[squid-users] Anybody still using src_as and dst_as ACLs?

Alex Rousskov rousskov at measurement-factory.com
Mon Jun 17 16:03:06 UTC 2024 

On 2024-06-17 11:43, Jonathan Lee wrote:
> acl to_ipv6 dst ipv6
> acl from_ipv6 src ipv6


Glad I asked! The above configuration is not using "src_as" and "dst_as" 
ACL types that I am asking about. It is using "src" and "dst" ACL types.


 > I hope that helps our isp is ipv6 only

Matching IPv6 addresses is completely unrelated to this thread topic, 
but you may want to see the following commit message about "ipv6" 
problems recently fixed in master/v7. If you want to discuss IPv6 
matching, please start a new mailing list thread!
https://github.com/squid-cache/squid/commit/51c518d5



Thank you,

Alex.


>> On Jun 17, 2024, at 08:17, Alex Rousskov 
>> <rousskov at measurement-factory.com> wrote:
>>
>> On 2024-06-16 19:46, Jonathan Lee wrote:
>>> I use them for ipv6 blocks they seem to work that way in 5.8
>>
>> Just to double check that we are on the same page here, please share 
>> an example (or two) of your src_as or dst_as ACL definitions (i.e., 
>> "acl ... dst_as ..." or similar lines). I do _not_ need the 
>> corresponding directives that use those AS-based ACLs (e.g., 
>> "http_access deny..."), just the "acl" lines themselves.
>>
>> As an added bonus, I may be able to confirm whether Squid v5.8 can 
>> grok responses about Autonomous System Numbers used by your specific 
>> configuration :-).
>>
>>
>> Thank you,
>>
>> Alex.
>>
>>
>>>> On Jun 16, 2024, at 17:00, Alex Rousskov 
>>>> <rousskov at measurement-factory.com> wrote:
>>>>
>>>> Hello,
>>>>
>>>>    Does anybody still have src_as and dst_as ACLs configured in 
>>>> their production Squids? There are several serious problems with 
>>>> those ACLs, and those problems have been present in Squid for many 
>>>> years. I hope that virtually nobody uses those ACLs today.
>>>>
>>>> If you do use them, please respond (publicly or privately) and, if 
>>>> possible, please indicate whether you have verified that those ACLs 
>>>> are working correctly in your deployment environment.
>>>>
>>>>
>>>> Thank you,
>>>>
>>>> Alex.
>>>>
>>>>
>>>>>    acl aclname src_as number ...
>>>>>    acl aclname dst_as number ...
>>>>>      # [fast]
>>>>>      # Except for access control, AS numbers can be used for
>>>>>      # routing of requests to specific caches. Here's an
>>>>>      # example for routing all requests for AS#1241 and only
>>>>>      # those to mycache.mydomain.net:
>>>>>      # acl asexample dst_as 1241
>>>>>      # cache_peer_access mycache.mydomain.net allow asexample
>>>>>      # cache_peer_access mycache_mydomain.net deny all
>>>> _______________________________________________
>>>> squid-users mailing list
>>>> squid-users at lists.squid-cache.org
>>>> https://lists.squid-cache.org/listinfo/squid-users
>>

More information about the squid-users mailing list