On 01/25/2014 06:05 PM, Amos Jeffries wrote: > On 25/01/2014 9:27 a.m., Alex Rousskov wrote: > >> I propose to limit squid.conf "ftp_epsv off" prohibition to IPv4 FTP >> servers. ... >> Do you think it would be OK to allow the use of EPSV commands with IPv6 >> servers even if ftp_epsv is off?
> "off" should never be abused to mean half-off. We are having enough > trouble with "forwarded_for off" historically meaning something other > than disable XFF feature. The problem here is that the directive itself was misnamed IMO. It should have been ftp_epsv_for_ipv4 or similar. > I think extending the directive to allow selective disabling with > no-ipv6 or no-ipv4 values would be better. I do not like negative names so I would suggest "ipv6" instead of "no-ipv4". However, what should Squid do when it is talking to an IPv6 server and ftp_epsv is "off" or "ipv4"? Does it really make sense to write more code to handle that essentially misconfigured (but inherited from the old configs) case? I doubt... How about this alternative: 1. Add ftp_epsv_for_ipv4 on/off. 2. Deprecate ftp_epsv in favor of the newly added ftp_epsv_for_ipv4. 3. Treat ftp_epsv on/off as ftp_epsv_for_ipv4 on/off. This would avoid writing useless code to handle misconfigurations because it would be impossible to misconfigure Squid in this area. Thank you, Alex.
