[squid-users] Squid3: ftp redirector in proxy-cache mode from Jim Flowers on 2003-08-20 (squid-users)

From: Jim Flowers <jflowers@dont-contact.us>
Date: Wed, 20 Aug 2003 13:40:07 -0500

As I have not yet been able to get an ftp gateway working in accelerator
mode, I am working with Squid3 in proxy-cache mode to try and understand more
about how it works.

I can rewrite http URL to ftp URL and get it to work fine for anonymous ftp
but not for user ftp with password authentication provided by the ftpserver.

My observations:

1. http://www.ftpserver.com rewritten to ftp://ftp.ftpserver.com. Squid
assumes anonymous and with no anonymous on ftp.ftpserver.com, it fails. No
prompt for user/password is returned to browser.

2. rewritten to ftp://realuser:realpassword@ftp.ftpserver.com. Works fine.

3. rewritten to ftp://realuser@ftp.ftpserver.com it returns a popup
with 'realm ftp realuser'. Enter realuser and realpassword. Works fine.

4. rewritten to ftp://dummyuser@ftp.ftpserver.com returns a popup with 'realm
ftp dummyuser'. Enter realuser and realpassword does not work.

From this I conclude that it is necessary to provide for a real username but
not necessarily a password in the initial URL entered in the browser.

5. any attempt to provide the username from the browser using @ (e. g.
http://realuser@www.ftpserver.com) fails to get to the redirector program
whether a redirector_access acl is used or not.

6. If I escape the @ in the browser entry (e.g.
http://realuser\@www.ftpserver.com) it makes it to the redirector. The
rewrite is altered, however, resulting in DNS lookup failuer of the rewritten
URL.

entered in browser
------------------
http://realuser\@www.ftpserver.com

rewriting rule (perl)
--------------
s|http://(.*@*)www.ftpserver.com|ftp://$1ftp.ftpserver.com|;

error message
-------------
ftp://realuser/@ftp.ftpserver.com
Unable to determine IP address from host name for realuser

So in this case it appears that the '\' before the '@' is allows the
redirector program to be called but then is stripped and/or replaced with
a '/' which confuses the dns lookup routine.

I inteneded this last as just a kludge to try and dope out what is
happening. Is there a correct way to provide a realuser name from the
browser that can be forwarded on to the ftpserver in the manner required?

I would love to know it.

Thanks

Jim

--
Jim Flowers<jflowers@ezo.net>

Received on Wed Aug 20 2003 - 12:39:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:01 MST