Re: [squid-users] Squid3: ftp redirector in proxy-cache mode from Henrik Nordstrom on 2003-08-20 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 20 Aug 2003 22:03:18 +0200

On Wednesday 20 August 2003 20.40, Jim Flowers wrote:

> I can rewrite http URL to ftp URL and get it to work fine for
> anonymous ftp but not for user ftp with password authentication
> provided by the ftpserver.

Probably correct. For this to work you need to define a HTTP url
namespace which can be translated into non-anonymous FTP.

> 1. http://www.ftpserver.com rewritten to ftp://ftp.ftpserver.com.
> Squid assumes anonymous and with no anonymous on ftp.ftpserver.com,
> it fails. No prompt for user/password is returned to browser.

Squid assumes what the URL says, which is anonymous FTP.

> 2. rewritten to ftp://realuser:realpassword@ftp.ftpserver.com.
> Works fine.

Correct.

> 3. rewritten to ftp://realuser@ftp.ftpserver.com it returns a popup
> with 'realm ftp realuser'. Enter realuser and realpassword. Works
> fine.

Yes.

> 4. rewritten to ftp://dummyuser@ftp.ftpserver.com returns a popup
> with 'realm ftp dummyuser'. Enter realuser and realpassword does
> not work.

You can modify this criteria in ftpCheckAuth function in src/ftp.c.
The default is to require that the user name is the same, but it is
not a strict requirement.

> 5. any attempt to provide the username from the browser using @ (e.
> g. http://realuser@www.ftpserver.com) fails to get to the
> redirector program whether a redirector_access acl is used or not.

Correct. HTTP does not have such username syntax in the URL.

> 6. If I escape the @ in the browser entry (e.g.
> http://realuser\@www.ftpserver.com) it makes it to the redirector.
> The rewrite is altered, however, resulting in DNS lookup failuer of
> the rewritten URL.

If it makes it to the redirector then it can be made to work. You just
need to make sure the redirector gives corred URL back.

However, do not assume that the above syntax will work in all
browsers. It is not a valid URL syntax. Also, there is no chance this
will work in accelerator mode.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Wed Aug 20 2003 - 14:05:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:01 MST