On 10/18/19 10:17 AM, Robert Senger wrote: > there's a group of clients that should be configured to load > websites via ipv4 only. > The only way I found so far is to set an invalid ipv6 outgoing address: > > tcp_outgoing_address fd20::1 proxy-extra > tcp_outgoing_address 172.16.4.244 proxy-extra > > where fd20::1 simply does not exist on the host system. > > This shows the results I want when browsing to test sites like > http://ipv6-test.com (ipv4 connectivity only). Glad you found a workaround! > But I am not sure if setting invalid addresses is really desirable... It is not. I have not checked, but I would expect that Squid master/v5 (at least) will try to use that invalid outgoing address (and fail). Needless to say, such futile attempts waste time and other resources. They may also lead to misleading user-visible errors. > So, is there a better / more elegant way to tell squid to use ipv4 only > when serving request for certain clients? tcp_outgoing_address is not meant for prohibiting destinations. I think Squid should support use cases like yours explicitly: We should add a new directive that only applies to direct destinations selected by the existing peer selection algorithms: acl to_ipv6 dst ipv6 direct_access deny to_ipv6 proxy-extra I also considered extending cache_peer_access to apply to direct destinations, but rejected that idea because we want to preserve existing checks for cache_peer names in cache_peer_access and because applying a directive called "cache_peer..." to direct connections is unexpected/confusing. We could also add a new ACL-driven directive to prohibit A or AAAA DNS queries for certain names: dns_query_access AAAA deny proxy-extra Using dns_query_access would save DNS resources in your use case, but direct_access would cover a lot more use cases because it is a lot more precise/selective (and not subject to DNS caching concerns). Perhaps both directives should be added. Quality pull requests or their sponsorship welcomed: https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F Cheers, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
