Re: [squid-users] Squid3: ftp redirector in proxy-cache mode from Henrik Nordstrom on 2003-08-20 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 21 Aug 2003 00:17:05 +0200

On Wednesday 20 August 2003 22.46, Jim Flowers wrote:
> So the answer appears to be that although squid has the mechanics
> of an http to ftp gateway that can be made to work for anonymous
> ftp, there is no provision in the standards or in squid for
> accomodating a user name from the browser address window.

Yes and no.

There is no explicit mention in the standard for using other means
than direct username+password for non-anonymous FTP access. However,
as it is a HTTP->FTP gateway process it is the job of the
gateway/proxy to convert HTTP semantics to FTP semantics. HTTP
proxying of ftp:// URLs is technically HTTP->FTP gatewaying, where
the browser speaks HTTP to the proxy asking for a ftp:// URL.

The Squid HTTP Proxy FTP gateway is primarily designed for proxy
access to ftp:// URLs. In such mode login in to a different username
than the user given in the URL does not make much sense and because
of this the HTTP->FTP gateway in Squid requires that the username is
consistent in the request (same username in both the URL and in HTTP
authentication headers).

The above restriction is not really relevant when you are doing
http:// -> ftp:// gatewaying in a reverse proxy as the ftp:// URL is
then purely virtual concept internally in the reverse proxy and not
requested by the user (the user requested a http:// URL). But as
Squid is not designed with this in mind you need to make some slight
modifications to the source to get the exact behavior you are asking
for.

> While I appreciate that there are probably many ways around this
> limitation, probably the easiest for the short term that will not
> run amok will be to rewrite http://www.ftpserver.com/realuser to
> ftp://realuser@ftp.ftpserver.com. Looks good to http and gives ftp
> what it needs.

This will work fine and is what I was talking about in defining a
http:// URL namespace for non-anonymous FTP. Such design and also
gives a clear path on how to support anonymous FTP in the same
http://->ftp:// gateway, and makes sure that each object on the FTP
server has a unique URL by giving different users different URLs.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Wed Aug 20 2003 - 16:18:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:01 MST