Search squid archive

Re: Disable IPV6 for certain destinations only?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/18/23 03:38, Ralf Hildebrandt wrote:


We're using squid-6, currently v4 only. The use case for us is mostly
our users using our proxy to retrieve full text publications of
several thousand medical journals... via IPv4.

The publishers "know" our IPv4 range for the proxies and allow us to
download freely. What they don't (yet) know is our ipv6 range.

Thus arises the need to "fall back" to ipv4 in the unlikely case some
publisher already has ipv6, we connect via ipv6 and suddenly are not
allowed to download the publications.

Is there an acl for that kind of need?


I will rephrase your question to avoid the distraction of "acl":

  How can I configure Squid to try IPv4 if IPv6 fails?

The answer depends on how IPv6 fails:
1. If IPv6 fails at DNS resolution time (i.e. the DNS resolver does not respond with a usable address to a AAAA query), then Squid will automatically use IPv4 (i.e. the DNS resolver address in an A response). There is nothing to configure.
2. If IPv6 fails at TCP connection establishment time, then Squid will automatically use an IPv4 connection. There is nothing to configure (although there are a few Happy Eyeballs configuration options that you can tune).
3. If IPv6 fails at TLS connection establishment time, then, IIRC, #2 applies unless SslBump is involved. Squid will not retry failed TLS connections that are subject to SslBump IIRC.
4. If IPv6 fails at HTTP request time, then Squid will retry in _some_ cases. See [1] for a long list of conditions; you are probably mostly interested in the last four or five bullets, but keep in mind that the list is of cases where Squid does _not_ re-forward the failed request.
[1] https://wiki.squid-cache.org/SquidFaq/InnerWorkings#when-does-squid-re-forward-a-client-request
You can also replace your DNS resolver with a custom one (that drops AAAA answers) or, as Adam has suggested, with hard-coded IPv4-only /etc/hosts entries. 


HTH,

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux