On 09/30/2016 10:42 AM, oleg gv wrote: > Hello, I've found that NativeFtpRelay appeared in squid 3.5 . Is it > possible to apply http-access acl for FTP proto concerning filtering of > FTP methods(commands) Yes, it should be possible. > by analogy of HTTP methods ? Not quite. IIRC, when the HTTP message representing the FTP transaction is relayed through Squid, the FTP command name is _not_ stored as an HTTP method. The FTP command name is stored as HTTP "FTP-Command" header value. See http://wiki.squid-cache.org/Features/FtpRelay You should be able to block FTP commands using a req_header ACL. > what other possibilities in squid exist to do this ? An ICAP or eCAP service can also filter relayed FTP messages. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
