From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Mon, 4 Aug 2014 21:23:25 +0000 (-0600)
Subject: Fixed (missing DOC_END) and polished ftp_port documentation.
X-Git-Tag: SQUID_3_5_0_1~117^2~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8a2f40ddd267fae7f3bb3194f7a13812d3c314d6;p=thirdparty%2Fsquid.git

Fixed (missing DOC_END) and polished ftp_port documentation.
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 1474d1e882..1efdd5b0eb 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1235,7 +1235,7 @@ DEFAULT_DOC: Deny, unless rules exist in squid.conf.
 DOC_START
 	Allowing or Denying access based on defined access lists
 
-	Access to the HTTP port:
+	To allow or deny a message received on an HTTP, HTTPS, or FTP port:
 	http_access allow|deny [!]aclname ...
 
 	NOTE on default values:
@@ -1871,14 +1871,51 @@ TYPE: PortCfg
 DEFAULT: none
 LOC: FtpPortList
 DOC_START
-	Usage:  [ip:]port [options]
+	Enables Native FTP proxy by specifying the socket address where Squid
+	listens for FTP client requests. See http_port directive for various
+	ways to specify the listening address and mode.
 
-	Ftp options:
-		ftp-track-dirs=on|off 
-		    Enables tracking of FTP directories by injecting extra
-		    PWD commands and adjusting Request-URI (in wrapping HTTP
-		    requests) to reflect the current FTP server directory.
-		    Disabled by default.
+	Usage: ftp_port address [mode] [options]
+
+	WARNING: This is a new, experimental, complex feature that has seen
+	limited production exposure. Some Squid modules (e.g., caching) do not
+	currently work with native FTP proxying, and many features have not
+	even been tested for compatibility. Test well before deploying!
+
+	Native FTP proxying differs substantially from proxying HTTP requests
+	with ftp:// URIs because Squid works as an FTP server and receives
+	actual FTP commands (rather than HTTP requests with FTP URLs).
+
+	Native FTP commands accepted at ftp_port are internally converted or
+	wrapped into HTTP-like messages. The same happens to Native FTP
+	responses received from FTP origin servers. Those HTTP-like messages
+	are shoveled through regular access control and adaptation layers
+	between the FTP client and the FTP origin server. This allows Squid to
+	examine, adapt, block, and log FTP exchanges. Squid reuses most HTTP
+	mechanisms when shoveling wrapped FTP messages. For example,
+	http_access and adaptation_access directives are used.
+
+	Modes:
+
+	    intercept	Same as http_port intercept. The FTP origin address is
+			determined based on the intended destination of the
+			intercepted connection.
+
+	By default (i.e., without an explicit mode option), Squid extracts the
+	FTP origin address from the login@origin parameter of the FTP USER
+	command. Many popular FTP clients support such native FTP proxying.
+
+	Options:
+
+	    ftp-track-dirs=on|off 
+			Enables tracking of FTP directories by injecting extra
+			PWD commands and adjusting Request-URI (in wrapping
+			HTTP requests) to reflect the current FTP server
+			directory. Disabled by default.
+
+	Other http_port modes and options that are not specific to HTTP and
+	HTTPS may also work.
+DOC_END
 
 NAME: tcp_outgoing_tos tcp_outgoing_ds tcp_outgoing_dscp
 TYPE: acl_tos