Re: [squid-users] Squid3: ftp redirector in proxy-cache mode

From: Jim Flowers <[email protected]>
Date: Wed, 20 Aug 2003 15:46:09 -0500

So the answer appears to be that although squid has the mechanics of an http
to ftp gateway that can be made to work for anonymous ftp, there is no
provision in the standards or in squid for accomodating a user name from the
browser address window.

While I appreciate that there are probably many ways around this limitation,
probably the easiest for the short term that will not run amok will be to
rewrite http://www.ftpserver.com/realuser to
ftp://realuser@ftp.ftpserver.com. Looks good to http and gives ftp what it
needs.

Thanks for all the help.

--
Jim Flowers<jflowers@ezo.net>
---------- Original Message -----------
From: Henrik Nordstrom <hno@squid-cache.org>
To: "Jim Flowers" <jflowers@ezo.net>, Squid Users <squid-users@squid-
cache.org>
> 
> > 1. http://www.ftpserver.com rewritten to ftp://ftp.ftpserver.com. 
> > Squid assumes anonymous and with no anonymous on ftp.ftpserver.com,
> > it fails.  No prompt for user/password is returned to browser.
> 
> Squid assumes what the URL says, which is anonymous FTP.
> 
Which works with proxy-cache and real ftp:// because when anonymous is not 
present, browser pops up auth window.
> 
> > 4. rewritten to ftp://dummyuser@ftp.ftpserver.com returns a popup
> > with 'realm ftp dummyuser'.  Enter realuser and realpassword does
> > not work.
> 
> You can modify this criteria in ftpCheckAuth function in src/ftp.c. 
> The default is to require that the user name is the same, but it is 
> not a strict requirement.
So, remove the restriction and rewrite using a dummyname (e. g. squid@ or 
something that looks good as a realm) to trigger the request for real 
username and password.
> 
> > 5. any attempt to provide the username from the browser using @ (e.
> > g. http://realuser@www.ftpserver.com) fails to get to the
> > redirector program whether a redirector_access acl is used or not.
> 
> Correct. HTTP does not have such username syntax in the URL.
> 
> > 6.  If I escape the @ in the browser entry (e.g.
> > http://realuser\@www.ftpserver.com) it makes it to the redirector. 
> > The rewrite is altered, however, resulting in DNS lookup failuer of
> > the rewritten URL.
> 
> If it makes it to the redirector then it can be made to work. You 
> just need to make sure the redirector gives corred URL back.
> 
> However, do not assume that the above syntax will work in all 
> browsers. It is not a valid URL syntax. Also, there is no chance 
> this will work in accelerator mode.
and besides, it's ugly.
Received on Wed Aug 20 2003 - 14:45:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:01 MST