On Mon, 24 Jan 2005, Henri Walazo wrote:
> First I download from ftp.redhat.com the file abiword-1.0.4-2.i386.rpm
> (4.98 MB) (in binary mode)
> I get this line in access.log :
> 1106558551.810 14298 192.168.1.3 TCP_MISS/200 5232437 CONNECT
> ftp.redhat.com:14954 - DIRECT/209.132.176.30 - [Host:
> ftp.redhat.com:14954\r\n] []
Argh! Whoever wrote this client deserves to be shot in the head. This is
serious abuse of the HTTP proxy protocol, and no proxy administrator in
his sane mind should allow this unrestricted tunneling of non-HTTP
protocols via a HTTP proxy using the CONNECT method.
If you want this kind of functionality you SHOULD install a Socks proxy
next to Squid (can use the same server with no problem). Using the HTTP
proxy CONNECT method for this is both bad and plain stupid approach to the
problem.
The HTTP proxy protocol does have native support for FTP gatewaying,
including the ability to upload files. This involves using the normal
GET/PUT HTTP methods via the proxy on ftp:// URLs, not opening transparent
tunnels on wild ports using the CONNECT method.
There is very good reasons why the default squid.conf shipped with squid
explicitly denies this kind of use of the CONNECT method.
Regards
Henrik
Received on Tue Jan 25 2005 - 03:56:40 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:36 MST