On Mon, 24 Jan 2005, Henri Walazo wrote:
First I download from ftp.redhat.com the file abiword-1.0.4-2.i386.rpm (4.98 MB) (in binary mode) I get this line in access.log : 1106558551.810 14298 192.168.1.3 TCP_MISS/200 5232437 CONNECT ftp.redhat.com:14954 - DIRECT/209.132.176.30 - [Host: ftp.redhat.com:14954\r\n] []
Argh! Whoever wrote this client deserves to be shot in the head. This is serious abuse of the HTTP proxy protocol, and no proxy administrator in his sane mind should allow this unrestricted tunneling of non-HTTP protocols via a HTTP proxy using the CONNECT method.
If you want this kind of functionality you SHOULD install a Socks proxy next to Squid (can use the same server with no problem). Using the HTTP proxy CONNECT method for this is both bad and plain stupid approach to the problem.
The HTTP proxy protocol does have native support for FTP gatewaying, including the ability to upload files. This involves using the normal GET/PUT HTTP methods via the proxy on ftp:// URLs, not opening transparent tunnels on wild ports using the CONNECT method.
There is very good reasons why the default squid.conf shipped with squid explicitly denies this kind of use of the CONNECT method.
Regards Henrik
