Good morning, all.
In working an issue with browsers sending FTP over explicit HTTP proxies, I've
encountered a behavior with Squid that I do not see on either of the two
commercial proxies (Blue Coat and NetCache) at my day job.
When going to a FTP site that does not accept anonymous FTP connections
(ftp://nac-client.na-corp.com/), my commercial (HTTP/1.1) proxies respond
with '401 Authentication Required' after the initial anonymous login fails.
Squid, however, responds with 403 Forbidden. The 401 is the desired
response as Netscape and Mozilla helpfully pop up a prompt for the user
credentials for the FTP site in response to a 401. Receiving the 403 back
stops this from occurring and results in an error message to the end user.
Is there a way to cause Squid to generate the desired 401 code in
response to an initial anonymous FTP login failing? Having users rewrite
the URL to the familiar ftp://user:pass@site/ syntax is not a very
palatable option.
I am running FreeBSD 4.9-STABLE. Squid -v output is as follows:
Squid Cache: Version 2.5.STABLE3
configure options: --bindir=/usr/local/sbin
--sysconfdir=/usr/local/etc/squid --datadir=/usr/local/etc/squid
--localstatedir=/usr/local/squid '--enable-storeio=ufs diskd null'
'--enable-removal-policies=lru heap' --enable-auth=basic
'--enable-basic-auth-helpers=NCSA PAM YP'
'--enable-external-acl-helpers=ip_user unix_group' --enable-underscores
--prefix=/usr/local i386-portbld-freebsd4.8
Google and searches through squid-users have been unfruitful. Searches
through the release notes for both STABLE4 and 3.0 and Bugzilla also do
not reveal any hits for this particular behavior. For that matter, I am
unable to easily locate an RFC spec for just how FTP-over-HTTP is
supposed to work, so perhaps this is a nebulous area all-together.
Any suggestions would be very helpfull.
David
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:20 MST