[squid-users] 2.4STABLE1 & authentication & FTP - BUG

From: Ken Thomson <Ken.Thomson@dont-contact.us>
Date: Fri, 10 Aug 2001 15:06:34 +1000

I have noticed what appears to be a bug in Squid 2.4STABLE1.

If you have user authentication (ie. an acl with proxy_auth REQUIRED set on)
and try to access a FTP site via squid and cancel the authentication request
windows, you can still get at any directory/file and start a file download.
You do not need to be authenticated!

The reason for this is that Squid renders the FTP directory in the browser
prior to prompting for authentication. So you can cancel the authentication
and proceed as normal by clicking links and continually cancelling the
authentication requests.

Anyone else experience this?

Regards,
Ken.
Received on Thu Aug 09 2001 - 23:06:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:32 MST