Squid configuration directive ftp_port

Available in: 4   3.5  


Changes to ftp_port in Squid-3.5:

New configuration directive to accept and relay native FTP commands. Typically used for port 21 traffic. By default, native FTP commands are not accepted.

This directive is not available in the 3.4 version of Squid.

For older versions than 3.3 see the linked pages above

Configuration Details:

Option Name:ftp_port
Default Value:none
Suggested Config:

	Enables Native FTP proxy by specifying the socket address where Squid
	listens for FTP client requests. See http_port directive for various
	ways to specify the listening address and mode.

	Usage: ftp_port address [mode] [options]

	WARNING: This is a new, experimental, complex feature that has seen
	limited production exposure. Some Squid modules (e.g., caching) do not
	currently work with native FTP proxying, and many features have not
	even been tested for compatibility. Test well before deploying!

	Native FTP proxying differs substantially from proxying HTTP requests
	with ftp:// URIs because Squid works as an FTP server and receives
	actual FTP commands (rather than HTTP requests with FTP URLs).

	Native FTP commands accepted at ftp_port are internally converted or
	wrapped into HTTP-like messages. The same happens to Native FTP
	responses received from FTP origin servers. Those HTTP-like messages
	are shoveled through regular access control and adaptation layers
	between the FTP client and the FTP origin server. This allows Squid to
	examine, adapt, block, and log FTP exchanges. Squid reuses most HTTP
	mechanisms when shoveling wrapped FTP messages. For example,
	http_access and adaptation_access directives are used.


	   intercept	Same as http_port intercept. The FTP origin address is
			determined based on the intended destination of the
			intercepted connection.

	   tproxy	Support Linux TPROXY for spoofing outgoing
			connections using the client IP address.
			NP: disables authentication and maybe IPv6 on the port.

	By default (i.e., without an explicit mode option), Squid extracts the
	FTP origin address from the login@origin parameter of the FTP USER
	command. Many popular FTP clients support such native FTP proxying.


	   name=token	Specifies an internal name for the port. Defaults to
			the port address. Usable with myportname ACL.

			Enables tracking of FTP directories by injecting extra
			PWD commands and adjusting Request-URI (in wrapping
			HTTP requests) to reflect the current FTP server
			directory. Tracking is disabled by default.

	   protocol=FTP	Protocol to reconstruct accelerated and intercepted
			requests with. Defaults to FTP. No other accepted
			values have been tested with. An unsupported value
			results in a FATAL error. Accepted values are FTP,
			HTTP (or HTTP/1.1), and HTTPS (or HTTPS/1.1).

	Other http_port modes and options that are not specific to HTTP and
	HTTPS may also work.








Web Site Translations