On 16.05.2015 10:13, Amos Jeffries wrote:
On 16/05/2015 6:22 p.m., Walter H. wrote:On 16.05.2015 01:41, Amos Jeffries wrote:On 16/05/2015 6:14 a.m., Walter H. wrote:Hello, is IPv6 somewhat similar to IPv4?Somewhat, yes.I just wondered because of the "different" behaviour;e.g. I would write acl block_ipv4_range dst 84.84.84.0/24 deny_info errorpage block_ipv4_range http_access deny block_ipv4_range to block any hosts within this IPv4 rangeTaking a step asside, that is not quite what those rules do. They block access from anywhere *to* the IP address range (TCP/IP packet destination on the request messages).yes this should be the intention, that you get an error (in this case the errorpage) when you have e.g. http://84.84.84.2/ or https://84.84.84.2/ as URL in your browser ...It will block that, and any domain name which resolves to those IPs.
yes, that is the intention; I would have done it this way: acl block_whole_network dst_as 4837 deny_info errorpage block_whole_network http_access deny block_whole_network but this crashes squid ... as workaround I've got a file listing any range for one AS number and doing this: acl block_as4837 dst "block-as4837-acl.squid" and one of these files has more than 600(!) entries ...
does it seem to be problematic, when having an TLS-server with an IPv6 address only without DNS, because of the comm name?That is a different issue entirely.
yes and hoping no browser ever will accept a common name of just '*'
Going by that description it seems Firefox and Chrome are a bit broken.
IE, too; Walter
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
