Hello,
Squid supports HFTP which is FTP tunneled over HTTP so no it is not native
FTP. If you want to use a AV scanner I
suggest the following method.
In squid disable FTP support:
(from my squid conf)
##### Protocol restrictions
acl goodhttp proto HTTP
acl goodftp proto FTP
acl goodhttps proto CONNECT
http_access deny !goodhttp httpstand_ports
http_access deny !goodftp ftpstand_ports <---- Comment out this line to disable FTP
http_access deny !goodhttps SSL_ports
This will make it so only HTTP is available through squid. Then on the squid box setup
and run frox
(http://frox.sourceforge.net/) with frox you can configure it to pass files off to a
virus scanner. You can run it
transparently and use iptables to redirect user ftp connect request to it or the user
can setup the FTP proxy settings
in the client.
Michael.
On Tue, 6 Jul 2004 23:21:12 +0200
Pierre Spielmann <[EMAIL PROTECTED]> wrote:
> Hello everyone,
>
> I am configuring a squid in the following environment:
>
> Browser --> SQUID --> AV-filter proxy HTTP/FTP --> application level
> Firewall
>
> I know that SQUID is not an FTP proxy, but it intercepts/interprets FTP
> over HTTP which is used in this environment.
>
> My problem is, that the AV-filter is not doing FTP over HTTP but native
> FTP proxying.
>
> I use the parent directive for the HTTP but I can not find any
> information how to get Squid to use native FTP with the AV-filter.
>
> As far as I understood, Squid will only speak FTP over HTTP but never
> native FTP with any parent or sibling proxy. Squid will only speak
> native FTP when he is contacting the final FTP server.
> Do I miss something? Am I right?
>
> This means, that the only way to realize the communication would be to
> create an always_direct rule for the ftp and NAT it to the FTP-proxy.
> But this will only work if the FTP-proxy can act as transparent
> proxy....
>
> Has someone a better idea or a hint how to realize this setup?
>
> Thanks in advance
> Pierre
>
>
>
>
--
Michael Gale
Network Administrator
Utilitran Corporation
