[squid-users] Allow SFTP connection to port 9122
Amos Jeffries
squid3 at treenet.co.nz
Sat Jan 21 12:48:01 UTC 2023
On 20/01/2023 2:45 am, Emanuel Gonzalez wrote:
> Hi all,
>
> Hi, I need some help.
>
> I have configured an instance with squid as a proxy service.
> HTTP/HTTPS requests pass through the proxy correctly.
>
> aclSafe_ports port9122
> aclSSL_ports port9122
> aclSafe_ports port22
> aclSSL_ports port22
>
>
> But I need to connect to an SFTP service that listens on port 9122.
>
> On the squid configuration side I have added port 9122 to the secure
> ports and the connection host to the hosts allowed in the dstdomain.
>
> I have created the environment variables necessary to be able to exit
> through the proxy:
>
> http_proxy=http://myprox.prod:3142
>
> ftp_proxy=http://myproxy.prod:3142
>
> https_proxy=http://myproxy.prod:3142
>
Squid does not support this type of configuration. Each type of protocol
syntax needs to use a different proxy port number.
Current Squid versions also do not have working support for native
SFTP. For now you can only pass it through Squid if the client software
sends the SFTP traffic over a HTTP(S) CONNECT tunnel.
> i try the connection but never happen
...
> 1674134582.904 0 172.31.29.227 NONE/000 0 NONE
> error:transaction-end-before-headers - HIER_NONE/- -
>
This is the expected outcome of a server-initiated protocol like FTP
being handled by a Squid listening port expecting client-initiated
protocol (HTTP or HTTPS).
HTH
Amos
More information about the squid-users
mailing list