Re: FTP proxy broken for non-anonymous ftp in IE
John wrote: Dagone spam filtering, this patch never made it to the list. Well I'll send it again, from a different e-mail.. So, here's the patch that fixes it for Netscape/Mozilla, and whatever other browsers work similarly. --- proxy_ftp.c 2004-05-28 15:15:15.960934000 -0400 +++ proxy_ftp.c.new 2004-05-28 15:14:27.480934000 -0400 Could you open a bug in bugzilla and attach this patch (assuming there isn't one already) - this way there won't be the chance of it falling through the cracks. Regards, Graham --
RE: FTP proxy broken for non-anonymous ftp in IE
William,
Dagone spam filtering, this patch never made it to the
list. Well I'll send it again, from a different e-mail..
So, here's the patch that fixes it for Netscape/Mozilla,
and whatever other browsers work similarly.
John Wojtowicz
Senior Secure Systems Engineer
Trusted Computer Solutions
2350 Corporate Park Drive
Suite 500
Herndon, VA 20171
P: 703-318-7134
F: 703-318-5041
--- proxy_ftp.c 2004-05-28 15:15:15.960934000 -0400
+++ proxy_ftp.c.new 2004-05-28 15:14:27.480934000 -0400
@@ -558,14 +558,25 @@
return HTTP_BAD_REQUEST;
urlptr += 3;
destport = 21;
+/* strip out the username */
+if ((strp = strchr(urlptr, '@')) != NULL)
+ urlptr = strp + 1;
strp = strchr(urlptr, '/');
if (strp == NULL) {
desthost = ap_pstrdup(p, urlptr);
urlptr = "/";
}
else {
-char *q = ap_palloc(p, strp - urlptr + 1);
-memcpy(q, urlptr, strp - urlptr);
+char *q, *portptr;
+
+if ((portptr = strstr(urlptr, ":")) != NULL)
+{
+q = ap_palloc(p, portptr - urlptr + 1);
+destport = atoi(portptr);
+}
+else
+q = ap_palloc(p, strp - urlptr + 1);
+memcpy(q, urlptr, (portptr ? portptr : strp) - urlptr);
q[strp - urlptr] = '\0';
urlptr = strp;
desthost = q;
Re: FTP proxy broken for non-anonymous ftp in IE
At 10:10 AM 5/28/2004, John Wojtowicz wrote: >[...] the patch in question didn't account for the case where an ftp request >might be of the form ftp://[EMAIL PROTECTED] > >It also seems to hardcode the ftp sites port to 21 which is probably >acceptable, for most people, and doesn't pull the port from the URI. > >I have a patch fix that uses adds parsing for the username and the port >number from the request. This patch has been tested with mozilla and >works fine, but I.E. doesn't work for some reason. Did authenticated >FTP proxying ever work with mod_proxy and Internet Explorer? Microsoft, in it's all seeing all knowing benevolence, broke from RFC2616 and no longer allows proto:[EMAIL PROTECTED] mechanics in IE (at least, in HTTP.) This was done for the users of the world assaulted daily by http://[EMAIL PROTECTED]/ URL's. Although many of us think this is a *presentation* problem, they decided that it is a vulnerability and crippled the feature. Your patch sounds great, and it quite possibly did work in the past, but we don't expect to see this work from IE anymore, at least, not when it uses http proxy. Bill
