[squid-users] Squid-3.5.21: filter FTP content or FTP commands
Alex Rousskov
rousskov at measurement-factory.com
Fri Sep 30 23:12:48 UTC 2016
On 09/30/2016 10:42 AM, oleg gv wrote:
> Hello, I've found that NativeFtpRelay appeared in squid 3.5 . Is it
> possible to apply http-access acl for FTP proto concerning filtering of
> FTP methods(commands)
Yes, it should be possible.
> by analogy of HTTP methods ?
Not quite. IIRC, when the HTTP message representing the FTP transaction
is relayed through Squid, the FTP command name is _not_ stored as an
HTTP method. The FTP command name is stored as HTTP "FTP-Command" header
value. See http://wiki.squid-cache.org/Features/FtpRelay
You should be able to block FTP commands using a req_header ACL.
> what other possibilities in squid exist to do this ?
An ICAP or eCAP service can also filter relayed FTP messages.
Alex.
More information about the squid-users
mailing list