My understanding is that "CONNECT" was originally designed to allow a proxy to dynamically switch to being a tunnel. ie: ssl. The problem is, application vendors are mis-using the CONNECT method because it's "easy".
These particular vendors and their products are rendered as tainted because they're not following rfc suggestions and/or recommendations. RFC 2817 might be helpful to you. -> http://www.ietf.org/rfc/rfc2817.txt RFC 3143 might also be interesting -> ftp://ftp.rfc-editor.org/in-notes/rfc3143.txt Best regards, Tim Rainier [EMAIL PROTECTED] 09/17/2004 09:56 AM To: [EMAIL PROTECTED] cc: Subject: [squid-users] ftp connect ? Hello, Most ftp clients that support http proxies use the CONNECT method, once they have authenticated. This method is not allowed by default on the FTP port. So these clients (inc. Filezilla, ...) don't get much further than authentication. Is it a security breach to allow CONNECT method on port 21 ? Where could I find more info about this topic ? Thank You, Andrew.
