As I have not yet been able to get an ftp gateway working in accelerator mode, I am working with Squid3 in proxy-cache mode to try and understand more about how it works.
I can rewrite http URL to ftp URL and get it to work fine for anonymous ftp but not for user ftp with password authentication provided by the ftpserver. My observations: 1. http://www.ftpserver.com rewritten to ftp://ftp.ftpserver.com. Squid assumes anonymous and with no anonymous on ftp.ftpserver.com, it fails. No prompt for user/password is returned to browser. 2. rewritten to ftp://realuser:[EMAIL PROTECTED] Works fine. 3. rewritten to ftp://[EMAIL PROTECTED] it returns a popup with 'realm ftp realuser'. Enter realuser and realpassword. Works fine. 4. rewritten to ftp://[EMAIL PROTECTED] returns a popup with 'realm ftp dummyuser'. Enter realuser and realpassword does not work. >From this I conclude that it is necessary to provide for a real username but not necessarily a password in the initial URL entered in the browser. 5. any attempt to provide the username from the browser using @ (e. g. http://[EMAIL PROTECTED]) fails to get to the redirector program whether a redirector_access acl is used or not. 6. If I escape the @ in the browser entry (e.g. http://[EMAIL PROTECTED]) it makes it to the redirector. The rewrite is altered, however, resulting in DNS lookup failuer of the rewritten URL. entered in browser ------------------ http://[EMAIL PROTECTED] rewriting rule (perl) -------------- s|http://([EMAIL PROTECTED])www.ftpserver.com|ftp://$1ftp.ftpserver.com|; error message ------------- ftp:[EMAIL PROTECTED] Unable to determine IP address from host name for realuser So in this case it appears that the '\' before the '@' is allows the redirector program to be called but then is stripped and/or replaced with a '/' which confuses the dns lookup routine. I inteneded this last as just a kludge to try and dope out what is happening. Is there a correct way to provide a realuser name from the browser that can be forwarded on to the ftpserver in the manner required? I would love to know it. Thanks Jim -- Jim Flowers<[EMAIL PROTECTED]>
