[squid-users] Anybody still using src_as and dst_as ACLs?

Jonathan Lee jonathanlee571 at gmail.com
Mon Jun 17 15:43:36 UTC 2024 

acl to_ipv6 dst ipv6
acl from_ipv6 src ipv6

I after block them with terminate connections.

I hope that helps our isp is ipv6 only
Sent from my iPhone

> On Jun 17, 2024, at 08:17, Alex Rousskov <rousskov at measurement-factory.com> wrote:
> 
> On 2024-06-16 19:46, Jonathan Lee wrote:
>> I use them for ipv6 blocks they seem to work that way in 5.8
> 
> Just to double check that we are on the same page here, please share an example (or two) of your src_as or dst_as ACL definitions (i.e., "acl ... dst_as ..." or similar lines). I do _not_ need the corresponding directives that use those AS-based ACLs (e.g., "http_access deny..."), just the "acl" lines themselves.
> 
> As an added bonus, I may be able to confirm whether Squid v5.8 can grok responses about Autonomous System Numbers used by your specific configuration :-).
> 
> 
> Thank you,
> 
> Alex.
> 
> 
>>>> On Jun 16, 2024, at 17:00, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>>> 
>>> Hello,
>>> 
>>>    Does anybody still have src_as and dst_as ACLs configured in their production Squids? There are several serious problems with those ACLs, and those problems have been present in Squid for many years. I hope that virtually nobody uses those ACLs today.
>>> 
>>> If you do use them, please respond (publicly or privately) and, if possible, please indicate whether you have verified that those ACLs are working correctly in your deployment environment.
>>> 
>>> 
>>> Thank you,
>>> 
>>> Alex.
>>> 
>>> 
>>>>    acl aclname src_as number ...
>>>>    acl aclname dst_as number ...
>>>>      # [fast]
>>>>      # Except for access control, AS numbers can be used for
>>>>      # routing of requests to specific caches. Here's an
>>>>      # example for routing all requests for AS#1241 and only
>>>>      # those to mycache.mydomain.net:
>>>>      # acl asexample dst_as 1241
>>>>      # cache_peer_access mycache.mydomain.net allow asexample
>>>>      # cache_peer_access mycache_mydomain.net deny all
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> https://lists.squid-cache.org/listinfo/squid-users
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240617/6d4a4d95/attachment.htm>

More information about the squid-users mailing list