RE: [squid-users] Send FileZilla FTP traffic through ICAP server

From: Dave Burkholder <dave_at_thinkwelldesigns.com>
Date: Thu, 25 Apr 2013 12:41:32 -0400

Thanks so much for your replies here, Alex.

>> If you must use FileZilla,
The FTP client software, FileZilla / Cyberduck / etc, isn't the issue. The issue is sending traffic to an ICAP server.

>> Our FTP gateway project adds that functionality to Squid.

I'm very glad to hear about this project; I'd missed reading about it. This looks like just what I need.

You said it's not yet ready for production use. Does the May 2013 ETA mean ETA of beta-quality code or ETA of production-ready code?

Thanks!

Dave

-----Original Message-----
From: Alex Rousskov [mailto:rousskov_at_measurement-factory.com]
Sent: Thursday, April 25, 2013 10:17 AM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Send FileZilla FTP traffic through ICAP server

On 04/25/2013 08:08 AM, Alex Rousskov wrote:

> Dave, it looks like FileZilla did not receive FTP server Hello from
> Squid. I suggest that you take packet captures before and after Squid,
> to see whether Squid itself has received FTP server Hello from the FTP
> server. If Squid connected to the FTP server but received nothing,
> then the problem is on the FTP server side. Otherwise, the problem may
> be with Squid.

I forgot to mention that even if you succeed with making CONNECT work, it will not help you with ICAP inspections because Squid will only send CONNECT request to your ICAP server and not the FTP traffic that happens inside the HTTP CONNECT tunnel.

If you must use FileZilla, and FileZilla does not support sending HTTP requests with ftp://urls to HTTP proxies (instead of using CONNECT tunnels with raw FTP inside), then you must use an FTP proxy that supports ICAP, not an HTTP proxy.

Our FTP gateway project adds that functionality to Squid. It is not ready for production use, but simple FTP transactions are supported and code is available: http://wiki.squid-cache.org/Features/FtpGateway

HTH,

Alex.
Received on Thu Apr 25 2013 - 16:41:41 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 25 2013 - 12:00:07 MDT