On Fri, 17 Sep 2004 [EMAIL PROTECTED] wrote:
Most ftp clients that support http proxies use the CONNECT method, once they have authenticated.
This is not "to support HTTP proxies", only to "abuse wrongly configured HTTP proxies".
Is it a security breach to allow CONNECT method on port 21 ?
Well, if using this approach you will need to allow CONNECT to any port, not only port 21, as you also need to allow for the data transfer. The security is that this makes your proxy wide open to proxy any TCP protocol with very little control.
Generally you should be investigating running a SOCKS proxy if this kind of functionality is what you need (access to any TCP service without using NAT).
FTP the I recommend running an FTP proxy alongside with Squid, to handle the non-HTTP-proxied FTP requests.
Regards Henrik
