Re: [squid-users] Problème with FTP

From: Amos Jeffries <>
Date: Tue, 13 Dec 2011 17:12:28 +1300

On 12/12/2011 11:35 p.m., wrote:
> Hello All,
> I use squid3.1.13-dansguardian2.10.1.1 on a Centos 5.7. And I meet a
> problem I never known.
> When I connect on an ftp site in anonymous through a web browser NO PROBLEM all is good
> When I connect on an ftp site with ftp://login:pass@ftp-site through a web browser it's
> converted in anonymous connection. I must say the ftp-site works with both auth-method
> but on different directory-tree.
> There is no authentication needed on proxy
> What's wrong with my configuration file.

There are actually three auth methods Supported by Squid to FTP servers:
  - anonymous auth
  - URL-based auth
  - WWW auth

What Squid does is attempt anonymous fetch of the requested object and
if that succeeds the credentials are kept private. Only if the FTP
server rejects anonymous access and requires authentication will Squid
send any credentials. Squid 3.1 will accept credentials in either URL or
HTTP headers for the FTP server as realm. If login fails it produces an
HTTP Basic scheme login challenge to get fresh credentials from the user
agent, you may see a popup here if using a browser.

It may be that the dansguardian proxy service is protecting your
credentials privacy by stripping them out of the URL. If that is the
case you will need to pass them via the auth headers. This is a good way
to pass them anyway since it keeps the password out of log files all
over the network etc.

Note that this is login to the FTP origin server not the proxy. So
auth_param configuration is not needed in Squid. Only that the proxy is
built with auth "basic" scheme support to translate from HTTP login to
FTP login.

Received on Tue Dec 13 2011 - 04:12:36 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 13 2011 - 12:00:03 MST