On 17/12/2011 2:24 a.m., Al Batard wrote:
Hi, This is the log of the ftp connection to ftp site that accepts anonymous and login/pass (ftp://login:pass@ftpsite in url). Only Anonymous is used. Not my login / password. On a ftp site with anonymous login denied, user / password appear in log. - log of the ftp site with anonymous and login / pass authorized : 2011/12/16 13:46:53.474| ftp>> 220 FTP Server ready. 2011/12/16 13:46:53.474| ftp<< USER anonymous <snip> 2011/12/16 13:46:53.653| ftp>> 150 Opening ASCII mode data connection for file list 2011/12/16 13:46:53.744| ftp>> 226 Transfer complete 2011/12/16 13:46:53.744| ftp<< QUIT 2011/12/16 13:46:53.771| ftp>> 221 Goodbye.
This is a successful transfer. The data got to Squid using anonymous access. There is no problem with auth here.
Do you have a trace from this server when requesting something from the login-required area of the site?
- log of the ftp site with login / pass authorized only : 2011/12/16 13:50:09.781| ftp>> 220 FTP XXXXXXXXXXXXXXXX 2011/12/16 13:50:09.781| ftp<< USER login
I think there is some trace missing here. An earlier connect attempt to the FTP server using anon access, which fails. Either way, auth happened and the object was fetched. Again, no problem with auth here.
Amos
