Re: [RFC] ignore ftp_epsv off for IPv6

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Thu, 30 Jan 2014 16:17:49 -0700

On 01/30/2014 03:35 PM, Amos Jeffries wrote:

> P4-b: Shall we skip the arguing and go straight to ACL driven in that
> format? I think it may be faster to simply write up a patch for ACLs
> with a default "allow all" and simply allow/deny action choice than to
> continue discussions around the on/off scoping. We are clearly focusing
> on different use-cases and error conditions being more or less
> subjectively important. The admin on the ground can probably get that
> right far better than we can anyway.

Do you want me to add an ipv4_server and ipv6_server hard-coded ACLs?
They would work in contexts where the server address is known (any
origin server: HTTP, FTP, Gopher, etc.). I fear opening another big can
of worms with this! If we do not add those ACLs, how will an admin know
that Squid is going to talk to an IPv6 server (my definition)?

We should still keep "on" and "off" keywords for backward compatibility,
right?

So, we will have:

  ftp_epsv on
  ftp_epsv off
  ftp_epsv deny ipv4_server
  ftp_epsv deny ipv6_server

but folks can use other, customer ACLs instead of ipv4_server and
ipv6_server. The action on the first matching ftp_epsv line is applied.
Anything else for ftp_epsv?

Thank you,

Alex.
Received on Thu Jan 30 2014 - 23:18:10 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 31 2014 - 12:00:17 MST