Why are you using the CONNECT method with FTP? The CONNECT method is for use with tunneled connections, such as HTTPS through a proxy. It does not seem correct that the CONNECT method is being used. i have: acl ftp proto FTP acl Safe_ports port 21 # ftp http_access allow ftp always_direct allow FTP yum sometimes uses FTP to download updates from some mirrors, and i only see GET methods being used. i could see you needing to use some of the icap_* directives to push the FTP traffic to your DLP boxes, instead of the "always_direct allow FTP" config i have. brendan On Wed, 2013-04-24 at 21:05 -0400, Dave wrote: > Good evening everyone, > > Using Squid 3.3.3 on Centos 6.4. I need to be able to send FTP client > traffic through an ICAP server for Data Loss Prevention (DLP) purposes. > > I have the following ACLs defined in squid.conf > > ******************************************************* > acl ftp proto FTP > acl ftp_port port 20 21 > > http_access allow ftp_port connect > http_access allow ftp > ******************************************************* > > However, when I attempt to connect to my FTP server via FileZilla, I get the > following squid log: > > ******************************************************* > 366851550.677 396 192.168.137.1 NONE/200 0 CONNECT > ftp.thinkwelldesigns.com:21 - HIER_DIRECT/208.106.209.235 - > ******************************************************* > > For its part, FileZilla reports: > ******************************************************* > Status: Connecting to ftp.thinkwelldesigns.com through proxy > Status: Connecting to 192.168.137.128:3128... > Status: Connection with proxy established, performing handshake... > Response: Proxy reply: HTTP/1.1 200 Connection established > Status: Connection established, waiting for welcome message... > Error: Connection timed out > Error: Could not connect to server > ******************************************************* > > > It seems I'm almost there, but not quite. Any help for me? > > Thanks, > > Dave > >
