My understanding is that "CONNECT" was originally designed to allow a
proxy to dynamically switch to being a tunnel. ie: ssl.
The problem is, application vendors are mis-using the CONNECT method
because it's "easy".
These particular vendors and their products are rendered as tainted
because they're not following rfc suggestions and/or recommendations.
RFC 2817 might be helpful to you. -> http://www.ietf.org/rfc/rfc2817.txt
RFC 3143 might also be interesting ->
ftp://ftp.rfc-editor.org/in-notes/rfc3143.txt
Best regards,
Tim Rainier
apmailist@free.fr
09/17/2004 09:56 AM
To: squid-users@squid-cache.org
cc:
Subject: [squid-users] ftp connect ?
Hello,
Most ftp clients that support http proxies use the CONNECT method, once
they
have authenticated.
This method is not allowed by default on the FTP port.
So these clients (inc. Filezilla, ...) don't get much further than
authentication.
Is it a security breach to allow CONNECT method on port 21 ?
Where could I find more info about this topic ?
Thank You,
Andrew.
Received on Fri Sep 17 2004 - 09:21:59 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT