Re: [squid-users] ftp connect ?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 17 Sep 2004 23:26:39 +0200 (CEST)

On Fri, 17 Sep 2004 apmailist@free.fr wrote:

> Most ftp clients that support http proxies use the CONNECT method, once they
> have authenticated.

This is not "to support HTTP proxies", only to "abuse wrongly configured
HTTP proxies".

> Is it a security breach to allow CONNECT method on port 21 ?

Well, if using this approach you will need to allow CONNECT to any port,
not only port 21, as you also need to allow for the data transfer. The
security is that this makes your proxy wide open to proxy any TCP
protocol with very little control.

Generally you should be investigating running a SOCKS proxy if this kind
of functionality is what you need (access to any TCP service without using
NAT).

FTP the I recommend running an FTP proxy alongside with Squid, to handle
the non-HTTP-proxied FTP requests.

Regards
Henrik
Received on Fri Sep 17 2004 - 15:26:44 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT