[
https://issues.apache.org/jira/browse/NET-719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17700827#comment-17700827
]
Michael Osipov edited comment on NET-719 at 3/15/23 7:27 PM:
-------------------------------------------------------------
But still, it is called WAF, not just FW. Either the product is misnamed or I
do miss something here. FTP != web.
was (Author: michael-o):
But stll, it is called WAF, not just FW. Either the product is misnamed or I do
miss something here. FTP != web.
> FTPS timing issues behind WAF (F5) firewall
> -------------------------------------------
>
> Key: NET-719
> URL: https://issues.apache.org/jira/browse/NET-719
> Project: Commons Net
> Issue Type: Improvement
> Components: FTP
> Affects Versions: 3.9.0
> Reporter: Stefan Kuhr
> Priority: Major
> Attachments: FTPSClient_RETR_Timing_diagram_current_impl-1.png,
> FTPSClient_RETR_Timing_diagram_problem.png,
> FTPSClient_RETR_Timing_diagram_solution.png
>
>
> A working data exchange setup stopped working, after the server (vsftpd /
> RedHat) was moved behind a WAF (F5) web application firewall. The client uses
> PASV mode and the operation resulted in a socket timeout on the client side,
> as soon as the data channel came into play (LIST/RETR/STOR).
> A FileZilla client does not exhibit this problem. By looking at the protocol
> exchanges and laying them down in timing diagrams the problem seems to be,
> that the WAF expects the client to fully establish the data-channel, after
> the data-command is send over the control-channel. The current FTPS client on
> the other hand expects the server reply directly after the command is sent.
> A pull request will be provided.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
