[squid-users] RV: squid
Matus UHLAR - fantomas
uhlar at fantomas.sk
Fri Jun 16 10:40:37 UTC 2017
>>> ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.5/squid-3.5.0.1-RELEASENOTES.html
>>> " Active and passive FTP support on the user-facing side; require passive
>>> connections to come from the control connection source IP address."
>On 06/15/2017 09:55 AM, Matus UHLAR - fantomas wrote:
>> that means, if you open FTP control connection to squid, the passive data
>> connection to it must come from the same IP as control connection.
On 15.06.17 10:06, Alex Rousskov wrote:
>IIRC, the above interpretation is the right one:
just for sure: my one?
>* We support both active and passive FTP between an FTP client (a.k.a.
>user) and Squid.
>
>* When an FTP client is using passive mode, the data connection must
>come from the same IP as the control connection. This restriction blocks
>attacks that steal data connection of legitimate FTP users.
>
>AFAIK, there are currently no plans (or even strong demand) to support
>active FTP mode between Squid and FTP origin servers.
what is ftp_passive for then?
btw I suggest calling it "port" FTP mode instead of active
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.
More information about the squid-users
mailing list