On 01/25/2014 06:05 PM, Amos Jeffries wrote:
> On 25/01/2014 9:27 a.m., Alex Rousskov wrote:
>
>> I propose to limit squid.conf "ftp_epsv off" prohibition to IPv4 FTP
>> servers.
...
>> Do you think it would be OK to allow the use of EPSV commands with IPv6
>> servers even if ftp_epsv is off?
> "off" should never be abused to mean half-off. We are having enough
> trouble with "forwarded_for off" historically meaning something other
> than disable XFF feature.
The problem here is that the directive itself was misnamed IMO. It
should have been ftp_epsv_for_ipv4 or similar.
> I think extending the directive to allow selective disabling with
> no-ipv6 or no-ipv4 values would be better.
I do not like negative names so I would suggest "ipv6" instead of "no-ipv4".
However, what should Squid do when it is talking to an IPv6 server and
ftp_epsv is "off" or "ipv4"? Does it really make sense to write more
code to handle that essentially misconfigured (but inherited from the
old configs) case? I doubt...
How about this alternative:
1. Add ftp_epsv_for_ipv4 on/off.
2. Deprecate ftp_epsv in favor of the newly added ftp_epsv_for_ipv4.
3. Treat ftp_epsv on/off as ftp_epsv_for_ipv4 on/off.
This would avoid writing useless code to handle misconfigurations
because it would be impossible to misconfigure Squid in this area.
Thank you,
Alex.
Received on Tue Jan 28 2014 - 20:24:57 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 29 2014 - 12:00:14 MST