bonus, I may be able to confirm whether Squid v5.8 can grok 
responses about Autonomous System Numbers used by your specific 
configuration :-).


Thank you,

Alex.


>> On Jun 16, 2024, at 17:00, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>>
>> Hello,
>>
>>     Does anybody still have src_as and dst_as ACLs configured in their production Squids? There are several serious problems with those ACLs, and those problems have been present in Squid for many years. I hope that virtually nobody uses those ACLs today.
>>
>> If you do use them, please respond (publicly or privately) and, if possible, please indicate whether you have verified that those ACLs are working correctly in your deployment environment.
>>
>>
>> Thank you,
>>
>> Alex.
>>
>>
>>>     acl aclname src_as number ...
>>>     acl aclname dst_as number ...
>>>       # [fast]
>>>       # Except for access control, AS numbers can be used for
>>>       # routing of requests to specific caches. Here's an
>>>       # example for routing all requests for AS#1241 and only
>>>       # those to mycache.mydomain.net:
>>>       # acl asexample dst_as 1241
>>>       # cache_peer_access mycache.mydomain.net allow asexample
>>>       # cache_peer_access mycache_mydomain.net deny all
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users