[squid-users] Squid-3.5.21: filter FTP content or FTP commands

Alex Rousskov rousskov at measurement-factory.com
Tue Oct 4 14:55:28 UTC 2016


On 10/04/2016 06:24 AM, oleg gv wrote:

> Then I try to block FTP-Command and nothing happen. Some from my config:
> 
> acl rh req_header -i ^FTP-Command

Wrong syntax. Please read req_header documentation carefully and try
something like:

  acl rh req_header FTP-Command -i LIST

I also recommend renaming the "rh" ACL to something more meaningful like
"ForbiddenCommand".

Finally, since a regular HTTP request might have an FTP-Command header
field, you should probably limit your rh-based http_access deny rule to
transactions accepted at ftp_port(s).


> http_access permit all

There is no "permit" action AFAIK. Please use documented "allow" and
"deny" actions only and copy-paste exact configuration lines when asking
questions.


> request_header_access  "FTP-Command: LIST" deny all

Wrong syntax and wrong option. You want to deny a transaction, not to
remove a header from that transaction.


HTH,

Alex.



More information about the squid-users mailing list