Hi, I am facing the same issue as described in https://bugs.squid-cache.org/show_bug.cgi?id=5154 where ipv6 literal URLs are casuing squid, v5.7, to restart. As a work around I am testing the below to deny ipv6 requests.
acl to_ipv6 dst ipv6 acl from_ipv6 src ipv6 # Prevent ipv6 requests to avoid crash in squid > 5.x http_access deny to_ipv6 http_access deny from_ipv6 While this works for most of the ipv6 URLs , some of the cases like http://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]:80/index.html , ACL is not matched. 2023/03/06 20:01:03.049 kid1| 28,3| Checklist.cc(70) preCheck: 0x15c1278 checking slow rules 2023/03/06 20:01:03.049 kid1| 28,5| Acl.cc(124) matches: checking http_access 2023/03/06 20:01:03.049 kid1| 28,5| Checklist.cc(398) bannedAction: Action 'DENIED/0' is not banned 2023/03/06 20:01:03.050 kid1| 28,5| Acl.cc(124) matches: checking http_access#1 2023/03/06 20:01:03.050 kid1| 28,5| Acl.cc(124) matches: checking to_ipv6 2023/03/06 20:01:03.050 kid1| 28,9| Ip.cc(96) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: [fedc:ba98:7654:3210:fedc:ba98:7654:3210]/[ffc0::] ([fec0::]) vs [fe80::]-[::]/[ffc0::] 2023/03/06 20:01:03.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '[fedc:ba98:7654:3210:fedc:ba98:7654:3210]' NOT found 2023/03/06 20:01:03.050 kid1| 28,3| Acl.cc(151) matches: checked: to_ipv6 = 0 2023/03/06 20:01:03.050 kid1| 28,3| Acl.cc(151) matches: checked: http_access#1 = 0 2023/03/06 20:01:03.050 kid1| 28,5| Checklist.cc(398) bannedAction: Action 'DENIED/0' is not banned 2023/03/06 20:01:03.050 kid1| 28,5| Acl.cc(124) matches: checking http_access#2 I could not find any reference which mentions FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 as a special type of IPv6. I am wondering why FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 does not match ipv6 check. Regards, John
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
