On 2023-04-18, Ralf Hildebrandt <ralf.hildebra...@charite.de> wrote: > Hi! > > We're using squid-6, currently v4 only. The use case for us is mostly > our users using our proxy to retrieve full text publications of > several thousand medical journals... via IPv4. > > The publishers "know" our IPv4 range for the proxies and allow us to > download freely. What they don't (yet) know is our ipv6 range. > > Thus arises the need to "fall back" to ipv4 in the unlikely case some > publisher already has ipv6, we connect via ipv6 and suddenly are not > allowed to download the publications. > > Is there an acl for that kind of need?
I guess you want something akin to Postfix's smtp_dns_reply_filter but most software doesn't have anything similar. Without code changes, the simplest quick fix may be to add a static 'reject' route to the IPv6 block used by this publisher on the proxy (it could be kept up-to-date by a dns lookup script). That's less of a liability than forcing resolution to a particular IP. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
