Stefan Kuhr created NET-719:
-------------------------------
Summary: FTPS protocal timing problems behind WAF (F5) firewall
Key: NET-719
URL: https://issues.apache.org/jira/browse/NET-719
Project: Commons Net
Issue Type: Improvement
Components: FTP
Affects Versions: 3.9.0
Reporter: Stefan Kuhr
Attachments: FTPSClient_RETR_Timing_diagram_current_impl-1.png,
FTPSClient_RETR_Timing_diagram_problem.png,
FTPSClient_RETR_Timing_diagram_solution.png
A working data exchange setup stopped working, after the server (vsftpd /
RedHat) was moved behind a WAF (F5) web application firewall. The client uses
PASV mode and the operation resulted in a socket timeout on the client side, as
soon as the data channel came into play (LIST/RETR/STOR).
A FileZilla client does not exhibit this problem. By looking at the protocol
exchanges and laying them down in timing diagrams the problem seems to be, that
the WAF expects the client to fully establish the data-channel, after the
data-command is send over the control-channel. The current FTPS client on the
other hand expects the server reply directly after the command is sent.
A pull request will be provided.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
