[squid-users] Anybody still using src_as and dst_as ACLs?
Alex Rousskov
rousskov at measurement-factory.com
Mon Jun 17 13:17:30 UTC 2024
On 2024-06-16 19:46, Jonathan Lee wrote:
> I use them for ipv6 blocks they seem to work that way in 5.8
Just to double check that we are on the same page here, please share an
example (or two) of your src_as or dst_as ACL definitions (i.e., "acl
... dst_as ..." or similar lines). I do _not_ need the corresponding
directives that use those AS-based ACLs (e.g., "http_access deny..."),
just the "acl" lines themselves.
As an added bonus, I may be able to confirm whether Squid v5.8 can grok
responses about Autonomous System Numbers used by your specific
configuration :-).
Thank you,
Alex.
>> On Jun 16, 2024, at 17:00, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>>
>> Hello,
>>
>> Does anybody still have src_as and dst_as ACLs configured in their production Squids? There are several serious problems with those ACLs, and those problems have been present in Squid for many years. I hope that virtually nobody uses those ACLs today.
>>
>> If you do use them, please respond (publicly or privately) and, if possible, please indicate whether you have verified that those ACLs are working correctly in your deployment environment.
>>
>>
>> Thank you,
>>
>> Alex.
>>
>>
>>> acl aclname src_as number ...
>>> acl aclname dst_as number ...
>>> # [fast]
>>> # Except for access control, AS numbers can be used for
>>> # routing of requests to specific caches. Here's an
>>> # example for routing all requests for AS#1241 and only
>>> # those to mycache.mydomain.net:
>>> # acl asexample dst_as 1241
>>> # cache_peer_access mycache.mydomain.net allow asexample
>>> # cache_peer_access mycache_mydomain.net deny all
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list