[squid-users] Squid-3.5.21: filter FTP content or FTP commands
Alex Rousskov
rousskov at measurement-factory.com
Tue Oct 4 14:55:28 UTC 2016
On 10/04/2016 06:24 AM, oleg gv wrote:
> Then I try to block FTP-Command and nothing happen. Some from my config:
>
> acl rh req_header -i ^FTP-Command
Wrong syntax. Please read req_header documentation carefully and try
something like:
acl rh req_header FTP-Command -i LIST
I also recommend renaming the "rh" ACL to something more meaningful like
"ForbiddenCommand".
Finally, since a regular HTTP request might have an FTP-Command header
field, you should probably limit your rh-based http_access deny rule to
transactions accepted at ftp_port(s).
> http_access permit all
There is no "permit" action AFAIK. Please use documented "allow" and
"deny" actions only and copy-paste exact configuration lines when asking
questions.
> request_header_access "FTP-Command: LIST" deny all
Wrong syntax and wrong option. You want to deny a transaction, not to
remove a header from that transaction.
HTH,
Alex.
More information about the squid-users
mailing list