Good morning, all. In working an issue with browsers sending FTP over explicit HTTP proxies, I've encountered a behavior with Squid that I do not see on either of the two commercial proxies (Blue Coat and NetCache) at my day job.
When going to a FTP site that does not accept anonymous FTP connections (ftp://nac-client.na-corp.com/), my commercial (HTTP/1.1) proxies respond with '401 Authentication Required' after the initial anonymous login fails. Squid, however, responds with 403 Forbidden. The 401 is the desired response as Netscape and Mozilla helpfully pop up a prompt for the user credentials for the FTP site in response to a 401. Receiving the 403 back stops this from occurring and results in an error message to the end user. Is there a way to cause Squid to generate the desired 401 code in response to an initial anonymous FTP login failing? Having users rewrite the URL to the familiar ftp://user:[EMAIL PROTECTED]/ syntax is not a very palatable option. I am running FreeBSD 4.9-STABLE. Squid -v output is as follows: Squid Cache: Version 2.5.STABLE3 configure options: --bindir=/usr/local/sbin --sysconfdir=/usr/local/etc/squid --datadir=/usr/local/etc/squid --localstatedir=/usr/local/squid '--enable-storeio=ufs diskd null' '--enable-removal-policies=lru heap' --enable-auth=basic '--enable-basic-auth-helpers=NCSA PAM YP' '--enable-external-acl-helpers=ip_user unix_group' --enable-underscores --prefix=/usr/local i386-portbld-freebsd4.8 Google and searches through squid-users have been unfruitful. Searches through the release notes for both STABLE4 and 3.0 and Bugzilla also do not reveal any hits for this particular behavior. For that matter, I am unable to easily locate an RFC spec for just how FTP-over-HTTP is supposed to work, so perhaps this is a nebulous area all-together. Any suggestions would be very helpfull. David
pgp00000.pgp
Description: PGP signature
