httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel E <emmanue...@gmx.net>
Subject Re: [users@httpd] Proxying active ftp
Date Fri, 12 May 2006 04:25:22 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
proxying ftp itself as is a difficult proposition. even when you set
your clients to passive ftp, i dont think its the ftp thats being
actually proxied. the ftp request is being converted into a http
request and sent to the proxy server. the proxy server performs the
actual ftp transaction and returns a http response. the reason is that
there was no ftp proxy protocol developed stated or adhered to.
proxying ftp as is has to be done by intercepting and inspecting the
traffic and rewriting the packets.<br>
<br>
now mod_proxy_ftp is not a packet inspector/rewriter. <br>
<br>
like i said before the only reason your clients seem to work in passive
mode is that they must be converting the ftp request into a http
request to the proxy server. in active mode + http proxy i really dont
know what the client is supposed to do or what the proxy is supposed to
do. there has never been and probably never will be any clear guideline
on this this.<br>
<br>
if you really want to proxy active ftp connections you might consider
using a socks proxy server, though in my experience i have never come
across a client that fully supported active ftp over a socks proxy. <br>
<br>
you should actually look at the actual network traffic of the ftp and
http protocols - <a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/HTTP">http://en.wikipedia.org/wiki/HTTP</a>
,
<a class="moz-txt-link-freetext" href="http://www.jmarshall.com/easy/http/">http://www.jmarshall.com/easy/http/</a>
, <a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/Ftp">http://en.wikipedia.org/wiki/Ftp</a>
and <a class="moz-txt-link-freetext" href="http://slacksite.com/other/ftp.html">http://slacksite.com/other/ftp.html</a><br>
<br>
Browne, Anthony A wrote:
<blockquote
 cite="mid2497467EAFFFBE4F9FE8A70C7B3DCF1805370E5F@IOWAEVS03.iowa.uiowa.edu"
 type="cite">
  <pre wrap="">	Thanks, I now have a better understanding about how the proxy
module handles ftp.

  </pre>
  <blockquote type="cite">
    <pre wrap="">also your configuration seems a bit weird. you are running apache on

port 21
    </pre>
  </blockquote>
  <pre wrap=""><!---->
	Yes, my configuration is pretty weird. I'm running Apache on
three ports, but clients use 9982 as their ftp proxy. The clients on the
LAN use the Apache ftp proxy as a forward proxy for connections to ftp
servers elsewhere. In other words, I need to forward all ftp requests.
	So, now I'm wondering why the proxy_ftp module is having trouble
with this. Shouldn't it proxy active ftp?

-----Original Message-----
From: Emmanuel E [<a class="moz-txt-link-freetext" href="mailto:emmanuel.e@gmx.net">mailto:emmanuel.e@gmx.net</a>]
Sent: Tuesday, May 09, 2006 10:44 PM
To: <a class="moz-txt-link-abbreviated" href="mailto:users@httpd.apache.org">users@httpd.apache.org</a>
Subject: Re: [users@httpd] Proxying active ftp

yes ftp cannot be proxied easily. once a control connection is
established (that is on port 21), information is exchanged as to which
ports will be used to transfer the data. the mod_proxy/mod_proxy_ftp
modules respond in http format to ftp requests. that is they process the

ftp request internally on their own using the ftp protocol but the
response is always http. so ftp will not work.

what is happening in your case is that your ftp clients are making a
http request for a ftp resource via a http proxy server. thats why it
works. i am not sure why your client tries to use a proxy when it is
asked to do active ftp.

also your configuration seems a bit weird. you are running apache on
port 21. running it on port 21 dosent make it an ftp server. i am
drawing these conclusions from the following line -

The proxy server could not handle the request GET
<a class="moz-txt-link-freetext" href="ftp://xxxx/products/xxxx/xxxxx/xxxx.exe">ftp://xxxx/products/xxxx/xxxxx/xxxx.exe</a>

if i am guessing right you must be setting proxy to xxxx:9982 in your
ftp client. its a wonder that it works when u disable active ftp.

cheers,
emmanuel

Browne, Anthony A wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">Hello everyone,

	I have a virtual host that needs to proxy ftp. The config for it
is:

&lt;VirtualHost *:9982&gt;
ServerAdmin xxxx
ServerName xxxx:9982
LogFormat "%t %h %{Host}i \"%r\" %s %B" ftpcommon 
CustomLog logs/9982_access.log ftpcommon
ProxyRequests On 
&lt;/VirtualHost&gt;

The problem is that when clients try active ftp connections, they get:

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET 
<a class="moz-txt-link-freetext" href="ftp://xxxx/products/xxxx/xxxxx/xxxx.exe">ftp://xxxx/products/xxxx/xxxxx/xxxx.exe</a>

Reason: connect to xxxx:62715 failed - firewall/NAT?

    </pre>
  </blockquote>
  <pre wrap=""><!---->------------------------------------------------------------------------
  </pre>
  <blockquote type="cite">
    <pre wrap="">Apache/2.0.54 (Win32) Server at xxxx Port 21

I assume that its active ftp that's causing the problem because of the
    </pre>
  </blockquote>
  <pre wrap=""><!---->
  </pre>
  <blockquote type="cite">
    <pre wrap="">port numbers, but in any event I don't know what to do next. I've 
tried a bunch of things and none of them have worked. Anyone, have any
    </pre>
  </blockquote>
  <pre wrap=""><!---->
  </pre>
  <blockquote type="cite">
    <pre wrap="">suggestions?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
    </pre>
  </blockquote>
  <pre wrap=""><!---->Project.
  </pre>
  <blockquote type="cite">
    <pre wrap="">See <a class="moz-txt-link-rfc1738" href="http://httpd.apache.org/userslist.html">&lt;URL:http://httpd.apache.org/userslist.html&gt;</a>
for more info.
To unsubscribe, e-mail: <a class="moz-txt-link-abbreviated" href="mailto:users-unsubscribe@httpd.apache.org">users-unsubscribe@httpd.apache.org</a>
   "   from the digest: <a class="moz-txt-link-abbreviated" href="mailto:users-digest-unsubscribe@httpd.apache.org">users-digest-unsubscribe@httpd.apache.org</a>
For additional commands, e-mail: <a class="moz-txt-link-abbreviated" href="mailto:users-help@httpd.apache.org">users-help@httpd.apache.org</a>


  
    </pre>
  </blockquote>
  <pre wrap=""><!---->
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <a class="moz-txt-link-rfc1738" href="http://httpd.apache.org/userslist.html">&lt;URL:http://httpd.apache.org/userslist.html&gt;</a>
for more info.
To unsubscribe, e-mail: <a class="moz-txt-link-abbreviated" href="mailto:users-unsubscribe@httpd.apache.org">users-unsubscribe@httpd.apache.org</a>
   "   from the digest: <a class="moz-txt-link-abbreviated" href="mailto:users-digest-unsubscribe@httpd.apache.org">users-digest-unsubscribe@httpd.apache.org</a>
For additional commands, e-mail: <a class="moz-txt-link-abbreviated" href="mailto:users-help@httpd.apache.org">users-help@httpd.apache.org</a>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <a class="moz-txt-link-rfc1738" href="http://httpd.apache.org/userslist.html">&lt;URL:http://httpd.apache.org/userslist.html&gt;</a>
for more info.
To unsubscribe, e-mail: <a class="moz-txt-link-abbreviated" href="mailto:users-unsubscribe@httpd.apache.org">users-unsubscribe@httpd.apache.org</a>
   "   from the digest: <a class="moz-txt-link-abbreviated" href="mailto:users-digest-unsubscribe@httpd.apache.org">users-digest-unsubscribe@httpd.apache.org</a>
For additional commands, e-mail: <a class="moz-txt-link-abbreviated" href="mailto:users-help@httpd.apache.org">users-help@httpd.apache.org</a>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <a class="moz-txt-link-rfc1738" href="http://httpd.apache.org/userslist.html">&lt;URL:http://httpd.apache.org/userslist.html&gt;</a>
for more info.
To unsubscribe, e-mail: <a class="moz-txt-link-abbreviated" href="mailto:users-unsubscribe@httpd.apache.org">users-unsubscribe@httpd.apache.org</a>
   "   from the digest: <a class="moz-txt-link-abbreviated" href="mailto:users-digest-unsubscribe@httpd.apache.org">users-digest-unsubscribe@httpd.apache.org</a>
For additional commands, e-mail: <a class="moz-txt-link-abbreviated" href="mailto:users-help@httpd.apache.org">users-help@httpd.apache.org</a>


  </pre>
</blockquote>
</body>
</html>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message