[squid-users] supplying ftp with username

From: Brendan Corcoran <[email protected]>
Date: Fri, 9 Nov 2001 15:03:12 +1000

Whenever I try to ftp://myself@ftp.ftpserver.com/ in my internet browser
using squid as the ftp proxy:

I get "Access Denied. Access control configuration prevents your request
from being allowed at this time. Please contact your service provider if you
feel this is incorrect."

Ftp works if supply both a username and password
ftp://myself:mypassword@ftp.ftpserver.com/ or if it is an anonymous ftp
server. I don't want to do it the first way as it is insecure...

I am using Squid Version 2.2.STABLE4 on a Sparc 5 running Sol 7 and have
included output from cache.log and the acls in my squid.conf file.

thanks for any help,

Brendan

acls in squid.conf:

#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl intranet src 192.168.0.0/255.255.0.0
acl internet src 144.137.144.128/255.255.255.128
acl SSL_ports port 443 563
acl Safe_ports port 80 81 21 443 563 69 70 210 1025-65535
acl CONNECT method CONNECT

#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow intranet
http_access allow internet
http_access deny all

output from cache.log with debugging:

2001/11/09 14:25:20| aclCheckFast: list: 1ade40
2001/11/09 14:25:20| aclMatchAclList: checking all
2001/11/09 14:25:20| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2001/11/09 14:25:20| aclMatchIp: '144.137.144.136' found
2001/11/09 14:25:20| aclMatchAclList: returning 1
2001/11/09 14:25:20| aclCheck: checking 'http_access allow manager
localhost'
2001/11/09 14:25:20| aclMatchAclList: checking manager
2001/11/09 14:25:20| aclMatchAcl: checking 'acl manager proto cache_object'
2001/11/09 14:25:20| aclMatchAclList: returning 0
2001/11/09 14:25:20| aclCheck: checking 'http_access deny manager'
2001/11/09 14:25:20| aclMatchAclList: checking manager
2001/11/09 14:25:20| aclMatchAcl: checking 'acl manager proto cache_object'
2001/11/09 14:25:20| aclMatchAclList: returning 0
2001/11/09 14:25:20| aclCheck: checking 'http_access deny !Safe_ports'
2001/11/09 14:25:20| aclMatchAclList: checking !Safe_ports
2001/11/09 14:25:20| aclMatchAcl: checking 'acl Safe_ports port 80 81 21 443
563 69 70 210 1025-65535'
2001/11/09 14:25:20| aclMatchAclList: returning 0
2001/11/09 14:25:20| aclCheck: checking 'http_access deny CONNECT
!SSL_ports'
2001/11/09 14:25:20| aclMatchAclList: checking CONNECT
2001/11/09 14:25:20| aclMatchAcl: checking 'acl CONNECT method CONNECT'
2001/11/09 14:25:20| aclMatchAclList: returning 0
2001/11/09 14:25:20| aclCheck: checking 'http_access allow intranet'
2001/11/09 14:25:20| aclMatchAclList: checking intranet
2001/11/09 14:25:20| aclMatchAcl: checking 'acl intranet src
192.168.0.0/255.255.0.0'
2001/11/09 14:25:20| aclMatchIp: '144.137.144.136' NOT found
2001/11/09 14:25:20| aclMatchAclList: returning 0
2001/11/09 14:25:20| aclCheck: checking 'http_access allow internet'
2001/11/09 14:25:20| aclMatchAclList: checking internet
2001/11/09 14:25:20| aclMatchAcl: checking 'acl internet src
144.137.144.128/255.255.255.128'
2001/11/09 14:25:20| aclMatchIp: '144.137.144.136' found
2001/11/09 14:25:20| aclMatchAclList: returning 1
2001/11/09 14:25:20| aclCheck: match found, returning 1
2001/11/09 14:25:20| aclCheckCallback: answer=1
2001/11/09 14:25:20| aclCheckFast: list: 0
2001/11/09 14:25:20| aclCheckFast: no matches, returning: 1
2001/11/09 14:25:20| aclCheckFast: list: 1ade88
2001/11/09 14:25:20| aclMatchAclList: checking all
2001/11/09 14:25:20| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2001/11/09 14:25:20| aclMatchIp: '144.137.144.136' found
2001/11/09 14:25:20| aclMatchAclList: returning 1
Received on Thu Nov 08 2001 - 22:06:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:00 MST