Re: [squid-users] Detecting FileZilla FTP upload

From: Christoph Haas <email@dont-contact.us>
Date: Tue, 24 Jan 2006 13:26:01 +0100

On Tuesday 24 January 2006 11:26, ¼­Áø¼ö wrote:
> FileZilla transfers file through CONNECT method and bypasses below rule:
> acl FTP proto FTP
> acl PUT method PUT
> http_access deny FTP PUT

Using CONNECTs for FTP are dangerous. Don't allow that. Limit CONNECTs to
port 443 if you can. You are ripping large holes into your network.

> squid.conf says:
> # acl aclname req_mime_type mime-type1 ...
> # # regex match against the mime type of the request generated
> # # by the client. Can be used to detect file upload or some
> # # types HTTP tunneling requests.
> # # NOTE: This does NOT match the reply. You cannot use this
> # # to match the returned file type.
>
> Is there any way to detect FileZilla FTP upload?

No need to if CONNECT requests are limited according to the default
configuration.

> If there's no other way,
> please let me know free Win32 ftp client program
> having "HTTP Proxy with FTP support" feature.

I just know old Mozillas (not Firefox) that still have that feature built
in from the good old Netscape ages. But that's not very comfortable. If
you seriously need to make FTP uploads consider installing an FTP or SOCKS
proxy.

 Christoph

-- 
Never trust a system administrator who wears a tie and suit.
Received on Tue Jan 24 2006 - 05:26:10 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST