[squid-users] Squid-3.5.21: filter FTP content or FTP commands

oleg gv oagvozd at gmail.com
Tue Oct 4 15:44:23 UTC 2016


Thank you very much. It's my fault - wrote wrong ACL .

That'll do it! Yahooo!  LIST , C.?D blocked ok.

2016-10-04 17:55 GMT+03:00 Alex Rousskov <rousskov at measurement-factory.com>:

> On 10/04/2016 06:24 AM, oleg gv wrote:
>
> > Then I try to block FTP-Command and nothing happen. Some from my config:
> >
> > acl rh req_header -i ^FTP-Command
>
> Wrong syntax. Please read req_header documentation carefully and try
> something like:
>
>   acl rh req_header FTP-Command -i LIST
>
> I also recommend renaming the "rh" ACL to something more meaningful like
> "ForbiddenCommand".
>
> Finally, since a regular HTTP request might have an FTP-Command header
> field, you should probably limit your rh-based http_access deny rule to
> transactions accepted at ftp_port(s).
>
>
> > http_access permit all
>
> There is no "permit" action AFAIK. Please use documented "allow" and
> "deny" actions only and copy-paste exact configuration lines when asking
> questions.
>
>
> > request_header_access  "FTP-Command: LIST" deny all
>
> Wrong syntax and wrong option. You want to deny a transaction, not to
> remove a header from that transaction.
>
>
> HTH,
>
> Alex.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161004/2de1db82/attachment.html>


More information about the squid-users mailing list