On Tuesday 24 January 2006 11:26, 서진수 wrote: > FileZilla transfers file through CONNECT method and bypasses below rule: > acl FTP proto FTP > acl PUT method PUT > http_access deny FTP PUT
Using CONNECTs for FTP are dangerous. Don't allow that. Limit CONNECTs to port 443 if you can. You are ripping large holes into your network. > squid.conf says: > # acl aclname req_mime_type mime-type1 ... > # # regex match against the mime type of the request generated > # # by the client. Can be used to detect file upload or some > # # types HTTP tunneling requests. > # # NOTE: This does NOT match the reply. You cannot use this > # # to match the returned file type. > > Is there any way to detect FileZilla FTP upload? No need to if CONNECT requests are limited according to the default configuration. > If there's no other way, > please let me know free Win32 ftp client program > having "HTTP Proxy with FTP support" feature. I just know old Mozillas (not Firefox) that still have that feature built in from the good old Netscape ages. But that's not very comfortable. If you seriously need to make FTP uploads consider installing an FTP or SOCKS proxy. Christoph -- Never trust a system administrator who wears a tie and suit.
