[squid-users] Squid-3.5.21: filter FTP content or FTP commands

Alex Rousskov rousskov at measurement-factory.com
Fri Sep 30 23:12:48 UTC 2016


On 09/30/2016 10:42 AM, oleg gv wrote:

> Hello, I've found that NativeFtpRelay appeared in squid 3.5 . Is it
> possible to apply http-access acl for FTP proto concerning filtering of
> FTP methods(commands) 

Yes, it should be possible.


> by analogy of HTTP methods ?

Not quite. IIRC, when the HTTP message representing the FTP transaction
is relayed through Squid, the FTP command name is _not_ stored as an
HTTP method. The FTP command name is stored as HTTP "FTP-Command" header
value. See http://wiki.squid-cache.org/Features/FtpRelay

You should be able to block FTP commands using a req_header ACL.


> what other possibilities in squid exist to do this ?

An ICAP or eCAP service can also filter relayed FTP messages.

Alex.



More information about the squid-users mailing list