Marc Elsen wrote: > > "Ampugnani, Fernando" wrote: > > > > Marc: > > I fix it adding port 21 to SSL port. Isnīt recommended, but is the > > only option that I take. > > > > What do you think about this? > > Could be dangerous, in security terms. > Remember the threads on port 25 open's for CONNECT and SPAM > relaying abuse of squid. > > Meaning that it would be wise to use calm ftp clients in > sec. terms and or securing this access to squid from unintended use
And it won't work unless you also allow CONNECT to any port >1024 which I defenitely would not recommend for security reasons, requires a special FTP client who knows how to abuse the HTTP CONNECT proxy method in such manners. Using a FTP proxy is strongly recommended. Apart from actually working for proxying FTP clients this also gives you better control of how/why the FTP proxy is used, including the ability to use user authentication to give access to the FTP proxy service. Regards Henrik