[
https://issues.apache.org/jira/browse/NET-719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17700127#comment-17700127
]
Stefan Kuhr commented on NET-719:
---------------------------------
[~ggregory] : thanks for the advise, can you please make a suggestion how to
provide a testcase in this scenario, as the test depends on the server being
behind the WAF, which I cannot provide in a simple test. Do I have to implement
a server, simulating the behavior of the WAF?
> FTPS protocal timing problems behind WAF (F5) firewall
> ------------------------------------------------------
>
> Key: NET-719
> URL: https://issues.apache.org/jira/browse/NET-719
> Project: Commons Net
> Issue Type: Improvement
> Components: FTP
> Affects Versions: 3.9.0
> Reporter: Stefan Kuhr
> Priority: Major
> Attachments: FTPSClient_RETR_Timing_diagram_current_impl-1.png,
> FTPSClient_RETR_Timing_diagram_problem.png,
> FTPSClient_RETR_Timing_diagram_solution.png
>
>
> A working data exchange setup stopped working, after the server (vsftpd /
> RedHat) was moved behind a WAF (F5) web application firewall. The client uses
> PASV mode and the operation resulted in a socket timeout on the client side,
> as soon as the data channel came into play (LIST/RETR/STOR).
> A FileZilla client does not exhibit this problem. By looking at the protocol
> exchanges and laying them down in timing diagrams the problem seems to be,
> that the WAF expects the client to fully establish the data-channel, after
> the data-command is send over the control-channel. The current FTPS client on
> the other hand expects the server reply directly after the command is sent.
> A pull request will be provided.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
