Join Log in
Score:1
TravelWhere avatar Server

How to disable ipv4 in squid proxy?

cn flag
TravelWhere

How do I disable ipv4 in squid proxy so when I visit a site it will use ipv6 ip only. I install squid proxy on ubuntu 20.04. I tested my config but on whatismyipaddress.com it can still detect ipv4. Here's my config

forwarded_for off
via off
follow_x_forwarded_for deny all
request_header_access X-Forwarded-For deny all
request_header_access From deny all
request_header_access Referer deny all
request_header_access User-Agent deny all
request_header_access Authorization allow all
request_header_access Proxy-Authorization allow all
request_header_access Cache-Control allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Connection allow all
request_header_access All deny all

acl localnet src xxx.xxx.xxx.xxx
acl localnet src xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

acl ipv4_from src ipv4
acl ipv4_to dst ipv4

acl ip1 myip 2406:cb42:0:1029:607a:0000:0000:0001
acl ip2 myip 2406:cb42:0:1029:607a:0000:0000:0002  

tcp_outgoing_address 2406:cb42:0:1029:607a:0000:0000:0001 ip1
tcp_outgoing_address 2406:cb42:0:1029:607a:0000:0000:0002 ip2

http_access allow localnet
http_access allow localhost
http_access deny all
http_access deny ipv4_from
http_access deny ipv4_to

acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT

http_port 3128
311
0 + 0
Score:0
John Mahowald avatar Server
cn flag
John Mahowald 
acl ipv4_from src ipv4
acl ipv4_to dst ipv4

http_access deny ipv4_from
http_access deny ipv4_to
http_access allow localhost
http_access deny all

This Squid ACL fragment prohibits all IPv4, and only allows to localhost, so a squid running on the local box. (Compiled in special ACL strings exist for all of "ipv4" or "ipv6".) Adjust as desired, perhaps allow from your organization's /48 prefix.

Denying v4 destinations will prevent access to IPv4 only sites, even if the squid host is dual stack and can reach them. This is fine if you want to force a v6 only environment. But will deny things including, as of 2021, serverfault.com.

Or, could configure the hosts with IPv6 only networking.

0 + 0
TravelWhere avatar
cn flag
TravelWhere
I tried but it still doesn't work. On whatismyipaddress.com it can detect ipv4. I've updated my fist post to include my config
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.