diff mbox series

Revert "proxy.cgi: Fix for Bug #12826 'squid >=5 crashes on literal IPv6 addresses'"

Message ID 20240108164248.3794991-1-michael.tremer@ipfire.org
State Staged
Commit a1bb2fb5853f882e4a87397448bead7a9ebfa43d
Headers
Series Revert "proxy.cgi: Fix for Bug #12826 'squid >=5 crashes on literal IPv6 addresses'" |

Commit Message

Michael Tremer Jan. 8, 2024, 4:42 p.m. UTC 
  This reverts commit e0be9eab47d621545e5498c32c0fef39f7ef84a9.

This change is now producing problems on IPv6-enabled systems as it will
deny access to any website that is IPv6-enabled as well, even if the
client connected using IPv4.

I have tested if squid is now running on fine on systems where IPv6 is
disabled and can confirm that its running just fine.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/proxy.cgi | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

Comments

Peter Müller Jan. 8, 2024, 6:31 p.m. UTC | #1 
Acked-by: Peter Müller <peter.mueller@ipfire.org>

> This reverts commit e0be9eab47d621545e5498c32c0fef39f7ef84a9.
> 
> This change is now producing problems on IPv6-enabled systems as it will
> deny access to any website that is IPv6-enabled as well, even if the
> client connected using IPv4.
> 
> I have tested if squid is now running on fine on systems where IPv6 is
> disabled and can confirm that its running just fine.
> 
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
>  html/cgi-bin/proxy.cgi | 12 +-----------
>  1 file changed, 1 insertion(+), 11 deletions(-)
> 
> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
> index 71be315f6..c8e3576df 100644
> --- a/html/cgi-bin/proxy.cgi
> +++ b/html/cgi-bin/proxy.cgi
> @@ -3525,19 +3525,9 @@ END
>  			$_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
>  			print FILE $_;
>  		}
> -		print FILE "\n#End of custom includes\n\n";
> +		print FILE "\n#End of custom includes\n";
>  		close (ACL);
>  	}
> -
> -		print FILE <<END
> -# Prevent ipv6 requests to avoid crash in squid > 5.x
> -acl to_ipv6 dst ipv6
> -acl from_ipv6 src ipv6
> -http_access deny to_ipv6
> -http_access deny from_ipv6
> -END
> -	;
> -
>  	if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
>  
>  	# Check if squidclamav is enabled.
diff mbox series

Patch

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 71be315f6..c8e3576df 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3525,19 +3525,9 @@  END
 			$_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
 			print FILE $_;
 		}
-		print FILE "\n#End of custom includes\n\n";
+		print FILE "\n#End of custom includes\n";
 		close (ACL);
 	}
-
-		print FILE <<END
-# Prevent ipv6 requests to avoid crash in squid > 5.x
-acl to_ipv6 dst ipv6
-acl from_ipv6 src ipv6
-http_access deny to_ipv6
-http_access deny from_ipv6
-END
-	;
-
 	if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
 
 	# Check if squidclamav is enabled.