Re: [squid-users] Squid FTP - CWD direct vs incremental

From: Tony <tony@dont-contact.us>
Date: Sat, 29 Sep 2007 09:15:02 -0400

The FTP server in question is not one my company owns and operates, so
we can not simply fix the server. The server reports "Microsoft FTP
Service (Version 4.0) although Im not sure what version of windows its
running on.

When manually changing directories via command line FTP prog, I do
indeed get a 550 access denied error. This is before I get a chance to
try and list the directory contents.

Changing the slashies to %2f does indeed work and allows us to access
that path directly. However were using a different workaround, where
we're actually routing the FTP traffic directly and not using a proxy
server at all for FTP. Its not my first choice, but it happens to work
in this particular instance. Appearing transparent to the end user is
more important.

Thanks,
-Tony

Henrik Nordstrom wrote:
> On fre, 2007-09-28 at 12:43 -0400, Tony wrote:
>
>> Pardon me if I'm missing something, but I noticed squid will only change
>> one directory at a time via the CWD command.
>>
>
> Yes, as defined in RFC1738 where the ftp:// URL scheme is specified.
>
>
>
>> It will not CWD directly
>> to the requested path. This presents a problem for me where I have to
>> change directories below folders without read perms.
>>
>> For instance: ftp://ftp.example.com/ftp/data/user/
>>
>
> You can URL-encode parts if you want Squid to see them as a single
> directory with / in their name..
>
>
>> Lets say that the data directory does not have read permissions on it to
>> keep from getting a user list of the FTP box. The user directory
>> however has read perms on it. When I try an go to the full URL, squid
>> replies:
>>
>> Squid sent the following FTP command:
>>
>> CWD data
>>
>> and then received this reply
>>
>> ftp: Access is denied.
>>
>
> This is an odd FTP server.. allowing CWD via a directory but not CWD
> into the directory..
>
> CWD do not need read access, only the right to change directory in or
> via the directory..
>
>
>> Any ideas on how to get past this?
>>
>
> ftp://ftp.example.com/ftp/data%2fuser/
>
> But I would seriously recommend fixing the FTP server to allow CWD but
> not read access to data.. odd setups like this is just confusing to
> everyone involved.
>
> What kind of FTP server is this? On what OS?
>
> Regards
> Henrik
>
Received on Sat Sep 29 2007 - 07:16:41 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:03 MDT