[squid-users] FTP inspection configuration
eugene.elyashev at gmail.com
eugene.elyashev at gmail.com
Wed Jan 16 02:10:51 UTC 2019
Hello,
I'm trying to configure squid 3.5.6 as an FTP proxy for native FTP uploads
to be inspected by an ICAP service.
Currently FileZilla fails to connect via proxy and also telnet on port 21
fails..
What is missing in the config and how to configure FileZilla connection?
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 ssl-bump
cert=/usr/local/squid-3.5.6/ssl_cert/squid356_https.pem
key=/usr/local/squid-3.5.6/ssl_cert/squid356_https.pem
always_direct allow all
ssl_bump server-first all
sslproxy_flags DONT_VERIFY_PEER
ftp_port 21
coredump_dir /usr/local/squid-3.5.6/var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl vontu_reqmod_http_upload method POST PUT
icap_service vontu_reqmod reqmod_precache 0 icap://<icap_server:1344>/reqmod
adaptation_service_set class_vontu_reqmod vontu_reqmod
adaptation_access class_vontu_reqmod allow vontu_reqmod_http_upload
icap_enable on
icap_io_timeout 70
icap_service_failure_limit 20
icap_service_revival_delay 30
icap_preview_enable on
icap_preview_size 0
icap_persistent_connections on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_client_username_encode on
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list