Search squid archive

Re: Anybody still using src_as and dst_as ACLs?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2024-06-17 11:43, Jonathan Lee wrote:
acl to_ipv6 dst ipv6
acl from_ipv6 src ipv6


Glad I asked! The above configuration is not using "src_as" and "dst_as" ACL types that I am asking about. It is using "src" and "dst" ACL types.


> I hope that helps our isp is ipv6 only

Matching IPv6 addresses is completely unrelated to this thread topic, but you may want to see the following commit message about "ipv6" problems recently fixed in master/v7. If you want to discuss IPv6 matching, please start a new mailing list thread!
https://github.com/squid-cache/squid/commit/51c518d5



Thank you,

Alex.


On Jun 17, 2024, at 08:17, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

On 2024-06-16 19:46, Jonathan Lee wrote:
I use them for ipv6 blocks they seem to work that way in 5.8

Just to double check that we are on the same page here, please share an example (or two) of your src_as or dst_as ACL definitions (i.e., "acl ... dst_as ..." or similar lines). I do _not_ need the corresponding directives that use those AS-based ACLs (e.g., "http_access deny..."), just the "acl" lines themselves.

As an added bonus, I may be able to confirm whether Squid v5.8 can grok responses about Autonomous System Numbers used by your specific configuration :-).


Thank you,

Alex.


On Jun 16, 2024, at 17:00, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

Hello,

   Does anybody still have src_as and dst_as ACLs configured in their production Squids? There are several serious problems with those ACLs, and those problems have been present in Squid for many years. I hope that virtually nobody uses those ACLs today.

If you do use them, please respond (publicly or privately) and, if possible, please indicate whether you have verified that those ACLs are working correctly in your deployment environment.


Thank you,

Alex.


   acl aclname src_as number ...
   acl aclname dst_as number ...
     # [fast]
     # Except for access control, AS numbers can be used for
     # routing of requests to specific caches. Here's an
     # example for routing all requests for AS#1241 and only
     # those to mycache.mydomain.net:
     # acl asexample dst_as 1241
     # cache_peer_access mycache.mydomain.net allow asexample
     # cache_peer_access mycache_mydomain.net deny all
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux