Marc Elsen wrote:
>
> "Ampugnani, Fernando" wrote:
> >
> > Marc:
> > I fix it adding port 21 to SSL port. Isn�t recommended, but is the
> > only option that I take.
> >
> > What do you think about this?
>
> Could be dangerous, in security terms.
> Remember the threads on port 25 open's for CONNECT and SPAM
> relaying abuse of squid.
>
> Meaning that it would be wise to use calm ftp clients in
> sec. terms and or securing this access to squid from unintended use
And it won't work unless you also allow CONNECT to any port >1024 which
I defenitely would not recommend for security reasons, requires a
special FTP client who knows how to abuse the HTTP CONNECT proxy method
in such manners.
Using a FTP proxy is strongly recommended. Apart from actually working
for proxying FTP clients this also gives you better control of how/why
the FTP proxy is used, including the ability to use user authentication
to give access to the FTP proxy service.
Regards
Henrik
Received on Fri Feb 14 2003 - 06:36:17 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:23 MST