follow_x_forwarded_for allow my_other_proxy
</verb>
- <tag>ftp_epsv</tag>
- <verb>
- FTP Protocol extensions permit the use of a special "EPSV" command.
-
- NATs may be able to put the connection on a "fast path" through the
- translator using EPSV, as the EPRT command will never be used and therefore,
- translation of the data portion of the segments will never be needed.
-
- Turning this OFF will prevent EPSV being attempted.
+ <tag>ftp_eprt</tag>
+ <p>New directive to control whether Squid uses EPRT extension for
+ efficient NAT handling and IPv6 protocol support in FTP.
- WARNING: Doing so will convert Squid back to the old behavior with all
- the related problems with external NAT devices/layers.
-
- Requires ftp_passive to be ON (default) for any effect.
- </verb>
+ <tag>ftp_epsv</tag>
+ <p>New directive to control whether Squid uses EPSV extension for
+ efficient NAT handling and IPv6 protocol support in FTP.
<tag>ftp_epsv_all</tag>
- <verb>
- FTP Protocol extensions permit the use of a special "EPSV ALL" command.
-
- NATs may be able to put the connection on a "fast path" through the
- translator, as the EPRT command will never be used and therefore,
- translation of the data portion of the segments will never be needed.
-
- When a client only expects to do two-way FTP transfers this may be useful.
- If Squid finds that it must do a three-way FTP transfer after issuing
- an EPSV ALL command, the FTP session will fail.
-
- If you have any doubts about this option do not use it.
- Squid will nicely attempt all other connection methods.
-
- Requires ftp_passive to be ON (default)
- </verb>
+ <p>New directive to control whether Squid uses "EPSV ALL" extension for
+ efficient NAT handling and IPv6 protocol support in FTP.
<tag>forward_max_tries</tag>
<p>Controls how many different forward paths Squid will try
Requires ftp_passive to be ON (default) for any effect.
DOC_END
+NAME: ftp_eprt
+TYPE: onoff
+DEFAULT: on
+LOC: Config.Ftp.eprt
+DOC_START
+ FTP Protocol extensions permit the use of a special "EPRT" command.
+
+ This extension provides a protocol neutral alternative to the
+ IPv4-only PORT command. When supported it enables active FTP data
+ channels over IPv6 and efficient NAT handling.
+
+ Turning this OFF will prevent EPRT being attempted and will skip
+ straight to using PORT for IPv4 servers.
+
+ Some devices are known to not handle this extension correctly and
+ may result in crashes. Devices which suport EPRT enough to fail
+ cleanly will result in Squid attempting PORT anyway. This directive
+ should only be disabled when EPRT results in device failures.
+
+ WARNING: Doing so will convert Squid back to the old behavior with all
+ the related problems with external NAT devices/layers and IPv4-only FTP.
+DOC_END
+
NAME: ftp_sanitycheck
TYPE: onoff
DEFAULT: on
static void
ftpSendEPRT(FtpStateData * ftpState)
{
- int fd;
- Ip::Address addr;
- struct addrinfo *AI = NULL;
- char buf[MAX_IPSTRLEN];
-
if (Config.Ftp.epsv_all && ftpState->flags.epsv_all_sent) {
debugs(9, DBG_IMPORTANT, "FTP does not allow EPRT method after 'EPSV ALL' has been sent.");
return;
}
+ if (!Config.Ftp.eprt) {
+ /* Disabled. Switch immediately to attempting old PORT command. */
+ debugs(9, 3, "EPRT disabled by local administrator");
+ ftpSendPORT(ftpState);
+ return;
+ }
+
+ int fd;
+ Ip::Address addr;
+ struct addrinfo *AI = NULL;
+ char buf[MAX_IPSTRLEN];
+
debugs(9, 3, HERE);
ftpState->flags.pasv_supported = 0;
fd = ftpOpenListenSocket(ftpState, 0);
projects / thirdparty / squid.git / commitdiff
