[squid-users] Anybody still using src_as and dst_as ACLs?

Jonathan Lee jonathanlee571 at gmail.com
Mon Jun 17 16:30:01 UTC 2024 

Is there a different type of directive for source and destination acts?
Sent from my iPhone

> On Jun 17, 2024, at 11:03, Alex Rousskov <rousskov at measurement-factory.com> wrote:
> 
> On 2024-06-17 11:43, Jonathan Lee wrote:
>> acl to_ipv6 dst ipv6
>> acl from_ipv6 src ipv6
> 
> 
> Glad I asked! The above configuration is not using "src_as" and "dst_as" ACL types that I am asking about. It is using "src" and "dst" ACL types.
> 
> 
> > I hope that helps our isp is ipv6 only
> 
> Matching IPv6 addresses is completely unrelated to this thread topic, but you may want to see the following commit message about "ipv6" problems recently fixed in master/v7. If you want to discuss IPv6 matching, please start a new mailing list thread!
> https://github.com/squid-cache/squid/commit/51c518d5
> 
> 
> 
> Thank you,
> 
> Alex.
> 
> 
>>>> On Jun 17, 2024, at 08:17, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>>> 
>>> On 2024-06-16 19:46, Jonathan Lee wrote:
>>>> I use them for ipv6 blocks they seem to work that way in 5.8
>>> 
>>> Just to double check that we are on the same page here, please share an example (or two) of your src_as or dst_as ACL definitions (i.e., "acl ... dst_as ..." or similar lines). I do _not_ need the corresponding directives that use those AS-based ACLs (e.g., "http_access deny..."), just the "acl" lines themselves.
>>> 
>>> As an added bonus, I may be able to confirm whether Squid v5.8 can grok responses about Autonomous System Numbers used by your specific configuration :-).
>>> 
>>> 
>>> Thank you,
>>> 
>>> Alex.
>>> 
>>> 
>>>>> On Jun 16, 2024, at 17:00, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>>>>> 
>>>>> Hello,
>>>>> 
>>>>>    Does anybody still have src_as and dst_as ACLs configured in their production Squids? There are several serious problems with those ACLs, and those problems have been present in Squid for many years. I hope that virtually nobody uses those ACLs today.
>>>>> 
>>>>> If you do use them, please respond (publicly or privately) and, if possible, please indicate whether you have verified that those ACLs are working correctly in your deployment environment.
>>>>> 
>>>>> 
>>>>> Thank you,
>>>>> 
>>>>> Alex.
>>>>> 
>>>>> 
>>>>>>    acl aclname src_as number ...
>>>>>>    acl aclname dst_as number ...
>>>>>>      # [fast]
>>>>>>      # Except for access control, AS numbers can be used for
>>>>>>      # routing of requests to specific caches. Here's an
>>>>>>      # example for routing all requests for AS#1241 and only
>>>>>>      # those to mycache.mydomain.net:
>>>>>>      # acl asexample dst_as 1241
>>>>>>      # cache_peer_access mycache.mydomain.net allow asexample
>>>>>>      # cache_peer_access mycache_mydomain.net deny all
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>> squid-users at lists.squid-cache.org
>>>>> https://lists.squid-cache.org/listinfo/squid-users
>>> 
>

More information about the squid-users mailing list