I'm using squid in a parants / siblings hierarchy, my cache is a sibling
sometime ago i noticed a problem with ftp:// URL's in squid
(this problem don't appens with http:// URL's)
Some sibling replied-me with a HIT, and when the proxy try to fetch the
object, it gives the message:
>Error
>Access Denied
>Sorry, you are not currently allowed to request
> ftp://ftp.mcafee.com/pub/antivirus/datfiles/ (as an example)
>From this cache. Please check with the cache administrator if you believe
this is incorrect.
I'v talked with the administrator of that proxy, and he told-me that my
cache don't have access restrictions for
http_access and icp_access, only for miss_access ( everything rigth as he
is acting as a sibling for me ).
Today i discovered the problem, some problem exists with the trailling / in
the URL's of ftp's
My "theory":
In the ICP query the URL request in the packet have the ending /
(packet dump)
00000020 01 02 00 45 00 00 ...E..
00000030 05 E6 00 00 00 00 00 00 00 00 01 00 00 7F 00 00 ...............
00000040 00 00 66 74 70 3A 2F 2F 66 74 70 2E 6D 63 61 66 ..ftp://ftp.mcaf
00000050 65 65 2E 63 6F 6D 2F 70 75 62 2F 61 6E 74 69 76 ee.com/pub/antiv
00000060 69 72 75 73 2F 64 61 74 66 69 6C 65 73 2F 00 irus/datfiles/.
the ICP reply:
00000020 02 02 00 41 00 00 ...A..
00000030 05 E6 00 00 00 00 00 00 00 00 C2 75 04 62 66 74 ...........u.bft
00000040 70 3A 2F 2F 66 74 70 2E 6D 63 61 66 65 65 2E 63 p://ftp.mcafee.c
00000050 6F 6D 2F 70 75 62 2F 61 6E 74 69 76 69 72 75 73 om/pub/antivirus
00000060 2F 64 61 74 66 69 6C 65 73 2F 00 /datfiles/.
The http request is:
00000030 47 45 54 20 66 74 70 3A 2F 2F GET.ftp://
00000040 66 74 70 2E 6D 63 61 66 65 65 2E 63 6F 6D 2F 70 ftp.mcafee.com/p
00000050 75 62 2F 61 6E 74 69 76 69 72 75 73 2F 64 61 74 ub/antivirus/dat
00000060 66 69 6C 65 73 2F 20 48 54 54 50 2F 31 2E 30 0D files/.HTTP/1.0.
00000070 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A .User-Agent:.Moz
00000080 69 6C 6C 61 2F 32 2E 30 20 28 63 6F 6D 70 61 74 illa/2.0.(compat
00000090 69 62 6C 65 3B 20 4D 53 49 45 20 33 2E 30 32 3B ible;.MSIE.3.02;
000000A0 20 57 69 6E 64 6F 77 73 20 4E 54 29 0D 0A 48 6F .Windows.NT)..Ho
000000B0 73 74 3A 20 66 74 70 2E 6D 63 61 66 65 65 2E 63 st:.ftp.mcafee.c
000000C0 6F 6D 3A 32 31 0D 0A 56 69 61 3A 20 31 2E 30 20 om:21..Via:.1.0.
000000D0 70 72 6F 78 79 2E 69 73 65 6C 2E 70 74 3A 33 31 proxy.isel.pt:31
000000E0 32 38 20 28 53 71 75 69 64 2F 31 2E 31 2E 31 31 28.(Squid/1.1.11
000000F0 29 0D 0A 58 2D 46 6F 72 77 61 72 64 65 64 2D 46 )..X-Forwarded-F
00000100 6F 72 3A 20 31 39 33 2E 31 33 37 2E 32 32 30 2E or:.193.137.220.
00000110 33 35 0D 0A 43 61 63 68 65 2D 63 6F 6E 74 72 6F 35..Cache-contro
00000120 6C 3A 20 4D 61 78 2D 61 67 65 3D 33 36 30 30 0D l:.Max-age=3600.
00000130 0A 0D 0A ...
and the result is ... ( the access error message )
Using the "client" included with squid i'v made two queries to that proxy (
the sibling )
>client -h proxy.sibling.pt ftp://ftp.mcafee.com/pub/antivirus/datfiles (
without trailling / )
Result: Access Error again ...
>client -h proxy.sibling.pt ftp://ftp.mcafee.com/pub/antivirus/datfiles/ (
with trailling / )
Result: The ftp index, everything ok.
Conclusion:
The squid is making some error while "cooking" the FTP recieved URL's.
I hope this could help the developing team, if i'm wrong sorry for the
noise ...
Thanks for any help.
Pedro Ribeiro.
[]-----------------------------------------------------------------[]
Pedro Ribeiro
Online: http://www.cc.isel.pt/Pessoais/PedroRibeiro
e-Mail: Personal: pribeiro@cc.isel.pt
Admin: admin@isel.pt
[]-----------------------------------------------------------------[]
Received on Sat Jun 28 1997 - 07:02:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:35 MST