[ https://issues.apache.org/jira/browse/NET-719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17700827#comment-17700827 ]
Michael Osipov edited comment on NET-719 at 3/15/23 7:27 PM: ------------------------------------------------------------- But still, it is called WAF, not just FW. Either the product is misnamed or I do miss something here. FTP != web. was (Author: michael-o): But stll, it is called WAF, not just FW. Either the product is misnamed or I do miss something here. FTP != web. > FTPS timing issues behind WAF (F5) firewall > ------------------------------------------- > > Key: NET-719 > URL: https://issues.apache.org/jira/browse/NET-719 > Project: Commons Net > Issue Type: Improvement > Components: FTP > Affects Versions: 3.9.0 > Reporter: Stefan Kuhr > Priority: Major > Attachments: FTPSClient_RETR_Timing_diagram_current_impl-1.png, > FTPSClient_RETR_Timing_diagram_problem.png, > FTPSClient_RETR_Timing_diagram_solution.png > > > A working data exchange setup stopped working, after the server (vsftpd / > RedHat) was moved behind a WAF (F5) web application firewall. The client uses > PASV mode and the operation resulted in a socket timeout on the client side, > as soon as the data channel came into play (LIST/RETR/STOR). > A FileZilla client does not exhibit this problem. By looking at the protocol > exchanges and laying them down in timing diagrams the problem seems to be, > that the WAF expects the client to fully establish the data-channel, after > the data-command is send over the control-channel. The current FTPS client on > the other hand expects the server reply directly after the command is sent. > A pull request will be provided. > -- This message was sent by Atlassian Jira (v8.20.10#820010)